Catalyst 4500 Series
Catalyst 4500 Series
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of
Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,
Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,
LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way
to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0711R)
Catalyst 4500 Series Switch Cisco IOS Command Reference
Copyright 19992011 Cisco Systems, Inc. All rights reserved
CH A P T E R
-1
Chapter
Revised Commands
A Commands
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radiusclear mac-address-table
access-group mode
access-list hardware capture mode
access-list hardware entries
access-list hardware region
action
apply
ancp client server
ancp mode client
apply
arp access-list
attach module
authentication control-direction
authentication critical recovery delay
authentication event
authentication fallback
authentication host-mode
authentication open
authentication order
authentication periodic
authentication port-control
authentication priority
authentication timer
authentication violation
auto qos classify
auto qos classify police
auto qos srnd4
auto qos trust
auto qos video
-2
Chapter
C Commands
call-home (global configuration)
call-home request
call-home send
call-home send alert-group
call-home test
channel-group
channel-protocol
cisp enable
class-map
clear counters
clear errdisable
clear hw-module slot password
clear interface gigabitethernet
clear interface vlan
clear ip access-template
clear ip arp inspection log
clear ip arp inspection statistics
clear ip dhcp snooping binding
clear ip dhcp snooping database
clear ip dhcp snooping database statistics
clear ip igmp group
clear ip mfib counters
clear ip mfib fastdrop
clear ip wccp
clear lacp counters
clear netflow-lite exporter statistics
clear netflow-lite monitor statistics interface
clear nmsp statistics
clear mac-address-table dynamic
clear pagp
clear port-security
-3
Chapter
D Commands
debug adjacency
debug backup
debug condition interface
debug condition standby
debug condition vlan
debug device-sensor
debug dot1x
debug etherchnl
debug interface
debug ip dhcp snooping event
debug ip dhcp snooping packet
debug ip verify source packet
debug ipc
debug lacp
debug monitor
debug nmsp
debug nvram
debug pagp
debug platform packet protocol lacp
debug platform packet protocol pagp
debug pm
debug port-security
debug pppoe intermediate-agent
debug redundancy
debug spanning-tree
debug spanning-tree backbonefast
debug spanning-tree switch
debug spanning-tree uplinkfast
-4
Chapter
debug sw-vlan
debug sw-vlan ifs
debug sw-vlan notification
debug sw-vlan vtp
debug udld
debug vqpc
define interface-range
deny
destination (netflow-lite exporter submode)
device-sensor filter-list
device-sensor filter-list dhcp
device-sensor filter-spec
device-sensor notify
diagnostic fpga soft-error recover
diagnostic monitor action
diagnostic start
dot1x auth-fail max-attempts
dot1x auth-fail vlan
dot1x credentials (global configuration)
dot1x critical
dot1x critical eapol
dot1x critical recovery delay
dot1x critical vlan
dot1x control-direction
dot1x guest-vlan
dot1x guest-vlan supplicant
dot1x host-mode
dot1x initialize
dot1x mac-auth-bypass
dot1x max-reauth-req
dot1x max-req
dot1x port-control
dot1x re-authenticate
dot1x re-authentication
dot1x system-auth-control
dot1x timeout
dscp (netflow-lite exporter submode)
dual-active detection (virtual switch)
-5
Chapter
duplex
dual-active recovery ip address
duplex
E Commands
erase
errdisable detect
errdisable recovery
export-protocol (netflow-lite exporter submode)
exporter (netflow-lite monitor submode)
F Commands
flowcontrol
H Commands
hardware statistics
hw-module beacon
hw-module module start
hw-module module stop
hw-module port-group
hw-module power
hw-module system max-queue-limit
hw-module uplink mode
hw-module uplink select
I Commands
instance
interface
interface (virtual switch)
interface port-channel
interface range
interface vlan
ip admission proxy http refresh-all
ip arp inspection filter vlan
ip arp inspection limit (interface)
ip arp inspection log-buffer
-6
Chapter
-7
Chapter
L Commands
l2protocol-tunnel
l2protocol-tunnel cos
l2protocol-tunnel drop-threshold
l2protocol-tunnel shutdown-threshold
lacp port-priority
lacp system-priority
lldp tlv-select power-management
logging event trunk-status global (global configuration)
logging event link-status global (global configuration)
logging event trunk-status global (global configuration)
logging event link-status global (global configuration)
logging event link-status (interface configuration)
logging event trunk-status (interface configuration)
M Commands
mac access-list extended
mac-address (virtual switch)
mac-address-table aging-time
mac-address-table dynamic group protocols
mac-address-table learning vlan
mac-address-table notification
-8
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
Chapter
mac-address-table static
macro apply cisco-desktop
macro apply cisco-phone
macro apply cisco-router
macro apply cisco-switch
macro auto device
macro auto execute (built-in function)
macro auto execute (remotely-defined trigger)
macro auto execute (user-defined function)
macro auto global processing
macro auto mac-address-group
macro auto monitor
macro auto processing
macro auto sticky
macro global apply cisco-global
macro global apply system-cpp
macro global description
main-cpu
match
match flow ip
mdix auto
media-type
mode
monitor capture {access-list | class-map}
monitor capture [clear | export]
monitor capture [interface | vlan | control-plane]
monitor capture file location buffer-size
monitor capture limit
monitor capture mycap match
monitor capture start
monitor session
mtu
N Commands
name
netflow-lite exporter
netflow-lite monitor
-9
Chapter
netflow-lite sampler
nmsp
nmsp attachment suppress
O Commands
options timeout (netflow-lite exporter submode)
P Commands
packet-offset (netflow-lite sampler submode)
packet-rate (netflow-lite sampler submode)
packet-section size (netflow-lite sampler submode)
pagp learn-method
pagp port-priority
passive-interface
permit
policy-map
power efficient-ethernet auto
port-channel load-balance
port-channel standalone-disable
port-security mac-address
port-security mac-address sticky
port-security maximum
power dc input
power inline
power inline consumption
power inline four-pair forced
power inline logging global
power inline police
power redundancy combined max inputs
power redundancy-mode
pppoe intermediate-agent (global)
pppoe intermediate-agent (interface)
pppoe intermediate-agent (interface vlan-range)
pppoe intermediate-agent format-type (global)
pppoe intermediate-agent limit rate
pppoe intermediate-agent trust
pppoe intermediate-agent vendor-tag strip
-10
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
Chapter
priority
private-vlan
private-vlan mapping
private-vlan synchronize
profile
profile flow
Q Commands
qos account layer-all encapsulation
qos account layer2 encapsulation
qos trust
queue-limit
R Commands
redundancy
redundancy force-switchover
redundancy reload
remote login module
remote-span
renew ip dhcp snooping database
reset
revision
S Commands
sampler (netflow-lite monitor submode)
service-policy (interface configuration)
service-policy (policy-map class)
service-policy input (control-plane)
session module
set
set cos
set dscp
set precedence
set qos-group
shape (interface configuration)
shell trigger
show monitor capture
-11
Chapter
-12
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
Chapter
Show Commands
show access-group mode interface
show adjacency
show ancp multicast
show arp access-list
show authentication
show auto install status
show auto qos
show bootflash:
show bootvar
show cable-diagnostics tdr
show call-home
show cdp neighbors
show class-map
show device-sensor cache
show diagnostic content
show diagnostic result module
-13
Chapter
-14
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
Chapter
-15
Chapter
-16
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
Chapter
T Commands
template data timeout (netflow-lite exporter submode)
test cable-diagnostics tdr
traceroute mac
traceroute mac ip
transport udp (netflow-lite exporter submode)
trust
ttl (netflow-lite exporter submode)
tx-queue
U Commands
udld (global configuration mode)
udld (interface configuration mode)
udld reset
unidirectional
username
V Commands
verify
vlan (VLAN Database mode)
vlan access-map
vlan configuration
vlan database
vlan dot1q tag native
vlan filter
-17
Chapter
vlan group
vlan internal allocation policy
vmps reconfirm (global configuration)
vmps reconfirm (privileged EXEC)
vmps retry
vmps server
vrf (netflow-lite exporter submode)
vslp interval (virtual switch)
vtp (global configuration mode)
vtp client
vtp domain
vtp password
vtp pruning
vtp server
vtp transparent
vtp v2-mode
-18
Downloaded from www.Manualslib.com manuals search engine
OL-22172-01
CONTENTS
Preface
xxiii
Audience
xxiii
Organization
xxiii
Related Documentation
Conventions
Notices
xxiii
xxiv
xxv
1-1
1-1
1-2
1-5
1-6
1-6
1-11
1-11
2-10
2-12
active
2-14
2-17
2-18
apply
2-4
2-5
2-6
2-13
2-1
2-2
action
1-xxvii
2-8
2-16
2-19
iii
Contents
arp access-list
2-21
attach module
2-22
authentication control-direction
2-23
2-26
authentication fallback
2-29
authentication host-mode
2-30
authentication open
2-32
authentication order
2-33
authentication periodic
2-35
authentication port-control
authentication priority
authentication timer
2-36
2-38
2-40
authentication violation
auto qos classify
2-42
2-44
2-48
2-52
2-56
2-60
2-64
2-25
2-67
2-72
2-75
2-83
call-home test
2-86
channel-group
2-87
channel-protocol
cisp enable
2-78
2-81
class
2-73
2-84
2-89
2-91
2-92
class-map
2-95
clear counters
2-97
iv
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-99
2-100
2-101
2-102
2-103
clear ip access-template
2-104
2-105
2-106
2-107
2-109
2-111
2-114
2-115
clear ip wccp
2-110
2-113
2-116
2-117
clear mac-address-table
2-118
2-120
2-121
2-123
2-124
clear port-security
2-125
2-130
2-131
2-132
2-127
2-128
counter
2-122
2-134
2-136
2-138
debug adjacency
debug backup
2-140
2-141
Contents
2-142
2-143
2-145
debug device-sensor
2-147
debug dot1x
2-149
debug etherchnl
2-150
debug interface
2-152
debug ipc
2-153
2-154
2-155
2-156
2-157
debug monitor
debug nmsp
2-158
2-159
debug nvram
2-160
debug pagp
2-161
2-162
2-164
debug port-security
2-165
2-166
2-168
debug spanning-tree
2-169
2-171
2-172
2-174
2-175
2-176
2-180
debug vqpc
2-182
2-178
2-179
define interface-range
deny
2-163
2-183
2-184
vi
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-188
2-192
2-196
device-sensor filter-spec
device-sensor notify
2-199
2-201
2-203
2-205
2-206
2-207
2-208
2-209
dot1x control-direction
2-210
2-213
2-214
2-215
2-216
2-220
dot1x max-reauth-req
2-221
2-222
2-223
dot1x port-control
2-225
dot1x re-authenticate
2-227
dot1x re-authentication
dot1x system-auth-control
dot1x timeout
2-217
2-218
dot1x mac-auth-bypass
dot1x max-req
2-211
2-212
dot1x initialize
2-190
2-194
diagnostic start
2-186
2-228
2-229
2-230
2-232
vii
Contents
2-236
2-238
2-240
2-242
2-245
energywise query
2-247
2-234
2-251
2-252
errdisable detect
2-255
errdisable recovery
2-257
2-260
2-262
2-264
hardware statistics
2-267
hw-module beacon
2-268
2-269
2-271
hw-module port-group
hw-module power
2-273
2-274
2-276
2-278
instance
2-282
interface
2-285
2-287
interface port-channel
interface range
interface vlan
2-275
2-289
2-290
2-292
2-294
2-293
2-296
2-298
2-300
2-301
viii
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-303
2-305
2-307
2-309
2-310
2-311
2-313
2-315
2-317
2-318
2-319
2-320
2-324
ip igmp max-groups
ip igmp profile
2-325
2-326
ip igmp query-interval
ip igmp snooping
2-327
2-329
2-334
2-336
2-338
2-340
2-342
2-343
ip multicast multipath
ip route-cache flow
ip source binding
2-344
2-346
2-348
2-349
2-351
2-352
2-331
2-333
ip sticky-arp
2-322
2-354
2-356
ix
Contents
2-359
2-361
2-363
2-365
2-367
2-369
2-371
2-381
issu commitversion
issu runversion
2-377
2-379
issu acceptversion
issu loadversion
2-383
2-385
2-387
2-389
2-390
l2protocol-tunnel cos
2-392
l2protocol-tunnel drop-threshold
2-393
l2protocol-tunnel shutdown-threshold
lacp port-priority
2-374
2-376
2-373
2-395
2-397
lacp system-priority
2-398
2-399
2-400
2-401
2-402
2-403
2-405
2-406
2-408
2-410
2-413
x
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
mac-address-table aging-time
2-415
2-419
mac-address-table notification
mac-address-table static
2-421
2-423
2-424
2-426
2-428
2-430
2-416
2-432
2-434
2-443
2-444
2-445
2-447
2-448
2-449
2-450
2-451
2-452
2-454
2-457
2-461
media-type
mode
2-439
2-441
2-437
2-463
2-464
2-466
2-467
2-469
2-472
2-468
2-473
2-475
xi
Contents
monitor session
mtu
name
2-480
2-485
2-486
netflow-lite exporter
2-487
netflow-lite monitor
2-489
netflow-lite sampler
2-491
nmsp
2-493
2-494
2-495
2-497
2-499
2-503
pagp port-priority
2-504
passive-interface
2-505
permit
2-508
police
2-510
police (percent)
police rate
2-515
2-517
2-519
2-523
port-channel load-balance
2-525
port-channel standalone-disable
port-security mac-address
2-527
2-528
2-529
2-530
2-532
2-501
2-533
2-534
2-536
2-538
2-540
2-541
xii
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-543
2-547
2-552
2-553
2-555
2-556
2-558
2-560
2-561
2-562
2-563
private-vlan
2-565
private-vlan mapping
2-569
private-vlan synchronize
profile
2-572
2-573
profile flow
2-575
2-576
2-577
2-579
queue-limit
2-581
redundancy
2-583
2-587
2-589
2-590
2-591
2-592
2-593
rep lsl-age-timer
2-597
2-599
2-585
2-588
rep stcn
2-559
2-601
2-602
2-605
xiii
Contents
reset
2-607
revision
2-608
2-609
2-614
2-611
2-616
2-618
2-620
set cos
set dscp
2-622
2-625
set precedence
set qos-group
2-628
2-631
2-633
2-635
2-637
2-640
2-642
2-643
show authentication
2-644
2-639
2-648
2-649
2-650
2-652
2-655
2-653
2-660
2-663
2-665
2-667
2-669
2-673
2-675
2-677
show dot1x
2-679
xiv
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
show energywise
2-683
show environment
2-687
2-690
2-691
2-693
show flowcontrol
2-697
2-699
2-700
2-701
show interfaces
2-707
2-710
2-712
2-718
2-719
2-717
2-723
2-725
2-730
2-732
2-735
2-737
2-738
2-739
2-743
2-745
2-747
2-748
2-720
2-721
2-714
2-752
2-754
2-755
2-757
2-760
xv
Contents
2-762
2-763
2-768
2-769
2-772
2-779
2-781
2-782
2-784
2-787
2-789
2-791
2-796
2-797
2-798
2-799
2-801
2-804
2-806
2-809
show license
show mab
2-802
2-803
show l2protocol-tunnel
show lacp
2-785
2-812
2-818
2-821
2-822
2-824
2-826
2-828
2-830
2-832
2-833
xvi
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-837
2-839
2-842
2-835
2-844
2-845
2-846
2-847
2-849
2-854
show monitor
2-856
2-851
2-858
2-860
2-864
2-866
2-868
show nmsp
2-869
show pagp
2-872
2-876
2-877
2-880
2-874
2-883
2-885
2-891
2-899
2-900
2-902
2-903
2-904
2-905
2-907
2-909
xvii
Contents
2-916
2-918
2-919
show slavebootflash:
show slaveslot0:
show slot0:
2-913
2-920
2-922
2-924
show spanning-tree
2-926
2-931
2-934
2-942
show tech-support
show udld
2-945
show vlan
2-948
2-943
2-952
2-953
2-956
2-957
2-959
2-960
2-962
2-963
2-954
2-955
2-937
2-965
2-968
2-971
2-973
2-975
2-977
2-978
2-979
xviii
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
2-980
2-982
source-ip-address
2-983
spanning-tree backbonefast
spanning-tree bpdufilter
2-985
spanning-tree bpduguard
spanning-tree cost
2-984
2-987
2-988
2-990
2-991
spanning-tree link-type
2-992
2-989
2-993
2-994
2-995
2-997
2-999
2-1000
2-1001
2-1002
2-1003
2-1005
2-1008
2-1006
2-1010
2-1011
2-1012
2-1013
2-1015
2-1017
storm-control
2-1020
2-1022
2-1024
subscribe-to-alert-group configuration
2-1026
xix
Contents
subscribe-to-alert-group diagnostic
2-1028
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
switch (virtual switch)
2-1030
2-1032
2-1034
2-1036
2-1037
2-1039
2-1041
2-1042
2-1044
2-1048
switchport mode
2-1049
switchport port-security
2-1046
2-1054
2-1059
2-1061
2-1063
2-1066
2-1070
2-1069
2-1074
2-1076
2-1080
2-1082
traceroute mac ip
2-1085
2-1088
2-1078
2-1090
2-1092
2-1096
2-1094
2-1098
2-1100
2-1102
unidirectional
2-1103
xx
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Contents
username
verify
2-1104
2-1106
2-1111
vlan configuration
vlan database
2-1113
2-1115
2-1108
2-1117
2-1119
vlan group
2-1120
2-1122
2-1124
2-1125
vmps server
2-1126
2-1133
vtp password
vtp pruning
vtp server
2-1134
2-1135
2-1136
vtp transparent
vtp v2-mode
A
Abbreviations
2-1131
2-1132
vtp domain
APPENDIX
2-1128
2-1130
2-1123
2-1137
2-1138
A-1
INDEX
xxi
Contents
xxii
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Preface
This preface describes the audience, organization, and conventions of this publication, and provides
information on how to obtain related documentation.
Audience
This publication is for experienced network administrators who are responsible for configuring and
maintaining Catalyst 4500 series switches.
Organization
This publication is organized as follows:
Chapter
Title
Description
Chapter 1
Chapter 2
Cisco IOS Commands for Lists all Catalyst 4500 series Cisco IOS
the Catalyst 4500 Series commands alphabetically and provides
Switches
detailed information on each command.
Appendix A
Abbreviations
Related Documentation
The Catalyst 4500 series Cisco IOS documentation set includes these publications:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
xxiii
Preface
Note
Access the Catalyst 4500 Series Switch documentation library at the URL
http://www.cisco.com/go/cat4500/docs
Other documents in the Cisco IOS documentation set include:
Conventions
This document uses these conventions:
Convention
Description
boldface font
italic font
[x]
[x | y]
{x | y}
[x {y | z}]
string
screen
font
screen
boldface screen
< >
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
xxiv
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Preface
Convention
Description
[ ]
!, #
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Cautions use this convention:
Caution
Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Notices
The following notices pertain to this software license.
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the
original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses
are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact
[email protected].
OpenSSL License:
Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions,
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
xxv
Preface
3.
All advertising materials mentioning features or use of this software must display the following
acknowledgment: This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
4.
The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote
products derived from this software without prior written permission. For written permission, please
contact [email protected].
5.
Products derived from this software may not be called OpenSSL nor may OpenSSL appear in
their names without prior written permission of the OpenSSL Project.
6.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS' AND ANY EXPRESSED
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young ([email protected]). This product
includes software written by Tim Hudson ([email protected]).
Original SSLeay License:
Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and
the following disclaimer in the documentation and/or other materials provided with the distribution.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
xxvi
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Preface
Obtaining Documentation and Submitting a Service Request
3.
All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes cryptographic software written by Eric Young ([email protected]).
The word cryptographic can be left out if the routines from the library being used are not
cryptography-related.
4.
If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgement: This product includes software written
by Tim Hudson ([email protected]).
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
xxvii
Preface
Obtaining Documentation and Submitting a Service Request
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
xxviii
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
CH A P T E R
Command-Line Interface
This chapter provides information for understanding and using the Cisco IOS command-line interface
(CLI) on the Catalyst 4500 series switch. This chapter includes the following sections:
For an overview of the Catalyst 4500 series switch Cisco IOS configuration, refer to the Catalyst 4500
Series Switch Cisco IOS Software Configuration Guide.
Getting Help
To display a list of commands that you can use within a command mode, enter a question mark (?) at
the system prompt. You also can display keywords and arguments for each command with this
context-sensitive help feature.
Table 1-1 lists commands you can enter to get help that is specific to a command mode, a command, a
keyword, or an argument.
Table 1-1
Getting Help
Command
Purpose
abbreviated-command-entry?
abbreviated-command-entry<Tab>
command ?
command keyword ?
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-1
Chapter 1
Command-Line Interface
Table 1-2
Command
Purpose
Switch> enable
Password: <password>
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-2
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 1
Command-Line Interface
How to Find Command Options
Table 1-2
Command
Purpose
Switch(config-if)#?
Interface configuration commands:
access-expression Build a bridge boolean access expression
apollo
Apollo interface subcommands
appletalk
Appletalk interface subcommands
arp
Set arp type (arpa, probe, snap) or timeout
backup
Modify backup parameters
bandwidth
Set bandwidth informational parameter
bgp-policy
Apply policy propogated by bgp community string
bridge-group
Transparent bridging interface parameters
carrier-delay
Specify delay for interface transitions
cdp
CDP interface subcommands
channel-group
Etherchannel/port bundling configuration
clns
CLNS interface subcommands
cmns
OSI CMNS
custom-queue-list Assign a custom queue list to an interface
decnet
Interface DECnet config commands
default
Set a command to its defaults
delay
Specify interface throughput delay
description
Interface specific description
dlsw
DLSw interface subcommands
dspu
Down Stream PU
exit
Exit from interface configuration mode
fair-queue
Enable Fair Queuing on an Interface
flowcontrol
Configure flow operation.
fras
DLC Switch Interface Command
help
Description of the interactive help system
hold-queue
Set hold queue depth
ip
Interface Internet Protocol config commands
ipx
Novell/IPX interface subcommands
isis
IS-IS commands
iso-igrp
ISO-IGRP interface subcommands
.
.
.
Switch(config-if)#
Switch(config-if)# channel-group ?
group channel-group of the interface
Switch(config-if)#channel-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-3
Chapter 1
Command-Line Interface
Table 1-2
Command
Purpose
Switch(config-if)# channel-group ?
<1-256> Channel group number
Switch(config-if)#channel-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-4
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 1
Command-Line Interface
Understanding Command Modes
Command
Mode
Access Method
Prompt
Exit Method
User EXEC
mode
Log in.
Switch>
Privileged
EXEC mode
Switch#
Global
configuration
mode
Switch(config)#
Interface
configuration
mode
From global
configuration mode,
enter by specifying an
interface with an
interface command.
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-5
Chapter 1
Command-Line Interface
Table 1-3
Command
Mode
Access Method
Prompt
Exit Method
From interface
configuration mode,
specify a subinterface
with an interface
command.
Switch(config-subif)#
Subinterface
configuration
ROM monitor
For more information on command modes, refer to the Using the Command Line Interface chapter of
the Configuration Fundamentals Configuration Guide.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-6
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 1
Command-Line Interface
Using the CLI String Search
Use the begin keyword to begin output with the line that contains a specified regular expression.
Use the include keyword to include output lines that contain a specified regular expression.
Use the exclude keyword to exclude output lines that contain a specified regular expression.
You can then search this filtered output at the --More-- prompts.
Note
The CLI string search function does not allow you to search or filter backward through previous output;
filtering cannot be specified using HTTP access to the CLI.
Regular Expressions
A regular expression can be a single character that matches the same single character in the command
output or multiple characters that match the same multiple characters in the command output. This
section describes how to create both single-character patterns and multiple-character patterns and how
to create more complex regular expressions using multipliers, alternation, anchoring, and parentheses.
Single-Character Patterns
The simplest regular expression is a single character that matches the same single character in the
command output. You can use any letter (A-Z, a-z) or digit (0-9) as a single-character pattern. You can
also use other keyboard characters (such as ! or ~) as single-character patterns, but certain keyboard
characters have special meaning when used in regular expressions. Table 1-4 lists the keyboard
characters that have special meaning.
Table 1-4
Character
Special Meaning
_ (underscore)
Matches a comma (,), left brace ({), right brace (}), left parenthesis ( ( ),
right parenthesis ( ) ), the beginning of the string, the end of the string, or a
space.
To enter these special characters as single-character patterns, remove the special meaning by preceding
each character with a backslash (\). These examples are single-character patterns matching a dollar sign,
an underscore, and a plus sign, respectively.
\$ \_ \+
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-7
Chapter 1
Command-Line Interface
You can specify a range of single-character patterns to match against command output. For example,
you can create a regular expression that matches a string containing one of the following letters: a, e, i,
o, or u. One and only one of these characters must exist in the string for pattern matching to succeed. To
specify a range of single-character patterns, enclose the single-character patterns in square brackets
([ ]). For example,
[aeiou]
matches any one of the five vowels of the lowercase alphabet, while
[abcdABCD]
matches any one of the first four letters of the lower- or uppercase alphabet.
You can simplify ranges by entering only the end points of the range separated by a dash (-). Simplify
the previous range as follows:
[a-dA-D]
To add a dash as a single-character pattern in your range, include another dash and precede it with a
backslash:
[a-dA-D\-]
You can also include a right square bracket (]) as a single-character pattern in your range. To do so, enter
the following:
[a-dA-D\-\]]
The previous example matches any one of the first four letters of the lower- or uppercase alphabet, a
dash, or a right square bracket.
You can reverse the matching of the range by including a caret (^) at the start of the range. This example
matches any letter except the ones listed:
[^a-dqsv]
This example matches anything except a right square bracket (]) or the letter d:
[^\]d]
Multiple-Character Patterns
When creating regular expressions, you can also specify a pattern containing multiple characters. You
create multiple-character regular expressions by joining letters, digits, or keyboard characters that do not
have special meaning. For example, a4% is a multiple-character regular expression. Put a backslash in
front of the keyboard characters that have special meaning when you want to remove their special
meaning.
With multiple-character patterns, order is important. The regular expression a4% matches the character
a followed by a 4 followed by a % sign. If the string does not have a4%, in that order, pattern matching
fails. This multiple-character regular expression:
a.
uses the special meaning of the period character to match the letter a followed by any single character.
With this example, the strings ab, a!, or a2 are all valid matches for the regular expression.
You can remove the special meaning of the period character by putting a backslash in front of it. In the
following expression:
a\.
only the string a. matches this regular expression.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-8
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 1
Command-Line Interface
Using the CLI String Search
You can create a multiple-character regular expression containing all letters, all digits, all keyboard
characters, or a combination of letters, digits, and other keyboard characters. These examples are all
valid regular expressions:
telebit 3107 v32bis
Multipliers
You can create more complex regular expressions to match multiple occurrences of a specified regular
expression by using some special characters with your single- and multiple-character patterns. Table 1-5
lists the special characters that specify multiples of a regular expression.
Table 1-5
Character
Description
This example matches any number of occurrences of the letter a, including none:
a*
This pattern requires that at least one letter a in the string is matched:
a+
This pattern matches the string bb or bab:
ba?b
This string matches any number of asterisks (*):
\**
To use multipliers with multiple-character patterns, you enclose the pattern in parentheses. In the
following example, the pattern matches any number of the multiple-character string ab:
(ab)*
As a more complex example, this pattern matches one or more instances of alphanumeric pairs (but not
none; that is, an empty string is not a match):
([A-Za-z][0-9])+
The order for matches using multipliers (*, +, or ?) is to put the longest construct first. Nested constructs
are matched from outside to inside. Concatenated constructs are matched beginning at the left side of
the construct. Thus, the regular expression matches A9b3, but not 9Ab3 because the letters are specified
before the numbers.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-9
Chapter 1
Command-Line Interface
Alternation
Alternation allows you to specify alternative patterns to match against a string. You separate the
alternative patterns with a vertical bar (|). Exactly one of the alternatives can match the string. For
example, the regular expression
codex | telebit
matches the string codex or the string telebit, but not both codex and telebit.
Anchoring
You can match a regular expression pattern against the beginning or the end of the string. That is, you
can specify that the beginning or end of a string contains a specific pattern. You anchor these regular
expressions to a portion of the string using the special characters shown in Table 1-6.
Table 1-6
Character
Description
This regular expression matches a string only if the string starts with abcd:
^abcd
In contrast, this expression is in a range that matches any single letter, as long as it is not the letters a,
b, c, or d:
[^abcd]
With this example, the regular expression matches a string that ends with .12:
$\.12
Contrast these anchoring characters with the special character underscore (_). The underscore matches
the beginning of a string (^), the end of a string ($), parentheses ( ), space ( ), braces { }, comma (,), or
underscore (_). With the underscore character, you can specify that a pattern exist anywhere in the string.
For example:
_1300_
matches any string that has 1300 somewhere in the string. The strings 1300 can be preceded by or end
with a space, brace, comma, or underscore. For example:
{1300_
matches the regular expression, but 21300 and 13000 do not.
Using the underscore character, you can replace long regular expression lists, such as the following:
^1300$ ^1300(space) (space)1300 {1300, ,1300, {1300} ,1300, (1300
with
_1300_
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-10
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 1
Command-Line Interface
Saving Configuration Changes
It might take a minute or two to save the configuration. After the configuration has been saved, the
following output appears:
[OK]
Switch#
On most platforms, this step saves the configuration to NVRAM. On the Class A Flash file system
platforms, this step saves the configuration to the location specified by the CONFIG_FILE environment
variable. The CONFIG_FILE environment variable defaults to NVRAM.
Note
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
1-11
Chapter 1
Command-Line Interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
1-12
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
CH A P T E R
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1
Chapter 2
#macro keywords
#macro keywords
To specify the help string for the macro keywords, use the #macro keywords command.
#macro keywords [keyword1] [keyword2] [keyword3]
Syntax Description
keyword 1
keyword 2
keyword 3
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If you do not specify the mandatory keywords for a macro, the macro is to be considered invalid and fails
when you attempt to apply it. By entering the #macro keywords command, you will receive a message
indicating what you need to include to make the syntax valid.
Examples
This example shows how to specify the help string for keywords associated with a macro named test:
Switch(config)# macro name test
macro name test
Enter macro commands one per line. End with the character '@'.
#macro keywords $VLAN $MAX
swichport
@
Switch(config)# int gi1/1
Switch(config-if)# macro apply test ?
WORD Keyword to replace with a value e.g $VLAN, $MAX
<cr>
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-2
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-3
Chapter 2
Syntax Description
Defaults
Accounting is disabled.
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Note
Related Commands
The RADIUS authentication server must be properly configured to accept and log update or watchdog
packets from the AAA client.
Command
Description
aaa accounting system default Receives the session termination messages after the switch
start-stop group radius
reboots.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-4
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Accounting is disabled.
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Note
Related Commands
The RADIUS authentication server must be properly configured to accept and log update or watchdog
packets from the AAA client.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-5
Chapter 2
access-group mode
access-group mode
To specify the override modes (for example, VACL overrides PACL) and the non-override modes (for
example, merge or strict mode), use the access-group mode command. To return to preferred port mode,
use the no form of this command.
access-group mode {prefer {port | vlan} | merge}
no access-group mode {prefer {port | vlan} | merge}
Syntax Description
prefer port
Specifies that the PACL mode take precedence if PACLs are configured. If no
PACL features are configured on the port, other features applicable to the
interface are merged and applied on the interface.
prefer vlan
merge
Merges applicable ACL features before they are programmed into the hardware.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
On the Layer 2 interface, prefer port, prefer VLAN, and merge modes are supported. A Layer 2 interface
can have one IP ACL applied in either direction (one inbound and one outbound).
Examples
This example shows how to make the PACL mode on the switch take effect:
(config-if)# access-group mode prefer port
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-6
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-7
Chapter 2
Syntax Description
global
vlan
Defaults
Command Modes
Command History
Release
Modification
12.2(40)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and the Catalyst 4900M chassis.
Before configuring the capture mode, it is best to examine and modify your configuration to globally
disable features such as DHCP snooping or IGMP snooping, and instead enable them on specific
VLANs.
When changing to path managed mode, be aware that control traffic may be bridged in hardware or
dropped initially until the per-vlan CAM entries are programmed in hardware.
You must ensure that any access control configuration on a member port or VLAN does not deny or drop
the control packets from being forwarded to the CPU for the features which are enabled on the VLAN.
If control packets are not permitted then the specific feature does not function.
Examples
This example shows how to configure the switch to capture control packets on VLANs that are
configured to enable capturing control packets:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware capture mode vlan
Switch(config)# end
Switch#
This example shows how to configure the switch to capture control packets globally across all VLANs
(using a static ACL):
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware capture mode global
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-8
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows another way to configure the switch to capture control packets globally across all
VLANs:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no access-list hardware capture mode vlan
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-9
Chapter 2
Syntax Description
packed
Directs the software to use the first entry with a matching mask when selecting
an entry from the ACL TCAM for programming the ACEs in an ACL.
scattered
Directs the software to use the first entry with a free mask when selecting an
entry from the ACL TCAM for programming the ACEs in an ACL.
Defaults
Command Modes
Command History
Release
Modification
12.2(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Two types of hardware resources are used when ACLs are programmed: entries and masks. If one of
these resources is consumed, no additional ACLs can be programmed into the hardware. If the masks are
consumed, but the entries are available, change the programming algorithm from packed to scattered
to make the masks available. This action allows additional ACLs to be programmed into the hardware.
The goal is to use TCAM resources more efficiently; that is, to minimize the number of masks per ACL
entries. To compare TCAM utilization when using the scattered or packed algorithms, use the
show platform hardware acl statistics utilization brief command. To change the algorithm from
packed to scattered, use the access-list hardware entries command.
Examples
This example shows how to program ACLs into the hardware as packed. After they are programmed, you
will need 89 percent of the masks to program only 49 percent of the ACL entries.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware entries packed
Switch(config)# end
Switch#
01:15:34: %SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch# show platform hardware acl statistics utilization brief
Entries/Total(%) Masks/Total(%)
----------------- --------------Input Acl(PortAndVlan) 2016 / 4096 ( 49)
460 / 512 ( 89)
Input Acl(PortOrVlan)
6 / 4096 ( 0)
4 / 512 ( 0)
Input Qos(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Input Qos(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-10
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Output
Output
Output
Output
Acl(PortAndVlan)
Acl(PortOrVlan)
Qos(PortAndVlan)
Qos(PortOrVlan)
0
0
0
0
/
/
/
/
4096
4096
4096
4096
(
(
(
(
0)
0)
0)
0)
0
0
0
0
/
/
/
/
512
512
512
512
(
(
(
(
0)
0)
0)
0)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-11
Chapter 2
Syntax Description
feature
qos
input
output
balance bal-num
Specifies relative sizes of the PandV and PorV regions in the TCAM; valid
values are between 1 and 99.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
PandV is a TCAM region containing entries which mask in both the port and VLAN tag portions of the
flow label.
PorV is a TCAM region containing entries which mask in either the port or VLAN tag portion of the
flow label, but not both.
A balance of 1 allocates the minimum number of PandV region entries and the maximum number of
PorV region entries. A balance of 99 allocates the maximum number of PandV region entries and the
minimum number of PorV region entries. A balance of 50 allocates equal numbers of PandV and PorV
region entries in the specified TCAM.
Balances for the four TCAMs can be modified independently.
Examples
This example shows how to enable the MAC notification trap when a MAC address is added to a port:
Switch# configure terminal
Switch(config)# access-list hardware region feature input balance 75
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-12
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
action
To specify an action to be taken when a match occurs in a VACL, use the action command. To remove
an action clause, use the no form of this command.
action {drop | forward}
no action {drop | forward}
Syntax Description
drop
forward
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
In a VLAN access map, if at least one ACL is configured for a packet type (IP or MAC), the default
action for the packet type is drop (deny).
If an ACL is not configured for a packet type, the default action for the packet type is forward (permit).
If an ACL for a packet type is configured and the ACL is empty or undefined, the configured action will
be applied to the packet type.
Examples
Syntax Description
Command
Description
match
vlan access-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-13
Chapter 2
active
active
To enable the destination profile, use the active command.
active
Syntax Description
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
Examples
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
subscribe-to-alert-group environment
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-14
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-15
Chapter 2
Syntax Description
identifier name
vlan number
VLAN identifier.
interface
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Note
Examples
The ANCP server can use either the DHCP option 82 circuit ID or an identifier created with this
commandto identify the port. Use only one of the two methods; do not interchange them. If you use the
DHCP option 82, the port identifier used by the ANCP server should be (in hex) 0x01060004[vlan][intf].
For example, VLAN 19 and interface Fast Ethernet 2/3 will provide 0x0106000400130203. If you use
the port identifier, however, use the exact string provided on the CLI.
This command is available only after you set the box in ANCP client mode with the ancp mode client
configuration command.
This example shows how to identify interface FastEthernet 7/3 on VLAN 10 with the string NArmstrong:
Switch# ancp client port identifier NArmstrong vlan 10 interface FastEthernet 7/3
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-16
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
ipaddr of server
IP address of the ANCP server the client must connect with TCP.
interface
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The interface can be the direct interface connected towards the ANCP server (if only one) or a loopback
interface if several interfaces are available for connecting to the server and proper routing is set. (An IP
address must be configured on this interface and it should not be in shutdown state.) Along with the ancp
mode client command, the ancp client server command is required in order to activate the ANCP client.
Once you enter this command, the ANCP client tries to connect to the remote server.
Examples
This example shows how to indicate to the ANCP client the IP address of the ANCP server it needs to
connect to:
Switch# ancp client server 10.1.2.31 interface FastEthernet 2/1
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-17
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
To fully activate ANCP, the administrator must also set the ANCP server IP address to which the ANCP
client must connect.
Examples
This example shows how to set the router to become an ANCP client:
Switch# ancp mode client
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-18
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
apply
To implement a new VLAN database, increment the configuration number, save the configuration
number in NVRAM, and propagate the configuration number throughout the administrative domain, use
the apply command.
apply
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The apply command implements the configuration changes that you made after you entered VLAN
database mode and uses them for the running configuration. This command keeps you in VLAN database
mode.
You cannot use this command when the switch is in the VTP client mode.
You can verify that the VLAN database changes occurred by entering the show vlan command from
privileged EXEC mode.
Examples
This example shows how to implement the proposed new VLAN database and to recognize it as the
current database:
Switch(config-vlan)# apply
Switch(config-vlan)#
Related Commands
Command
Description
reset
show vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-19
Chapter 2
apply
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-20
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
arp access-list
To define an ARP access list or add clauses at the end of a predefined list, use the arp access-list
command.
arp access-list name
Syntax Description
name
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to define an ARP access list named static-hosts:
Switch(config)# arp access-list static-hosts
Switch(config)#
Related Commands
Command
Description
deny
Permits ARPs from hosts that are configured for static IP when
DAI is enabled and to define an ARP access list and applies it to
a VLAN.
permit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-21
Chapter 2
attach module
attach module
To remotely connect to a specific module, use the attach module configuration command.
attach module mod
Syntax Description
mod
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command applies only to the Access Gateway Module on Catalyst 4500 series switches.
The valid values for mod depend on the chassis that are used. For example, if you have a Catalyst 4506
chassis, valid values for the module are from 2 to 6. If you have a 4507R chassis, valid values are from
3 to 7.
When you execute the attach module mod command, the prompt changes to Gateway#.
This command is identical in the resulting action to the session module mod and the remote login
module mod commands.
Examples
Related Commands
Command
Description
session module
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-22
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
authentication control-direction
To change the port control to unidirectional or bidirectional, use the authentication control-direction
command in interface configuration mode. To return to the default setting, use the no form of this
command.
authentication control-direction {both | in}
no authentication control-direction
Syntax Description
both
in
Command Default
both
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
The authentication control-direction command replaces the following dot1x command, which is
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
dot1x control-direction {both | in}
The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that
restricts unauthorized devices from connecting to a LAN through publicly accessible ports.
IEEE 802.1X controls network access by creating two distinct virtual access points at each port. One
access point is an uncontrolled port; the other is a controlled port. All traffic through the single port is
available to both access points. IEEE 802.1X authenticates each user device that connects to a switch
port and assigns the port to a VLAN before making available any services that are offered by the switch
or the LAN. Until the device authenticates, 802.1X access control allows only Extensible Authentication
Protocol (EAP) over LAN (EAPOL) traffic through the port to which the device connects. After
authentication succeeds, normal traffic can pass through the port.
Bidirectional stateWhen you configure a port as bidirectional with the dot1x control-direction
interface configuration command, the port is access-controlled in both directions. In this state, the
switch port sends only EAPOL.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-23
Chapter 2
authentication control-direction
Using the both keyword or using the no form of this command changes the port to its bidirectional
default setting.
Setting the port as bidirectional enables 802.1X authentication with Wake-on-LAN (WoL).
You can verify your settings by entering the show authentication privileged EXEC command.
Examples
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-24
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
milliseconds
Command Default
10000 milliseconds
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
The authentication critical recovery delay command replaces the following dot1x command, which is
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
dot1x critical recovery delay milliseconds
You can verify your settings by entering the show authentication privileged EXEC command.
Examples
This example shows how to set the recovery delay period that the switch waits to reinitialize a critical
port when an unavailable RADIUS server becomes available:
Switch(config)# authentication critical recovery delay 1500
Switch(config)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-25
Chapter 2
authentication event
authentication event
To configure the actions for authentication events, use the authentication event interface configuration
command. To return to the default settings, use the no form of this command.
authentication event fail [retry count] action [authorize vlan vlan | next-method}
authentication event server {alive action reinitialize | dead action authorize [vlan vlan] | voice
| dead action reinitialize [vlan vlan]}}
authentication event no-response action authorize vlan vlan]}
no authentication event {fail} | {server {alive | dead}} | {no-response}
Syntax Description
Command Default
fail
retry count
When authentication fails due to wrong user credentials, authorizes the port
to a particular VLAN.
fail action
next-method
Specifies that the required action for an authentication event moves to the
next authentication method.
Configures the AAA server dead actions to authorize data or voice clients
for the authentication events.
Configures the AAA server dead actions to reinitialize all authorized data
clients for authentication events.
no-response action
authorize
When the client does not support 802.1x, authorizes the port to a particular
VLAN.
The current authentication method is retried indefinitely (and fails each time) until the AAA server
becomes reachable.
Command Modes
Command History
Release
Modification
12.2(50)SG
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-26
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Usage Guidelines
The authentication event fail command replaces the following 802.1X commands, which are
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
The authentication event fail command is supported only for 802.1X to signal authentication failures.
By default, this failure type causes the authentication method to be retried. You can configure either to
authorize the port in the configured VLAN or to failover to the next authentication method. Optionally,
you can specify the number of authentication retries before performing this action.
The authentication event server command replaces the following 802.1X commands, which are
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
The authentication event server command specifies the behavior when the AAA server becomes
unreachable, ports are authorized in the specified VLAN.
The authentication server alive action command specifies the action to be taken once the AAA server
becomes reachable again.
You can verify your settings by entering the show authentication privileged EXEC command.
The authentication event no-response command replaces the following 802.1X command, which is
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
The authentication event no-response command specifies the action to be taken when the client does
not support 802.1X.
Examples
The following example shows how to specify that when an authentication fails due to bad user
credentials, the process advances to the next authentication method:
Switch(config-if)# authentication event fail action next-method
Switch(config-if)#
The following example shows how to specify the AAA server alive actions as reinitialize all authorized
clients for authentication events:
Switch(config-if)# authentication event server alive action reinitialize
Switch(config-if)#
The following example shows how to specify the AAA server dead actions that authorize the port for
authentication events:
Switch(config-if)# authentication event server dead action authorize
Switch(config-if)#
The following example shows how to specify the conditions when a client doesn't support 802.1X to
authorize the port for authentication events:
Switch(config-if)# authentication event authentication event no-response action authorize
vlan 10
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-27
Chapter 2
authentication event
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-28
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
authentication fallback
To enable WebAuth fallback and to specify the fallback profile to use when failing over to WebAuth, use
the authentication fallback interface command. To return to the default setting, use the no form of this
command.
authentication fallback profile
Syntax Description
profile
Command Default
Disabled
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Examples
This example shows how to enable WebAuth fallback and specify the fallback profile to use when failing
over to WebAuth:
Switch(config-if)# authentication fallback fallbacktest1
Switch(config-if)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-29
Chapter 2
authentication host-mode
authentication host-mode
To define the classification of a session that will be used to apply the access-policies in host-mode
configuration, use the authentication host-mode command in interface configuration mode. To return
to the default settings, use the no form of this command.
authentication host-mode {single-host | multi-auth | multi-domain | multi-host} [open]
[no] authentication host-mode {single-host | multi-auth | multi-domain | multi-host} [open]
Syntax Description
single-host
Specifies the session as an interface session, and allows one client on the
port only. This is the default host mode when enabling 802.1X.
multi-auth
multi-domain
multi-host
Specifies the session as an interface session, but allows more than one client
on the port.
open
Command Default
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Single-host mode classifies the session as an interface session (for example, one MAC per interface).
Only one client is allowed on the port, and any policies that are downloaded for the client are applied to
the whole port. A security violation is triggered if more than one client is detected.
Multi-host mode classifies the session as an interface session, but the difference with this host-mode is
that it allows more than one client to attach to the port. Only the first client that is detected on the port
will be authenticated and the rest will inherit the same access as the first client. The policies that are
downloaded for the first client will be applied to the whole port.
Multi-domain mode classifies the session based on a combination of MAC address and domain, with the
restriction that only one MAC is allowed per domain. The domain in the switching environment refers
to the VLAN, and the two supported domains are the DATA domain and the voice domain. Only one
client is allowed on a particular domain. So, only two clients (MACs) per port are supported. Each one
is required to authenticate separately. Any policies that are downloaded for the client will be applied for
that clients MAC/IP only and will not affect the other on the same port. The clients can be authenticated
using different methods (such as 802.1X for PC, MAB for IP phone, or vice versa). No restriction exists
on the authentication order.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-30
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The only caveat with the above statement is that web-based authentication is only available for data
devices because a user is probably operating the device and HTTP capability exists. Also, if web-based
authentication is configured in MDA mode, the only form of enforcement for all types of devices is
downloadable ACLs (dACL). The restriction is in place because VLAN assignment is not supported for
web-based authentication. Furthermore, if you use dACLs for data devices and not for voice devices,
when the users data falls back to webauth, voice traffic is affected by the ACL that is applied based on
the fallback policy. Therefore if webauth is configured as a fallback on an MDA enabled port, dACL is
the only supported enforcement method.
Multi-auth mode classifies the session as a MAC-based. No limit exists for the number of clients allowed
on a port data domain. Only one client is allowed in a voice domain and each one is required to
authenticate separately. Any policies that are downloaded for the client are applied for that clients MAC
or IP only and do not affect others on the same port.
The optional pre-authentication open access mode allows you to gain network access before
authentication is performed.This is primarily required for the PXE boot scenario, but not limited to just
that use case, where a device needs to access the network before PXE times out and downloads a
bootable image possibly containing a supplicant.
The configuration related to this feature is attached to the host-mode configuration whereby the
host-mode itself is significant for the control plane, while the open access configuration is significant
for the data plane. Open-access configuration has absolutely no bearing on the session classification.
The host-mode configuration still controls this. If the open-access is defined for single-host mode, the
port still allows only one MAC address. The port forwards traffic from the start and is only restricted by
what is configured on the port. Such configurations are independent of 802.1X. So, if there is no form
of access-restriction configured on the port, the client devices have full access on the configured VLAN.
You can verify your settings with the show authentication privileged EXEC command.
Examples
This example shows how to define the classification of a session that are used to apply the
access-policies using the host-mode configuration:
Switch(config-if)# authentication host-mode single-host
Switch(config-if)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-31
Chapter 2
authentication open
authentication open
To enable open access on this port, use the authentication open command in interface configuration
mode. To disable open access on this port, use the no form of this command.
authentication open
no authentication open
Syntax Description
Command Default
Disabled.
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Open Access allows clients or devices to gain network access before authentication is performed.
You can verify your settings with the show authentication privileged EXEC command.
This command overrides the authentication host-mode session-type open global configuration mode
command for the port only.
This command operates per-port rather than globally.
Examples
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-32
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
authentication order
To specify the order in which authentication methods should be attempted for a client on an interface,
use the authentication order command in interface configuration mode. To return to the default
settings, use the no form of this command.
authentication order method1 [method2] [method3]
no authentication order
Syntax Description
method1
method2
method3
Command Default
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Once you enter the authentication order command, only those methods explicitly listed will run. Each
method may be entered only once in the run list and no methods may be entered after you enter the
webauth keyword.
Authentication methods are applied in the configured (or default) order until authentication succeeds.
For authentication fails, failover to the next authentication method occurs (subject to the configuration
of authentication event handling).
You can verify your settings with the show authentication privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-33
Chapter 2
authentication order
Examples
The following example shows how to specify the order in which authentication methods should be
attempted for a client on an interface:
Switch(config-if)# authentication order mab dot1x webauth
Switch(config-if)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-34
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
authentication periodic
To enable reauthentication for this port, use the authentication periodic command in interface
configuration mode. To disable reauthentication for this port, use the no form of this command.
authentication periodic
no authentication periodic
Syntax Description
Command Default
Disabled.
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
The authentication periodic command replaces the following dot1x command, which is deprecated in
Cisco IOS Release 12.2(50)SG and later releases:
[no] dot1x reauthentication
The reauthentication period can be set using the authentication timer command.
You can verify your settings by entering the show authentication privileged EXEC command.
Examples
The following example shows how to enable reauthentication for this port:
Switch(config-if)# authentication reauthentication
Switch(config-if)#
The following example shows how to disable reauthentication for this port:
Switch(config-if)# no authentication reauthentication
Switch(config-if)#
Related Commands
Command
Description
authentication timer
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-35
Chapter 2
authentication port-control
authentication port-control
To configure the port-control value, use the authentication port-control command in interface
configuration mode. To return to the default setting, use the no form of this command.
authentication port-control [auto | force-authorized | force-unauthorized]
no authentication port-control
Syntax Description
auto
force-authorized
(Optional) Disables 802.1X on the interface and causes the port to change
to the authorized state without any authentication exchange required. The
port transmits and receives normal traffic without 802.1X-based
authentication of the client. The force-authorized keyword is the default.
force-unauthorized
(Optional) Denies all access through this interface by forcing the port to
change to the unauthorized state, ignoring all attempts by the client to
authenticate.
Command Default
force-authorized
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
The authentication port-control command replaces the following dot1x command, which is deprecated
in Cisco IOS Release 12.2(50)SG and later releases:
[no] dot1x port-control [auto | force-authorized | force-unauthorized]
The following guidelines apply to Ethernet switch network modules:
You can use the auto keyword only if the port is not configured as one of the following types:
Trunk portIf you try to enable 802.1X on a trunk port, an error message appears, and 802.1X
is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode
is not changed.
EtherChannel portBefore enabling 802.1X on the port, you must first remove it from the
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-36
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Switch Port Analyzer (SPAN) destination portYou can enable 802.1X on a port that is a SPAN
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination.
You can enable 802.1X on a SPAN source port.
To globally disable 802.1X on the device, you must disable it on each port. There is no global
configuration command for this task.
You can verify your settings with the show authentication privileged EXEC command.
The auto keyword allows you to send and receive only Extensible Authentication Protocol over LAN
(EAPOL) frames through the port. The authentication process begins when the link state of the port
transitions from down to up or when an EAPOL-start frame is received. The system requests the identity
of the client and begins relaying authentication messages between the client and the authentication
server. Each client attempting to access the network is uniquely identified by the system through the
clients MAC address.
Examples
The following example shows that the authentication status of the client PC will be determined by the
authentication process:
Switch(config-if)# authentication port-control auto
Switch(config-if)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-37
Chapter 2
authentication priority
authentication priority
To specify the priority of authentication methods on an interface, use the authentication priority
command in interface configuration mode. To return to the default settings, use the no form of this
command.
authentication priority method1 [method2] [method3]
no authentication priority
Syntax Description
method1
method2
method3
Command Default
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Configuring priorities for authentication methods allows a higher priority method (not currently
running) to interrupt an authentication in progress with a lower priority method. Alternatively, if the
client is already authenticated, an interrupt from a higher priority method can cause a client, which was
previously authenticated using a lower priority method, to reauthenticate.
The default priority of a method is equivalent to its position in the order of execution list. If you do not
configure a priority, the relative priorities (highest first) are dot1x, MAB and then webauth. If you enter
the authentication order command, the default priorities are the same as the configured order.
You can verify your settings with the show authentication privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-38
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
The following example shows how to specify the priority in which authentication methods should be
attempted for a client on an interface:
Switch(config-if)# authentication priority mab dot1x webauth
Switch(config-if)#
Related Commands
Command
Description
authentication order
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-39
Chapter 2
authentication timer
authentication timer
To configure the authentication timer, use the authentication timer command in interface configuration
mode. To return to the default settings, use the no form of this command.
authentication timer {{inactivity value} | {reauthenticate {server | value}} | {restart value}}
no authentication timer {{inactivity value} | {reauthenticate value} | {restart value}}
Syntax Description
inactivity value
Command Default
reauthenticate server
Specifies that the reauthentication period value for the client should be
obtained from the authentication, authorization, and accounting (AAA)
server as Session-Timeout (RADIUS Attribute 27).
reauthenticate value
restart value
reauthenticate value3600
restart valueOff
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-40
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
You should change the default values of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients or authentication servers.
During the inactivity period, the Ethernet switch network module does not accept or initiate any
authentication requests. If you want to provide a faster response time to the user, enter a number less
than the default.
The reauthenticate keyword affects the behavior of the Ethernet switch network module only if you
have enabled periodic reauthentication with the authentication reauthentication global configuration
command.
Examples
The following example shows how to specify that the reauthentication period value for the client should
be obtained from the authentication, authorization, and accounting (AAA) server as Session-Timeout
(RADIUS Attribute 27):
Switch(config-if)# authentication timer reauthenticate server
Switch(config-if)#
Related Commands
Command
Description
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-41
Chapter 2
authentication violation
authentication violation
Use the authentication violation interface configuration command to configure the violation mode:
restrict, shutdown, and replace.
In single-host mode, a security violation is triggered when more than one device are detected on the data
vlan. In multidomain authentication mode, a security violation is triggered when more than one device
are detected on the data or voice VLAN.
Security violation cannot be triggered in multiplehost or multiauthentication mode.
authentication violation { restrict | shutdown | replace}
no authentication violation {restrict | shutdown | replace}
Syntax Description
restrict
shutdown
replace
Replaces the existing host with the new host, instead of errordisabling or
restricting the port.
Defaults
Shut down the port. If the restrict keyword is configured, the port does not shutdown.
Command Modes
Interface configuration
Command History
Release
Modification
12.2(50)SG
12.2(54)SG
Usage Guidelines
When a new host is seen in single or multiple- domain modes, replace mode tears down the old session
and authenticates the new host.
Examples
A port is error-disabled when a security violation triggers on shutdown mode. The following syslog
messages displays:
%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface <interface name>, new
MAC address <mac-address> is seen.
%PM-4-ERR_DISABLE: security-violation error detected on <interface name>, putting
<interface name> in err-disable state
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-42
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
authentication
control-direction
authentication event
authentication
fallback
authentication
host-mode
authentication open
authentication order
authentication
periodic
authentication
port-control
authentication
priority
authentication timer
show authentication
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-43
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
This command generates a QoS configuration for untrusted interfaces. It places a service-policy to
classify the traffic coming from untrusted desktops or devices and marks them accordingly. The
service-policies generated do not police.
Global Level Commands Generated
The global templates are defined in A, B, C.
A. Template for ACLs and application classes used by the auto qos classify command.
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
ip access-list extended AutoQos-4.0-ACL-Bulk-Data
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 22
permit tcp any any eq smtp
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq pop3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-44
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-45
Chapter 2
set
set
set
class
set
set
set
class
set
set
dscp af11
cos 1
qos-group 10
AutoQos-4.0-Scavenger-Classify
dscp cs1
cos 1
qos-group 8
AutoQos-4.0-Default-Classify
dscp default
cos 0
C. Template for egress queue classes along with the SRND4 output policy that uses the egress classes to
allocate 8 queues. This template is required by all SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police commands executed in policy map configuration mode do not allow the remarking of
qos-groups for traffic flows that exceed defined rate limits, you must configure
AutoQos-4.0-Scavenger-Queue to match either qos-group 7 or dscp af11. When you enter the auto qos
classify police command, traffic flows that violate the defined rate limit are remarked to cs1 but retain
their original qos-group classification because qos-groups cannot be remarked as an exceed action.
However, because AutoQos-4.0-Scavenger-Queue is defined before all other queues in the output policy
map, remarked packets fall into it, despite retaining their original qos-group labels.
policy-map AutoQos-4.0-Output-Policye
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-46
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to generate a QoS configuration for the untrusted interface gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos classify
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-47
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
This command generates a QoS configuration for untrusted interfaces. It places a service-policy to
classify the traffic arriving from these untrusted desktops or devices and marks them accordingly. The
generated service-policies police and either mark-down or drop packets.
Global Level Commands Generated
Auto QoS srn4 commands, once applied to an interface, generate one or more of the following templates
(A, B, and C) at the global configuration level. Typically, a command generates a series of class-maps
that either match on ACLs or on DSCP or CoS values to differentiate traffic into application classes. An
input policy is generated that matches the generated classes, sets qos-groups on the classes, and in some
cases, polices the classes to a set bandwidth. (A qos-group is merely a numerical tag that allows different
application classes to be treated as one unit. Outside the switchs context, it has no significance.)
Furthermore, eight egress-queue class-maps are generated, matching the qos-groups set in the input
policy. The actual egress output policy assigns a queue to each one of these eight egress-queue
class-maps.
The commands generate the following templates as needed. For example, on initial use of the a new
command, global configurations that define the eight queue egress service-policy are generated
(template C, below). Subsequently, auto qos commands applied to other interfaces do not generate
templates for egress queuing because all auto qos commands rely on the same eight queue model after
migration, and they will have already been generated from the first use of the command.
The global templates are defined in A, B, C.
A. Template for ACLs and application classes used by the auto qos classify police command
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-48
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-49
Chapter 2
vulnerability because user whose PC was connected to an IP phone connected to a switch would be able
to re-mark DSCP markings of traffic arising from their PC to dscp ef using the NIC on their PC. This
places non real-time traffic in the priority queue in the egress direction.
B. Template for the input service-policy of the auto qos classify police command
policy-map AutoQos-4.0-Classify-Police-Input-Policy
class AutoQos-4.0-Multimedia-Conf-Classify
set dscp af41
set cos 4
set qos-group 34
police cir 5000000 bc 8000
exceed-action drop
class AutoQos-4.0-Signaling-Classify
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action drop
class AutoQos-4.0-Transaction-Classify
set dscp af21
set cos 2
set qos-group 18
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Bulk-Data-Classify
set dscp af11
set cos 1
set qos-group 10
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Scavenger-Classify
set dscp cs1
set cos 1
set qos-group 8
police cir 10000000 bc 8000
exceed-action drop
class AutoQos-4.0-Default-Classify
set dscp default
set cos 0
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
C. Template for egress queue classes along with the SRND4 output policy that uses the egress classes to
allocate eight queues. This template is required by the four SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-50
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to police traffic from an untrusted interface gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos classify police
Switch(config-if)# do sh run interface gigabitethernet1
Interface gigabitethernet1
auto qos classify police
service-policy input AutoQos-4.0-Classify-Police-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-51
Chapter 2
Syntax Description
Defaults
Command Modes
Global configuration
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
This command is generated when any new auto-QoS command is configured on an interface.
AutoQos SRND4 commands, when applied to an interface, generate one or more of the following
templates (A and B) at the global configuration level.
Typcally, a command generates a series of class-maps that either match on ACLs or on DSCP and CoS
values to differentiate traffic into application classes. An input policy is also generated, which matches
the generated classes, sets qos-groups on the classes, and in some cases, polices the classes to a set
bandwidth. (A qos-group is a numerical tag that allows different application classes to be treated as one
unit. It has no significance outside the context of the switch in which it was set.) Furthermore, eight
egress-queue class-maps are generated, matching the qos-groups set in the input policy. The actual
egress output policy assigns a queue to each of the eight egress-queue class-maps.
AutoQos srnd4 commands only generate a templates as needed. For example, the first time you use a
new srnd4 command, global configurations that define the eight queue egress service-policy are
generated (template B below). Subsequently, auto qos commands applied to other interfaces do not
generate templates for egress queuing because all auto-QoS commands rely on the same eight queue
models after migration, and they will have already been generated from the first use of the command.
For interfaces with auto qos voip trust enabled
Global Level Commands Generated
The global templates are defined in A and B (below).
A. This template of application classes is used by the auto-QoS video cts, auto qos video ip-camera,
and auto qos trust commands. This template class also includes the input service-policy for the auto
qos video cts, auto qos video ip-camera, and auto qos trust commands. Because these three commands
are the only ones that use AutoQos-4.0-Input-Policy, it makes sense to include that policy in the same
template that defines the application classes used by the previous three commands.
class-map match-any AutoQos-4.0-VoIP
match dscp ef
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-52
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
match cos 5
class-map match-all AutoQos-4.0-Broadcast-Vid
match dscp cs5
class-map match-all AutoQos-4.0-Realtime-Interact
match dscp cs4
class-map match-all AutoQos-4.0-Network-Ctrl
match dscp cs7
class-map match-all AutoQos-4.0-Internetwork-Ctrl
match dscp cs6
class-map match-any AutoQos-4.0-Signaling
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-Network-Mgmt
match dscp cs2
class-map match-any AutoQos-4.0-Multimedia-Conf
match dscp af41
match dscp af42
match dscp af43
class-map match-any AutoQos-4.0-Multimedia-Stream
match dscp af31
match dscp af32
match dscp af33
class-map match-any AutoQos-4.0-Transaction-Data
match dscp af21
match dscp af22
match dscp af23
class-map match-any AutoQos-4.0-Bulk-Data
match dscp af11
match dscp af12
match dscp af13
class-map match-all AutoQos-4.0-Scavenger
match dscp cs1
The AutoQos-4.0-Signaling and AutoQos-4.0-VoIP classes must match on CoS to handle the situation
when an IP phone is connected to an interface. (Cisco IP phones are only capable of re-marking CoS
bits, not DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-53
Chapter 2
B. This template for egress queue classes (along with the SRND4 output policy) allocates eight queues.
This template is required by all SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because the police commands executed in policy map configuration mode do not allow the re-marking
of qos-groups for traffic flows that exceed defined rate limits, you should configure
AutoQos-4.0-Scavenger-Queue to match either qos-group 7 or dscp af11. When you enter the auto qos
classify police command, traffic flows that violate the defined rate limit are remarked to cs1 but retain
their original qos-group classificatio because such groups cannot be re-marked as an exceed action.
However, because AutoQos-4.0-Scavenger-Queue is defined before all other queues in the output policy
map, re-marked packets fall into it, despite retaining their original qos-group labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
If Layer 3 interface:
Switch(config-if)# no service-policy input AutoQos-VoIP-Input-Dscp-Policy
no service-policy output AutoQos-VoIP-Output-Policy
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-54
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
To generate QoS configurations based on solution reference network design 4.0, do the following:
Switch# auto qos srnd4
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-55
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-56
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The AutoQos-4.0-Signaling and AutoQos-4.0-VoIP classes must also match on CoS to handle the case
when an IP phone is connected to an interface. (Cisco IP phones are only capable of remarking CoS bits,
not DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
B. Templates for egress queue classes and the srnd4 output policy that uses the egress classes to allocate
eight queues. This template is required by all srnd4 commands.
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-57
Chapter 2
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police commands executed in policy map configuration mode do not allow the remarking of
qos-groups for traffic flows that exceed defined rate limits, AutoQos-4.0-Scavenger-Queue must be
configured to match either qos-group 7 or dscp af11. When the auto qos classify police command
executes, traffic flows that violate the defined rate limit are remarked to cs1 but retain their original
qos-group classification. This is because qos-groups cannot be remarked as an exceed action. However,
because AutoQos-4.0-Scavenger-Queue is defined before all other queues in the output policy map,
remarked packets will fall into it, despite retaining their original qos-group labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
Examples
This example shows how to police traffic from an untrusted interface gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos trust
Switch(config-if)# do sh running interface interface-id
interface FastEthernet2/1
auto qos trust
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-58
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-59
Chapter 2
Syntax Description
cts
ip-camera
Defaults
Command Modes
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The auto qos video command trusts an interface only if Cisco TelePresence is detected. Else, the port is
untrusted.
Global Level Commands Generated
When auto-Qos srnd4 commands are applied to an interface, they generate one or more of the following
templates at the global configuration level. Typically, a command generates a series of class-maps that
either match on ACLs or on DSCP (or CoS) values to differentiate traffic into application classes. An
input policy is also generated, which matches the generated classes, sets qos-groups on the classes, and
in some cases, polices the classes to a set bandwidth. (A qos-group is simply a numerical tag that allows
different application classes to be treated as one unit. Outside the switchs context, it has no
significance.) Furthermore, eight egress-queue class-maps are generated, which match the qos-groups
set in the input policy. The actual egress output policy assigns a queue to each of the eight egress-queue
class-maps.
The srnd4 commsands generate the templates only as needed. For example, on first use of the new
command, global configurations that define the eight queue egress service-policy are generated.
Subsequently, auto-QoS commands applied to other interfaces do not generate templates for egress
queuing. This is because all auto-QoS commnds rely on the same eight queue model after migration,
already generated on first use of the command.
The global templates defined in A and B.
A. Template of application classes used by the auto qos video command
This template also includes the input service-policy for the auto qos video cts, auto qos video
ip-camera, and auto qos trust commands. Because these three commands are the only ones that use the
AutoQos-4.0-Input-Policy, we advise that you include that policy in the same template that defines the
application classes used by the commands.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-60
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The AutoQos-4.0-Signaling and AutoQos-4.0-VoIP classes must also match on CoS to the case where
an IP phone is connected to an interface. (Cisco IP phones are only capable of remarking CoS bits, not
DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-61
Chapter 2
B. Template for egress queue classes and the srnd4 output policy that uses the egress classes to allocate
eight queues. This template is required by all srnd commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police commands executed in policy map configuration mode do not allow the remarking of
qos-groups for traffic flows that exceed defined rate limits, AutoQos-4.0-Scavenger-Queue must be
configured to match either qos-group 7 or dscp af11. When the auto qos classify police command has
been executed, traffic flows that violate the defined rate limit are remarked to cs1 but retain their original
qos-group classification because qos-groups cannot be remarked as an exceed action. However, because
AutoQos-4.0-Scavenger-Queue is defined before all other queues in the output policy map, remarked
packets will fall into it, despite retaining their original qos-group labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
Examples
This example shows how to generate a QoS configuration on the cisco-telepresence interface
gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos video cts
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-62
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to generate QoS configuration for the cisco-camera interface
gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos video ip-camera
Switch(config-if)# do sh running interface interface-id
interface interface-id
auto qos video ip-camera
qos trust device ip-camera
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-63
Chapter 2
Syntax Description
cisco-phone
trust
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this command to configure a QoS that is appropriate for VoIP traffic within the QoS domain, which
includes the switch, the interior of the network, and the edge devices that can classify incoming traffic
for QoS.
Apply the cisco-phone keyword on those ports (at the edge of the network) that are connected to Cisco
IP phones. The switch detects the telephone through Cisco Discovery Protocol (CDP) and trusts those
CoS labels in packets that are received from the telephone.
Apply the trust keyword on those ports that are connected to the interior of the network. Assume that
the traffic has already been classified by the other edge devices. So, the CoS/DSCP labels in these
packets are trusted.
When you enable the auto-QoS feature on the specified interface, these actions automatically occur:
When you enter the auto qos voip cisco-phone interface configuration command, the trusted
boundary feature is enabled. It uses the Cisco Discovery Protocol (CDP) to detect the presence or
absence of a Cisco IP phone. When a Cisco IP phone is detected, the ingress classification on the
specific interface is set to trust the CoS label that is received in the packet because some older
phones do not mark DSCP. When a Cisco IP phone is absent, the ingress classification is set to not
trust the CoS label in the packet.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-64
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
When you enter the auto qos voip trust interface configuration command, the ingress classification
on the specified interface is set to trust the CoS label that is received in the packet provided the
specified interface is configured as Layer 2 (and is set to trust DSCP if the interface is configured
as Layer 3).
You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports.
To display the QoS configuration that is automatically generated when auto-QoS is enabled, enable
debugging (before you enable auto-QoS) with the debug auto qos privileged EXEC command.
To disable auto-QoS on an interface, use the no auto qos voip interface configuration command. When
you enter this command, the switch enables standard QoS and changes the auto-QoS settings to the
standard QoS default settings for that interface. This action will not change any global configuration
performed by auto-QoS; the global configuration remains the same.
Examples
This example shows how to enable auto-QoS and to trust the CoS and DSCP labels that are received in
the incoming packets when the switch or router that is connected to Gigabit Ethernet interface 1/1 is a
trusted device:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos voip trust
This example shows how to enable auto-QoS and to trust the CoS labels that are received in incoming
packets when the device connected to Fast Ethernet interface 2/1 is detected as a Cisco IP phone:
Switch(config)# interface fastethernet2/1
Switch(config-if)# auto qos voip cisco-phone
This example shows how to display the QoS configuration that is automatically generated when
auto-QoS is enabled on an interface on a Supervisor Engine 6-E:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface gigabitethernet3/10
Switch(config-if)#auto qos voip trust
Switch(config-if)#
1d03h: service-policy input AutoQos-VoIP-Input-Cos-Policy
1d03h: service-policy output AutoQos-VoIP-Output-Policy
Switch(config-if)#intface gigabitethernet3/11
Switch(config-if)#auto qos voip
cisco-phone
Switch(config-if)#
1d03h: qos trust device cisco-phone
1d03h: service-policy input AutoQos-VoIP-Input-Cos-Policy
1d03h: service-policy output AutoQos-VoIP-Output-Policy
Switch(config-if)#end
Switch#
You can verify your settings by entering the show auto qos interface command.
Related Commands
Command
Description
qos trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-65
Chapter 2
Command
Description
show qos
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-66
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
15.1(1)SG,
15.1(1)SG IOS-XE 3.3.0
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Ports configured with auto qos voip command are considered untrusted.
Global Level Commands Generated
After auto-QoS srnd4 commands are applied to an interface, they generate one or more of the following
templates (A, B, and C) at the global configuration level. Typically, a command generates a series of
class-maps that either match on ACLs or on DSCP (or CoS) values to differentiate traffic into application
classes. An input policy is also generated, whch matches the generated classes, sets qos-groups on the
classes, and in some cases, polices the classes to a set bandwidth. (A qos-group is a numerical tag that
allows different application classes to be treated as one unit. Outside the switchs context, it has no
significance.) Furthermore, eight egress-queue class-maps are generated, matching the qos-groups set in
the input policy. The actual egress output policy assigns a queue to each of these eight class-maps.
The commands generate templates only as needed. For example, on first use of a new commnand, global
configurations that define the eight queue egress service-policy are generated. Subsequently, auto-QoS
applied to other interfaces do not generate templates for egress queuing. This is because all auto-QoS
commands rely on the same eight queue models after migration, already been generated from the first
use of the new command.
The global template is defined by A, B, and C.
A. Template for ACLs and application classes used by the auto qos voip cisco-softphone command
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-67
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-68
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
would be able to remark DSCP markings of traffic arriving from their PC to DSCP ef using the NIC on
their PC. This results in incorrectly placing non real-time traffic in the priority queue in the egress
direction.
B. Template for the auto qos voip cisco-softphone command input service-policy
policy-map AutoQos-4.0-Cisco-Softphone-Input-Policy
class AutoQos-4.0-VoIP-Data
set dscp ef
set cos 5
set qos-group 32
police cir 128000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-VoIP-Signal
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Multimedia-Conf-Classify
set dscp af41
set cos 4
set qos-group 34
police cir 5000000 bc 8000
exceed-action drop
class AutoQos-4.0-Signaling-Classify
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action drop
class AutoQos-4.0-Transaction-Classify
set dscp af21
set cos 2
set qos-group 18
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Bulk-Data-Classify
set dscp af11
set cos 1
set qos-group 10
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Scavenger-Classify
set dscp cs1
set cos 1
set qos-group 8
police cir 10000000 bc 8000
exceed-action drop
class AutoQos-4.0-Default-Classify
set dscp default
set cos 0
C. Template for egress queue classes and the srnd4 output policy that uses the egress classes to allocate
eight queues. This template is required by all srnd4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-69
Chapter 2
Because the police commands executed in policy map configuration mode do not allow remarking of
qos-groups for traffic flows that exceed defined rate limits, AutoQos-4.0-Scavenger-Queue must be
configured to match either qos-group 7 or dscp af11. When the auto qos classify police command has
been executed, traffic flows that violate the defined rate limit are remarked to cs1 but retain their original
qos-group classification because qos-groups cannot be remarked as an exceed action. However, because
AutoQos-4.0-Scavenger-Queue is defined before all other queues in the output policy map, remarked
packets will fall into it, despite retaining their original qos-group labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
Examples
This example shows how to generate QoS configuration for interfaces Gigabit Ethernet 1/1 connected to
a PC that is running the Cisco IP SoftPhone application:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos voip cisco-softphone
Switch(config-if)# do sh running interface gigabitethernet1/1
interface gigabitethernet1/1
auto qos voip cisco-phone
qos trust device cisco-phone
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-70
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-71
Chapter 2
auto-sync
auto-sync
To enable automatic synchronization of the configuration files in NVRAM, use the auto-sync command.
To disable automatic synchronization, use the no form of this command.
auto-sync {startup-config | config-register | bootvar | standard}
no auto-sync {startup-config | config-register | bootvar | standard}
Syntax Description
startup-config
config-register
bootvar
standard
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R only).
Usage Guidelines
Examples
This example shows how (from the default configuration) to enable automatic synchronization of the
configuration register in the main CPU:
Switch# config terminal
Switch (config)# redundancy
Switch (config-r)# main-cpu
Switch (config-r-mc)# no auto-sync standard
Switch (config-r-mc)# auto-sync configure-register
Switch (config-r-mc)#
Related Commands
Command
Description
redundancy
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-72
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify the average packet size at the observation point in netflow-lite monitor submode, use the
average-packet-size command. To delete a sampler, use the no form of this command.
average-packet-size average-packet-size
no average-packet-size average-packet-size
Syntax Description
average-packer-size
Defaults
0 bytes
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Specifies the average packet size in bytes expected at the observation point.
You can enter this command in physical port interface mode, port channel interface, or config VLAN
mode.
The packet sampling mechanism attempts random 1-in-N sampling. Internally, 2 levels of sampling are
performed. The accuracy of the first sampling level depends on the size of the packets arriving at a given
interface. Use the average-packet-size parameter to tune the accuracy of the algorithm.
The system automatically determines the average packet size at an interface based on observation of
input traffic and uses that value in its first level of sampling.
The algorithm requires a range of packet sizes from 64 to 9216 bytes. A value of 0 means that you want
an automatic determination of average packet size.
Examples
The following example shows how to configure a monitor on a port interface Gigabit 1/3:
Switch# config terminal
Switch(config)# int GigabitEthernet1/3
Switch(config-if)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exit
Switch(config-if)# exit
Switch(config)# exit
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-73
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-74
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
bandwidth
To specify or modify the minimum bandwidth provided to a class belonging to a policy map attached to
a physical port, use the bandwidth policy-map class command. To return to the default setting, use the
no form of this command.
bandwidth {bandwidth-kbps | percent percent | remaining percent percent}
no bandwidth
Syntax Description
bandwidth-kbps
percent percent
Defaults
No bandwidth is specified.
Command Modes
Command History
Release
Modification
12.2(40)SG
This command was introduced on the Catalyst 4500 series switch using a
Supervisor Engine 6E.
Usage Guidelines
Use the bandwidth command only in a policy map attached to a physical port.
The bandwidth command specifies the minimum bandwidth for traffic in that class when there is traffic
congestion in the switch. If the switch is not congested, the class receives more bandwidth than you
specify with this command.
When queuing class is configured without any explicit bandwidth configuration, since the queue is not
guaranteed any minimum bandwidth, this queue will get a share of any unallocated bandwidth on the
port.
If there is no unallocated bandwidth for the new queue or if the unallocated bandwidth is not sufficient
to meet the minimum configurable rate for all queues which do not have any explicit bandwidth
configuration, then the policy association is rejected.
These restrictions apply to the bandwidth command:
If the percent keyword is used, the sum of the class bandwidth percentages within a single policy
map cannot exceed 100 percent. Percentage calculations are based on the bandwidth available on the
port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-75
Chapter 2
bandwidth
Examples
The amount of bandwidth configured should be large enough to accommodate Layer 2 overhead.
A policy map can have all the class bandwidths specified in either kbps or in percentages, but not a
mix of both.
This example shows how to set the minimum bandwidth to 2000 kbps for a class called silver-class. The
class already exists in the switch configuration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map polmap6
Switch(config-pmap)# class silver-class
Switch(config-pmap-c)# bandwidth 2000
Switch(config-pmap-c)# end
This example shows how to guarantee 30 percent of the bandwidth for class1 and 25 percent of the
bandwidth for class2 when CBWFQ is configured. A policy map with two classes is created and is then
attached to a physical port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# bandwidth percent 50
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class2
Switch(config-pmap-c)# bandwidth percent 25
Switch(config-pmap-c)# exit
Switch(config-pmap)# end
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy input policy1
Switch(config-if)# end
This example shows how bandwidth is guaranteed if low-latency queueing (LLQ) and bandwidth are
configured. In this example, LLQ is enabled in a class called voice1.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# bandwidth remaining percent 50
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class2
Switch(config-pmap-c)# bandwidth remaining percent 25
Switch(config-pmap-c)# exit
Switch(config-pmap)# class voice1
Switch(config-pmap-c)# priority
Switch(config-pmap-c)# exit
Switch(config-pmap)# end
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
You can verify your settings by entering the show policy-map privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-76
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
dbl
policy-map
priority
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-77
Chapter 2
Syntax Description
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
Once you enter the call-home command, the prompt changes to Switch (cfg-call-home)#, and you have
access to the call home configuration commands as follows:
contact-email-addr email-addressAssigns the system contacts e-mail address. You can enter up
to 128 alphanumeric characters in e-mail address format with no spaces.
customer-id nameProvides customer identification for Cisco AutoNotify. You can enter up to 256
alphanumeric characters. If you include spaces, you must enclose your entry in quotes ( ).
exitExits call home configuration mode and returns to global configuration mode.
mail-server {ipv4-address | name} priority priorityAssigns the customers e-mail server address
and relative priority. You can enter an IP address or a fully qualified domain name (FQDN), and
assign a priority from 1 (highest) to 100 (lowest).
You can define backup e-mail servers by repeating the mail-server command and entering different
priority numbers.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-78
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
profile nameEnters call-home profile configuration mode. See the profile command.
rate-limit thresholdConfigures the call-home message rate-limit threshold; valid values are from
1 to 60 messages per minute.
site-id alphanumericSpecifies the site identification for Cisco AutoNotify. You can enter up to
256 alphanumeric characters. If you include spaces, you must enclose your entry in quotes ( ).
street-address street-addressSpecifies the street address for the RMA part shipments. You can
enter up to 256 alphanumeric characters. If you include spaces, you must enclose your entry in
quotes ( ).
This example shows how to configure the call-home message rate-limit threshold:
Switch(config)# call-home
Switch(cfg-call-home)# rate-limit 50
This example shows how to set the call-home message rate-limit threshold to the default setting:
Switch(config)# call-home
Switch(cfg-call-home)# default rate-limit
This example shows how to create a new destination profile with the same configuration settings as an
existing profile:
Switch(config)# call-home
Switch(cfg-call-home)# copy profile profile1 profile1a
This example shows how to configure the general e-mail parameters, including a primary and secondary
e-mail server:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# call-home
Switch(cfg-call-home)# mail-server smtp.example.com priority 1
Switch(cfg-call-home)# mail-server 192.168.0.1 priority 2
Switch(cfg-call-home)# sender from [email protected]
Switch(cfg-call-home)# sender reply-to [email protected]
Switch(cfg-call-home)# exit
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-79
Chapter 2
This example shows how to specify MgmtVrf as the vrf name where the call-home email message is
forwarded:
Switch(cfg-call-home)# vrf MgmtVrf
Related Commands
Command
Description
show call-home
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-80
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
call-home request
To submit information about your system to Cisco for report and analysis information from the Cisco
Output Interpreter tool, use the call-home request command in privileged EXEC mode. An analysis
report is sent by Cisco to a configured contact e-mail address.
call-home request {output-analysis show-command | config-sanity | bugs-list |
command-reference | product-advisory} [profile name] [ccoid user-id]
Syntax Description
output-analysis
show-command
Sends the output of the specified CLI show command for analysis. The
show command must be contained in quotes ( ).
config-sanity
bugs-list
command-reference
product-advisory
Specifies the type of report requested. Based on this keyword, the output of
a predetermined set of commands such as the show running-config all,
show version, and show module (standalone) or show module switch all
(VS system) commands, is sent to Cisco for analysis.
profile name
ccoid user-id
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
The recipient profile does not need to be enabled for the call-home request. The profile should specify
the e-mail address where the transport gateway is configured so that the request message can be
forwarded to the Cisco TAC and the user can receive the reply from the Smart Call Home service.
Based on the keyword specifying the type of report requested, the following information is returned in
response to the request:
bugs-listKnown bugs in the running version and in the currently applied features.
product-advisoryProduct Security Incident Response Team (PSIRT) notices, End of Life (EOL)
or End of Sales (EOS) notices, or field notices (FN) that may affect devices in your network.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-81
Chapter 2
call-home request
Examples
Related Commands
call-home send
show call-home
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-82
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
call-home send
To execute a CLI command and e-mail the command output, use the call-home send command in
privileged EXEC mode.
call-home send cli-command {email email-addr [service-number SR] | service-number SR}
Syntax Description
cli-command
email email-addr
Specifies the e-mail address to which the CLI command output is sent. If no
e-mail address is specified, the command output is sent to the Cisco TAC at
[email protected].
service-number SR
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
This command causes the specified CLI command to be executed on the system. The specified CLI
command must be enclosed in quotes (), and can be any run or show command, including commands
for all modules.
The command output is then sent by e-mail to the specified e-mail address. If no e-mail address is
specified, the command output is sent to the Cisco TAC at [email protected]. The e-mail is sent in long
text format with the service number, if specified, in the subject line.
Examples
This example shows how to send a CLI command and have the command output e-mailed:
Switch# call-home send "show diagnostic result module all" email [email protected]
Related Commands
show call-home
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-83
Chapter 2
Syntax Description
configuration
diagnostic module
number
inventory
profile profile-name
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
When you enter the module number, you can enter the number of the module.
If you do not specify the profile profile-name, the message is sent to all subscribed destination profiles.
Only the configuration, diagnostic, and inventory alert groups can be manually sent. The destination
profile need not be subscribed to the alert group.
Examples
This example shows how to send the configuration alert-group message to the destination profile:
Switch# call-home send alert-group configuration
This example shows how to send the diagnostic alert-group message to the destination profile for a
specific module number:
Switch# call-home send alert-group diagnostic module 3
This example shows how to send the diagnostic alert-group message to all destination profiles for a
specific module number:
Switch# call-home send alert-group diagnostic module 3 profile Ciscotac1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-84
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
call-home test
show call-home
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-85
Chapter 2
call-home test
call-home test
To manually send a Call Home test message, use the call-home test command in privileged EXEC mode.
call-home test [test-message] profile profile-name
Syntax Description
test-message
profile profile-name
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
This command sends a test message to the specified destination profile. If you enter test message text,
you must enclose the text in quotes () if it contains spaces. If you do not enter a message, a default
message is sent.
Examples
This example shows how to manually send a Call Home test message:
Switch# call-home test test of the day profile Ciscotac1
Related Commands
call-home (global
configuration)
call-home send
alert-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-86
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
channel-group
To assign and configure an EtherChannel interface to an EtherChannel group, use the channel-group
command. To remove a channel group configuration from an interface, use the no form of this command.
channel-group number mode {active | on | auto [non-silent]} | {passive | desirable [non-silent]}
no channel-group
Syntax Description
number
mode
active
on
auto
Places a port into a passive negotiating state, in which the port responds to PAgP
packets it receives but does not initiate PAgP packet negotiation.
non-silent
(Optional) Used with the auto or desirable mode when traffic is expected from the
other device.
passive
desirable
Places a port into an active negotiating state, in which the port initiates negotiations
with other ports by sending PAgP packets.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(13)EW
Usage Guidelines
You do not have to create a port-channel interface before assigning a physical interface to a channel
group. If a port-channel interface has not been created, it is automatically created when the first physical
interface for the channel group is created.
If a specific channel number is used for the PAgP-enabled interfaces of a channel group, that same
channel number cannot be used for configuring a channel that has LACP-enabled interfaces or vice
versa.
You can also create port channels by entering the interface port-channel command. This will create a
Layer 3 port channel. To change the Layer 3 port channel into a Layer 2 port channel, use the switchport
command before you assign physical interfaces to the channel group. A port channel cannot be changed
from Layer 3 to Layer 2 or vice versa when it contains member ports.
You do not have to disable the IP address that is assigned to a physical interface that is part of a channel
group, but we recommend that you do so.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-87
Chapter 2
channel-group
Any configuration or attribute changes that you make to the port-channel interface are propagated to all
interfaces within the same channel group as the port channel (for example, configuration changes are
also propagated to the physical interfaces that are not part of the port channel, but are part of the channel
group).
You can create in on mode a usable EtherChannel by connecting two port groups together.
Caution
Examples
Do not enable Layer 3 addresses on the physical EtherChannel interfaces. Do not assign bridge groups
on the physical EtherChannel interfaces because it creates loops.
This example shows how to add Gigabit Ethernet interface 1/1 to the EtherChannel group that is
specified by port-channel 45:
Switch(config-if)# channel-group 45 mode on
Creating a port-channel interface Port-channel45
Switch(config-if)#
Related Commands
Command
Description
interface port-channel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-88
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
channel-protocol
To enable LACP or PAgP on an interface, use the channel-protocol command. To disable the protocols,
use the no form of this command.
channel-protocol {lacp | pagp}
no channel-protocol {lacp | pagp}
Syntax Description
lacp
pagp
Defaults
pagp
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can also select the protocol using the channel-group command.
If the interface belongs to a channel, the no form of this command is rejected.
All ports in an EtherChannel must use the same protocol; you cannot run two protocols on one module.
PAgP and LACP are not compatible; both ends of a channel must use the same protocol.
You can manually configure a switch with PAgP on one side and LACP on the other side in the on mode.
You can change the protocol at any time, but this change causes all existing EtherChannels to reset to
the default channel mode for the new protocol. You can use the channel-protocol command to restrict
anyone from selecting a mode that is not applicable to the selected protocol.
Configure all ports in an EtherChannel to operate at the same speed and duplex mode (full duplex only
for LACP mode).
For a complete list of guidelines, refer to the Configuring EtherChannel section of the Catalyst 4500
Series Switch Cisco IOS Software Configuration Guide.
Examples
This example shows how to select LACP to manage channeling on the interface:
Switch(config-if)# channel-protocol lacp
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-89
Chapter 2
channel-protocol
Related Commands
Command
Description
channel-group
show etherchannel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-90
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
cisp enable
Use the cisp enable global configuration command to enable Client Information Signalling Protocol
(CISP) on a switch.
cisp enable
no cisp enable
Syntax Description
cisp enable
Defaults
None
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Enable CISP.
Usage Guidelines
You must enable the CISP protocol (with the global cisp enable command) on both the authenticator and
supplicant switch. The CISP protocol is crucial because it conveys the client information from the
supplicant switch to the authenticator switch thereby providing access for the clients of the supplicant
switch through the authenticator switch.
Examples
Related Commands
Command
Description
show cisp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-91
Chapter 2
class
class
To specify the name of the class whose traffic policy you want to create or change, use the class
policy-map configuration command. To delete an existing class from a policy map, use the no form of
this command.
class class-name
no class class-name
Syntax Description
class-name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Name of the predefined traffic class for which you want to configure or modify a
traffic policy. The class was previously created through the class-map
class-map-name global configuration command.
Before using the class command, you must create a class map for matching packets to the class by using
the class-map global configuration command. You also must use the policy-map global configuration
command to identify the policy map and to enter policy-map configuration mode. After specifying a
policy map, you can configure a traffic policy for new classes or modify a traffic policy for any existing
classes in that policy map. The class name that you specify with the class command in the policy map
ties the characteristics for that class (its policy) to the class map and its match criteria, as configured
through the class-map global configuration command. You attach the policy map to a port by using the
service-policy (interface configuration) configuration command.
After you enter the class command, the switch enters policy-map class configuration mode, and these
configuration commands are available:
bandwidth Specifies or modifies the minimum bandwidth provided to a class belonging to a policy
map. For more information, see the bandwidth command.
dbl Enables dynamic buffer limiting for traffic hitting this class. For details on dbl parameters refer
to the show qos dbl command.
exit Exits policy-map class configuration mode and returns to policy-map configuration mode.
police Configures a single-rate policer, an aggregate policer, or a two-rate traffic policer that uses
the committed information rate (CIR) and the peak information rate (PIR) for a class of traffic. The
policer specifies the bandwidth limitations and the action to take when the limits are exceeded. For
more information, see the police command. For more information about the two-rate policer, see the
police (two rates) and the police (percent) command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-92
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
priority Enables the strict priority queue for a class of traffic. For more information, see the priority
command.
service-policy (policy-map class) Creates a service policy as a quality of service (QoS) policy
within a policy map (called a hierarchical service policy). For more information, see the
service-policy (policy-map class) command. This command is effective only in a hierarchical
policy map attached to an interface.
set Classifies IP traffic by setting a class of service (CoS), a Differentiated Services Code Point
(DSCP) or IP-precedence in the packet. For more information, see the set command.
shape (class-based queueing) Sets the token bucket committed information rate (CIR) in a policy
map. For more information, see the shape (class-based queueing) command.
trust Defines a trust state for a traffic class. For more information, see the trust command. This
command is not supported on the Supervisor Engine 6-E and the Catalyst 4900M chassis.
The switch supports up to 256 classes, including the default class, in a policy map. Packets that fail to
meet any of the matching criteria are classified as members of the default traffic class. You configure the
default traffic class by specifying class-default as the class name in the class policy-map class
configuration command. You can manipulate the default traffic class (for example, set policies to police
or to shape it) just like any other traffic class, but you cannot delete it.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Examples
This example shows how to create a policy map called policy1. When attached to an ingress port, the
policy matches all the inbound traffic defined in class1, sets the IP DSCP to 10, and polices the traffic
at an average rate of 1 Mbps and bursts of 20 KB. Traffic exceeding the profile is marked down to a
Traffic exceeding the profile is marked down to a DSCP value obtained from the policed-DSCP map and
then sent.
Switch# configure terminal
Switch(config)# class-map class1
Switch(config-cmap)# exit
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# set ip dscp 10
Switch(config-pmap-c)# police 1000000 20000 exceed-action policed-dscp-transmit
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet1/0/4
Switch(config-if)# service-policy input policy1
Switch#
You can verify your settings by entering the show policy-map privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-93
Chapter 2
class
Related Commands
Command
Description
bandwidth
class-map
dbl
police
police (percent)
police rate
policy-map
priority
service-policy (interface
configuration)
service-policy (policy-map
class)
set
show policy-map
trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-94
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
class-map
To create a class map to be used for matching packets to the class whose name you specify and to enter
class-map configuration mode, use the class-map global configuration command. To delete an existing
class map and to return to global configuration mode, use the no form of this command.
class-map [match-all | match-any] class-map-name
no class-map [match-all | match-any] class-map-name
Syntax Description
Defaults
match-all
(Optional) Perform a logical-AND of all matching under this class map. All
criteria in the class map must be matched.
match-any
class-map-name
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this command to specify the name of the class for which you want to create or modify class-map
match criteria and to enter class-map configuration mode. Packets are checked against the match criteria
configured for a class map to decide if the packet belongs to that class. If a packet matches the specified
criteria, the packet is considered a member of the class and is forwarded according to the quality of
service (QoS) specifications set in the traffic policy.
After you enter the class-map command, the switch enters class-map configuration mode, and these
configuration commands are available:
description Describes the class map (up to 200 characters). The show class-map privileged EXEC
command displays the description and the name of the class map.
match Configures classification criteria. For more information, see the match (class-map
configuration) command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-95
Chapter 2
class-map
Examples
This example shows how to configure the class map called class1 with one match criterion, which is an
access list called 103:
Switch# configure terminal
Switch(config)# access-list 103 permit any any dscp 10
Switch(config)# class-map class1
Switch(config-cmap)# match access-group 103
Switch(config-cmap)# exit
Switch#
You can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
match (class-map
configuration)
policy-map
show class-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-96
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
clear counters
To clear the interface counters, use the clear counters command.
clear counters [{FastEthernet interface_number} | {GigabitEthernet interface_number} |
{null interface_number} | {port-channel number} | {vlan vlan_id}]
Syntax Description
FastEthernet interface_number
GigabitEthernet interface_number
null interface_number
port-channel number
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
Note
Examples
This command clears all the current interface counters from all the interfaces unless you specify an
interface.
This command does not clear the counters that are retrieved using SNMP, but only those seen when you
enter the show interface counters command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-97
Chapter 2
clear counters
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-98
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
No default is defined.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(52)SG
Examples
You can verify that the tables were deleted by entering the show energywise neighbors privileged EXEC
command.
Note
Related Commands
Command
Description
show energywise
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-99
Chapter 2
clear errdisable
clear errdisable
To re-enable error-disabled VLANs on an interface, use the clear errdisable command.
clear errdisable interface {name} vlan [range]
Syntax Description
interface name
vlan
range
Defaults
Command Modes
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
If a VLAN range is not specified, all VLANs on the specified interface are re-enabled. The clear
errdisable command recovers the disabled VLANs on an interface.
Clearing the error-disabled state from a virtual port does not change the link state of the physical port,
and it does not affect other VLAN ports on the physical port. It does post an event to STP, and spanning
tree goes through its normal process of bringing that VLAN port to the appropriate blocking or
forwarding state.
Examples
Related Commands
Command
Description
errdisable detect
switchport port-security
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-100
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
slot_num
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You only need to change the password once unless the password is reset.
Examples
This example shows how to clear the password from slot 5 on a line module:
Switch# clear hw-module slot 5 password
Switch#
Related Commands
Command
Description
hw-module power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-101
Chapter 2
Note
This command does not increment interface resets as displayed with the show interface
gigabitethernet mod/port command.
clear interface gigabitethernet mod/port
Syntax Description
mod/port
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to clear the hardware logic from a Gigabit Ethernet IEEE 802.3z interface:
Switch# clear interface gigabitethernet 1/1
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-102
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
number
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Examples
This example shows how to clear the hardware logic from a specific VLAN:
Switch# clear interface vlan 5
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-103
Chapter 2
clear ip access-template
clear ip access-template
To clear the statistical information in access lists, use the clear ip access-template command.
clear ip access-template access-list
Syntax Description
access-list
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Number of the access list; valid values are from 100 to 199 for an IP extended access
list, and from 2000 to 2699 for an expanded range IP extended access list.
This example shows how to clear the statistical information for an access list:
Switch# clear ip access-template 201
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-104
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to clear the contents of the log buffer:
Switch# clear ip arp inspection log
Switch#
Related Commands
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-105
Chapter 2
Syntax Description
vlan vlan-range
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to clear the DAI statistics from VLAN 1 and how to verify the removal:
Switch# clear ip arp inspection statistics vlan 1
Switch# show ip arp inspection statistics vlan 1
Vlan
---1
Forwarded
--------0
Dropped
------0
Vlan
---1
DHCP Permits
-----------0
ACL Permits
----------0
Vlan
Dest MAC Failures
-------------------1
0
Switch#
Related Commands
DHCP Drops
---------0
ACL Drops
---------0
IP Validation Failures
---------------------0
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-106
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
ip-address
vlan vlan_num
interface interface_num
Defaults
Command Modes
Command History
Release
Modification
12.2(44)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
These commands are mainly used to clear DHCP snooping binding entries.
DHCP snooping is enabled on a VLAN only if both the global snooping and the VLAN snooping are
enabled.
Examples
This example shows how to clear all the DHCP snoop binding entries:
Switch# clear ip dhcp snooping binding *
Switch#
This example shows how to clear a specific DHCP snoop binding entry:
Switch# clear ip dhcp snooping binding 1.2.3.4
Switch#
This example shows how to clear all the DHCP snoop binding entries on the GigabitEthernet interface
1/1:
Switch# clear ip dhcp snooping binding interface gigabitEthernet 1/1
Switch#
This example shows how to clear all the DHCP snoop binding entries on VLAN 40:
Switch# clear ip dhcp snooping binding vlan 40
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-107
Chapter 2
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-108
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-109
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-110
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
fastethernet
mod/port
GigabitEthernet
host_name
group_address
Loopback interface_number
null interface_number
port-channel number
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The IGMP cache contains a list of the multicast groups of which hosts on the directly connected LAN
are members.
To delete all the entries from the IGMP cache, enter the clear ip igmp group command with no
arguments.
Examples
This example shows how to clear the entries for a specific group from the IGMP cache:
Switch# clear ip igmp group 224.0.255.1
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-111
Chapter 2
This example shows how to clear the IGMP group cache entries from a specific interface:
Switch# clear ip igmp group gigabitethernet 2/2
Switch#
Related Commands
Command
Description
show ip igmp groups (refer to Cisco IOS Displays the multicast groups with receivers that are
documentation)
directly connected to the router and that were learned
through Internet Group Management Protocol (IGMP), use
the show ip igmp groups command in EXEC mode.
show ip igmp interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-112
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
(Optional) Specifies a VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
Usage Guidelines
By default, the explicit host tracking database maintains a maximum of 1-KB entries. After you reach
this limit, no additional entries can be created in the database. To create more entries, you will need to
delete the database with the clear ip igmp snooping statistics vlan command.
Examples
This example shows how to display the IGMP snooping statistics for VLAN 25:
Switch# clear ip igmp snooping membership vlan 25
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-113
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to clear all the active MFIB routes and global counters:
Switch# clear ip mfib counters
Switch#
Related Commands
Command
Description
show ip mfib
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-114
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If new fast-dropped packets arrive, the new fast-drop entries are created.
Examples
Related Commands
Command
Description
ip mfib fastdrop
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-115
Chapter 2
clear ip wccp
clear ip wccp
To remove Web Cache Communication Protocol (WCCP) statistics (counts) maintained on the switch
for a particular service, use the clear ip wccp command in privileged EXEC mode.
clear ip wccp [vrf vrf-name {web-cache | service-number}] [web-cache | service-number]
Syntax Description
web-cache
(Optional) Directs the router to remove statistics for the web cache
service.
service-number
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Usage Guidelines
Use the show ip wccp and show ip wccp detail commands to display WCCP statistics.
Use the clear ip wccp command to clear the WCCP counters for all WCCP services in all VRFs.
Examples
The following example shows how to clear all statistics associated with the web cache service:
Switch# clear ip wccp web-cache
Related Commands
Command
Description
ip wccp
show ip wccp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-116
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
channel-group
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If you do not specify a channel group, all channel groups are cleared.
If you enter this command for a channel group that contains members in PAgP mode, the command is
ignored.
Examples
This example shows how to clear the statistics for a specific group:
Switch# clear lacp 1 counters
Switch#
Related Commands
Command
Description
show lacp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-117
Chapter 2
clear mac-address-table
clear mac-address-table
To clear the global counter entries from the Layer 2 MAC address table, use the clear
mac-address-table command.
clear mac-address-table {dynamic [{address mac_addr} | {interface interface}] [vlan vlan_id] |
notification}
Syntax Description
dynamic
address mac_addr
interface interface
(Optional) Specifies the interface and clears the entries associated with it; valid
values are FastEthernet and GigabitEthernet.
vlan vlan_id
notification
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(31)SG
Usage Guidelines
Enter the clear mac-address-table dynamic command with no arguments to remove all dynamic entries
from the table.
The clear mac-address-table notification command only clears the global counters which are displayed
with show mac-address-table notification command. It does not clear the global counters and the
history table of the CISCO-MAC-NATIFICATION-MIB.
Examples
This example shows how to clear all the dynamic Layer 2 entries for a specific interface (gi1/1):
Switch# clear mac-address-table dynamic interface gi1/1
Switch#
This example shows how to clear the MAC address notification counters:
Switch# clear mac-address-table notification
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-118
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
mac-address-table aging-time
mac-address-table notification
main-cpu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-119
Chapter 2
Syntax Description
address mac_addr
interface interface
(Optional) Specifies the interface and clears the entries associated with it; valid
values are FastEthernet and GigabitEthernet.
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
Enter the clear mac-address-table dynamic command with no arguments to remove all dynamic entries
from the table.
Examples
This example shows how to clear all the dynamic Layer 2 entries for a specific interface (gi1/1):
Switch# clear mac-address-table dynamic interface gi1/1
Switch#
Related Commands
Command
Description
mac-address-table aging-time
main-cpu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-120
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To clear the collector statistics, use the clear netflow-lite exporter statistics command.
clear netflow-lite exporter exporter-name statistics
Syntax Description
exporter-name
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Examples
Specifies an exporter.
The following examples show how to clear statistics of a packet sampler at a monitor:
Switch# clear netflow-lite exporter e1 statistics
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-121
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To clear statistics of a packet sampler at a monitor, use the clear netflow-lite monitor statistics
interface command.
clear netflow-lite monitor statistics interface vlan-id
Syntax Description
vlan-id
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Examples
Specifies an interface.
The following examples show how to clear statistics of a packet sampler at a monitor:
Switch# clear netflow-lite monitor 1 statistics int gi1/1
Switch# clear netflow-lite monitor 1 statistics vlan 10
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-122
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
No default is defined.
Command Modes
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
You can verify that information was deleted by entering the show nmsp statistics command.
Related Commands
Command
Description
show nmsp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-123
Chapter 2
clear pagp
clear pagp
To clear the port-channel information, use the clear pagp command.
clear pagp {group-number | counters}
Syntax Description
group-number
counters
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to clear the port-channel information for a specific group:
Switch# clear pagp 32
Switch#
This example shows how to clear all the port-channel traffic filters:
Switch# clear pagp counters
Switch#
Related Commands
Command
Description
show pagp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-124
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
clear port-security
To delete all configured secure addresses or a specific dynamic or sticky secure address on an interface
from the MAC address table, use the clear port-security command.
clear port-security dynamic [address mac-addr [vlan vlan-id]] | [interface interface-id] [vlan
access | voice]
Syntax Description
dynamic
address mac-addr
vlan vlan-id
(Optional) Deletes the specified secure MAC address from the specified
VLAN.
interface interface-id
(Optional) Deletes the secure MAC addresses on the specified physical port
or port channel.
vlan access
vlan voice
Defaults
Command Modes
Usage Guidelines
If you enter the clear port-security all command, the switch removes all the dynamic secure MAC
addresses from the MAC address table.
Note
You can clear sticky and static secure MAC addresses one at a time with the no switchport port-security
mac-address command.
If you enter the clear port-security dynamic interface interface-id command, the switch removes all
the dynamic secure MAC addresses on an interface from the MAC address table.
Command History
Examples
Release
Modification
12.2(18)EW
This command was first introduced on the Catalyst 4500 series switch.
12.2(31)SG
This example shows how to remove all the dynamic secure addresses from the MAC address table:
Switch# clear port-security dynamic
This example shows how to remove a dynamic secure address from the MAC address table:
Switch# clear port-security dynamic address 0008.0070.0007
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-125
Chapter 2
clear port-security
This example shows how to remove all the dynamic secure addresses learned on a specific interface:
Switch# clear port-security dynamic interface gigabitethernet0/1
You can verify that the information was deleted by entering the show port-security command.
Related Commands
Command
Description
show port-security
switchport port-security
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-126
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Examples
Related Commands
Command
Description
show pppoe
intermediate-agent interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-127
Chapter 2
clear qos
clear qos
To clear the global and per-interface aggregate QoS counters, use the clear qos command.
clear qos [aggregate-policer [name] | interface {{fastethernet | GigabitEthernet}
{mod/interface}} | vlan {vlan_num} | port-channel {number}]
Syntax Description
aggregate-policer name
interface
fastethernet
GigabitEthernet
mod/interface
vlan vlan_num
port-channel number
(Optional) Specifies the channel interface; valid values are from 1 to 64.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Note
This command is not supported on the Supervisor Engine 6-E and the Catalyst 4900M chassis.
When you enter the clear qos command, the way that the counters work is affected and the traffic that
is normally restricted could be forwarded for a short period of time.
The clear qos command resets the interface QoS policy counters. If no interface is specified, the clear
qos command resets the QoS policy counters for all interfaces.
Examples
This example shows how to clear the global and per-interface aggregate QoS counters for all the
protocols:
Switch# clear qos
Switch#
This example shows how to clear the specific protocol aggregate QoS counters for all the interfaces:
Switch# clear qos aggregate-policer
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-128
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
show qos
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-129
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
(Optional) VLAN number; see the Usage Guidelines section for valid values.
Usage Guidelines
If you do not specify a vlan-id value; the software-cached counter values for all the existing VLANs are
cleared.
Examples
This example shows how to clear the software-cached counter values for a specific VLAN:
Switch# clear vlan 10 counters
Clear "show vlan" counters on this vlan [confirm] y
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-130
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
show vmps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-131
Chapter 2
control-plane
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or
parameters (such as a service policy) that are associated with the control plane of the device, use the
control-plane command.
control-plane
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
12.2(50)SG
12.2(52)XO
12.2(54)XO
Usage Guidelines
After you enter the control-plane command, you can define control plane services for your route
processor. For example, you can associate a service policy with the control plane to police all traffic that
is destined to the control plane.
Examples
These examples show how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2 to
forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets to be policed at the specified rate:
Switch(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Switch(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate limit all other Telnet traffic.
Switch(config)# access-list 140 permit tcp any any eq telnet
! Define class-map telnet-class.
Switch(config)# class-map telnet-class
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map control-plane
Switch(config-pmap)# class telnet-class
Switch(config-pmap-c)# police 32000 1000 conform transmit exceed drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-132
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
! Define aggregate control plane service for the active Route Processor.
Switch(config)# macro global apply system-cpp
Switch(config)# control-plane
Switch(config-cp)# service-police input system-cpp-policy
Switch(config-cp)# exit
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
class-map
Configures the match criteria for a class map on the basis of the
specified access control list (ACL).
policy-map
service-policy (interface
configuration)
show policy-map
control-plane
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-133
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a CoS value for the NetFlow-lite collector, use the cos command. To delete the value, use the
no form of this command.
cos cos-value
no cos cos-value
Syntax Description
cos-value
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Specifies a CoS value for the NetFlow-lite collector. Valid values from 0 to 7.
Usage Guidelines
This option allows you to set the CoS value of VLAN tags for packet samples exported by the fpga alone.
Examples
This example shows how to specify a CoS value for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-134
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
export-protocol (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-135
Chapter 2
counter
counter
To assign counters to a Layer 3 interface, use the counter interface command. To remove a counter
assignment, use the no form of this command.
counter {ipv4 | ipv6 | ipv4 ipv6 separate}
no counter
Note
Syntax Description
Supervisor Engine 6-E and Supervisor Engine 6L-E do not support Layer 2 interface counters.
ipv4
ipv6
Enables collection of IPv4 and IPv6 statistics and displays them individually.
Defaults
Not enabled
Command Modes
Interface configuration
Command History
Release
Modification
12.2(40)SG
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(54)SG
Usage Guidelines
Entering the counter command without keywords displays the statistics as a sum.
The total number of switch ports that can possess transmit and receive counters is 4092.
When you change a Layer 3 port assigned with a counter to a Layer 2 port, the hardware counters are
cleared. This action is similar to entering the no counter command.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-136
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
In this situation, you must release a counter from another interface so the new interface can use it.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-137
Chapter 2
dbl
dbl
To enable active queue management on a transmit queue used by a class of traffic, use the dbl command.
Use the no form of this command to return to the default setting.
dbl
no dbl
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
12.2(40)SG
Usage Guidelines
The semantics of the DBL configuration is similar to the WRED algorithm. The dbl command can
operate alone on class-default; otherwise, it requires you to configure the bandwidth or shape
commands on the class.
Examples
Related Commands
Command
Description
bandwidth
class
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-138
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
policy-map
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-139
Chapter 2
debug adjacency
debug adjacency
To display information about the adjacency debugging, use the debug adjacency command. To disable
debugging output, use the no form of this command.
debug adjacency [ipc]
no debug adjacency
Syntax Description
ipc
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the information in the adjacency database:
Switch# debug adjacency
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
4d02h: ADJ: add 172.20.52.36
<... output truncated...>
Switch#
Related Commands
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
(GigabitEthernet1/1)
via
via
via
via
via
via
via
via
Command
Description
ARP
ARP
ARP
ARP
ARP
ARP
ARP
ARP
will
will
will
will
will
will
will
will
expire:
expire:
expire:
expire:
expire:
expire:
expire:
expire:
04:00:00
04:00:00
04:00:00
04:00:00
04:00:00
04:00:00
04:00:00
04:00:00
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-140
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug backup
To debug the backup events, use the debug backup command. To disable the debugging output, use the
no form of this command.
debug backup
no debug backup
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-141
Chapter 2
Syntax Description
fastethernet
mod/port
GigabitEthernet
null interface-num
port-channel interface-num
vlan vlan_id
Specifies the VLAN interface number; valid values are from 1 to 4094.
Defaults
Command Modes
Command History
Release
Examples
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
This example shows how to limit the debugging output to VLAN interface 1:
Switch# debug condition interface vlan 1
Condition 2 set
Switch#
Related Commands
Command
Description
debug interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-142
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
fastethernet
mod/port
GigabitEthernet
port-channel interface_num
vlan vlan_id
group-number
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
If you attempt to remove the only condition set, you will be prompted with a message asking if you want
to abort the removal operation. You can enter n to abort the removal or y to proceed with the removal. If
you remove the only condition set, an excessive number of debugging messages might occur.
Examples
This example shows how to limit the debugging output to group 0 in VLAN 1:
Switch# debug condition standby vlan 1 0
Condition 3 set
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-143
Chapter 2
This example shows the display if you try to turn off the last standby debug condition:
Switch# no debug condition standby vlan 1 0
This condition is the last standby condition set.
Removing all conditions may cause a flood of debugging
messages to result, unless specific debugging flags
are first removed.
Proceed with removal? [yes/no]: n
% Operation aborted
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-144
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
If you attempt to remove the only VLAN condition set, you will be prompted with a message asking if
you want to abort the removal operation. You can enter n to abort the removal or y to proceed with the
removal. If you remove the only condition set, it could result in the display of an excessive number of
messages.
Examples
This example shows the message that is displayed when you attempt to disable the last VLAN debug
condition:
Switch# no debug condition vlan 1
This condition is the last vlan condition set.
Removing all conditions may cause a flood of debugging
messages to result, unless specific debugging flags
are first removed.
Proceed with removal? [yes/no]: n
% Operation aborted
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-145
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-146
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug device-sensor
To enable debugging for Device Sensor, use the debug device-sensor command in privileged EXEC
mode.
debug device-sensor errors events
Syntax Description
errors
events
Displays messages for events such as protocol packet arrivals, identity updates, and
release events sent to the session manager.
Defaults
Command Modes
Privileged EXEC
Command History
Release
Modification
Usage Guidelines
Use the debug device-sensor command in conjunction with the debug authentication all command to
troubleshoot scenarios where device sensor cache entries are not being created for the connected devices
Examples
The following is sample output from the debug device-sensor events command. The debug output
shows how Cisco Discovery Protocol packets and TLVs are received from the device connected to the
GigabitEthernet 2/1 interface:
Switch# debug device-sensor events
Switch#
*Nov 30 23:58:45.811: DSensor: Received cdp packet from GigabitEthernet2/1:00d0.2bdf.08a5
*Nov 30 23:58:45.811: DSensor: SM returned no or invalid session label for
GigabitEthernet2/1:00d0.2bdf.08a5
*Nov 30 23:58:45.811: DSensor: Updating SM with identity attribute list
cdp-tlv
0
00 01 00 0B 4A 41 45 30 37 34 31 31 50 53 32
cdp-tlv
0
00 03 00 03 32 2F 38
cdp-tlv
0
00 04 00 04 00 00 00 0A
cdp-tlv
0
00 05 00 68 57 53 2D 43 32 39 34 38 20 53 6F 66 74 77 61 72 65
2C 20 56 65 72 73 69 6F 6E 20 4D 63 70 53 57 3A 20 36 2E 34 28 35 2E
30 29 20 4E 6D 70 53 57 3A 20 36 2E 34 28 35 29 0A 43 6F 70 79 72 69 67 68 74 20 28 63 29
20 31 39 39 35 2D 32 30 30 33 20 62 79 20 43 69 73 63 6F 20 53 79 73
74 65 6D 73 2C 20 49 6E 63 2E 0A
cdp-tlv
0
00 06 00 08 57 53 2D 43 32 39 34 38
cdp-tlv
0
00 09 00 00
cdp-tlv
0
00 0A 00 02 00 21
cdp-tlv
0
00 0B 00 01 01
cdp-tlv
0
00 12 00 01 00
cdp-tlv
0
00 13 00 01 00
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-147
Chapter 2
debug device-sensor
cdp-tlv
0
00 14 00 00
cdp-tlv
0
00 15 00 0A 06 08 2B 06 01 04 01 09 05 2A
cdp-tlv
0
00 16 00 16 00 00 00 02 01 01 CC 00 04 00 00 00 0001 01 CC 00 04
01 01 01 01
cdp-tlv
0
00 17 00 01 00
swidb
0
604702240 (0x240B0620)
clid-mac-addr
0
00 D0 2B DF 08 A5
*Nov 30 23:58:46.831: DSensor: Received cdp packet from
GigabitEthernet2/1:00d0.2bdf.08a5exi
Switch#
*Nov 30 23:58:51.171: %SYS-5-CONFIG_I: Configured from console by console
Related Commands
Command
Description
debug authentication
all
device-sensor
accounting
Adds the Device Sensor protocol data to the accounting records and
generates additional accounting events when new sensor data is detected.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-148
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug dot1x
To enable the debugging for the 802.1X feature, use the debug dot1x command. To disable the
debugging output, use the no form of this command.
debug dot1x {all | errors | events | packets | registry | state-machine}
no debug dot1x {all | errors | events | packets | registry | state-machine}
Syntax Description
all
errors
Enables the debugging of print statements guarded by the dot1x error flag.
events
Enables the debugging of print statements guarded by the dot1x events flag.
packets
All incoming dot1x packets are printed with packet and interface information.
registry
Enables the debugging of print statements guarded by the dot1x registry flag.
state-machine
Enables the debugging of print statements guarded by the dot1x registry flag.
Defaults
Debugging is disabled.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable the 802.1X debugging for all conditions:
Switch# debug dot1x all
Switch#
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-149
Chapter 2
debug etherchnl
debug etherchnl
To debug EtherChannel, use the debug etherchnl command. To disable the debugging output, use the
no form of this command.
debug etherchnl [all | detail | error | event | idb | linecard]
no debug etherchnl
Syntax Description
Defaults
all
detail
error
event
idb
linecard
Debug is disabled.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to display all the EtherChannel debug messages:
Switch# debug etherchnl
PAgP Shim/FEC debugging is on
22:46:30:FEC:returning agport Po15 for port (Fa2/1)
22:46:31:FEC:returning agport Po15 for port (Fa4/14)
22:46:33:FEC:comparing GC values of Fa2/25 Fa2/15 flag = 1 1
22:46:33:FEC:port_attrib:Fa2/25 Fa2/15 same
22:46:33:FEC:EC - attrib incompatable for Fa2/25; duplex of Fa2/25 is half, Fa2/15 is full
22:46:33:FEC:pagp_switch_choose_unique:Fa2/25, port Fa2/15 in agport Po3 is incompatable
Switch#
This example shows how to display the EtherChannel IDB debug messages:
Switch# debug etherchnl idb
Agport idb related debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-150
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-151
Chapter 2
debug interface
debug interface
To abbreviate the entry of the debug condition interface command, use the debug interface command.
To disable debugging output, use the no form of this command.
debug interface {FastEthernet mod/port | GigabitEthernet mod/port | null |
port-channel interface-num | vlan vlan_id}
no debug interface {FastEthernet mod/port | GigabitEthernet mod/port | null |
port-channel interface-num | vlan vlan_id}
Syntax Description
FastEthernet
mod/port
GigabitEthernet
null
port-channel interface-num
vlan vlan_id
Defaults
Command Modes
Command History
Release
Examples
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-152
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug ipc
To debug the IPC activity, use the debug ipc command. To disable the debugging output, use the no form
of this command.
debug ipc {all | errors | events | headers | packets | ports | seats}
no debug ipc {all | errors | events | headers | packets | ports | seats}
Syntax Description
all
errors
events
headers
packets
ports
seats
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable the debugging of the IPC events:
Switch# debug ipc events
Special Events debugging is on
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-153
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable the debugging for the DHCP snooping events:
Switch# debug ip dhcp snooping event
Switch#
This example shows how to disable the debugging for the DHCP snooping events:
Switch# no debug ip dhcp snooping event
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-154
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable the debugging for the DHCP snooping packets:
Switch# debug ip dhcp snooping packet
Switch#
This example shows how to disable the debugging for the DHCP snooping packets:
Switch# no debug ip dhcp snooping packet
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-155
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable debugging for the IP source guard:
Switch# debug ip verify source packet
Switch#
This example shows how to disable debugging for the IP source guard:
Switch# no debug ip verify source packet
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-156
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug lacp
To debug the LACP activity, use the debug lacp command. To disable the debugging output, use the no
form of this command.
debug lacp [all | event | fsm | misc | packet]
no debug lacp
Syntax Description
all
event
fsm
misc
packet
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supported only by the supervisor engine and can be entered only from the
Catalyst 4500 series switch console.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-157
Chapter 2
debug monitor
debug monitor
To display the monitoring activity, use the debug monitor command. To disable the debugging output,
use the no form of this command.
debug monitor {all | errors | idb-update | list | notifications | platform | requests}
no debug monitor {all | errors | idb-update | list | notifications | platform | requests}
Syntax Description
all
errors
idb-update
list
Displays the SPAN list tracing and the VLAN list tracing.
notifications
platform
requests
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-158
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug nmsp
To the enable debugging of the Network Mobility Services Protocol (NMSP) on the switch, use the
debug nmsp command. This command is available only when your switch is running the cryptographic
(encrypted) software image. Use the no form of this command to disable debugging.
debug nmsp {all | connection | error | event | packet | rx | tx}
no debug nmsp
Syntax Description
Defaults
Debugging is disabled.
Command Modes
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The undebug nmsp command is the same as the no debug nmsp command.
Related Commands
Command
Description
show debugging
show nmsp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-159
Chapter 2
debug nvram
debug nvram
To debug the NVRAM activity, use the debug nvram command. To disable the debugging output, use
the no form of this command.
debug nvram
no debug nvram
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-160
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug pagp
To debug the PAgP activity, use the debug pagp command. To disable the debugging output, use the no
form of this command.
debug pagp [all | dual-active | event | fsm | misc | packet]
no debug pagp
Syntax Description
all
dual-active
event
fsm
misc
packet
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supported only on the supervisor engine and can be entered only from the
Catalyst 4500 series switch console.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-161
Chapter 2
Syntax Description
receive
transmit
vlan
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-162
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
receive
transmit
vlan
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-163
Chapter 2
debug pm
debug pm
To debug the port manager (PM) activity, use the debug pm command. To disable the debugging output,
use the no form of this command.
debug pm {all | card | cookies | etherchnl | messages | port | registry | scp | sm | span | split |
vlan | vp}
no debug pm {all | card | cookies | etherchnl | messages | port | registry | scp | sm | span | split |
vlan | vp}
Syntax Description
all
card
cookies
etherchnl
messages
port
registry
scp
sm
span
split
vlan
vp
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-164
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug port-security
To debug port security, use the debug port-security command. To disable the debugging output, use the
no form of this command.
debug port-security
no debug port-security
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
switchport port-security
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-165
Chapter 2
Syntax Description
event
packet
all
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Examples
input
input
input
input
input
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-166
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
limit rate
pppoe intermediate-agent
trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-167
Chapter 2
debug redundancy
debug redundancy
To debug supervisor engine redundancy, use the debug redundancy command. To disable the debugging
output, use the no form of this command.
debug redundancy {errors | fsm | kpa | msg | progression | status | timer}
no debug redundancy
Syntax Description
errors
fsm
kpa
msg
progression
status
timer
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R only).
Examples
This example shows how to debug the redundancy facility timer event debugging:
Switch# debug redundancy timer
Redundancy timer debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-168
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug spanning-tree
To debug the spanning tree activities, use the debug spanning-tree command. To disable the debugging
output, use the no form of this command.
debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | etherchannel | config | events |
exceptions | general | ha | mstp | pvst+ | root | snmp | switch | synchronization | uplinkfast}
no debug spanning-tree {all | bpdu | bpdu-opt | etherchannel | config | events | exceptions |
general | mst | pvst+ | root | snmp}
Syntax Description
all
backbonefast
bpdu
bpdu-opt
etherchannel
config
events
exceptions
general
ha
mstp
pvst+
root
snmp
switch
synchronization
uplinkfast
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-169
Chapter 2
debug spanning-tree
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-170
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
detail
exceptions
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supported only on the supervisor engine and enterable only from the switch console.
Examples
This example shows how to enable the debugging and to display the detailed spanning tree BackboneFast
debugging information:
Switch# debug spanning-tree backbonefast detail
Spanning Tree backbonefast detail debugging is on
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-171
Chapter 2
Syntax Description
all
errors
general
pm
rx
decode
errors
Enables the debugging of the receive errors of the spanning-tree switch shim.
interrupt
Enables the shim ISR receive BPDU debugging on the spanning-tree switch.
process
state
tx
decode
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supported only on the supervisor engine and enterable only from the switch console.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-172
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to enable the transmit BPDU debugging on the spanning tree switch shim:
Switch# debug spanning-tree switch tx
Spanning Tree Switch Shim transmit bpdu debugging is on
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size
<... output truncated...>
Switch#
Related Commands
Command
92
92
92
92
92
92
92
on
on
on
on
on
on
on
FastEthernet5/9
FastEthernet5/9
FastEthernet5/9
FastEthernet5/9
FastEthernet5/9
FastEthernet5/9
FastEthernet5/9
303
304
305
349
350
351
801
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-173
Chapter 2
Syntax Description
exceptions
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supported only on the supervisor engine and enterable only from the switch console.
Examples
This example shows how to debug the spanning tree UplinkFast exceptions:
Switch# debug spanning-tree uplinkfast exceptions
Spanning Tree uplinkfast exceptions debugging is on
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-174
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
debug sw-vlan
To debug the VLAN manager activities, use the debug sw-vlan command. To disable the debugging
output, use the no form of this command.
debug sw-vlan {badpmcookies | events | management | packets | registries}
no debug sw-vlan {badpmcookies | events | management | packets | registries}
Syntax Description
badpmcookies
events
management
packets
registries
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-175
Chapter 2
Syntax Description
open
Enables the VLAN manager IFS debugging of errors in an IFS file-open operation.
read
Debugs the errors that occurred when the IFS VLAN configuration file was open for
reading.
write
Debugs the errors that occurred when the IFS VLAN configuration file was open for
writing.
{1 | 2 | 3 | 4}
Determines the file-read operation. See the Usage Guidelines section for
information about operation levels.
write
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Operation 1Reads the file header, which contains the header verification word and the file version
number.
Operation 2Reads the main body of the file, which contains most of the domain and VLAN
information.
This example shows how to debug the TLV data errors during a file-read operation:
Switch# debug sw-vlan ifs read 4
vlan manager ifs read # 4 errors debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-176
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-177
Chapter 2
Syntax Description
accfwdchange
allowedvlancfgchange
fwdchange
linkchange
modechange
pruningcfgchange
statechange
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to debug the software VLAN interface mode change notifications:
Switch# debug sw-vlan notification modechange
vlan manager port mode change notification debugging is on
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-178
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
events
Displays the general-purpose logic flow and detailed VTP debugging messages
generated by the VTP_LOG_RUNTIME macro in the VTP code.
packets
Displays the contents of all incoming VTP packets that have been passed into the VTP
code from the Cisco IOS VTP platform-dependent layer, except for pruning packets.
pruning
Enables the debugging message to be generated by the pruning segment of the VTP
protocol code.
packets
(Optional) Displays the contents of all incoming VTP pruning packets that have been
passed into the VTP code from the Cisco IOS VTP platform-dependent layer.
xmit
(Optional) Displays the contents of all outgoing VTP packets that the VTP code will
request that the Cisco IOS VTP platform-dependent layer to send.
xmit
Displays the contents of all outgoing VTP packets that the VTP code will request that
the Cisco IOS VTP platform-dependent layer to send; does not include pruning packets.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If you do not enter any more parameters after entering pruning, the VTP pruning debugging messages
are displayed.
Examples
This example shows how to debug the software VLAN outgoing VTP packets:
Switch# debug sw-vlan vtp xmit
vtp xmit debugging is on
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-179
Chapter 2
debug udld
debug udld
To enable the debugging of UDLD activity, use the debug udld command. To disable the debugging
output, use the no form of this command.
debug udld {events | packets | registries}
no debug udld {events | packets | registries}
Syntax Description
events
packets
Enables the debugging of the UDLD process as it receives packets from the packet queue
and attempts to transmit packets at the request of the UDLD protocol code.
registries
Enables the debugging of the UDLD process as it processes registry upcalls from the
UDLD process-dependent module and other feature modules.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is supportedonly on the supervisor engine and enterable only from the switch console.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-180
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-181
Chapter 2
debug vqpc
debug vqpc
To debug the VLAN Query Protocol (VQP), use the debug vqpc command. To disable the debugging
output, use the no form of this command.
debug vqpc [all | cli | events | learn | packet]
no debug vqpc [all | cli | events | learn | packet]
Syntax Description
all
cli
events
learn
packet
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-182
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
define interface-range
To create a macro of interfaces, use the define interface-range command.
define interface-range macro-name interface-range
Syntax Description
macro-name
interface-range
List of valid ranges when specifying interfaces; see the Usage Guidelines
section.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
FastEthernet
GigabitEthernet
Vlan vlan_id
Related Commands
Command
Description
interface range
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-183
Chapter 2
deny
deny
To deny an ARP packet based on matches against the DHCP bindings, use the deny command. To
remove the specified ACEs from the access list, use the no form of this command.
deny {[request] ip {any | host sender-ip | sender-ip sender-ip-mask} mac {any | host sender-mac
| sender-mac sender-mac-mask} | response ip {any | host sender-ip | sender-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mask}] mac {any | host sender-mac
| sender-mac sender-mac-mask} [{any | host target-mac | target-mac target-mac-mask}]} [log]
no deny {[request] ip {any | host sender-ip | sender-ip sender-ip-mask} mac {any | host
sender-mac | sender-mac sender-mac-mask} | response ip {any | host sender-ip | sender-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mask}] mac {any | host sender-mac
| sender-mac sender-mac-mask} [{any | host target-mac | target-mac target-mac-mask}]} [log]
Syntax Description
request
ip
any
host sender-ip
sender-ip sender-ip-mask
mac
host sender-mac
sender-mac sender-mac-mask
response
ip
host target-ip
target-ip target-ip-mask
mac
host target-mac
target-mac target-mac-mask
log
Defaults
At the end of the ARP access list, there is an implicit deny ip any mac any command.
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-184
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Deny clauses can be added to forward or drop ARP packets based on some matching criteria.
Examples
This example shows a host with a MAC address of 0000.0000.abcd and an IP address of 1.1.1.1. This
example shows howto deny both requests and responses from this host:
Switch(config)# arp access-list static-hosts
Switch(config-arp-nacl)# deny ip host 1.1.1.1 mac host 0000.0000.abcd
Switch(config-arp-nacl)# end
Switch# show arp access-list
ARP access list static-hosts
deny ip host 1.1.1.1 mac host 0000.0000.abcd
Switch#
Related Commands
Command
Description
arp access-list
permit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-185
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a destination address in netflow-lite submode, use the destination command. To delete an
exporter, use the no form of this command.
destination destination-address
no destination destination-address
Syntax Description
destination-address
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
One of the mandatory parameters for a minimally configured exporter along with the source Layer 3
interface and the UDP destination port of the collector.
Examples
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-186
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
export-protocol (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-187
Chapter 2
destination address
destination address
To configure the destination e-mail address or URL to which Call Home messages will be sent, use the
destination address command.
destination address {email email-address | http url}
Syntax Description
email email-address
http url
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
When entering the https:// destination URL for the secure server, you must also configure a trustpoint
CA.
Examples
This example shows how to set the destination to the e-mail address [email protected]:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination address email [email protected]
Related Commands
Command
Description
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-188
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-189
Chapter 2
Syntax Description
Defaults
3145728 bytes
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
Examples
This example shows how to configure the maximum message size for the destination profile as 3000000:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination message-size-limit 3000000
Switch(cfg-call-home-profile)#
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
subscribe-to-alert-group environment
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-190
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-191
Chapter 2
destination preferred-msg-format
destination preferred-msg-format
To configure a preferred message format, use the destination preferred-msg-format command.
destination preferred-msg-format {long-text | short-text | xml}
Syntax Description
long-text
short-text
xml
Defaults
xml
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
Examples
This example shows how to configure the preferred message format as long text:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination preferred-msg-format long-text
Switch(cfg-call-home-profile)#
Related Commands
Command
Description
destination address
destination transport-method
profile
subscribe-to-alert-group all
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-192
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-193
Chapter 2
destination transport-method
destination transport-method
To enable the message transport method, use the destination transport-method command.
destination transport-method {email | http}
Syntax Description
http
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
Examples
Related Commands
Command
Description
destination address
destination preferred-msg-format
profile
subscribe-to-alert-group all
subscribe-to-alert-group environment
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-194
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-195
Chapter 2
device-sensor filter-list
device-sensor filter-list
To create a CDP or Link Layer Discovery Protocol (LLPD) filter list that contains a list of
Type-Length-Value (TLV) fields to be included or excluded in the Device Sensor output, use the
device-sensor filter-list command in global configuration mode. To remove the filter list, use the no
form of this command.
device-sensor filter-list cdp | lldp list list-name
no device-sensor filter-list cdp | lldp list list-name
Syntax Description
list
list-name
Defaults
Command Modes
Global configuration
Command History
Release
Modification
Usage Guidelines
Use the device-sensor filter-list command to configure the name of the protocol filter list and enter into
discovery protocol sensor configuration mode. You can configure the list of TLVs in discovery protocol
sensor configuration mode using the tlv {name tlv-name | number tlv-number} command. Use the name
tlv-name keyword-argument pair to specify the name of the TLV. Enter ? to query the available TLV
names or refer to the following tables.
Table 2-1
Description
forward
location
location
server-location
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-196
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-2
LLDP TLVs
Description
mac-phy-cfg
management-address
port-description
port-vlan
power-management
system-capabilities
system-description
system-name
location
network-policy
Use the number tlv-name keyword-argument pair to specify the TLV number to be added to the TLV
filter list.
Use the no tlv {name tlv-name | number tlv-number} command to remove individual TLVs from the
TLV filter list.
Use the no device-sensor filter-list lldp list tlv-list-name command to remove the entire TLV list
containing all of the TLVs.
The following example shows how to create an LLDP filter containing a list of TLVs:
Switch> enable
Switch# configure terminal
Switch(config)# device-sensor filter-list lldp list lldp-list
Switch(config-sensor-lldplist)# tlv name mac-phy-config
Switch(config-sensor-lldplist)# tlv name system-name
Switch(config-sensor-lldplist)# end
Examples
The following example shows how to create an LLDP filter containing a list of TLVs:
Switch> enable
Switch# configure terminal
Switch(config)# device-sensor filter-list lldp list lldp-list
Switch(config-sensor-lldplist)# tlv name mac-phy-config
Switch(config-sensor-lldplist)# tlv name system-name
Switch(config-sensor-lldplist)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-197
Chapter 2
device-sensor filter-list
Related Commands
Command
Description
debug device-sensor
device-sensor
accounting
Adds the Device Sensor protocol data to accounting records and generates
additional accounting events when new sensor data is detected.
device-sensor filter-list Creates a DHCP filter containing a list of options that can be included or
dhcp
excluded in the Device Sensor output.
show device-sensor
cache
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-198
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
list
Defaults
Command Modes
Global configuration
Command History
Release
Modification
Usage Guidelines
Use the device-sensor filter-list dhcp command to configure the name of the DHCP options filter list
and enter into DHCP sensor configuration mode. You can configure the list of options in DHCP sensor
configuration mode using the option {name option-name | number option-number} command. Use the
name option-name keyword-argument pair to specify the name of the DHCP option. Use the number
option-number keyword-argument pair to specify the TLV number to be added to the DHCP options
filter list.
Use the no option {name option-name | number option-number} command to remove individual
options from the DHCP options filter list.
Use the no device-sensor filter-list dhcp list option-list-name command to remov the entire options
filter list.
Examples
The following example shows how to create a DHCP filter containing a list of options:
Switch> enable
Switch# configure terminal
Switch(config)# device-sensor filter-list dhcp list dhcp-list
Switch(config-sensor-dhcplist)# option name domain-name
Switch(config-sensor-dhcplist)# option name host-name
Switch(config-sensor-dhcplist)# option number 50
Switch(config-sensor-dhcplist)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-199
Chapter 2
Related Commands
Command
Description
debug device-sensor
device-sensor
accounting
Adds the Device Sensor protocol data to accounting records and generates
additional accounting events when new sensor data is detected.
device-sensor filter-list Creates a CDP or LLDP filter containing a list of options that can be included
or excluded in the Device Sensor output.
show device-sensor
cache
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-200
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
device-sensor filter-spec
To apply a protocol filter list to the Device Sensor output, use the device-sensor filter-spec command
in global configuration mode. To remove the protocol filter list from the device sensor output, use the
no form of this command.
device-sensor filter-spec {cdp | lldp | dhcp} {exclude {all | list list-name} | include list list-name}
Syntax Description
cdp
lldp
dhcp
exclude
Specifies the protocol TLVs or DHCP options to be excluded from the device sensor
output.
all
list list-name
include
Specifies the TLVs or DHCP options that should be included in the Device Sensor
output.
Defaults
All TLVs or DHCP options are included in notifications and will trigger notifications.
Command Modes
Global configuration
Command History
Release
Modification
Usage Guidelines
Use the device-sensor filter-spec command to specify a list of CDP or LLDP TLV fields or DHCP
options to be included in Device Sensor outputs.
Certain TLVs and message types such as DISCOVER, OFFER, REQUEST, ACK, and IP address are
unconditionally excluded. These excluded TLVs and message types are used as transport for higher layer
protocols, which change frequently and convey little useful information about endpoints. OFFER
messages are also excluded because they can be received from multiple servers, and therefore, do not
convey useful endpoint data.
Examples
The following example shows how to apply a CDP TLV filter list to the Device Sensor output:
Switch> enable
Switch# configure terminal
Switch(config)# device-sensor filter-spec cdp include cdp-list1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-201
Chapter 2
device-sensor filter-spec
Related Commands
Command
Description
debug device-sensor
device-sensor
accounting
Adds the Device Sensor protocol data to accounting records and generates
additional accounting events when new sensor data is detected.
device-sensor filter-list Creates a CDP or LLDP filter containing a list of options that can be included
or excluded in the Device Sensor output.
device-sensor filter-list Creates a DHCP filter containing a list of options that can be included or
dhcp
excluded in the Device Sensor output.
show device-sensor
cache
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-202
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
device-sensor notify
To enable client notifications and events for TLV changes, use the device-sensor notify command in
global configuration mode. To disable client notifications and accounting events for TLV changes, use
the no form of this command.
device-sensor notify all-changes | new-tlvs
no device-sensor notify all-changes | new-tlvs
Syntax Description
all-changes
Enables client notifications and accounting events for all TLV changes.
new-tlvs
Enables client notifications and accounting events for only new TLV changes.
Defaults
Client notifications and accounting events are generated only for new TLVs.
Command Modes
Global configuration
Command History
Release
Modification
Usage Guidelines
By default, for each supported peer protocol, client notifications and accounting events will only be
generated when an incoming packet includes a TLV that has not been previously received in the context
of a given session.
To enable client notifications and accounting events for all TLV changes, where either a new TLV has
been received or a previously received TLV has been received with a different value, use the
device-sensor notify all-changes command.
To return to the default behavior, use the device-sensor notify new-tlvs or the default device-sensor
notify command.
Examples
The following example shows how to enable client notifications and accounting events for all TLV
change:
Switch> enable
Switch# configure terminal
Switch(config)# device-sensor notify all-changes
Related Commands
Command
Description
debug device-sensor
device-sensor filter-list Creates a CDP or LLDP filter containing a list of options that can be included
or excluded in the Device Sensor output.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-203
Chapter 2
device-sensor notify
Command
Description
device-sensor filter-list Creates a DHCP filter containing a list of options that can be included or
dhcp
excluded in the Device Sensor output.
show device-sensor
cache
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-204
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
conservative
Dictates that the supervisor engine does not reload, Rather it issues a console error
message once an hour.
You should reload the supervisor engine at the next maintenance window.
aggressive
Defaults
A switch exhibits the default SEU behavior when this command is not configured. On redundant
switches that have reached SSO, the default behavior is aggressive. In all other switches, the default
behavior is conservative.
Command Modes
Command History
Release
Modification
12.2(53)SG3,
12.2(54)SG,
15.0(2)SG
XE 3.1.1SG
Support for this command was provided on the Catalyst 4500 series switch.
12.2(53)SG6
15.0(2)SG2
XE 3.3.0SG
Usage Guidelines
SEU events on the system FPGAs result in a potentially unstable switch. The only recovery is to reload
the affected supervisor engine. However, SEU events may be harmless, so you might want to delay the
reload until a maintenance window, to avoid impacting users. Alternatively, you might want to force an
immediate reload to avoid an instance where the switch crashes or drops traffic because of the SEU.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-205
Chapter 2
Syntax Description
conservative
(Optional) Specifies that the bootup SRAM diagnostics log all failures
and remove all affected buffers from the hardware operation. The
ongoing SRAM diagnostics will log events, but will take no other
action.
normal
aggressive
Defaults
normal mode
Command Modes
Command History
Release
Modification
12.2(18)EW
Usage Guidelines
Use the conservative keyword when you do not want the switch to reboot so that the problem can be
fixed.
Use the aggressive keyword when you have redundant supervisor engines, or when network-level
redundancy has been provided.
Examples
This example shows how to configure the switch to initiate an RPR switchover when an ongoing failure
occurs:
Switch# configure terminal
Switch (config)# diagnostic monitor action normal
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-206
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
diagnostic start
To run the specified diagnostic test, use the diagnostic start command.
diagnostic start {module num} {test test-id} [port num]
Syntax Description
module num
Module number.
test
test-id
Specifies an identification number for the test to be run; can be the cable
diagnostic test-id, or the cable-tdr keyword.
port num
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to run the specified diagnostic test at the specified module:
This exec command starts the TDR test on specified interface
Switch# diagnostic start module 1 test cable-tdr port 3
diagnostic start module 1 test cable-tdr port 3
module 1: Running test(s) 5 Run interface level cable diags
module 1: Running test(s) 5 may disrupt normal system operation
Do you want to continue? [no]: yes
yes
Switch#
2d16h: %DIAG-6-TEST_RUNNING: module 1: Running online-diag-tdr{ID=5} ...
2d16h: %DIAG-6-TEST_OK: module 1: online-diag-tdr{ID=5} has completed successfully
Switch#
Note
Related Commands
The show cable-diagnostic tdr command displays the results of a TDR test. The test results will not be
available until approximately 1 minute after the test starts. If you enter the show cable-diagnostic tdr
command within 1 minute of the test starting, you may see a TDR test is in progress on interface...
message.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-207
Chapter 2
Syntax Description
max-attempts
Defaults
Default is 3.
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to configure the maximum number of attempts before the port is moved to the
auth-fail VLAN on Fast Ethernet interface 4/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x auth-fail max-attempts 5
Switch(config-if)# end
Switch#
Related Commands
Command
Description
dot1x max-reauth-req
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-208
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to configure the auth-fail VLAN on Fast Ethernet interface 4/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x auth-fail vlan 40
Switch(config-if)# end
Switch#
Related Commands
Command
Description
dot1x max-reauth-req
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-209
Chapter 2
dot1x control-direction
dot1x control-direction
To enable unidirectional port control on a per-port basis on a switch, use the dot1x control-direction
command. Use the no form of this command to disable unidirectional port control.
dot1x control-direction [in | both]
no dot1x control-direction
Syntax Description
in
both
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can manage remote systems using unidirectional control. Unidirectional control enables you to turn
on systems remotely using a specific Ethernet packet, known as a magic packet.
Using unidirectional control enables you to remotely manage systems using 802.1X ports. In the past,
the port became unauthorized after the systems was turned off. In this state, the port only allowed the
receipt and transmission of EAPoL packets. Therefore, there was no way for the unidirectional control
magic packet to reach the host and without being turned on there was no way for the system to
authenticate and open the port.
Examples
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-210
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
profile
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
You must have another switch set up as the authenticator for this switch to be the supplicant.
Examples
You can verify your settings by entering the show running-config privileged EXEC command.
Related Commands
Command
Description
cisp enable
show cisp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-211
Chapter 2
dot1x critical
dot1x critical
To enable the 802.1X critical authentication on a port, use the dot1x critical command. To return to the
default setting, use the no form of this command.
dot1x critical
no dot1x critical
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-212
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
dot1x critical
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-213
Chapter 2
Syntax Description
delay-time
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to set the 802.1x critical recovery delay time to 500:
Switch(config-if)# dot1x critical recovery delay 500
Switch(config-if)#
Related Commands
Command
Description
dot1x critical
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-214
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The type of VLAN specified must match the type of the port. If the port is an access port, the VLAN
must be a regular VLAN. If the port is a private-VLAN host port, the VLAN must be the secondary
VLAN of a valid private-VLAN domain. If the port is a routed port, no VLAN may be specified.
This command is not supported on platforms such as Layer 3 switches that do not include the Critical
Auth VLAN subsystem.
Examples
This example shows how to enable 802.1x critical authentication on a ports VLAN:
Switch(config-if)# dot1x critical vlan 350
Switch(config-if)#
Related Commands
Command
Description
dot1x critical
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-215
Chapter 2
dot1x guest-vlan
dot1x guest-vlan
To enable a guest VLAN on a per-port basis, use the dot1x guest-vlan command. To return to the default
setting, use the no form of this command.
dot1x guest-vlan vlan-id
no dot1x guest-vlan vlan-id
Syntax Description
vlan-id
Defaults
This command has no default settings.; the guest VLAN feature is disabled.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EWA
Support for secondary VLAN as the configured guest VLAN ID was added.
Usage Guidelines
Guest VLANs can be configured only on ports that are statically configured as access ports or private
VLAN host ports. Statically configured access ports can be configured with regular VLANs as guest
VLANs; statically configured private VLAN host ports can be configured with secondary private
VLANs as guest VLANs.
Examples
This example shows how to enable a guest VLAN on Fast Ethernet interface 4/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x guest-vlan 26
Switch(config-if)# end
Switch(config)# end
Switch#
Related Commands
Command
Description
dot1x max-reauth-req
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-216
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(25)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
With Cisco Release 12.2(25) EWA, you can use the dot1x guest-vlan supplicant command to place an
802.1X-capable host into a guest VLAN. Prior to Cisco Release 12.2(25)EWA, you could only place
non-802.1X capable hosts into a guest VLAN.
When guest VLAN supplicant behavior is enabled, the Catalyst 4500 series switch does not maintain
EAPOL packet history. The switch allows clients that fail 802.1X authentication to access a guest
VLAN, whether or not EAPOL packets have been detected on the interface.
Examples
This example shows how to place an 802.1X-capable supplicant (host) into a guest VLAN:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# end
Switch#
Related Commands
Command
Description
dot1x system-auth-control
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-217
Chapter 2
dot1x host-mode
dot1x host-mode
Use the dot1x host-mode interface configuration command on the switch stack or on a standalone switch
to allow a single host (client) or multiple hosts on an IEEE 802.1x-authorized port. Use the
multi-domain keyword to enable multidomain authentication (MDA) on an IEEE 802.1x-authorized
port. Use the no form of this command to return to the default setting.
dot1x host-mode {multi-host | single-host | multi-domain}
no dot1x host-mode [multi-host | single-host | multi-domain}
Syntax Description
multi-host
single-host
multi-domain
Defaults
Command Modes
Command History
Release
Modification
12.2(20)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(37)SG
Usage Guidelines
Use this command to limit an IEEE 802.1X-enabled port to a single client or to attach multiple clients
to an IEEE 802.1X-enabled port. In multiple-hosts mode, only one of the attached hosts needs to be
successfully authorized for all hosts to be granted network access. If the port becomes unauthorized
(re-authentication fails or an Extensible Authentication Protocol over LAN [EAPOL]-logoff message is
received), all attached clients are denied access to the network.
Use the multi-domain keyword to enable MDA on a port. MDA divides the port into both a data domain
and a voice domain. MDA allows both a data device and a voice device, such as an IP phone (Cisco or
non-Cisco), on the same IEEE 802.1x-enabled port.
Before entering this command, make sure that the dot1x port-control interface configuration command
is set to auto for the specified port.
You can assign both voice and data VLAN dynamically from the ACS server. No additional
configuration is required to enable dynamic VLAN assignment on the switch.To enable VLAN
assignment, you must configure the Cisco ACS server. For details on configuring the ACS server for
voice VLAN assignment, refer to the Cisco ACS Configuration for VLAN Assignment section in the
Catalyst 4500 Series Switch Software Configuration Guide-Release, 12.2(52)SG.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-218
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to enable IEEE 802.1x authentication and to enable multiple-hosts mode:
Switch# configure t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet6/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
Switch(config-if)# end
Switch#
This example shows how to enable MDA and to allow both a host and a voice device on the port:
Switch# configure t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface FastEthernet6/1
Switch(config-if)# switchport access vlan 12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 10
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-domain
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch#
You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC
command.
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-219
Chapter 2
dot1x initialize
dot1x initialize
To unauthorize an interface before reinitializing 802.1X, use the dot1x initialize command.
dot1x initialize interface
Syntax Description
interface
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this command to initialize state machines and to set up the environment for fresh authentication.
Examples
This example shows how to initialize the 802.1X state machines on an interface:
Switch# dot1x initialize
Switch#
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-220
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
dot1x mac-auth-bypass
To enable the 802.1X MAC address bypassing on a switch, use the dot1x mac-auth-bypass command.
Use the no form of this command to disable MAC address bypassing.
dot1x mac-auth-bypass [eap]
no dot1x mac-auth-bypass [eap]
Syntax Description
eap
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The removal of the dot1x mac-auth-bypass configuration from a port does not affect the authorization
or authentication state of a port. If the port is in unauthenticated state, it remains unauthenticated, and if
MAB is active, the authentication will revert back to the 802.1X Authenticator. If the port is authorized
with a MAC address, and the MAB configuration is removed the port remains authorized until
re-authentication takes place. When re-authentication occurs the MAC address is removed in favor of an
802.1X supplicant, which is detected on the wire.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-221
Chapter 2
dot1x max-reauth-req
dot1x max-reauth-req
To set the maximum number of times that the switch will retransmit an EAP-Request/Identity frame to
the client before restarting the authentication process, use the dot1x max-reauth-req command. To
return to the default setting, use the no form of this command.
dot1x max-reauth-req count
no dot1x max-reauth-req
Syntax Description
count
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers. This
setting impacts the wait before a non-dot1x-capable client is admitted to the guest VLAN, if one is
configured.
You can verify your settings by entering the show dot1x privileged EXEC command.
Examples
This example shows how to set 5 as the number of times that the switch retransmits an
EAP-Request/Identity frame before restarting the authentication process:
Switch(config-if)# dot1x max-reauth-req 5
Switch(config-if)#
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-222
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
dot1x max-req
To set the maximum number of times that the switch retransmits an Extensible Authentication Protocol
(EAP)-Request frame of types other than EAP-Request/Identity to the client before restarting the
authentication process, use the dot1x max-req command. To return to the default setting, use the no
form of this command.
dot1x max-req count
no dot1x max-req
Syntax Description
count
Defaults
Command Modes
Command History
Release
Usage Guidelines
Number of times that the switch retransmits EAP-Request frames of types other than
EAP-Request/Identity before restarting the authentication process; valid values are from
1 to 10.
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
You can verify your settings by entering the show dot1x privileged EXEC command.
Examples
This example shows how to set 5 as the number of times that the switch retransmits an EAP-Request
frame before restarting the authentication process:
Switch(config-if)# dot1x max-req 5
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-223
Chapter 2
dot1x max-req
Related Commands
Command
Description
dot1x initialize
dot1x max-reauth-req
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-224
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
dot1x port-control
To enable manual control of the authorization state on a port, use the dot1x port-control command. To
return to the default setting, use the no form of this command.
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control {auto | force-authorized | force-unauthorized}
Syntax Description
auto
force-authorized
force-unauthorized
Denies all access through the specified interface by forcing the port to
transition to the unauthorized state, ignoring all attempts by the client to
authenticate. The switch cannot provide authentication services to the client
through the interface.
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The 802.1X protocol is supported on both the Layer 2 static-access ports and the Layer 3-routed ports.
You can use the auto keyword only if the port is not configured as follows:
Trunk portIf you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is
not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not
changed.
Dynamic portsA port in dynamic mode can negotiate with its neighbor to become a trunk port. If
you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled.
If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.
EtherChannel portBefore enabling 802.1X on the port, you must first remove it from the
EtherChannel. If you try to enable 802.1X on an EtherChannel or on an active port in an
EtherChannel, an error message appears, and 802.1X is not enabled. If you enable 802.1X on an
inactive port of an EtherChannel, the port does not join the EtherChannel.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-225
Chapter 2
dot1x port-control
Switch Port Analyzer (SPAN) destination portYou can enable 802.1X on a port that is a SPAN
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You
can enable 802.1X on a SPAN source port.
To globally disable 802.1X on the switch, you must disable it on each port. There is no global
configuration command for this task.
Examples
You can verify your settings by using the show dot1x all or show dot1x interface int commands to show
the port-control status. An enabled status indicates that the port-control value is set either to auto or to
force-unauthorized.
Related Commands
Command
Description
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-226
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
dot1x re-authenticate
To manually initiate a reauthentication of all 802.1X-enabled ports or the specified 802.1X-enabled port,
use the dot1x re-authenticate command.
dot1x re-authenticate [interface interface-id]
Syntax Description
interface interface-id
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can use this command to reauthenticate a client without waiting for the configured number of
seconds between reauthentication attempts (re-authperiod) and automatic reauthentication.
Examples
This example shows how to manually reauthenticate the device connected to Gigabit Ethernet
interface 1/1:
Switch# dot1x re-authenticate interface gigabitethernet1/1
Starting reauthentication on gigabitethernet1/1
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-227
Chapter 2
dot1x re-authentication
dot1x re-authentication
To enable the periodic reauthentication of the client, use the dot1x re-authentication command. To
return to the default setting, use the no form of this command.
dot1x re-authentication
no dot1x re-authentication
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You configure the amount of time between the periodic reauthentication attempts by using the dot1x
timeout re-authperiod global configuration command.
Examples
This example shows how to disable the periodic reauthentication of the client:
Switch(config-if)# no dot1x re-authentication
Switch(config-if)#
This example shows how to enable the periodic reauthentication and set the number of seconds between
the reauthentication attempts to 4000 seconds:
Switch(config-if)# dot1x re-authentication
Switch(config-if)# dot1x timeout re-authperiod 4000
Switch#
You can verify your settings by entering the show dot1x privileged EXEC command.
Related Commands
Command
Description
dot1x timeout
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-228
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
dot1x system-auth-control
To enable 802.1X authentication on the switch, use the dot1x system-auth-control command. To
disable 802.1X authentication on the system, use the no form of this command.
dot1x system-auth-control
no dot1x system-auth-control
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You must enable dot1x system-auth-control if you want to use the 802.1X access controls on any port
on the switch. You can then use the dot1x port-control auto command on each specific port on which
you want the 802.1X access controls to be used.
Examples
Related Commands
Command
Description
dot1x initialize
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-229
Chapter 2
dot1x timeout
dot1x timeout
To set the reauthentication timer, use the dot1x timeout command. To return to the default setting, use
the no form of this command.
dot1x timeout {reauth-period {seconds | server} | quiet-period seconds | tx-period seconds |
supp-timeout seconds | server-timeout seconds}
no dot1x timeout {reauth-period | quiet-period | tx-period | supp-timeout | server-timeout}
Syntax Description
Defaults
reauth-period seconds
reauth-period server
quiet-period seconds
Number of seconds that the switch remains in the quiet state following
a failed authentication exchange with the client; valid values are from 0
to 65535 seconds.
tx-period seconds
supp-timeout seconds
server-timeout seconds
Command Modes
Command History
Release
Modification
12.1(12)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EWA
Support for selecting the reauthentication timer from the server was added.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-230
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Usage Guidelines
The periodic reauthentication must be enabled before entering the dot1x timeout re-authperiod
command. Enter the dot1x re-authentication command to enable periodic reauthentication.
Examples
This example shows how to set 60 as the number of seconds that the switch waits for a response to an
EAP-request/identity frame from the client before retransmitting the request:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x timeout tx-period 60
Switch(config-if)# end
Switch#
You can verify your settings by entering the show dot1x privileged EXEC command.
This example shows how to set up the switch to use a reauthentication timeout derived from a
Session-Timeout attribute taken from the RADIUS Access-Accept message received when a host
successfully authenticates via 802.1X:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x timeout reauth-period server
Switch(config-if)# end
Switch#
Related Commands
Command
Description
dot1x initialize
show dot1x
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-231
Chapter 2
Note
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
dscp dscp-value
no dscp dscp-value
Syntax Description
dscp-value
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Examples
Specifies a DSCP value for the NetFlow-lite collector. Valid values from 0 to
63
This example shows how to specify a CoS value for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-232
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
DSCP:
0x20
TTL:
128
COS:
7
Transport Protocol Configuration:
Transport Protocol:
UDP
Destination Port:
8188
Source Port:
61670
Export Protocol Configuration:
Export Protocol:
Template data timeout:
Options sampler-table timeout:
Options interface-table timeout:
Exporter Statistics:
Packets Exported:
0
netflow-v9
60
1800
1800
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
export-protocol (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-233
Chapter 2
Syntax Description
Defaults
pagp
trust channel-group
num
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
If PAgP is running on the MECs between the VSS and its access switches, the VSS can use enhanced
PAgP messaging to detect dual-active scenario. The MEC must have links from both chassis of the VSS
to the access switch. By default, PAgP dual-active detection is enabled. However, the enhanced messages
are only sent on channel groups with trust mode enabled.
If you configure the fast hello dual-active detection mechanism, you must also configure dual-active
interface pairs to act as fast hello dual-active messaging links.
When you enter the optional trust channel-group num keywords and argument, the following applies:
You can configure trust mode on a port channel even if there are no interfaces on the port channel
or the port channel is a protocol type other than PAgP. The trust mode status is displayed in the show
pagp dual-active command output, but no interfaces are displayed.
Configuring trust mode requires that the port channel exists. If the port channel does not exist, the
following error message is displayed:
Router(config-vs-domain)# dual-active trust pagp channel-group 30
Port-channel 30 not configured
If a trusted port is deleted, the trust-mode configuration is deleted and the following warning
message is displayed:
Port-channel num is a trusted port-channel for PAgP
dual-active detection. Restricting this
port-channel has deleted the dual-active trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-234
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
If a trusted port is changed to a virtual switch port, the trust mode configuration is deleted when the
port becomes restricted and the following warning message is displayed:
Port-channel num is a trusted port-channel for PAgP
dual-active detection. Deletion of this
port-channel has deleted the dual-active trust
channel-group configuration associated with it.
If you enter the dual-active detection pagp trust port-channel command on a virtual switch port
channel, the following error message is displayed:
Cannot configure dual-active trust mode on a virtual switch port-channel
Examples
The following example shows how to configure interfaces for PAgP dual-active detection:
Router(config)# switch virtual domain domain-id
Router (config-vs-domain)# dual-active detection pagp
Router (config-vs-domain)#
The following example shows how to specify that EtherChannel/port bundling to be used for PAgP
dual-active detection:
Router(config)# switch virtual domain domain-id
Router (config-vs-domain)# dual-active detection pagp trust port-channel 20
Router (config-vs-domain)#
The following example shows how to configure an interface for fast hello dual-active detection:
Router(config)# switch virtual domain domain-id
Router (config-vs-domain)# dual-active detection
Router (config-vs-domain)# exit
Router(config)# interface fastethernet 1/2/40
Router(config-if)# dual-active
WARNING: Interface FastEthernet1/2/40 placed in restricted config mode. All extraneous
configs removed!
Router(config-if)# no shutdown
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-235
Chapter 2
Syntax Description
switch num
(Optional) The virtual switch number of the chassis for which the IP
address must be used. If unspecified, the same IP address is used for
either switch.
ip-address
Specifies an IP address.
ip-mask
Defaults
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The command accepts up to three IP addresses - one for switch 1, one for switch 2 and one global IP
address. When a switch enters recovery mode, it picks up the configured switch-specific recovery IP
address for its management interface. If the switch-specific IP address is unconfigured, the global
recovery IP address is used. If neither the switch-specific nor global recovery IP addresses are
configured, the fastEthernet1 management interface on the switch has no IP address active, when the
switch enters recovery mode.
The normal IP address configured for fastEthernet1 in interface configuration mode is retained in the
configuration.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-236
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-237
Chapter 2
duplex
duplex
To configure the duplex operation on an interface, use the duplex command. To return to the default
setting, use the no form of this command.
duplex {auto | full | half}
no duplex
Syntax Description
auto
full
half
Defaults
Half-duplex operation
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Interface Type
10/100-Mbps module
Supported
Syntax
duplex [half |
full]
Default Setting
Guidelines
half
100-Mbps fiber
modules
duplex [half |
full]
half
Gigabit Ethernet
Interface
Not supported.
Not supported.
10/100/1000
duplex [half |
full]
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-238
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
If the transmission speed on a 16-port RJ-45 Gigabit Ethernet port is set to 1000, the duplex mode is set
to full. If the transmission speed is changed to 10 or 100, the duplex mode stays at full. You must
configure the correct duplex mode on the switch when the transmission speed changes to 10 or 100 from
1000 Mbps.
Caution
Changing the interface speed and duplex mode configuration might shut down and reenable the interface
during the reconfiguration.
Table 2-2 describes the system performance for different combinations of the duplex and speed modes.
The specified duplex command that is configured with the specified speed command produces the
resulting action shown in the table.
Table 2-2
Examples
duplex Command
speed Command
speed auto
duplex half
speed 10
duplex full
speed 10
duplex half
speed 100
duplex full
speed 100
duplex full
speed 1000
This example shows how to configure the interface for full-duplex operation:
Switch(config-if)# duplex full
Switch(config-if)#
Related Commands
Command
Description
speed
Configures an interface.
show interfaces
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-239
Chapter 2
Syntax Description
level level
Do not use an asterisk (*) or a blank space between the characters and
symbols.
management
tcp-port-number
name name
neighbor hostname |
ip-address
udp-port-number
role role
Do not use an asterisk (*) or a blank space between the characters and
symbols.
UDP port (udp-port-number) that sends and receives queries. The range
is from 1 to 65000.
Specifies the role of the entity in the EnergyWise domain. For example,
lobby.b20.
For the role value:
Do not use an asterisk (*) or a blank space between the characters and
symbols.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-240
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Defaults
The importance is 1.
No keywords are defined.
The power level is 10.
The tcp-port-number is 43440.
The name is the hostname.
No neighbors are assigned.
The role is the model number.
Command Modes
Configuration
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
When you add an entity to a domain, EnergyWise is enabled on the entity and its PoE ports.
Examples
This example shows how to enable EnergyWise, assign the entity to a domain, and set the password:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# energywise domain cisco secret cisco protocol udp port 43440 ip 2.2.4.30
Switch(config)# energywise importance 50
Switch(config)# energywise keywords lab1,devlab
Switch(config)# energywise management 60500
Switch(config)# energywise name Entity01
Switch(config)# energywise neighbor 4500-21 43440
Switch(config)# energywise role role.lobbyaccess
Switch(config)# end
Related Commands
Command
Description
show energywise
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-241
Chapter 2
Syntax Description
level level
Do not use an asterisk (*) or a blank space between the characters and
symbols.
monthThe range is from 1 to 12. You can also enter jan, feb, mar, apr,
and so on. Use * for the wildcard.
Note
The specified times are local times based on the PoE-entity time
zone.
Note
If the day of the month and day of the week are both specified, (that
is, are not woldcards), the recurrence is executed when either field
matches the current time.
Note
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-242
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
name name
role role
Do not use an asterisk (*) or a blank space between the characters and
symbols.
(Optional) Specifies the role of the port in the domain. For example,
lobbyport.
For the role value:
Defaults
Do not use an asterisk (*) or a blank space between the characters and
symbols.
The importance is 1.
No keywords are defined.
The power level is 10.
The name is the short version of the interface name; for example, Gi1.2 for Gigabit Ethernet 1/2.
Command Modes
Interface Configuration
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To return the importance and level values to the default settings, use the default energywise
importance and the default energywise level commands.
Examples
This example shows how to enable and configure EnergyWise on a PoE port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# energywise domain cisco secret cisco protocol udp port 43440 ip 2.2.4.30
Switch(config)# interface Gi1.2
Switch(config-if)# energywise level 10 recurrence importance 90 at 0 8 * * *
Switch(config-if)# energywise level 0 recurrence importance 90 at 0 20 * * *
Switch(config-if)# energywise inportance 50
Switch(config-if)# energywise name lobbyInterface.3
Switch(config-if)# energywise role role.lobbyaccess
Switch(config-if)# end
Note
Recurrence takes effect within the minute specified, rather than exactly on the minute; it could
occur as much as 60-seconds late.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-243
Chapter 2
Related Commands
Command
Description
show energywise
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-244
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
energywise domain
Use the energywise domain global configuration command to enable EnergyWise on the entity, assign
the entity to a domain, and set the password for secure communication among the entities in the domain.
Use the no form of this command to disable EnergyWise on the entity and to remove the EnergyWise
configuration.
energywise domain domain-name secret [0 | 7] password [protocol udp port udp-port-number
[interface interface-id | ip ip-address]]
no energywise domain
Syntax Description
domain domain-name
secret [0 | 7] password
Do not use an asterisk (*) or a blank space between the characters and
symbols.
Sets the password for secure communication among the entities in the
domain.
Do not use an asterisk (*) or a blank space between the characters and
symbols.
port udp-port-number
(Optional) Specifies the UDP port that sends and receives queries.
interface interface-id
(Optional) In a bridged network, specifies the interface that you would prefer
for communicating with other EnergyWise switches rather than letting the
switch select an interface by default.
ip ip-address
Defaults
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-245
Chapter 2
energywise domain
Command Modes
Configuration
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
If you enter the energywise domain domain-name secret [0 | 7] password command, the entity selects
the first available interface to communicate with the network and with management applications.
Examples
This example shows how to enable EnergyWise and how to set the domain-name and password values:.
Switch(config)# energywise domain cisco secret cisco protocol udp port 43440 ip 2.2.4.30
This example shows how to enable EnergyWise and to specify the route to the management applications:
Switch(config)# energywise domain cisco secret 0 cisco protocol udp port 43440 ip
192.168.1.2
Related Commands
Command
Description
show energywise
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-246
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
energywise query
Use the energywise query privileged EXEC command to run a query to display power information or
to power the entities or PoE ports.
energywise query importance importance {keywords word,word,... | name name} collect {delta
| usage}
energywise query importance importance {keywords word,word,... | name name} set level level
energywise query importance importance {keywords word,word,... | name name} sum {delta |
usage}
Syntax Description
name name
Do not use an asterisk (*) or a blank space between the characters and
symbols.
Do not use an asterisk (*) or a blank space between the characters and
symbols.
Displays the delta or usage values for the entity or PoE ports.
Displays the sum of the delta or usage values for the entity or PoE ports.
deltaDisplays only the sum of the differences between the current and
available power levels .
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-247
Chapter 2
energywise query
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To power on or power off ports, enter the energywise query {keywords word,word,... | name name} set
level level command.
Caution
Examples
Use this query with care because it affects the entity on which you enter the command and
other devices in the domain that match the query criteria.
Name
---phone
phone
phone
phone
phone
phone
phone
phone
phone
9
Responded:
Usage
----0.0 (W)
15.4 (W)
0.0 (W)
0.0 (W)
0.0 (W)
15.4 (W)
0.0 (W)
15.4 (W)
0.0 (W)
9
Time:
0.26 seconds
147
Responded:
147
Time:
0.121 seconds
Name
Usage
-------lobbyInterface.17 10.0 (W)
1
Responded:
Time:
0.7 seconds
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-248
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Total Usage
----------12.9 (W)
Queried:
10
Responded:
10
Time:
0.6 seconds
This example shows the sum of the delta values and the potential power change in the domain:
Switch# energywise query importance 100 name * sum delta
EnergyWise query, timeout is 3 seconds:
Level
----0
1
2
3
4
5
6
7
8
9
10
Label
----Shut
Hibernate
Sleep
Standby
Ready
Low
Frugal
Medium
Reduced
High
Full
Queried:
48
Responded:
48
Time:
0.15 seconds
Usage
----86.0 (W)
0.0
(W)
Lvl
--10
10
Imp
--100
20
Type
---parent
child
0.0
0.0
0.0
10
10
10
20
50
20
child
child
child
(W)
(W)
(W)
Responded:
Time:
0.996 seconds
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-249
Chapter 2
energywise query
Name
Usage
-------lobbyInterface.17 15.4 (W)
1
Responded:
Time:
0.0 seconds
Responded:
Time:
0.11 seconds
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-250
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
open
default
Defaults
If the epm access control command is not configured, the behavior defaults to the epm access control
default command. Nothing is nvgened.
Command Modes
Configuration mode
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-251
Chapter 2
erase
erase
To erase a file system, use the erase command.
erase {/all [non-default | nvram:] | cat4000_flash | nvram: | startup-config}
Syntax Description
/all nvram:
/all non-default
cat4000_flash:
nvram:
startup-config:
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Caution
When you use the erase command to erase a file system, you cannot recover the files in the file system.
In addition to the command options shown above, options with the prefix slave that are used to identify
nvram: and flash (such as slavenvram: and slavecat4000_flash:) appear in the command help messages
on the dual supervisor engine redundancy switch.
The erase nvram: command replaces the write erase and the erase startup-confg commands. This
command erases both the startup-config and the private-config file.
The erase /all nvram: command erases all files in nvram: in addition to startup-config file and
private-config file.
The erase cat4000_flash: command erases the VLAN database configuration file.
The erase /all non-default command facilitates the work of a manufacturing facility and repair center.
It erases the configuration and states stored in the nonvolatile storage and resets the Catalyst 4500 series
switch to the factory default settings. The default settings include those mentioned in the Cisco IOS
library as well as those set by the erase /all non-default command (vtp mode=transparent, and the
ROMMON variables: ConfigReg=0x2101, PS1= rommon ! > and EnableAutoConfig=1).
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-252
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4/cf_12_4_book.html
Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.2, at this
URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/ffun_r.html
Caution
Examples
The erase /all non-default command can erase Cisco IOS images in bootflash:. Ensure that a Cisco IOS
image can be copied back to the bootflash: (such as, from a accessible TFTP server or a flash card
inserted in slot0:) (available on most chassis models), or that the switch can boot from a image stored in
an accessible network server.
This example shows how to erase the files and configuration in a nonvolatile storage and reset the switch
to factory default settings:
Switch# erase /all non-default
Switch#
Erase and format operation will destroy all data in non-volatile storage.
[confirm]
Formatting bootflash: ...
Continue?
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-253
Chapter 2
erase
Related Commands
Command
Description
show bootvar
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-254
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
errdisable detect
To enable error-disable detection, use the errdisable detect command. To disable the error-disable
detection feature, use the no form of this command.
errdisable detect cause {all | arp-inspection [action shutdown vlan] | bpduguard shutdown
vlan | dhcp-rate-limit [action shutdown vlan] | dtp-flap | gbic-invalid | l2ptguard | link-flap
| pagp-flap}
no errdisable detect cause {all | arp-inspection [action shutdown vlan] | bpduguard shutdown
vlan | dhcp-rate-limit [action shutdown vlan] | dtp-flap | gbic-invalid | l2ptguard | link-flap
| pagp-flap}
Syntax Description
cause
all
arp-inspection
bpduguard shutdown
vlan
dhcp-rate-limit
dtp-flap
gbic-invalid
l2ptguard
link-flap
pagp-flap
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(52)SG
Usage Guidelines
A cause (dtp-flap, link-flap, pagp-flap) is defined as the reason why the error-disabled state occurred.
When a cause is detected on an interface, the interface is placed in error-disabled state (an operational
state that is similar to link-down state).
You must enter the shutdown command and then the no shutdown command to recover an interface
manually from the error-disable state.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-255
Chapter 2
errdisable detect
To prevent the port from shutting down, you can use the shutdown vlan option to shut down just the
offending VLAN on the port where the violation occured. This option is available for the following three
causes: bpduguard, arp-inspection, and dhcp-rate-limit. You can use the clear errdisable command to
recover disabled VLANs on a port.
Examples
This example shows how to enable error-disable detection for the link-flap error-disable cause:
Switch(config)# errdisable detect cause link-flap
Switch(config)#
This example shows how to enable per-VLAN error-disable detection for BPDU guard:
Switch(config)# errdisable detect cause bpduguard shutdown vlan
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-256
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
errdisable recovery
To configure the recovery mechanism variables, use the errdisable recovery command. To return to the
default setting, use the no form of this command.
errdisable recovery [cause {all | arp-inspection | bpduguard | channel-misconfig |
dhcp-rate-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | pagp-flap |
pesecure-violation | security-violation | storm-control | udld | unicastflood | vmps}
[arp-inspection] [interval {interval}]]
no errdisable recovery [cause {all | arp-inspection | bpduguard | channel-misconfig |
dhcp-rate-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | pagp-flap |
pesecure-violation | security-violation | storm-control | udld | unicastflood | vmps}
[arp-inspection] [interval {interval}]]
Syntax Description
cause
all
arp-inspection
(Optional) Enables the recovery timer for the ARP inspection cause.
bpduguard
(Optional) Enables the recovery timer for the BPDU guard error-disable
cause.
channel-misconfig
dhcp-rate-limit
(Optional) Enables the recovery timer for the DHCP rate limit error-disable
cause.
dtp-flap
(Optional) Enables the recovery timer for the DTP flap error-disable cause.
gbic-invalid
(Optional) Enables the recovery timer for the GBIC invalid error-disable
cause.
l2ptguard
link-flap
(Optional) Enables the recovery timer for the link flap error-disable cause.
pagp-flap
(Optional) Enables the recovery timer for the PAgP flap error-disable cause.
pesecure-violation
(Optional) Enables the recovery timer for the pesecure violation error-disable
cause.
security-violation
storm-control
udld
(Optional) Enables the recovery timer for the UDLD error-disable cause.
unicastflood
(Optional) Enables the recovery timer for the unicast flood error-disable
cause.
vmps
(Optional) Enables the recovery timer for the VMPS error-disable cause.
arp-inspection
interval interval
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-257
Chapter 2
errdisable recovery
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
Usage Guidelines
A cause (bpduguard, dtp-flap, link-flap, pagp-flap, udld) is defined as the reason why the error-disabled
state occurred. When a cause is detected on an interface, the interface is placed in error-disabled state
(an operational state that is similar to the link-down state). If you do not enable error-disable recovery
for the cause, the interface stays in the error-disabled state until a shutdown and no shutdown occurs. If
you enable recovery for a cause, the interface is brought out of the error-disabled state and allowed to
retry operation again once all the causes have timed out.
You must enter the shutdown command and then the no shutdown command to recover an interface
manually from error disable.
Examples
This example shows how to enable the recovery timer for the BPDU guard error disable cause:
Switch(config)# errdisable recovery cause bpduguard
Switch(config)#
This example shows how to enable the errdisable recovery for arp-inspection:
Switch(config)# errdisable recovery cause arp-inspection
Switch(config)# end
Switch# show errdisable recovery
ErrDisable Reason
Timer Status
-----------------------------udld
Disabled
bpduguard
Disabled
security-violatio
Disabled
channel-misconfig
Disabled
vmps
Disabled
pagp-flap
Disabled
dtp-flap
Disabled
link-flap
Disabled
l2ptguard
Disabled
psecure-violation
Disabled
gbic-invalid
Disabled
dhcp-rate-limit
Disabled
unicast-flood
Disabled
storm-control
Disabled
arp-inspection
Enabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-258
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-259
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify the export protocol for the NetFlow-lite collector, use the export-protocol command. To
delete the value, use the no form of this command.
export-protocol {netflow-v9 | ipfix}
no export-protocol {netflow-v9 | ipfix}
Syntax Description
netflow-v9
ipfix
Defaults
netflow-v9
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
By default the export protocol is Netflow V9. IPFIX or Netflow V10 is a newer export format. They
support variable length encoding that allows for more efficient packaging of packet samples according
to the actual packet section bytes extracted from the original sampled packet.
Examples
This example shows how to specify the export protocol for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-260
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
netflow-lite exporter
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-261
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To assign an exporter in netflow-lite monitor submode, use the exporter command. To delete a sampler,
use the no form of this command.
exporter exporter-name
no exporter exporter-name
Syntax Description
exporter-name
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Specifies an exporter.
Usage Guidelines
You can enter this command under the physical port interface mode, port channel interface, or config
VLAN mode.
Examples
The following example shows how to configure a monitor on a port interface Gigabit 1/3:
Switch# config terminal
Switch(config)# int GigabitEthernet1/3
Switch(config-if)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# exit
Switch(config-if)# exit
Switch(config)# exit
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Active:
TRUE
Sampler:
sampler1
Exporter:
exporter1
Average Packet Size: 0
Statistics:
Packets exported:
0
Packets observed:
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-262
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Packets dropped:
0
Average Packet Size observed: 64
Average Packet Size used: 64
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
average-packet-size
Specifies the average packet size at the observation point.
(netflow-lite monitor submode)
exporter (netflow-lite monitor
submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-263
Chapter 2
flowcontrol
flowcontrol
To configure a Gigabit Ethernet interface to send or receive pause frames, use the flowcontrol command.
To disable the flow control setting, use the no form of this command.
flowcontrol {receive | send} {off | on | desired}
no flowcontrol {receive | send} {off | on | desired}
Syntax Description
Defaults
receive
send
off
Prevents a local port from receiving and processing pause frames from remote ports or
from sending pause frames to remote ports.
on
Enables a local port to receive and process pause frames from remote ports or send
pause frames to remote ports.
desired
Obtains predictable results whether a remote port is set to on, off, or desired.
Module
Ports
Send
Off
WS-X4418-GB
Off
WS-X4418-GB
WS-X4412-2GB-TX
WS-X4412-2GB-TX
WS-X4416-2GB-TX
Off
Off
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-264
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Usage Guidelines
The pause frames are special packets that signal a source to stop sending frames for a specific period of
time because the buffers are full.
Table 2-4 describes the guidelines for using the different configurations of the send and receive
keywords with the flowcontrol command.
Table 2-4
Configuration
Description
send on
send off
send desired
receive on
Enables a local port to process pause frames that a remote port sends.
To obtain predictable results, use receive on only when remote ports
are set to send on or send desired.
receive off
receive desired
Table 2-5 identifies how the flow control will be forced or negotiated on the Gigabit Ethernet interfaces
based on their speed settings.
Table 2-5
Examples
Interface Type
Configured Speed
10/100/1000BASE-TX
Speed 1000
1000BASE-T
1000BASE-X
No speed nonegotiation
1000BASE-X
Speed nonegotiation
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-265
Chapter 2
flowcontrol
Related Commands
Command
Description
interface port-channel
interface range
show flowcontrol
show running-config
speed
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-266
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
hardware statistics
To enable TCAM hardware statistics in your ACLs use the hardware statistics command. To disable
TCAM hardware statistics, use the no form of this command.
hardware statistics
no hardware statistics
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
The Supervisor Engine 6-E and Catalyst 4900 M chassis TCAM hardware do not have enough hardware
statistics entries for every classification/QoS cam entry. Therefore, the statistics for each cam entry
needs to be enabled as needed.
Examples
This example shows how to enable TCAM hardware statistics in your ACLs ace:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)#ip access-list extended myv4
Switch(config-ext-nacl)#permit ip any any
Switch(config-ext-nacl)#hardware statistics
Switch(config-ext-nacl)#end
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-267
Chapter 2
hw-module beacon
hw-module beacon
Note
The hw-module beacon command is enabled only on the uplink modules of the WS-C4500X-32.
To control the beacon LED in conjunction with the beacon button, enter the hw-module beacon
command:
hw-module beacon [on | off]
Syntax Description
on
off
Defaults
none
Command Modes
global configuration
Command History
Release
Modification
IOS-XE 3.3.0SG
(15.1(1)SG)
Usage Guidelines
Either press the beacon button on the front side of the switch or enter the hw-mod beacon command, so the
switch is identifiable when the operator walks around the isle to the back side of the switch. (The LED and
the CLI function as switch identifiers when multiple units are present.)
Pressing the blue beacon LED switch toggles the beacon LED state.
Examples
If numerous WS-C4500X-32 chassis are in close proximity and you want to remove a transceiver from
one chassis port 11, you can identify it with the hw-module beacon on command:
Switch# hw-module beacon on
Switch#
*Feb 16 13:12:24.418: %C4K_IOSMODPORTMAN-6-BEACONTURNEDON: Beacon has been turned on
The WS-C4500X-32 whose beacon was turned on is the switch you are looking for.
After you complete the necessary service on a switch with the beacon LED turned on, you should either
press the beacon button to turn it off, or enter the hw-module beacon off command to turn the LED off.
Switch# hw-module beacon off
Switch#
*Feb 16 13:12:18.083: %C4K_IOSMODPORTMAN-6-BEACONTURNEDOFF: Beacon has been turned off
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-268
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The hw-module module start command is enabled only on the uplink modules of the WS-C4500X-32.
To boot a module after if it has been stopped, use the hw-module module start command:
hw-module module number start
Syntax Description
number
Defaults
none
Command Modes
global configuration
Command History
Release
Modification
IOS-XE 3.3.0SG
(15.1(1)SG)
Usage Guidelines
Examples
To bring up a module that has been stopped using the hw-module module number stop command or by
pressing the OIR button, you either enter the hw-module module number start command or physically
remove and reinsert.
The following example shows what happens if a module has been stopped and you enter this command:
Switch# hw-module module 2 start
Switch#
*Feb 5 16:36:27.352: %C4K_IOSMODPORTMAN-6-MODULEINSERTED: Module 2 is inserted
*Feb 5 16:37:15.902: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 2 (WS-X4908X-10G-TIM S/N:
JAE15340C0J Hw: 0.1) is online
Switch#show module
Chassis Type : WS-C4500X-32
Power consumed by backplane : 0 Watts
Mod Ports Card Type
Model
Serial No.
---+-----+--------------------------------------+------------------+----------1
32 4500X-32 10GE (SFP+)
WS-C4900X-32P-10G JAE153505E9
2
8 10GE SFP+
WS-X4908X-10G-TIM JAE15340C0J
M MAC addresses
Hw Fw
Sw
Status
--+--------------------------------+---+------------+----------------+--------1 0022.bde2.1061 to 0022.bde2.1080 0.2 15.0(1r)SG(0 0.DEV-0
Ok
2 0022.bde2.1579 to 0022.bde2.1580 0.1
Ok
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-269
Chapter 2
The following example shows what happens if a module has not been stopped and you enter this
command:
Switch# hw-module module 2 start
% Module 2 not stopped
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-270
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The hw-module module stop command is enabled only on the uplink modules of the WS-C4500X-32.
To shut down a module and make it safe for removal, enter the hw-module module stop command:
hw-module module number stop
Syntax Description
number
Defaults
none
Command Modes
global configuration
Command History
Release
Modification
IOS-XE 3.3.0SG
(15.1(1)SG)
Usage Guidelines
Examples
The following example shows what happens if a module is up and you enter the hw-module module
stop command:
Switch# hw-module module 2 stop
Proceed with module stop? [confirm]
Switch#
*Feb 5 16:34:37.325: %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 2 is offline
Switch#show module
Chassis Type : WS-C4500X-32
Power consumed by backplane : 0 Watts
Mod Ports Card Type
Model
Serial No.
---+-----+--------------------------------------+------------------+----------1
32 4500X-32 10GE (SFP+)
WS-C4900X-32P-10G JAE153505E9
2
8 Module being held in reset
WS-X4908X-10G-TIM JAE15340C0J
M MAC addresses
Hw Fw
Sw
Status
--+--------------------------------+---+------------+----------------+--------1 0022.bde2.1061 to 0022.bde2.1080 0.2 15.0(1r)SG(0 0.DEV-0
Ok
2 0022.bde2.1579 to 0022.bde2.1580 0.1
In Reset
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-271
Chapter 2
The following example shows what happens if a module is already stopped and you enter the hw-module
module stop commandd:
Switch# hw-module module 2 stop
% Module 2 stopped
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-272
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
hw-module port-group
To select either Gigabit Ethernet or 10-Gigabit Ethernet interfaces on your module, use the hw-module
port-group command.
hw-module module number port-group number select [gigabitethernet | tengigabitethernet]
Syntax Description
module
number
port-group number
select
gigabitethernet
tengigabitethernet
Defaults
10 Gigabit.
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Support for this command is available on the Cisco Catalyst 4500 modules that support TwinGig
converter modules, such as the Supervisor Engine 6-E and WS-X4606-10GE-E.
Examples
This example shows how to select Gigabit Ethernet interfaces on a WS-X4606-10GE-E using the
TwinGig Converter:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# hw-module module 1 port-group 1 select gigabitethernet
Switch(config)# exit
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-273
Chapter 2
hw-module power
hw-module power
To turn the power off on a slot or line module, use the no hw-module power command. To turn the power
back on, use the hw-module power command.
hw-module [slot | module] number power
no hw-module [slot | module] number power
Syntax Description
slot
module
number
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(18)EW
Usage Guidelines
After you enter no hw-mod mod x power command and OIR the linecard, the configuratio persists and
is valid for any slot in the chassis it is applied to.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-274
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
max-queue-limit
Defaults
Command Modes
Command History
Release
Specifies the queue limit for all interfaces. Valid values are from
1024 to 8184. This parameter must be a multiple of 8.
Modification
15.0(2)SG1, and Support for this command was introduced on the Catalyst 4500 series switch.
3.2.1SG
Usage Guidelines
This command allows you to change the queue limit for all interfaces globally rather than apply a policy
with a queue limit to all the interfcaes.
This is a global configuration command. It can be overriden by the per port, per class, queue-limit
command.
For a standalone supervisor engine, you must reboot the engine after applying this command. For a
redundant supervisor engine, you must enter the redundancy reload shelf command to enforce a reboot
on both the supervisor engines.
Examples
This example shows how to set the queue limit globally to 1024:
Switch> enable
Switch# configure terminal
Switch(config)# hw-module system max-queue-limit 1024
Need to reboot to take effect max queue limit
Switch(config)# exit
Switch# reload (for standalone supervisors)
Switch# redundancy reload shelf (for reduandancy supervisors in SSO mode)
or
Switch# redundancy force-switchover (followed by another redundancy force-switchover, for
reduandancy supervisors in RPR mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-275
Chapter 2
Syntax Description
shared-backplane
tengigabitethernet
Defaults
Only two 10-Gigabit Ethernet ports or four 1-Gigabit Ethernet ports can be used on the supervisor
engine.
Command Modes
Command History
Release
Modification
12.2(44)SG
IOS-XE 3.3.0SG
(15.1(1)SG)
Usage Guidelines
When changing the uplink mode using the hw-module uplink mode shared-backplane command, you
must reload the system. A message appears on the console to reflect this.
On a Supervisor Engine 6-E in a 6 or 7-slot chassis (Catalyst 4506-E, 4507R-E, and 4507R+E), the
default uplink mode does not allow a WS-X4640-CSFP-E linecard to boot in the last slot because of a
hardware limitation. After you the hw-module uplink mode tengigabitethernet command, you must
reload the system to enable TenGig mode. The configuration is NVGENd after you save the running
configuration to the startup configuration. You can use the show run | incl uplink command to check
the uplink configuration before reloading the system. Furthermore, you can can enter the show
hw-module uplink command to display the uplink mode. It reports the current uplink mode, as well as
the mode after the system reloads.
In uplink TenGig mode, the uplink is limited to two 10-Gigabit Ethernet interfaces in non-redundant and
in redundant mode; Gigabit Etnernet interfaces are not supported. The WS-X4640-CSFP-E linecard
boots in the last slot on 6 and 7-slot chassis. To return to default mode, reload the system from
tengigabitethernet mode. SharedBackplane mode can be selected from Default mode, where a system
reload is required as well.
The hw-module module x port-group x select gigabitethernet command is blocked in uplink TenGig
mode, preventing you from selecting gigabitethernet mode.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-276
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-277
Chapter 2
Note
Note
Syntax Description
tengigabitethernet
gigabitethernet
all
Defaults
tengigabitethernet
Command Modes
Command History
Release
Modification
12.2(25)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
12.2(25)SG
15.0(2)XO
The number of uplink ports for Supervisor Engine 7L-E in a WS-C4507R chassis
depends on the supervisor engine mode (single or redundandant) and the uplink
mode configuration (1-Gigabit or 10-Gigabit).
On a Supervisor Engine V-10GE (WS-X4516-10GE) in a 10-slot chassis (Catalyst 4510R and 4510R-E),
if a startup configuration with a new uplink mode is copied into flash memory and the system is power
cycled, the system will not come up with the new uplink mode. After copying the startup configuration
with the new uplink mode into flash memory, the uplink mode must be changed to the new uplink mode
through the command interface before the system is power cycled. This ensures that the system comes
up in the new uplink mode.
Supervisor Engine V-10GE and Supervisor Engine II+10GE support 10-Gigabit Ethernet and Gigabit
Ethernet uplink ports. On the Supervisor Engine II+10GE, all uplink ports are always available.
Similarly, when a Supervisor Engine V-10GE is plugged into a W-C4503, W-4506, or W-4507R chassis,
all uplink ports are always available. When a Supervisor Engine V-10GE is plugged into a W-4510R
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-278
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
chassis, you can choose to use the 10-Gigabit Ethernet uplink ports, the Gigabit Ethernet uplink ports,
or all uplink ports. If you choose to use all uplink ports, then the tenth slot will support only the
WS-X4302-GB switching linecard. Be aware that this command takes effect only after a reload (after
you have executed the redundancy reload shelf command).
Because the uplink selection is programmed into hardware during initialization, changing the active
uplinks requires saving the configuration and reloading the switch. When you are configuring a change
to the uplinks, the system responds with a message informing you that the switch must be reloaded and
suggesting the appropriate command (depending on redundancy mode) to reload the switch.
If you select the all keyword, ensure that the tenth slot is either empty or has a WS-X4302-GB switching
module.
A no form of this command does not exist. To undo the configuration, you must configure the uplinks.
For Supervisor Engine 7L-E in a WS-C4507R chassis , the number of uplink options depends on the
supervisor engine mode (single or redundandant) and the uplink mode configuration (1-Gigabit or
10-Gigabit)
Single Supervisor Mode
In single supervisor mode, Supervisor Engine 7L-E supports the uplink configuration of at most either
two 10-Gigabit or four 1-Gigabit ports (Table 2-6).
Table 2-6
Slot 1
Slot 2
Slot 3
Slot 4
SFP+
20 Gbps
SFP+
SFP
11 Gbps
SFP
SFP+
11 Gbps
SFP
SFP
2 Gbps
SFP
SFP
SFP
4 Gbps
Note
A1
B1
A2
A3
A4
B2
B3
B4
SFP+
20 Gbps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-279
Chapter 2
Table 2-7
A1
A2
A3
A4
B1
B2
B3
B4
SFP+
SFP
11 Gbps
SFP
SFP+
11 Gbps
SFP
SFP
2 Gbps
Examples
SFP
SFP
SFP
4 Gbps
Note
The Gigabit Ethernet uplinks will be active after the next reload.
This example shows how to select the Gigabit Ethernet uplinks in a redundant system in SSO mode:
Switch(config)# hw-module uplink select gigabitethernet
A 'redundancy reload shelf' or power-cycle of chassis is required to apply the new
configuration
Switch(config)# exit
Switch#
Note
The Gigabit Ethernet uplinks will be active after the next reload of the chassis/shelf. Use the
redundancy reload shelf command to reload the chassis/shelf.
This example shows how to select the Gigabit Ethernet uplinks in a redundant system in RPR mode:
Switch(config)# hw-module uplink select gigabitethernet
A reload of the active supervisor is required to apply the new configuration.
Switch(config)# exit
Switch#
Note
The Gigabit Ethernet uplinks will be active on a switchover or reload of the active supervisor engine.
This example shows how to select all the uplinks in a redundant system in SSO mode:
Switch(config)# hw-module uplink select all
Warning: This configuration mode may disable slot10.
A 'redundancy reload shelf' or power-cycle of chassis is required to apply the new
configuration.
Switch(config)# exit
Switch#
Note
If you select the all keyword, only the Drome board will be supported in the tenth slot of the supervisor
engine.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-280
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-281
Chapter 2
instance
instance
To map a VLAN or a set of VLANs to an MST instance, use the instance command. To return the
VLANs to the common instance default, use the no form of this command.
instance instance-id {vlans vlan-range}
no instance instance-id
Syntax Description
instance-id
MST instance to which the specified VLANs are mapped; valid values are
from 0 to 15.
vlans vlan-range
Defaults
Mapping is disabled.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added or
removed to the existing ones.
Any unmapped VLAN is mapped to the CIST instance.
Examples
This example shows how to move a range of VLANs from instance 2 to the CIST instance:
Switch(config-mst)# no instance 2 vlans 40-60
Switch(config-mst)#
This example shows how to move all the VLANs mapped to instance 2 back to the CIST instance:
Switch(config-mst)# no instance 2
Switch(config-mst)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-282
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
name
revision
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-283
Chapter 2
instance
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-284
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
22
Chapter 2
interface
To select an interface to configure and to enter interface configuration mode, use the interface
command.
interface type number
Syntax Description
type
number
Defaults
Command Modes
Command History
Release
Modification
12.2(25)EW
Usage Guidelines
Keyword
Definition
ethernet
fastethernet
gigabitethernet
tengigabitethernet
ge-wan
pos
atm
vlan
port-channel
null
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-285
Chapter 2
interface
Examples
This example shows how to enter the interface configuration mode on the Fast Ethernet interface 2/4:
Switch(config)# interface fastethernet2/4
Switch(config-if)#
Related Commands
Command
Description
show interfaces
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-286
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface
Specifies the interface to be configured; see Table 2-9 for valid values.
switch-num
slot
port
.subinterface
Defaults
Command Modes
Command History
Release
Modification
Usage Guidelines
Keyword
Definition
fastethernet
gigabitethernet
tengigabitethernet
vlan
port-channel
null
tunnel
Tunnel interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-287
Chapter 2
Examples
The following example shows how to enter the interface configuration mode on the GigabitEthernet
interface for switch 1, module 2, port 4:
Router(config)# interface gigabitethernet 1/2/4
Router(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-288
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
interface port-channel
To access or create a port-channel interface, use the interface port-channel command.
interface port-channel channel-group
Syntax Description
channel-group
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You do not have to create a port-channel interface before assigning a physical interface to a channel
group. A port-channel interface is created automatically when the channel group gets its first physical
interface, if it is not already created.
You can also create the port channels by entering the interface port-channel command. This will create
a Layer 3 port channel. To change the Layer 3 port channel into a Layer 2 port channel, use the
switchport command before you assign the physical interfaces to the channel group. A port channel
cannot be changed from Layer 3 to Layer 2 or vice versa when it contains member ports.
Only one port channel in a channel group is allowed.
Caution
The Layer 3 port-channel interface is the routed interface. Do not enable Layer 3 addresses on the
physical Fast Ethernet interfaces.
If you want to use CDP, you must configure it only on the physical Fast Ethernet interface and not on
the port-channel interface.
Examples
Related Commands
Command
Description
channel-group
show etherchannel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-289
Chapter 2
interface range
interface range
To run a command on multiple ports at the same time, use the interface range command.
interface range {vlan vlan_id - vlan_id} {port-range | macro name}
Syntax Description
port-range
Port range; for a list of valid values for port-range, see the Usage
Guidelines section.
macro name
Defaults
Command Modes
Command History
Usage Guidelines
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
You can use the interface range command on the existing VLAN SVIs only. To display the VLAN SVIs,
enter the show running config command. The VLANs that are not displayed cannot be used in the
interface range command.
The values that are entered with the interface range command are applied to all the existing VLAN
SVIs.
Before you can use a macro, you must define a range using the define interface-range command.
All configuration changes that are made to a port range are saved to NVRAM, but the port ranges that
are created with the interface range command do not get saved to NVRAM.
You can enter the port range in two ways:
You can either specify the ports or the name of a port-range macro. A port range must consist of the same
port type, and the ports within a range cannot span the modules.
You can define up to five port ranges on a single command; separate each range with a comma.
When you define a range, you must enter a space between the first port and the hyphen (-):
interface range gigabitethernet 5/1 -20, gigabitethernet4/5 -20.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-290
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
FastEthernet
GigabitEthernet
Vlan vlan_id
You cannot specify both a macro and an interface range in the same command. After creating a macro,
you can enter additional ranges. If you have already entered an interface range, the CLI does not allow
you to enter a macro.
You can specify a single interface in the port-range value. This makes the command similar to the
interface interface-number command.
Examples
This example shows how to use the interface range command to interface to FE 5/18 - 20:
Switch(config)# interface range fastethernet 5/18 - 20
Switch(config-if)#
Related Commands
Command
Description
define interface-range
show running config (refer to Cisco IOS Displays the running configuration for a switch.
documentation)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-291
Chapter 2
interface vlan
interface vlan
To create or access a Layer 3 switch virtual interface (SVI), use the interface vlan command. To delete
an SVI, use the no form of this command.
interface vlan vlan_id
no interface vlan vlan_id
Syntax Description
vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
The SVIs are created the first time that you enter the interface vlan vlan_id command for a particular
VLAN. The vlan_id value corresponds to the VLAN tag that is associated with the data frames on an
ISL or 802.1Q-encapsulated trunk or the VLAN ID that is configured for an access port. A message is
displayed whenever a VLAN interface is newly created, so you can check that you entered the correct
VLAN number.
If you delete an SVI by entering the no interface vlan vlan_id command, the associated interface is
forced into an administrative down state and marked as deleted. The deleted interface will no longer be
visible in a show interface command.
You can reinstate a deleted SVI by entering the interface vlan vlan_id command for the deleted
interface. The interface comes back up, but much of the previous configuration will be gone.
Examples
This example shows the output when you enter the interface vlan vlan_id command for a new VLAN
number:
Switch(config)# interface vlan 23
% Creating new VLAN interface.
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-292
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
success
failure
refresh-all
login expired
login page
Defaults
If you do not enter this command, if any of the customized web-based authentication page files with the
file of same name have been changed, you see the old login page rather than the new file.
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You should enter this command whenever the customized web-based authentication page has been
changed in the system directory.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-293
Chapter 2
Syntax Description
arp-acl-name
vlan-range
static
(Optional) Specifies that the access control list should be applied statically.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets
containing only the IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet types
are bridged in the incoming VLAN without validation.
This command specifies that the incoming ARP packets are compared against the ARP access control
list, and the packets are permitted only if the access control list permits them.
If the access control lists deny the packets because of explicit denies, the packets are dropped. If the
packets are denied because of an implicit deny, they are then matched against the list of DHCP bindings
if the ACL is not applied statically.
Examples
This example shows how to apply the ARP ACL static hosts to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Enabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-294
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Vlan
---1
Vlan
---1
Switch#
Related Commands
Configuration
------------Enabled
Operation
--------Active
ACL Match
--------static-hosts
ACL Logging
----------Acl-Match
DHCP Logging
-----------Deny
Static ACL
---------No
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-295
Chapter 2
Syntax Description
Defaults
rate pps
none
Specifies no upper limit on the rate of the incoming ARP packets that can
be processed.
The rate is set to 15 packets per second on the untrusted interfaces, assuming that the network is a
switched network with a host connecting to as many as 15 new hosts per second.
The rate is unlimited on all the trusted interfaces.
The burst interval is set to 1 second by default.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(20)EW
Usage Guidelines
The trunk ports should be configured with higher rates to reflect their aggregation. When the rate of the
incoming packets exceeds the user-configured rate, the interface is placed into an error-disabled state.
The error-disable timeout feature can be used to remove the port from the error-disabled state. The rate
applies to both the trusted and nontrusted interfaces. Configure appropriate rates on trunks to handle the
packets across multiple DAI-enabled VLANs or use the none keyword to make the rate unlimited.
The rate of the incoming ARP packets onthe channel ports is equal to the sum of the incoming rate of
packets from all the channel members. Configure the rate limit for the channel ports only after examining
the rate of the incoming ARP packets on the channel members.
After a switch receives more than the configured rate of packets every second consecutively over a period
of burst seconds, the interface is placed into an error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-296
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to limit the rate of the incoming ARP requests to 25 packets per second:
Switch# config terminal
Switch(config)# interface fa6/3
Switch(config-if)# ip arp inspection limit rate 25
Switch(config-if)# end
Switch# show ip arp inspection interfaces fastEthernet 6/3
Interface
Trust State
Rate (pps)
--------------- -------------------Fa6/3
Trusted
25
Switch#
This example shows how to limit the rate of the incoming ARP requests to 20 packets per second and to
set the interface monitoring interval to 5 consecutive seconds:
Switch# config terminal
Switch(config)# interface fa6/1
Switch(config-if)# ip arp inspection limit rate 20 burst interval 5
Switch(config-if)# end
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-297
Chapter 2
Syntax Description
Defaults
entries number
Number of entries from the logging buffer; the range is from 0 to 1024.
logs number
interval seconds
When dynamic ARP inspection is enabled, denied, or dropped, the ARP packets are logged.
The number of entries is set to 32.
The number of logging entries is limited to 5 per second.
The interval is set to 1.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The first dropped packet of a given flow is logged immediately. The subsequent packets for the same
flow are registered but are not logged immediately. Registering these packets is done in a log buffer that
is shared by all the VLANs. Entries from this buffer are logged on a rate-controlled basis.
Examples
This example shows how to configure the logging buffer to hold up to 45 entries:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection log-buffer entries 45
Switch(config)# end
Switch# show ip arp inspection log
Total Log Buffer Size : 45
Syslog rate : 5 entries per 1 seconds.
No entries in log buffer.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-298
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to configure the logging rate to 10 logs per 3 seconds:
Switch(config)# ip arp inspection log-buffer logs 10 interval 3
Switch(config)# end
Switch# show ip arp inspection log
Total Log Buffer Size : 45
Syslog rate : 10 entries per 3 seconds.
No entries in log buffer.
Switch#
Related Commands
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-299
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Trust State
----------Trusted
Rate (pps)
---------None
Burst Interval
-------------1
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-300
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
src-mac
(Optional) Checks the source MAC address in the Ethernet header against the senders
MAC address in the ARP body. This checking is done against both ARP requests and
responses.
Note
dst-mac
(Optional) Checks the destination MAC address in the Ethernet header against the
target MAC address in ARP body. This checking is done for ARP responses.
Note
ip
When src-mac is enabled, packets with different MAC addresses are classified
as invalid and are dropped.
When dst-mac is enabled, the packets with different MAC addresses are
classified as invalid and are dropped.
(Optional) Checks the ARP body for invalid and unexpected IP addresses. Addresses
include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
The sender IP addresses are checked in all ARP requests and responses and target IP
addresses are checked only in ARP responses.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When enabling the checks, specify at least one of the keywords (src-mac, dst-mac, and ip) on the
command line. Each command overrides the configuration of the previous command. If a command
enables src and dst mac validations, and a second command enables IP validation only, the src and dst
mac validations are disabled as a result of the second command.
The no form of this command disables only the specified checks. If none of the check options are
enabled, all the checks are disabled.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-301
Chapter 2
Examples
Related Commands
Configuration
------------Enabled
Operation
--------Active
ACL Match
---------
ACL Logging
----------Deny
DHCP Logging
-----------Deny
Static ACL
----------
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-302
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-range
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if
they have not been created or if they are private.
Examples
Static ACL
----------
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-303
Chapter 2
Related Commands
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-304
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-range
acl-match
Specifies the logging criteria for packets that are dropped or permitted based on
ACL matches.
matchlog
By default, the matchlog keyword is not available on the ACEs. When the
keyword is used, denied packets are not logged. Packets are logged only
when they match against an ACE that has the matchlog keyword.
none
dhcp-bindings
Specifies the logging criteria for packets dropped or permitted based on matches
against the DHCP bindings.
permit
all
none
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The acl-match and dhcp-bindings keywords merge with each other. When you set an ACL match
configuration, the DHCP bindings configuration is not disabled. You can use the no form of this
command to reset some of the logging criteria to their defaults. If you do not specify either option, all
the logging types are reset to log on when the ARP packets are denied. The two options that are available
to you are as follows:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-305
Chapter 2
Examples
This example shows how to configure an ARP inspection on VLAN 1 to add packets to a log on matching
against the ACLs with the logging keyword:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection vlan 1 logging acl-match matchlog
Switch(config)# end
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Enabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---1
Vlan
---1
Switch#
Related Commands
Configuration
------------Enabled
Operation
--------Active
ACL Match
---------
ACL Logging
----------Acl-Match
DHCP Logging
-----------Deny
Static ACL
----------
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-306
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
include-ports
source source
destination dest
Specifies the destination port in the load-balancing hash. Uses the source and
destination in hash functions.
original
tunnel
universal
Note
This option does not include the source or destination port in the load-balancing hash.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The original algorithm, tunnel algorithm, and universal algorithm are routed through the hardware. For
software-routed packets, the algorithms are handled by the software. The include-ports option does not
apply to the software-switched traffic.
Examples
This example shows how to configure the IP CEF load-sharing algorithm that includes Layer 4 ports:
Switch(config)# ip cef load-sharing algorithm include-ports
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-307
Chapter 2
This example shows how to configure the IP CEF load-sharing algorithm that includes Layer 4 tunneling
ports:
Switch(config)# ip cef load-sharing algorithm include-ports tunnel
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-308
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
number
Defaults
Command Modes
Command History
Release
Modification
12.2(37)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Specifies the number of bindings created in the IP device tracking table for a port, valid
values are from 0 to 2048.
This example shows how to enable IP port security with IP-MAC filters on a Layer 2 access port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface fastethernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
You can verify your settings by entering the show ip verify source privileged EXEC command.
Related Commands
Command
Description
ip verify source
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-309
Chapter 2
ip dhcp snooping
ip dhcp snooping
To enable DHCP snooping globally, use the ip dhcp snooping command. To disable DHCP snooping,
use the no form of this command.
ip dhcp snooping
no ip dhcp snooping
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You must enable DHCP snooping globally before you can use DHCP snooping on a VLAN.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-310
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
mac-address
vlan vlan-#
ip-address
Specifies an IP address.
interface interface
expiry seconds
Specifies the interval (in seconds) after which binding is no longer valid.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Usage Guidelines
Whenever a binding is added or removed using this command, the binding database is marked as changed
and a write is initiated.
Examples
This example shows how to generate a DHCP binding configuration on interface gigabitethernet1/1 in
VLAN 1 with an expiration time of 1000 seconds:
Switch# ip dhcp snooping binding 0001.1234.1234 vlan 1 172.20.50.5 interface gi1/1 expiry 1000
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-311
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-312
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
url
timeout seconds
tftp://<host>/<filename>
ftp://<user>:<password>@<host>/<filename>
rcp://<user>@<host>/<filename>
nvram:/<filename>
bootflash:/<filename>
Specifies when to abort the database transfer process after a change to the binding
database.
The minimum value of the delay is 15 seconds. 0 is defined as an infinite duration.
write-delay
seconds
Defaults
Specifies the duration for which the transfer should be delayed after a change to
the binding database.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Note
You need to create an empty file at the configured URL on network-based URLs (such as TFTP and FTP)
before the switch can write the set of bindings for the first time at the URL.
Because both NVRAM and bootflash have limited storage capacity, using TFTP or network-based files
is recommended . If you use flash to store the database file, new updates (by the agent) result in the
creation of new files (flash fills quickly). In addition, due to the nature of the file system used on the
flash, a large number of files causes access to be considerably slowed. When a file is stored in a remote
location accessible through TFTP, an RPR/SSO standby supervisor engine can take over the binding list
when a switchover occurs.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-313
Chapter 2
Examples
This example shows how to store a database file with the IP address 10.1.1.1 within a directory called
directory. A file named file must be present on the TFTP server.
Switch# config terminal
Switch(config)# ip dhcp snooping database tftp://10.1.1.1/directory/file
Switch(config)# end
Switch# show ip dhcp snooping database
Agent URL : tftp://10.1.1.1/directory/file
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : Yes
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts
Successful Transfers
Successful Reads
Successful Writes
Media Failures
:
:
:
:
:
1
0
0
0
0
Startup Failures
Failed Transfers
Failed Reads
Failed Writes
:
:
:
:
0
0
0
0
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-314
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
format
remote-id
hostname
string word
Specifies the user-defined string for the remote ID. The word string can be from
1 to 63 characters long with no spaces.
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Usage Guidelines
If the hostname is longer than 63 characters it is truncated to 63 characters in the remote ID.
Examples
This example shows how to configure the hostname as the remote ID:
Switch(config)# ip dhcp snooping information option format remote-id hostname
Switch(config)#
The following example shows how to enable DHCP Snooping on VLAN 500 through 555 and option 82
remote ID:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-315
Chapter 2
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-316
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
DHCP packets with option 82 are not allowed on snooping untrusted ports.
Command Modes
Command History
Release
Modification
12.2(25)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to allow DHCP packets with option 82 data inserted to be received from a
snooping untrusted port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping information option allow-untrusted
Switch(config)# end
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-317
Chapter 2
Syntax Description
rate
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Typically, the rate limit applies to the untrusted interfaces. If you want to set up rate limiting for the
trusted interfaces, note that the trusted interfaces aggregate all DHCP traffic in the switch, and you will
need to adjust the rate limit of the interfaces to a higher value.
Examples
This example shows how to enable the DHCP message rate limiting:
Switch(config-if)# ip dhcp snooping limit rate 150
Switch(config)#
This example shows how to disable the DHCP message rate limiting:
Switch(config-if)# no ip dhcp snooping limit rate
Switch(config)#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-318
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-319
Chapter 2
Syntax Description
vlan number
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
(Optional) Single VLAN number or a range of VLANs; valid values are from 1
to 4094.
Usage Guidelines
DHCP snooping is enabled on a VLAN only if both global snooping and the VLAN snooping are
enabled.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-320
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-321
Chapter 2
Syntax Description
number
override
string string
Specifies a user-defined string for the circuit ID; range of 3 to 63 ASCII characters
with no spaces.
Defaults
Command Modes
Interface configuration
Command History
Release
Modification
12.2(40)SG
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(54)SG
Usage Guidelines
The circuit-id suboption of DHCP option 82 is supported only when DHCP snooping is globally enabled
and on VLANs using DHCP option 82.
This command allows you to configure a string of ASCII characters to be the circuit ID. When you want
to override the vlan-mod-port format type and instead use the circuit-ID to define subscriber
information, use the override keyword.
Examples
The following example shows how to enable DHCP snooping on VLAN 500 through 555 and option 82
circuit-id:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 500 555
Switch(config)# ip dhcp snooping information option format remote-id string switch123
Switch(config)# interface GigabitEthernet 5/1
Switch(config-if)# ip dhcp snooping trust
Switch(config-if)# ip dhcp snooping limit rate 100
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-322
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to configure the option-82 circuit-ID override suboption:
Switch(config-if)# ip dhcp snooping vlan 250 information option format-type circuit-id
override string testcustomer
You can verify your settings by entering the show ip dhcp snooping user EXEC command.
Note
Related Commands
The show ip dhcp snooping user EXEC command only displays the global command output, including
a remote-ID configuration. It does not display any per-interface, per-VLAN string that you have
configured for the circuit ID.
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-323
Chapter 2
ip igmp filter
ip igmp filter
To control whether all hosts on a Layer 2 interface can join one or more IP multicast groups by applying
an IGMP profile to the interface, use the ip igmp filter command. To remove a profile from the interface,
use the no form of this command.
ip igmp filter profile number
no ip igmp filter
Syntax Description
profile number
Defaults
Command Modes
Command History
Release
Modification
12.1(11b)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can apply IGMP filters only to Layer 2 physical interfaces; you cannot apply IGMP filters to routed
ports, switch virtual interfaces (SVIs), or ports that belong to an EtherChannel group.
An IGMP profile can be applied to one or more switch port interfaces, but one port can have only one
profile applied to it.
Examples
Related Commands
Command
Description
ip igmp profile
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-324
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip igmp max-groups
To set the maximum number of IGMP groups that a Layer 2 interface can join, use the ip igmp
max-groups command. To set the maximum back to the default, use the no form of this command.
ip igmp max-groups number
no ip igmp max-groups
Syntax Description
number
Defaults
No maximum limit.
Command Modes
Command History
Release
Modification
12.1(11b)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Maximum number of IGMP groups that an interface can join; valid values are from 0 to
4294967294.
Usage Guidelines
You can use the ip igmp max-groups command only on Layer 2 physical interfaces; you cannot set the
IGMP maximum groups for the routed ports, the switch virtual interfaces (SVIs), or the ports that belong
to an EtherChannel group.
Examples
This example shows how to limit the number of IGMP groups that an interface can join to 25:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# ip igmp max-groups 25
Switch(config-if)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-325
Chapter 2
ip igmp profile
ip igmp profile
To create an IGMP profile, use the ip igmp profile command. To delete the IGMP profile, use the no
form of this command.
ip igmp profile profile number
no ip igmp profile profile number
Syntax Description
profile number
Defaults
No profile created.
Command Modes
IGMP profile number being configured; valid values are from 1 to 4294967295.
Command History
Usage Guidelines
Release
Modification
12.1(11b)EW
Support for this command was introduced on the Catalyst 4500 series switch.
When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.
You can apply an IGMP profile to one or more Layer 2 interfaces, but each interface can have only one
profile applied to it.
Examples
This example shows how to configure IGMP profile 40 that permits the specified range of IP multicast
addresses:
Switch # config terminal
Switch(config)# ip igmp profile 40
Switch(config-igmp-profile)# permit
Switch(config-igmp-profile)# range 233.1.1.1 233.255.255.255
Switch(config-igmp-profile)#
Related Commands
Command
Description
ip igmp filter
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-326
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip igmp query-interval
To configure the frequency that the switch sends the IGMP host-query messages, use the ip igmp
query-interval command. To return to the default frequency, use the no form of this command.
ip igmp query-interval seconds
no ip igmp query-interval
Syntax Description
seconds
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Frequency, in seconds, at which the IGMP host-query messages are transmitted; valid
values depend on the IGMP snooping mode. See the Usage Guidelines section for more
information.
If you use the default IGMP snooping configuration, the valid query interval values are from 1 to
65535 seconds. If you have changed the default configuration to support CGMP as the IGMP snooping
learning method, the valid query interval values are from 1 to 300 seconds.
The designated switch for a LAN is the only switch that sends the IGMP host-query messages. For IGMP
version 1, the designated switch is elected according to the multicast routing protocol that runs on the
LAN. For IGMP version 2, the designated querier is the lowest IP-addressed multicast switch on the
subnet.
If no queries are heard for the timeout period (controlled by the ip igmp query-timeout command), the
switch becomes the querier.
Note
Examples
This example shows how to change the frequency at which the designated switch sends the IGMP
host-query messages:
Switch(config-if)# ip igmp query-interval 120
Switch(config-if)#
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-327
Chapter 2
ip igmp query-interval
Command
Description
ip igmp querier-timeout (refer to Cisco Configures the timeout period before the router takes over
IOS documentation)
as the querier for the interface after the previous querier has
stopped querying.
ip pim query-interval (refer to Cisco
IOS documentation)
show ip igmp groups (refer to Cisco IOS Displays the multicast groups with receivers that are
documentation)
directly connected to the router and that were learned
through Internet Group Management Protocol (IGMP), use
the show ip igmp groups command in EXEC mode.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-328
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip igmp snooping
To enable IGMP snooping, use the ip igmp snooping command. To disable IGMP snooping, use the no
form of this command.
ip igmp snooping [tcn {flood query count count | query solicit}]
no ip igmp snooping [tcn {flood query count count | query solicit}]
Syntax Description
tcn
flood
(Optional) Specifies to flood the spanning tree table to the network when a topology
change occurs.
query
count count
(Optional) Specifies how often the spanning tree table is flooded; valid values are
from 1 to 10.
solicit
Defaults
Command Modes
Command History
Usage Guidelines
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(11)EW
The tcn flood option applies only to Layer 2 switch ports and EtherChannels; it does not apply to routed
ports, VLAN interfaces, or Layer 3 channels.
The ip igmp snooping command is disabled by default on multicast routers.
Note
Examples
You can use the tcn flood option in interface configuration mode.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-329
Chapter 2
ip igmp snooping
This example shows how to enable the flooding of the spanning tree table to the network after nine
topology changes have occurred:
Switch(config)# ip igmp snooping tcn flood query count 9
Switch(config)#
This example shows how to disable the flooding of the spanning tree table to the network:
Switch(config)# no ip igmp snooping tcn flood
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-330
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the ip igmp snooping report-suppression command is disabled, all the IGMP reports are forwarded
to the multicast devices.
If the command is enabled, report suppression is done by IGMP snooping.
Examples
This example shows how to display the system status for report suppression:
Switch# show ip igmp snoop
vlan 1
---------IGMP snooping is globally enabled
IGMP snooping TCN solicit query is globally disabled
IGMP snooping global TCN flood query count is 2
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP_ONLY mode on this Vlan
IGMP snooping report suppression is enabled on this Vlan
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-331
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-332
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
Number of the VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-333
Chapter 2
Syntax Description
vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
(Optional) Specifies a VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
This example shows how to disable IGMP explicit host tracking on interface VLAN 200 and how to
verify the configuration:
Switch(config)# no ip igmp snooping vlan 200 explicit-tracking
Switch(config)# end
Switch# show ip igmp snooping vlan 200 | include explicit tracking
Global IGMP Snooping configuration:
----------------------------------IGMP snooping
: Enabled
IGMPv3 snooping
: Enabled
Report suppression
: Enabled
TCN solicit query
: Disabled
TCN flood query count
: 2
Vlan 2:
-------IGMP snooping
IGMPv2 immediate leave
Explicit host tracking
Multicast router learning mode
CGMP interoperability mode
Explicit host tracking
Switch#
Related Commands
Command
:
:
:
:
:
:
Enabled
Disabled
Disabled
pim-dvmrp
IGMP_ONLY
Disabled
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-334
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-335
Chapter 2
Syntax Description
vlan_num
immediate-leave
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
Examples
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-336
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-337
Chapter 2
Syntax Description
vlan vlan-id
Specifies the VLAN ID number to use in the command; valid values are
from 1 to 4094.
interface
fastethernet slot/port
Specifies the Fast Ethernet interface; number of the slot and port.
gigabitethernet slot/port Specifies the Gigabit Ethernet interface; number of the slot and port.
tengigabitethernet
slot/port
Specifies the 10-Gigabit Ethernet interface; number of the slot and port.
port-channel number
learn
cgmp
pim-dvmrp
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-338
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Usage Guidelines
Examples
This example shows how to specify the next-hop interface to a multicast switch:
Switch(config-if)# ip igmp snooping 400 mrouter interface fastethernet 5/6
Switch(config-if)#
This example shows how to specify the multicast switch learning method:
Switch(config-if)# ip igmp snooping 400 mrouter learn cgmp
Switch(config-if)#
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-339
Chapter 2
Syntax Description
vlan_num
mac-address
interface
fastethernet slot/port
Specifies the Fast Ethernet interface; number of the slot and port.
gigabitethernet slot/port
Specifies the Gigabit Ethernet interface; number of the slot and port.
tengigabitethernet slot/port
port-channel number
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Examples
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-340
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-341
Chapter 2
ip local-proxy-arp
ip local-proxy-arp
To enable the local proxy ARP feature, use the ip local-proxy-arp command. To disable the local proxy
ARP feature, use the no form of this command.
ip local-proxy-arp
no ip local-proxy-arp
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this feature only on subnets where hosts are intentionally prevented from communicating directly
to the switch on which they are connected.
ICMP redirect is disabled on interfaces where the local proxy ARP feature is enabled.
Examples
This example shows how to enable the local proxy ARP feature:
Switch(config-if)# ip local-proxy-arp
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-342
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip mfib fastdrop
To enable MFIB fast drop, use the ip mfib fastdrop command. To disable MFIB fast drop, use the no
form of this command.
ip mfib fastdrop
no ip mfib fastdrop
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-343
Chapter 2
ip multicast multipath
ip multicast multipath
To enable load splitting of IP multicast traffic over Equal Cost Multipath (ECMP), use the
ip multicast multipath command in global configuration mode. To disable this functionality, use the no
form of this command.
ip multicast [vrf vrf-name] multipath [s-g-hash {basic | next-hop-based}]
no ip multicast [vrf vrf-name] multipath [s-g-hash {basic | next-hop-based}]
Syntax Description
vrf vrf-name
s-g-hash basic |
next-hop-based
(Optional) Enables ECMP multicast load splitting based on source and group
address or on source, group, and next-hop address.
The basic keyword enables a simple hash based on source and group address.
This algorithm is referred to as the basic S-G-hash algorithm.
The next-hop-based keyword enables a more complex hash based on source,
group, and next-hop address. This algorithm is referred to as the
next-hop-based S-G-hash algorithm.
Command Default
If multiple equal-cost paths exist, multicast traffic will not be load-split across those paths.
Command Modes
Command History
Release
Modification
12.2(53)SG
Usage Guidelines
The ip multicast multipath command does not work with bidirectional Protocol Independent Multicast
(PIM).
Use the ip multicast multipath command to enable load splitting of IP multicast traffic across multiple
equal-cost paths.
If two or more equal-cost paths from a source are available, unicast traffic will be load-split across those
paths. However, by default, multicast traffic is not load-split across multiple equal-cost paths. In general,
multicast traffic flows down from the reverse path forwarding (RPF) neighbor. According to the PIM
specifications, this neighbor must have the highest IP address if more than one neighbor has the same
metric.
When you configue load splitting with the ip multicast multipath command, the system splits multicast
traffic across multiple equal-cost paths based on source address using the S-hash algorithm. When the
ip multicast multipath command is configured and multiple equal-cost paths exist, the path in which
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-344
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
multicast traffic will travel is selected based on the source IP address. Multicast traffic from different
sources will be load-split across the different equal-cost paths. Load splitting will not occur across
equal-cost paths for multicast traffic from the same source sent to different multicast groups.
Note
The ip multicast multipath command load splits the traffic but does not load balance the traffic. Traffic
from a source will use only one path, even if the traffic greatly exceeds traffic from other sources.
If the ip multicast multipath command is configured with the s-g-hash keyword and multiple
equal-cost paths exist, load splitting will occur across equal-cost paths based on source and group
address or on source, group, and next-hop address. If you specify the optional s-g-hash keyword for load
splitting IP multicast traffic, you must select the algorithm used to calculate the equal-cost paths by
specifying one of the following keywords:
Examples
The following example shows how to enable ECMP multicast load splitting on a router based on source
address using the S-hash algorithm:
Switch(config)# ip multicast multipath
The following example shows how to enable ECMP multicast load splitting on a router based on source
and group address using the basic S-G-hash algorithm:
Switch(config)# ip multicast multipath s-g-hash basic
The following example shows how to enable ECMP multicast load splitting on a router based on source,
group, and next-hop address using the next-hop-based S-G-hash algorithm:
Switch(config)# ip multicast multipath s-g-hash next-hop-based
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-345
Chapter 2
ip route-cache flow
ip route-cache flow
To enable NetFlow statistics for IP routing, use the ip route-cache flow command. To disable NetFlow
statistics, use the no form of this command.
ip route-cache flow [infer-fields]
no ip route-cache flow [infer-fields]
Syntax Description
infer-fields
Defaults
(Optional) Includes the NetFlow fields as inferred by the software: Input identifier,
Output identifier, and Routing information.
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switches.
12.1(19)EW
Usage Guidelines
To use these commands, you need to install the Supervisor Engine IV and the NetFlow Service Card.
The NetFlow statistics feature captures a set of traffic statistics. These traffic statistics include the source
IP address, destination IP address, Layer 4 port information, protocol, input and output identifiers, and
other routing information that can be used for network analysis, planning, accounting, billing and
identifying DoS attacks.
NetFlow switching is supported on IP and IP-encapsulated traffic over all interface types.
If you enter the ip route-cache flow infer-fields command after the ip route-cache flow command, you
will purge the existing cache, and vice versa. This action is done to avoid having flows with and without
inferred fields in the cache simultaneously.
For additional information on NetFlow switching, refer to the Catalyst 4500 Series Switch Cisco IOS
Software Configuration Guide.
Note
NetFlow consumes additional memory and CPU resources compared to other switching modes. You
need to know the resources required on your switch before enabling NetFlow.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-346
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
Note
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-347
Chapter 2
ip source binding
ip source binding
To add or delete a static IP source binding entry, use the ip source binding command. To delete the
corresponding IP source binding entry, use the no form of this command.
ip source binding ip-address mac-address vlan vlan-id interface interface-name
no ip source binding ip-address mac-address vlan vlan-id interface interface-name
Syntax Description
ip-address
Binding IP address.
mac-address
vlan vlan-id
VLAN number.
interface interface-name
Binding interface.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The ip source binding command is used to add a static IP source binding entry only.
The no form of this command deletes the corresponding IP source binding entry. For the deletion to
succeed, all required parameters must match.
Each static IP binding entry is keyed by a MAC address and VLAN number. If the CLI contains an
existing MAC and VLAN, the existing binding entry will be updated with the new parameters; a separate
binding entry will not be created.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-348
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip sticky-arp
To enable sticky ARP, use the ip sticky-arp command. Use the no form of this command to disable
sticky ARP.
ip sticky-arp
no ip sticky-arp
Syntax Description
Defaults
Enabled
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-349
Chapter 2
ip sticky-arp
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-350
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The total length must be greater than or equal to four times the header length and greater than the
Layer 2 packet size minus the Layer 2 encapsulation size.
If an IPv4 packet fails the IP header validation, the packet is dropped. If you disable the header
validation, the packets with the invalid IP headers are bridged but are not routed even if routing was
intended. The IPv4 access lists also are not applied to the IP headers.
Examples
This example shows how to disable the IP header validation for the Layer 2-switched IPv4 packets:
Switch# config terminal
Switch(config)# no ip verify header vlan all
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-351
Chapter 2
ip verify source
ip verify source
To enable IP source guard on untrusted Layer 2 interfaces, use the ip verify source command. To disable
IP source guard on untrusted Layer 2 interfaces, use the no form of this command.
ip verify source {vlan dhcp-snooping | tracking} [port-security]
no ip verify source {vlan dhcp-snooping | tracking} [port-security]
Syntax Description
vlan dhcp-snooping
tracking
port-security
(Optional) Filters both source IP and MAC addresses using the port
security feature.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(37)SG
Examples
This example shows how to enable IP source guard on VLANs 10 through 20 on a per-port basis:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 20
Switch(config)# interface fastethernet6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 11-20
Switch(config-if)# no ip dhcp snooping trust
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config)# end
Switch# show ip verify source interface f6/1
Interface Filter-type Filter-mode IP-address
Mac-address
--------- ----------- ----------- --------------- ----------------Fa6/1
ip-mac
active
10.0.0.1
Fa6/1
ip-mac
active
deny-all
Switch#
Vlan
---------10
11-20
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-352
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to enable IP port security with IP-MAC filters on a Layer 2 access port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
You can verify your settings by entering the show ip verify source privileged EXEC command.
Related Commands
Command
Description
ip dhcp snooping
ip source binding
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-353
Chapter 2
Syntax Description
rx
Verifies that the source address is reachable on the interface where the packet was
received.
allow-default
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Note
In basic RX mode, unicast RPF ensures a source address must be reachable on the arrived interface. For
example, the source must be reachable without load balancing.
Unicast RPF is an input function and is applied only on the input interface of a router at the upstream
end of a connection.
Do not use unicast RPF on internal network interfaces. Internal interfaces might have routing asymmetry,
which means that there are multiple routes to the source of a packet. Apply unicast RPF only where there
is natural or configured symmetry.
Examples
This example shows how to enable unicast RPF exist-only checking mode:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# ip verify unicast source reachable-via rx allow-default
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-354
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
ip cef (refer to Cisco IOS documentation) Enables Cisco Express Forwarding (CEF) on the switch.
show running-config
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-355
Chapter 2
ip wccp
ip wccp
To enable support of the specified Web Cache Communication Protocol (WCCP) service for
participation in a service group, use the ip wccp command in global configuration mode. To disable the
service group, use the no form of this command.
ip wccp {web-cache | service-number} [accelerated] [group-address multicast-address]
[redirect-list access-list] [group-list access-list] [password [0 | 7] password]
no ip wccp {web-cache | service-number}[accelerated] [group-address multicast-address]
[redirect-list access-list] [group-list access-list] [password [0 | 7] password]
Syntax Description
web-cache
service-number
If Cisco cache engines are being used in your service group, the
reverse-proxy service is indicated by a value of 99.
accelerated
group-address
multicast-address
redirect-list access-list
(Optional) Access list that controls traffic redirected to this service group.
The access-list argument should consist of a string of no more than 64
characters (name or number) that specifies the access list.
group-list access-list
(Optional) Access list that determines which cache engines are allowed to
participate in the service group. The access-list argument specifies either
the number or the name of a standard or extended access list.
password [0 | 7]
password
Command Default
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-356
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.2(31)SG
15.0(2)SG/3.2(0)SG
15.0(2)SG1
IOS XE 3.3.0 SG
(15.1(1)SG)
This command instructs a router to enable or disable the support for the specified service number or the
web-cache service name. A service number can be from 0 to 254. Once the service number or name is
enabled, the router can participate in the establishment of a service group.
When the no ip wccp command is entered, the router terminates participation in the service group,
deallocates space if none of the interfaces still has the service configured, and terminates the WCCP task
if no other services are configured.
The keywords following the web-cache keyword and the service-number argument are optional and may
be specified in any order, but only may be specified once. The following sections outline the specific
usage of each of the optional forms of this command.
ip wccp {web-cache | service-number} group-address multicast-address
A WCCP group address can be configured to set up a multicast address that cooperating routers and web
caches can use to exchange WCCP protocol messages. If such an address is used, IP multicast routing
must be enabled so that the messages that use the configured group (multicast) addresses are received
correctly.
This option instructs the router to use the specified multicast IP address to coalesce the I See You
responses for the Here I Am messages that it has received on this group address. The response is sent
to the group address as well. The default is for no group address to be configured, in which case all Here
I Am messages are responded to with a unicast reply.
ip wccp {web-cache | service-number} redirect-list access-list
This option instructs the router to use an access list to control the traffic that is redirected to the web
caches of the service group specified by the service name given. The access-list argument specifies either
the number or the name of a standard or extended access list. The access list itself specifies which traffic
is permitted to be redirected. The default is for no redirect list to be configured (all traffic is redirected).
WCCP requires that the following protocol and ports not be filtered by any access lists:
User Datagram Protocol (UDP) (protocol type 17) port 2048. This port is used for control signaling.
Blocking this type of traffic will prevent WCCP from establishing a connection between the router
and cache engines.
This option instructs the router to use an access list to control the cache engines that are allowed to
participate in the specified service group. The access-list argument specifies either the number of a
standard or extended access list or the name of any type of named access list. The access list itself
specifies which cache engines are permitted to participate in the service group. The default is for no
group list to be configured, in which case all cache engines may participate in the service group.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-357
Chapter 2
ip wccp
Note
The ip wccp {web-cache | service-number} group-list command syntax resembles the ip wccp
{web-cache | service-number} group-listen command, but these are entirely different commands. The
ip wccp group-listen command is an interface configuration command used to configure an interface to
listen for multicast notifications from a cache cluster. Refer to the description of the ip wccp
group-listen command in the Cisco IOS IP Application Services Command Reference.
ip wccp {web-cache | service-number} password password
This option instructs the router to use MD5 authentication on the messages received from the service
group specified by the service name given. Use this form of the command to set the password on the
router. You must also configure the same password separately on each web cache. The password can be
up to a maximum of eight characters. Messages that do not authenticate when authentication is enabled
on the router are discarded. The default is for no authentication password to be configured and for
authentication to be disabled.
Examples
The following example shows how to configure a router to run WCCP reverse-proxy service, using the
multicast address of 239.0.0.0:
Router(config)# ip multicast-routing
Router(config)# ip wccp 99 group-address 239.0.0.0
Router(config)# interface gigabitethernet 3/1
Router(config-if)# ip wccp 99 group-listen
The following example shows how to configure a router to redirect web-related packets without a
destination of 10.168.196.51 to the web cache:
Router(config)# access-list 100 deny ip any host 10.168.196.51
Router(config)# access-list 100 permit ip any any
Router(config)# ip wccp web-cache redirect-list 100
Router(config)# interface gigabitethernet 3/2
Router(config-if)# ip wccp web-cache redirect out
Related Commands
Command
Description
show ip wccp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-358
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
IOS XE 3.2(0)SG
(15.0(2)SG)
IOS XE 3.3.0 SG
(15.1(1)SG)
Usage Guidelines
With the ip wccp check services all command, WCCP can be configured to check all configured
services for a match and perform redirection for those services if appropriate. The caches to which
packets are redirected can be controlled by a redirect ACL access control list (ACL) as well as by the
priority value of the service.
It is possible to configure an interface with more than one WCCP service. When more than one WCCP
service is configured on an interface, the precedence of a service depends on the relative priority of the
service compared to the priority of the other configured services. Each WCCP service has a priority
value as part of its definition.
If no WCCP services are configured with a redirect ACL, the services are considered in priority order
until a service is found which matches the IP packet. If no services match the packet, the packet is not
redirected. If a service matches the packet and the service has a redirect ACL configured, then the IP
packet will be checked against the ACL. If the packet is rejected by the ACL, the packet will not be
passed down to lower priority services unless the ip wccp check services all command is configured.
When the ip wccp check services all command is configured, WCCP will continue to attempt to match
the packet against any remaining lower priority services configured on the interface.
Note
The priority of a WCCP service group is determined by the web cache appliance. The priority of a WCCP
service group cannot be configured via Cisco IOS software.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-359
Chapter 2
Note
Examples
The ip wccp check services all command is a global WCCP command that applies to all services and is
not associated with a single service.
Related Commands
Command
Description
ip wccp
ip wccp group-listen
ip wccp redirect
ip wccp redirect exclude Configure an interface to exclude packets received on an interface from
in
being checked for redirection.
ip wccp version
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-360
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip wccp group-listen
To configure an interface on a router to enable or disable the reception of IP multicast packets for Web
Cache Communication Protocol (WCCP), use the ip wccp group-listen command in interface
configuration mode. To disable the reception of IP multicast packets for WCCP, use the no form of this
command.
ip wccp {web-cache | service-number} group-listen
no ip wccp {web-cache | service-number} group-listen
Syntax Description
web-cache
service-number
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
IOS XE 3.2(0)SG
(15.0(2)SG)
IOS XE 3.3.0 SG
(15.1(1)SG)
Usage Guidelines
Examples
On routers that are to be members of a Service Group when IP multicast is used, the following
configuration is required:
Configure the IP multicast address for use by the WCCP Service Group.
Configure the interfaces on which the router wishes to receive the IP multicast address with the
ip wccp {web-cache | service-number} group-listen interface configuration command.
The following example shows how to enable the multicast packets for a web cache with a multicast
address of 224.1.1.100:
Switch# configure terminal
Switch(config)# ip wccp web-cache group-address 224.1.1.100
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp web-cache group-listen
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-361
Chapter 2
ip wccp group-listen
Related Commands
Command
Description
ip wccp
ip wccp redirect
ip wccp redirect
ip wccp version
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-362
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ip wccp redirect
To enable packet redirection on an inbound or outbound interface using Web Cache Communication
Protocol (WCCP), use the ip wccp redirect command in interface configuration mode. To disable
WCCP redirection, use the no form of this command.
ip wccp {web-cache | service-number} redirect {in | out}
no ip wccp {web-cache | service-number} redirect {in | out}
Syntax Description
web-cache
service-number
Identification number of the cache engine service group; valid values are
from 0 to 254.
If Cisco cache engines are used in the cache cluster, the reverse proxy
service is indicated by a value of 99.
in
out
Command Default
Command Modes
Command History
Release
Modification
12.2(31)SG
IOS XE 3.2(0)SG
(15.0(2)SG)
15.0(2)SG1
IOS XE 3.3.0 SG
(15.1(1)SG)
Usage Guidelines
The ip wccp {web-cache | service-number} redirect in command allows you to configure WCCP
redirection on an interface receiving inbound network traffic. When the command is applied to an
interface, all packets arriving at that interface will be compared against the criteria defined by the
specified WCCP service. If the packets match the criteria, they will be redirected.
Likewise, the ip wccp {web-cache | service-number} redirect out command allows you to configure
the WCCP redirection check at an outbound interface.
Tips
Be careful not to confuse the ip wccp {web-cache | service-number} redirect {out | in} interface
configuration command with the ip wccp redirect exclude in interface configuration command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-363
Chapter 2
ip wccp redirect
Examples
The following example shows how to configure a session in which reverse proxy packets on Ethernet
interface 3/1 are being checked for redirection and redirected to a Cisco Cache Engine:
Switch(config)# ip wccp 99
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp 99 redirect out
The following example shows how to configure a session in which HTTP traffic arriving on
GigabitEthernet interface 3/1 is redirected to a Cache Engine:
Switch(config)# ip wccp web-cache
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp web-cache redirect in
Related Commands
Command
Description
ip wccp group-listen
show ip interface
show ip wccp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-364
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Command Default
Command Modes
Command History
Release
Modification
12.2(31)SG
IOS XE 3.2(0)SG
(15.0(2)SG)
IOS XE 3.3.0 SG
(15.1(1)SG)
Usage Guidelines
This configuration command instructs the interface to exclude inbound packets from any redirection
check. Note that the command is global to all the services and should be applied to any inbound interface
that will be excluded from redirection.
This command is intended to be used to accelerate the flow of packets from a cache engine to the Internet
as well as allow for the use of the Web Cache Communication Protocol (WCCP) v2 packet return feature.
Examples
In the following example, packets arriving on GigabitEthernet interface 3/1 are excluded from WCCP
output redirection checks:
Router (config)# interface gigabitethernet 3/1
Router (config-if)# ip wccp redirect exclude in
Related Commands
Command
Description
ip wccp
ip wccp redirect
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-365
Chapter 2
Command
Description
ip wccp group-listen
Displays the usability status of interfaces that are configured for IP.
show ip wccp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-366
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan vlan-id
Defaults
MLD snooping is enabled on all VLANs. However, MLD snooping must be globally enabled before
VLAN snooping can take place.
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
When MLD snooping is globally disabled, it is disabled on all the existing VLAN interfaces. When you
globally enable MLD snooping, it is enabled on all VLAN interfaces that are in the default state
(enabled). VLAN configuration overrides global configuration on interfaces on which MLD snooping
has been disabled.
If MLD snooping is globally disabled, you cannot enable it on a VLAN. If MLD snooping is globally
enabled, you can disable it on individual VLANs.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-367
Chapter 2
You can verify your settings by entering the show ipv6 mld snooping user EXEC command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-368
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Command Default
vlan vlan-id
integer_value
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
In MLD snooping, the IPv6 multicast switch periodically sends out queries to hosts belonging to the
multicast group. If a host wants to leave a multicast group, it can silently leave or it can respond to the
query with a Multicast Listener Done message (equivalent to an IGMP Leave message). When
Immediate Leave is not configured (it should not be configured if multiple clients for a group exist on
the same port), the configured last-listener query count determines the number of MASQs that are sent
before an MLD client is aged out.
When the last-listener query count is set for a VLAN, this count overrides the value configured globally.
When the VLAN count is not configured (set to the default of 0), the global count is used.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-369
Chapter 2
Examples
This example shows how to globally set the last-listener query count:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping last-listener-query-count 1
Switch(config)# end
Switch#
This example shows how to set the last-listener query count for VLAN 10:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 10 last-listener-query-count 3
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv6 mld snooping [vlan vlan-id] user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-370
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Command Default
vlan vlan-id
integer_value
Sets the time period (in thousandths of a second) that a multicast switch must
wait after issuing a MASQ before deleting a port from the multicast group.
The range is 100 to 32,768. The default is 1000 (1 second),
The default global query interval (maximum response time) is 1000 (1 second).
The default VLAN query interval (maximum response time) is 0 (the global count is used).
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
The last-listener-query-interval time is the maximum time that a multicast switch waits after issuing a
Mulitcast Address Specific Query (MASQ) before deleting a port from the multicast group.
In MLD snooping, when the IPv6 multicast switch receives an MLD leave message, it sends out queries
to hosts belonging to the multicast group. If there are no responses from a port to a MASQ for a length
of time, the switch deletes the port from the membership database of the multicast address. The last
listener query interval is the maximum time that the switch waits before deleting a nonresponsive port
from the multicast group.
When a VLAN query interval is set, the global query interval is overridden. When the VLAN interval is
set at 0, the global value is used.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-371
Chapter 2
Examples
This example shows how to globally set the last-listener query interval to 2 seconds:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping last-listener-query-interval 2000
Switch(config)# end
Switch#
This example shows how to set the last-listener query interval for VLAN 1 to 5.5 seconds:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 last-listener-query-interval 5500
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv6 MLD snooping [vlan vlan-id] user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-372
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command Default
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
MLD snooping listener message suppression is equivalent to IGMP snooping report suppression. When
it is enabled, received MLDv1 reports to a group are forwarded to IPv6 multicast switchs only once in
every report-forward time. This prevents the forwarding of duplicate reports.
Examples
This example shows how to enable MLD snooping listener message suppression:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping listener-message-suppression
Switch(config)# end
Switch#
This example shows how to disable MLD snooping listener message suppression:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no ipv6 mld snooping listener-message-suppression
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv6 mld snooping [vlan vlan-id] user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-373
Chapter 2
Syntax Description
Command Default
vlan vlan-id
integer_value
The default global robustness variable (number of queries before deleting a listener) is 2.
The default VLAN robustness variable (number of queries before aging out a multicast address) is 0,
which means that the system uses the global robustness variable for aging out the listener.
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Robustness is measured by the number of MLDv1 queries sent with no response before a port is removed
from a multicast group. A port is deleted when there are no MLDv1 reports received for the configured
number of MLDv1 queries. The global value determines the number of queries that the switch waits
before deleting a listener that does not respond, and it applies to all VLANs that do not have a VLAN
value set.
The robustness value configured for a VLAN overrides the global value. If the VLAN robustness value
is 0 (the default), the global value is used.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-374
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to configure the global robustness variable so that the switch sends out three
queries before it deletes a listener port that does not respond:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping robustness-variable 3
Switch(config)# end
Switch#
This example shows how to configure the robustness variable for VLAN 1. This value overrides the
global configuration for the VLAN:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 robustness-variable 1
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv6 MLD snooping [vlan vlan-id] user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-375
Chapter 2
Syntax Description
Command Default
Sets the flood query count, which is the number of queries that are sent
before forwarding multicast data to only those ports requesting it. The range
is 1 to 10.
query solicit
Command Modes
Command History
Release
Modification
12.2(25)SG
Examples
You can verify your settings by entering the show ipv6 MLD snooping [vlan vlan-id] user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-376
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Command Default
vlan vlan-id
immediate-leave
mrouter interface
static ipv6-multicast-address
interface interface-id
Adds a Layer 2 port to the group. The mrouter or static interface can
be a physical port or a port-channel interface ranging from 1 to 48.
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
You should only configure the Immediate-Leave feature when there is only one receiver on every port in
the VLAN. The configuration is saved in NVRAM.
The static keyword is used for configuring the MLD member ports statically.
The configuration and the static ports and groups are saved in NVRAM.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-377
Chapter 2
Examples
You can verify your settings by entering the show ipv6 mld snooping vlan vlan-id user EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-378
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
issu abortversion
To cancel the ISSU upgrade or the downgrade process in progress and to restore the Catalyst 4500 series
switch to its state before the start of the process, use the issue abortversion command.
issu abortversion active-slot [active-image-new]
Syntax Description
active-slot
Specifies the slot number for the current standby supervisor engine.
active-image-new
(Optional) Name of the new image present in the current standby supervisor
engine.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
You can use the issu abortversion command at any time to stop the ISSU process. To complete the
process enter the issu commitversion command. Before any action is taken, a check ensures that both
supervisor engines are either in the run version (RV) or load version (LV) state.
When the issu abortversion command is entered before the issu runversion command, the standby
supervisor engine is reset and reloaded with the old image. When the issu abortversion command is
entered after the issu runversion command, a change takes place and the new standby supervisor engine
is reset and reloaded with the old image.
Examples
This example shows how you can reset and reload the standby supervisor engine:
Switch# issu abortversion 2
Switch#
Related Commands
Command
Description
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
issu loadversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-379
Chapter 2
issu abortversion
Command
Description
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-380
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
issu acceptversion
To halt the rollback timer and to ensure that the new Cisco IOS software image is not automatically
stopped during the ISSU process, use the issu acceptversion command.
issu acceptversion active-slot [active-image-new]
Syntax Description
active-slot
Specifies the slot number for the currently active supervisor engine.
active-image-new
(Optional) Name of the new image on the currently active supervisor engine.
Defaults
Rollback timer resets automatically 45 minutes after you enter the issu runversion command.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
After you are satisfied with the new image and have confirmed the new supervisor engine is reachable
by both the console and the network, enter the issu acceptversion command to halt the rollback timer.
If the issu acceptversion command is not entered within 45 minutes from the time the issu runversion
command is entered, the entire ISSU process is automatically rolled back to the previous version of the
software. The rollback timer starts immediately after you enter the issu runversion command.
If the rollback timer expires before the standby supervisor engine goes to a hot standby state, the timer
is automatically extended by up to 15 minutes. If the standby state goes to a hot-standby state within this
extension time or the 15 minute extension expires, the switch aborts the ISSU process. A warning
message that requires your intervention is displayed every 1 minute of the timer extension.
If the rollback timer is set to a long period of time, such as the default of 45 minutes, and the standby
supervisor engine goes into the hot standby state in 7 minutes, you have 38 minutes (45 minus 7) to roll
back if necessary.
Use the issu set rollback-timer to configure the rollback timer.
Examples
This example shows how to halt the rollback timer and allow the ISSU process to continue:
Switch# issu acceptversion 2
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-381
Chapter 2
issu acceptversion
Related Commands
Command
Description
issu abortversion
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
issu loadversion
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-382
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
issu commitversion
To load the new Cisco IOS software image into the new standby supervisor engine, use the issu
commitversion command.
issu commitversion standby-slot [standby-image-new]
Syntax Description
standby-slot
Specifies the slot number for the currently active supervisor engine.
standby-image-new
(Optional) Name of the new image on the currently active supervisor engine.
Defaults
Enabled by default.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
The issu commitversion command verifies that the standby supervisor engine has the new Cisco IOS
software image in its file system and that both supervisor engines are in the run version (RV) state. If
these conditions are met, the following actions take place:
The standby supervisor engine is reset and booted with the new version of Cisco IOS software.
The standby supervisor engine moves into the Stateful Switchover (SSO) mode and is fully stateful
for all clients and applications with which the standby supervisor engine is compatible.
The supervisor engines are moved into final state, which is the same as initial state.
Entering the issu commitversion command completes the In Service Software Upgrade (ISSU) process.
This process cannot be stopped or reverted to its original state without starting a new ISSU process.
Entering the issu commitversion command without entering the issu acceptversion command is
equivalent to entering both the issu acceptversion and the issu commitversion commands. Use the
issu commitversion command if you do not intend to run in the current state for an extended period of
time and are satisfied with the new software version.
Examples
This example shows how you can configure the standby supervisor engine to be reset and reloaded with
the new Cisco IOS software version:
Switch# issu commitversion 1
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-383
Chapter 2
issu commitversion
Related Commands
Command
Description
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
issu loadversion
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-384
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
issu loadversion
To start the ISSU process, use the issu loadversion command.
issu loadversion active-slot active-image-new standby-slot standby-image-new [force]
Syntax Description
active-slot
Specifies the slot number for the currently active supervisor engine.
active-image-new
Specifies the name of the new image on the currently active supervisor engine.
standby-slot
standby-image-new
Specifies the name of the new image on the standby supervisor engine.
force
(Optional) Overrides the automatic rollback when the new Cisco IOS software
version is detected to be incompatible.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
The issu loadversion command causes the standby supervisor engine to be reset and booted with the
new Cisco IOS software image specified by the command. If both the old image and the new image are
ISSU capable, ISSU compatible, and have no configuration mismatches, the standby supervisor engine
moves into Stateful Switchover (SSO) mode, and both supervisor engines move into the load version
(LV) state.
It will take several seconds after the issu loadversion command is entered for Cisco IOS software to
load onto the standby supervisor engine and the standby supervisor engine to transition to SSO mode.
Examples
Related Commands
Command
Description
issu abortversion
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-385
Chapter 2
issu loadversion
Command
Description
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-386
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
issu runversion
To force a change from the active supervisor engine to the standby supervisor engine and to cause the
newly active supervisor engine to run the new image specified in the issu loadversion command, use the
issu runversion command.
issu runversion standby-slot [standby-image-new]
Syntax Description
standby-slot
standby-image-new
(Optional) Specifies the name of the new image on the standby supervisor
engine.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
The issu runversion command changes the currently active supervisor engine to standby supervisor
engine and the real standby-supervisor engine is booted with the old image version following and resets
the switch. As soon as the standby-supervisor engine moves into the standby state, the rollback timer is
started.
Examples
This example shows how to force a change of the active-supervisor engine to standby-supervisor engine:
Switch# issu runversion 2
Switch#
Related Commands
Command
Description
issu abortversion
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-387
Chapter 2
issu runversion
Command
Description
issu loadversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-388
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
seconds
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Specfies the rollback timer value, in seconds. The valid timer value range is
from 0 to 7200 seconds (2 hours). A value of 0 seconds disables the rollback
timer.
Usage Guidelines
Use the issue set rollback-timer command to configure the rollback timer value. You can only enable
this command when the supervisor engines are in the init state.
Examples
This example shows how you can set the rollback timer value to 3600 seconds, or 1 hour:
Switch# configure terminal
Switch(config)# issu set rollback-timer 3600
Switch(config)# end
Switch#
Related Commands
Command
Description
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-389
Chapter 2
l2protocol-tunnel
l2protocol-tunnel
To enable protocol tunneling on an interface, use the l2protocol-tunnel command. You can enable
tunneling for the Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking
Protocol (VTP) packets. To disable tunneling on the interface, use the no form of this command.
l2protocol-tunnel [cdp | stp | vtp]
no l2protocol-tunnel [cdp | stp | vtp]
Syntax Description
cdp
stp
vtp
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You must enter this command, with or without protocol types, to tunnel Layer 2 packets.
Layer 2 protocol tunneling across a service-provider network ensures that Layer 2 information is
propagated across the network to all customer locations. When protocol tunneling is enabled, protocol
packets are encapsulated with a well-known Cisco multicast address for transmission across the network.
When the packets reach their destination, the well-known MAC address is replaced by the Layer 2
protocol MAC address.
You can enable Layer 2 protocol tunneling for CDP, STP, and VTP individually or for all three protocols.
Examples
This example shows how to enable protocol tunneling for the CDP packets:
Switch(config-if)# l2protocol-tunnel cdp
Switch(config-if)#
Related Commands
Command
Description
l2protocol-tunnel cos
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-390
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
l2protocol-tunnel drop-threshold
l2protocol-tunnel shutdown-threshold
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-391
Chapter 2
l2protocol-tunnel cos
l2protocol-tunnel cos
To configure the class of service (CoS) value for all tunneled Layer 2 protocol packets, use the
l2protocol-tunnel cos command. To return to the default value of zero, use the no form of this command.
l2protocol-tunnel cos value
no l2protocol-tunnel cos
Syntax Description
value
Defaults
The default is to use the CoS value that is configured for data on the interface. If no CoS value is
configured, the default is 5 for all tunneled Layer 2 protocol packets.
Command Modes
Command History
Release
Modification
12.2(18)EW
This command was first introduced on the Catalyst 4500 series switch.
Usage Guidelines
Specifies the CoS priority value for tunneled Layer 2 protocol packets. The range is 0 to 7,
with 7 being the highest priority.
When enabled, the tunneled Layer 2 protocol packets use this CoS value.
The value is saved in NVRAM.
Examples
This example shows how to configure a Layer 2 protocol tunnel CoS value of 7:
Switch(config)# l2protocol-tunnel cos 7
Switch(config)#
Related Commands
Command
Description
l2protocol-tunnel
l2protocol-tunnel drop-threshold
l2protocol-tunnel shutdown-threshold
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-392
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
l2protocol-tunnel drop-threshold
To set a drop threshold for the maximum rate of Layer 2 protocol packets per second to be received
before an interface drops packets, use the I2protocol-tunnel drop-threshold command. You can set the
drop threshold for the Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN
Trunking Protocol (VTP) packets. To disable the drop threshold on the interface, use the no form of this
command.
l2protocol-tunnel drop-threshold [cdp | stp | vtp] value
no l2protocol-tunnel drop-threshold [cdp | stp | vtp] value
Syntax Description
cdp
stp
vtp
value
Specifies a threshold in packets per second to be received for encapsulation before the
interface shuts down, or specifies the threshold before the interface drops packets. The
range is 1 to 4096. The default is no threshold.
Defaults
The default is no drop threshold for the number of the Layer 2 protocol packets.
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The l2protocol-tunnel drop-threshold command controls the number of protocol packets per second
that are received on an interface before it drops packets. When no protocol option is specified with a
keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a
shutdown threshold on the interface, the drop-threshold value must be less than or equal to the
shutdown-threshold value.
When the drop threshold is reached, the interface drops the Layer 2 protocol packets until the rate at
which they are received is below the drop threshold.
Examples
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-393
Chapter 2
l2protocol-tunnel drop-threshold
Command
Description
l2protocol-tunnel
l2protocol-tunnel cos
l2protocol-tunnel shutdown-threshold
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-394
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
l2protocol-tunnel shutdown-threshold
To configure the protocol tunneling encapsulation rate, use the I2protocol-tunnel shutdown-threshold
command. You can set the encapsulation rate for the Cisco Discovery Protocol (CDP), Spanning Tree
Protocol (STP), or VLAN Trunking Protocol (VTP) packets. To disable the encapsulation rate on the
interface, use the no form of this command.
l2protocol-tunnel shutdown-threshold [cdp | stp | vtp] value
no l2protocol-tunnel shutdown-threshold [cdp | stp | vtp] value
Syntax Description
cdp
stp
vtp
value
Specifies a threshold in packets per second to be received for encapsulation before the
interface shuts down. The range is 1 to 4096. The default is no threshold.
Defaults
The default is no shutdown threshold for the number of Layer 2 protocol packets.
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The l2-protocol-tunnel shutdown-threshold command controls the number of protocol packets per
second that are received on an interface before it shuts down. When no protocol option is specified with
the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a
drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the
drop-threshold value.
When the shutdown threshold is reached, the interface is error disabled. If you enable error recovery by
entering the errdisable recovery cause l2ptguard command, the interface is brought out of the
error-disabled state and allowed to retry the operation again when all the causes have timed out. If the
error recovery feature generation is not enabled for l2ptguard, the interface stays in the error-disabled
state until you enter the shutdown and no shutdown commands.
Examples
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-395
Chapter 2
l2protocol-tunnel shutdown-threshold
Command
Description
l2protocol-tunnel
l2protocol-tunnel cos
l2protocol-tunnel drop-threshold
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-396
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
lacp port-priority
To set the LACP priority for the physical interfaces, use the lacp port-priority command.
lacp port-priority priority
Syntax Description
priority
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Usage Guidelines
Priority for the physical interfaces; valid values are from 1 to 65535.
You must assign each port in the switch a port priority that can be specified automatically or by entering
the lacp port-priority command. The port priority is used with the port number to form the port
identifier. The port priority is used to decide which ports should be put in standby mode when there is a
hardware limitation that prevents all compatible ports from aggregating.
Although this command is a global configuration command, the priority value is supported only on port
channels with LACP-enabled physical interfaces.This command is supported on LACP-enabled
interfaces.
When setting the priority, the higher numbers indicate lower priorities.
Examples
This example shows how to set the priority for the interface:
Switch(config-if)# lacp port-priority 23748
Switch(config-if)#
Related Commands
Command
Description
channel-group
channel-protocol
lacp system-priority
show lacp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-397
Chapter 2
lacp system-priority
lacp system-priority
To set the priority of the system for LACP, use the lacp system-priority command.
lacp system-priority priority
Syntax Description
priority
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Usage Guidelines
You must assign each switch that is running LACP a system priority that can be specified automatically
or by entering the lacp system-priority command. The system priority is used with the switch MAC
address to form the system ID and is also used during negotiation with other systems.
Although this command is a global configuration command, the priority value is supported on port
channels with LACP-enabled physical interfaces.
When setting the priority, tthe higher numbers indicate lower priorities.
You can also enter the lacp system-priority command in interface configuration mode. After you enter
the command, the system defaults to global configuration mode.
Examples
Related Commands
Command
Description
channel-group
channel-protocol
lacp system-priority
show lacp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-398
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This command only applies to Catalyst 4500-X and Supervisor Engine 7-E and 7L-E.
To activate PRTU licenses use the license right-to-use activate command.
license right-to-use activate feature-name [acceptEula]
Syntax Description
feature-name
acceptEula
(Optional). Activates the PRTU license. The End User License Agreement is
accepted but does not display.
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.4.2SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Related Commands
Command
Description
license right-to-use
deactivate
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-399
Chapter 2
This command only applies to Catalyst 4500-X and Supervisor Engine 7-E and 7L-E.
To deactivate the PRTU license use the license right-to-use deactivate command.
license right-to-use deactivate feature-name
Syntax Description
feature-name
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.4.2SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this command to deactivate the PRTU licenses that are active.
The PRTU licenses can be deactivated provided any other valid license is available for the same feature.
For example, to deactivate a entservices PRTU license, the switch should contain a valid evaluation
license. Else, the deactivation will fail.
Examples
Related Commands
Command
Description
license right-to-use
activate
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-400
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Interface level
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
You need to disable this feature if you do not want to perform power negotiation through LLDP.
This feature is not supported on non-POEP ports; the CLI is suppressed on such ports and TLV is not
exchanged.
Examples
This example shows how to enable LLDP power negotiation on interface Gigabit Ethernet 3/1:
Switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# int gi 3/1
Switch(config-if)# lldp tlv-select power-management
Related Commands
Command
Description
lldp run
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-401
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If link-status logging event is not configured at the interface level, this global link-status setting takes
effect for each interface.
Examples
This example shows how to globally enable link status message on each interface:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# logging event link-status global
Switch(config)# end
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-402
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
To enable system logging of interface state-change events on a specific interface, enter the
logging event link-status command in interface configuration mode.
To enable system logging of interface state-change events on all interfaces in the system, enter the
logging event link-status global command in global configuration mode. All interfaces without the
state change event configuration use the global setting.
Examples
This example shows how to enable logging event state-change events on interface gi11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event link-status
Switch(config-if)# end
Switch#
This example shows how to turn off logging event link status regardless of the global setting:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# no logging event link-status
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-403
Chapter 2
This example shows how to enable the global event link-status setting on interface gi11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event link-status use-global
Switch(config-if)# end
Switch#
Related Commands
Command
Description
logging event link-status global (global Changes the default switch-wide global link-status event
configuration)
messaging settings.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-404
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If trunk-status logging event is not configured at the interface level, the global trunk-status setting takes
effect for each interface.
Examples
This example shows how to globally enable link status messaging on each interface:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# logging event trunk-status global
Switch(config)# end
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-405
Chapter 2
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
To enable system logging of interface state-change events on a specific interface, enter the
logging event trunk-status command in interface configuration mode.
To enable system logging of interface state-change events on all interfaces in the system, enter the
logging event trunk-status use-global command in global configuration mode. All interfaces without
the state change event configuration use the global setting.
Examples
This example shows how to enable logging event state-change events on interface gi11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event trunk-status
Switch(config-if)# end
Switch#
This example shows how to turn off logging event trunk status regardless of the global setting:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# no logging event trunk-status
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-406
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to enable the global event trunk-status setting on interface gi11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event trunk-status use-global
Switch(config-if)# end
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-407
Chapter 2
mab
mab
To enable and configure MAC authorization bypass (MAB) on a port, use the mab command in interface
configuration mode. To disable MAB, use the no form of this command.
mab [eap]
no mab [eap]
Note
The mab command is totally independent of the effect of the dot1x system-auth control command.
Syntax Description
eap
Command Default
Disabled
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
When a port is configured for MAB as a fallback method, it operates in a typical dot1X method until a
configurable number of failed attempts to request the identity of the host. The authenticator learns the
MAC address of the host and uses that information to query an authentication server to see whether this
MAC address will be granted access.
Examples
The following example shows how to enable and configure MAB on a port:
Switch(config-if)# mab eap
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-408
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
show authentication
show mab
show running-config
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-409
Chapter 2
Syntax Description
name
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When you enter the ACL name, follow these naming conventions:
Maximum of 31 characters long and can include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
Must start with an alpha character and must be unique across all ACLs of all types
Case sensitive
Cannot be a number
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
When you enter the mac access-list extended name command, you use the following subset to create or
delete entries in a MAC layer access list:
[no] {permit | deny} {{src-mac mask | any} [dest-mac mask]} [protocol-family {appletalk |
arp-non-ipv4 | decnet | ipx | ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns} | <arbitrary ethertype> |
name-coded ethertype].
Table 2-10 describes the syntax of the mac access-list extended subcommands.
Table 2-10
Subcommand
Description
any
arbitrary ethertype (Optional) Specifies an arbitrary ethertype in the range 1536 to 65535
(Decimal or Hexadecimal)
deny
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-410
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-10
Subcommand
Description
dest-mac mask
name-coded
ethertype
no
permit
protocol-family
(Optional) Name of the protocol family. Table 2-11 lists which packets are
mapped to a particular protocol family.
src-mac mask
Protocol Family
Appletalk
0x809B, 0x80F3
Arp-Non-Ipv4
Decnet
0x6000-0x6009, 0x8038-0x8042
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-411
Chapter 2
Table 2-11
Protocol Family
Ipx
0x8137-0x8138
Ipv6
0x86DD
Rarp-Ipv4
Rarp-Non-Ipv4
Vines
Xns
0x0600, 0x0807
When you enter the src-mac mask or dest-mac mask value, follow these guidelines:
Examples
Enter the MAC addresses as three 4-byte values in dotted hexadecimal format such as
0030.9629.9f84.
Enter the MAC address masks as three 4-byte values in dotted hexadecimal format. Use 1 bit as a
wildcard. For example, to match an address exactly, use 0000.0000.0000 (can be entered as 0.0.0).
For the optional protocol parameter, you can enter either the EtherType or the keyword.
The access list entries are scanned in the order that you enter them. The first matching entry is used.
To improve performance, place the most commonly used entries near the beginning of the access list.
An implicit deny any any entry exists at the end of an access list unless you include an explicit
permit any any entry at the end of the list.
All new entries to an existing list are placed at the end of the list. You cannot add entries to the
middle of a list.
This example shows how to create a MAC layer access list named mac_layer that denies traffic from
0000.4700.0001, which is going to 0000.4700.0009, and permits all other traffic:
Switch(config)# mac access-list extended mac_layer
Switch(config-ext-macl)# deny 0000.4700.0001 0.0.0 0000.4700.0009 0.0.0 protocol-family
appletalk
Switch(config-ext-macl)# permit any any
Switch(config-ext-macl)# end
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-412
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
mac-address
use-virtual
Specifies the MAC address range reserved for the virtual switch system (VSS).
chassis
Defaults
The router MAC address is derived from the Cisco pool of virtual switch specific MAC addresses
intended for the domain 1-255.
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
When a virtual switch boots, the router MAC address is derived from the Cisco pool of virtual switch
specific MAC addresses. The router address is used as the common router MAC address for interfaces
on both the active and the standby chassis. Between switchovers, this MAC address is maintained on the
new active switch. You can enter the mac-address mac-address command to specify a MAC address to
use or the mac-address use-virtual command to use the MAC address range reserved for the VSS.
The MAC address range reserved for the VSS is derived from a reserved pool of addresses with the
domain ID encoded in the leading 6 bits of the last octet and trailing 2 bits of the previous octet of the
mac-address. The last two bits of the first octet is allocated for the protocol mac-address that is derived
by adding the protocol ID (0 to 3) to the router MAC address.
Note
You must reload the virtual switch for the new router MAC address to take effect. If the MAC address
you configured is different from the current MAC address, the following message is displayed:
Console (enable)#
Examples
The following example shows how to specify the MAC address to use in hexadecimal format:
Router(config)# switch virtual domain test-mac-address
Router(config-vs-domain)# mac-address 0000.0000.0000
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-413
Chapter 2
Router(config-vs-domain)#
The following example shows how to specify the MAC address range reserved for the VSS:
Router(config)# switch virtual domain test-mac-address
Router(config-vs-domain)# mac-address use-virtual
Router(config-vs-domain)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-414
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
mac-address-table aging-time
To configure the aging time for the entries in the Layer 2 table, use the mac-address-table aging-time
command. To reset the seconds value to the default setting, use the no form of this command.
mac-address-table aging-time seconds [vlan vlan_id]
no mac-address-table aging-time seconds [vlan vlan_id]
Syntax Description
seconds
Aging time in seconds; valid values are 0 and from 10 to 1000000 seconds.
vlan vlan_id
(Optional) Single VLAN number or a range of VLANs; valid values are from 1
to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
If you do not enter a VLAN, the change is applied to all routed-port VLANs.
Enter 0 seconds to disable aging.
Examples
This example shows how to configure the aging time to 400 seconds:
Switch(config)# mac-address-table aging-time 400
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-415
Chapter 2
Syntax Description
ip
other
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The entries within the ip and other protocol buckets are created according to the protocol of the
incoming traffic.
When you use the mac-address-table dynamic group protocols command, an incoming MAC address
that might belong to either the ip or the other protocol bucket, is learned on both protocol buckets.
Therefore, any traffic destined to this MAC address and belonging to any of the protocol buckets is
unicasted to that MAC address, rather than flooded. This reduces the unicast Layer 2 flooding that might
be caused if the incoming traffic from a host belongs to a different protocol bucket than the traffic that
is destined to the sending host.
Examples
This example shows that the MAC addresses are initially assigned to either the ip or the other
protocol bucket:
Switch# show mac-address-table dynamic
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.5000
dynamic other
GigabitEthernet1/1
1
0001.0234.6616
dynamic ip
GigabitEthernet3/1
1
0003.3178.ec0a
dynamic assigned
GigabitEthernet3/1
1
0003.4700.24c3
dynamic ip
GigabitEthernet3/1
1
0003.4716.f475
dynamic ip
GigabitEthernet3/1
1
0003.4748.75c5
dynamic ip
GigabitEthernet3/1
1
0003.47f0.d6a3
dynamic ip
GigabitEthernet3/1
1
0003.47f6.a91a
dynamic ip
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-416
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Switch#
0003.ba06.4538
0003.fd63.3eb4
0004.2326.18a1
0004.5a5d.de53
0004.5a5e.6ecc
0004.5a5e.f60e
0004.5a5f.06f7
0004.5a5f.072f
0004.5a5f.08f6
0004.5a5f.090b
0004.5a88.b075
0004.c1bd.1b40
0004.c1d8.b3c0
0004.c1d8.bd00
0007.e997.74dd
0007.e997.7e8f
0007.e9ad.5e24
000b.5f0a.f1d8
000b.fdf3.c498
0010.7be8.3794
0012.436f.c07f
0050.0407.5fe1
0050.6901.65af
0050.da6c.81cb
0050.dad0.af07
00a0.ccd7.20ac
00b0.64fd.1c23
00b0.64fd.2d8f
00d0.b775.c8bc
00d0.b79e.de1d
00e0.4c79.1939
00e0.4c7b.d765
00e0.4c82.66b7
00e0.4c8b.f83e
00e0.4cbc.a04f
0800.20cf.8977
0800.20f2.82e5
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
assigned
ip
ip
ip
ip
ip
ip
ip
assigned
ip
ip
ip
ip
ip
ip
ip
ip
ip
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
This example shows how to assign MAC addresses that belong to either the ip or the other bucket
to both buckets:
Switch(config)# mac-address-table dynamic group protocols ip other
Switch(config)# exit
Switch# show mac address-table dynamic
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.5000
dynamic ip,other
GigabitEthernet1/1
1
0001.0234.6616
dynamic ip,other
GigabitEthernet3/1
1
0003.4700.24c3
dynamic ip,other
GigabitEthernet3/1
1
0003.4716.f475
dynamic ip,other
GigabitEthernet3/1
1
0003.4748.75c5
dynamic ip,other
GigabitEthernet3/1
1
0003.47c4.06c1
dynamic ip,other
GigabitEthernet3/1
1
0003.47f0.d6a3
dynamic ip,other
GigabitEthernet3/1
1
0003.47f6.a91a
dynamic ip,other
GigabitEthernet3/1
1
0003.ba0e.24a1
dynamic ip,other
GigabitEthernet3/1
1
0003.fd63.3eb4
dynamic ip,other
GigabitEthernet3/1
1
0004.2326.18a1
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5d.de53
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5d.de55
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5e.6ecc
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5e.f60e
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5f.08f6
dynamic ip,other
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-417
Chapter 2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Switch#
0004.5a5f.090b
0004.5a64.f813
0004.5a66.1a77
0004.5a6b.56b2
0004.5a6c.6a07
0004.5a88.b075
0004.c1bd.1b40
0004.c1d8.b3c0
0004.c1d8.bd00
0005.dce0.7c0a
0007.e997.74dd
0007.e997.7e8f
0007.e9ad.5e24
0007.e9c9.0bc9
000b.5f0a.f1d8
000b.fdf3.c498
0012.436f.c07f
0050.0407.5fe1
0050.6901.65af
0050.da6c.81cb
0050.dad0.af07
00a0.ccd7.20ac
00b0.64fd.1b84
00d0.b775.c8bc
00d0.b775.c8ee
00d0.b79e.de1d
00e0.4c79.1939
00e0.4c7b.d765
00e0.4c82.66b7
00e0.4c8b.f83e
00e0.4c8c.0861
0800.20d1.bf09
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
assigned
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
assigned
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-418
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
This command was modified to support the disable learning feature on the
Catalyst 4500 series switch.
Usage Guidelines
When you control MAC address learning on a VLAN, you can manage the available table space by
controlling which VLANs, and which ports can learn MAC addresses.
You can disable MAC address learning on a single VLAN ID (for example, by entering
no mac-address-table learning vlan 223) or on a range of VLAN IDs (for example, by entering
no mac-address-table learning vlan 1-20, 15.)
Before you disable MAC address learning, familiarize yourself with the network topology and the switch
system configuration. If you disable MAC address learning on a VLAN, flooding may occur in the
network. For example, if you disable MAC address learning on a VLAN with a configured switch virtual
interface (SVI), the switch floods all IP packets in the Layer 2 domain. If you disable MAC address
learning on a VLAN that includes more than two ports, every packet entering the switch is flooded in
that VLAN domain. Disable MAC address learning only in VLANs that contain two ports. Use caution
before disabling MAC address learning on a VLAN with an SVI.
You cannot disable MAC address learning on a VLAN that the switch uses internally. This action causes
the switch to generate an error message and rejects the no mac-address-table learning vlan command.
To view used internal VLANs, enter the show vlan internal usage privileged EXEC command.
If you disable MAC address learning on a VLAN configured as a PVLAN primary or a secondary VLAN,
the MAC addresses are still learned on the VLAN (primary or secondary) associated with the PVLAN.
You cannot disable MAC address learning on an RSPAN VLAN. The configuration is not allowed.
If you disable MAC address learning on a VLAN that includes a secure port, MAC address learning is
not disabled on the secure port. If you later disable port security on the interface, the disabled MAC
address learning state is enabled.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-419
Chapter 2
To display the MAC address learning status of a specific VLAN or for all VLANs, enter the
show mac-address-table learning vlan command.
Examples
This example shows how to disable MAC address learning on VLAN 2003:
Switch(config)# no mac-address-table learning vlan 2003
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-420
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
mac-address-table notification
To enable MAC address notification on a switch, use the mac-address-table notification command. To
return to the default setting, use the no form of this command
mac-address-table notification [[change [history-size hs_value | interval intv_value]] |
[mac-move] | [threshold [limit percentage | interval time]] | [learn-fail [interval time | limit
num_fail]]
no mac-address-table notification [[change [history-size hs_value | interval intv_value]] |
[mac-move] | [threshold [limit percentage | interval time]] | [learn-fail [interval time | limit
num_fail]]
Syntax Description
Defaults
change
history-size hs_value
interval intv_value
(Optional) Sets a notification trap interval: the set interval time between two
consecutive traps. The range is 0 to 2,147,483,647 seconds.
mac-move
threshold
limit percentage
interval time
learn-fail
interval time
limit num_fail
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-421
Chapter 2
mac-address-table notification
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(52)SG
Support introduced for the learn-fail keyword on Supervisor Engine 6-E and
Catalyst 4900M.
Usage Guidelines
You can enable the MAC change notification feature using the mac-address-table notification change
command. If you do this, you must also enable MAC notification traps on an interface using the
snmp trap mac-notification change interface configuration command and configure the switch to send
MAC change traps to the NMS using the snmp-server enable traps mac-notification global
configuration command.
When the history-size option is configured, the existing MAC change history table is deleted, and a new
table is created.
Examples
This example shows how to set the MAC address notification history table size to 300 entries:
Switch(config)# mac-address-table notification change history-size 300
Switch(config)#
This example shows how to set the MAC address notification interval time to 1250 seconds:
Switch(config)# mac-address-table notification change interval 1250
Switch(config)#
This example shows how to enable hardware MAC address learning failure syslog notification:
Switch(config)# mac address-table notification learn-fail
This example shows how to set the interval of hardware MAC address learning failure syslog notification
to 30 seconds:
Switch(config)# mac address-table notification learn-fail interval 30
Related Commands
Command
Description
clear mac-address-table
mac-address-table notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-422
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
mac-address-table static
To configure the static MAC addresses for a VLAN interface or drop unicast traffic for a MAC address
for a VLAN interface, use the mac-address-table static command. To remove the static MAC address
configurations, use the no form of this command.
mac-address-table static mac-addr {vlan vlan-id} {interface type | drop}
no mac-address-table static mac-addr {vlan vlan-id} {interface type} {drop}
Syntax Description
mac-addr
vlan vlan-id
VLAN and valid VLAN number; valid values are from 1 to 4094.
interface type
Interface type and number; valid options are FastEthernet and GigabitEthernet.
drop
Drops all traffic received from and going to the configured MAC address in the
specified VLAN.
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
Examples
This example shows how to add the static entries to the MAC address table:
Switch(config)# mac-address-table static 0050.3e8d.6400 vlan 100 interface fastethernet5/7
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-423
Chapter 2
Syntax Description
$AVID access_vlanid
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to enable the Cisco-recommended features and settings on port fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-desktop $AVID 50
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-424
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-425
Chapter 2
Syntax Description
$AVID access_vlanid
$VVID voice_vlanid
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to enable the Cisco-recommended features and settings on port fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-phone $AVID 10 $VVID 50
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-426
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-427
Chapter 2
Syntax Description
$NVID native_vlanid
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to enable the Cisco-recommended features and settings on port fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-router $NVID 80
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-428
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
# Ensure fast
# Ensure that
spanning-tree
spanning-tree
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-429
Chapter 2
Syntax Description
$NVID native_vlanid
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to enable the Cisco-recommended features and settings on port fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-switch $NVID 45
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-430
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-431
Chapter 2
Syntax Description
device_type
param name=value
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Although you can use the macro auto execute command to produce the same effect as the
macro auto device command, the later is simpler.
Examples
This example shows how to change the access VLAN and voice VLAN from their default value to user
defined values for phone devices.
(config)# macro auto device phone ACCESS_VLAN=10 VOICE_VLAN=20
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-432
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-433
Chapter 2
Syntax Description
event_trigger
shell_function
param name=value
CISCO_PHONE_EVENT
CISCO_SWITCH_EVENT
CISCO_ROUTER_EVENT
CISCO_WIRELESS_AP_EVENT
CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
CISCO_DMP_EVENT
CISCO_IPVSC_EVENT
CISCO_PHONE_AUTO_SMARTPORT
(Optional) Specify the parameter values: $ACCESS_VLAN=(1) and
$VOICE_VLAN=(2).
CISCO_SWITCH_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
CISCO_ROUTER_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
CISCO_AP_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
CISCO_LWAP_AUTO_SMARTPORT
(Optional) Specify the parameter values: $ACCESS_VLAN=(1).
CISCO_DMP_AUTO_SMARTPORT
CISCO_IP_CAMERA_AUTO_SMARTPORT
(Optional) Specifies values for the parameters that are to be used in the
function body.
Defaults
Command Modes
Global configuration
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-434
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.2(54)SG
The switch automatically maps from builtin event triggers to builtin functions. The builtin functions are
system-defined functions in the software image.
Use the macro auto execute global configuration command to replace the builtin function default values
with values specific to your switch.
You can also create user-defined triggers and use this command to map the triggers to builtin functions.
You can create user-defined event triggers by entering the shell trigger global configuration command.
Use the show shell privileged EXEC command to display the contents of the builtin and user-defined
triggers and functions.
Examples
This example shows how to use two built-in Auto Smartports macros for connecting Cisco switches and
Cisco IP phones to the switch. It modifies the default voice VLAN, access VLAN, and native VLAN for
the trunk interface:
Switch# configure terminal
Switch(config)#!!! the next command modifies the access and voice vlans
Switch(config)#!!! for the built in Cisco IP phone auto smartport macro
Switch(config)# macro auto execute CISCO_PHONE_EVENT builtin CISCO_PHONE_AUTO_SMARTPORT
ACCESS_VLAN=10 VOICE_VLAN=20
Switch(config)#
Switch(config)#!!! the next command modifies the native vlan
Switch(config)#!!! for the built in switch auto smartport macro
Switch(config)# macro auto execute CISCO_SWITCH_EVENT builtin CISCO_SWITCH_AUTO_SMARTPORT
NATIVE_VLAN=10
Switch(config)#!!! the next example creates a user-defined trigger and maps it to a
builtin functions
Switch(config)# shell trigger myTrigger user-defined trigger
Switch(config)# macro auto execute myTrigger builtin CISCO_PHONE_AUTO_SMARTPORT_ACCESSVLAN
voice_vlan
Switch(config)#!!! the next command enables auto smart ports globally
Switch(config)# macro auto global processing fallback CDP
Switch# !!! here's the running configuration of the interface connected
Switch# !!! to another Cisco Switch after the Macro is applied
Switch#
Switch# show running-config interface Gi1/0/1
Building configuration...
Current configuration : 284 bytes
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
macro description CISCO_SWITCH_EVENT
end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-435
Chapter 2
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-436
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
trigger_name
url
Defaults
None
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command enables you to store shell functions in a central location and utilized by ASP on many
switches. This alleviates the problem of updating functions on every switch for each modification.
Triggering of the remotely defined function requires network connectivity to the URL, which is
accessed for each execution of the function.
Examples
This example shows how to map a trigger to the remotely defined function myfunction - the filename
that contains the function body:
Switch(config)# macro auto execute mytrigger remote tftp://dirt/tftpboot/myfunction
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-437
Chapter 2
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-438
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
trigger_name
param name=value
(Optional) Specifies values for the parameters that are to be used in the
function body.
function_body
Defaults
None.
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Because the function defined in this command does not have a name, you cannot use it to map to
another trigger. This is the only way that you can map a trigger to a user defined function. Shell
functions defined in the non-configure mode can not be used to map triggers.
Examples
This example shows how to map the user-defined event trigger Cisco Digital Media Player (DMP) to a
user-defined macro.
a.
b.
c.
On the switch, create the event trigger CISCO_DMP_EVENT, and enter the user-defined macro
commands shown below.
d.
The switch recognizes the attribute-value pair=CISCO_DMP_EVENT response from the RADIUS
server and applies the macro associated with this event trigger.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-439
Chapter 2
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-440
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
Syntax Description
Starting with Release 15.0(2)SG, the fallback option has been deprecated.
cdp
lldp
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Use the macro auto global processing global configuration command to globally enable Auto
Smartports macros on the switch. To disable ASP macros on a specific port, use the no macro auto
processing command in the interface mode before ASP is enabled globally.
Auto Smartports macros dynamically configure ports based on the device type detected on the port.
When the switch detects a new device on a port it applies the appropriate ASP macro. When a link-down
event occurs on a port, the switch removes the macro. For example, when you connect a Cisco IP phone
to a port, ASP automatically applies the IP phone macro. The IP phone macro enables quality of service
(QoS), security features, and a dedicated voice VLAN to ensure proper treatment of delay-sensitive
voice traffic.
ASP uses event triggers to map devices to macros. The most common event triggers are based on
Cisco Discovery Protocol (CDP) messages received from connected devices. The detection of a device
invokes a CDP event trigger: Cisco IP phone, Cisco wireless access point, Cisco switch, or Cisco router.
Other event triggers use MAC authentication bypass (MAB) and 802.1X authentication messages.
Use CDP if port authentication is enabled and the RADIUS server does not send an event trigger.
Select LLDP to apply auto configuration if authentication fails.
If authentication is enabled on a port, a switch ignores CDP and LLDP messages unless the cdp keyword
is enabled.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-441
Chapter 2
When using 802.1X or MAB authentication, configure the RADIUS server to support the Cisco
attribute-value (AV) pair auto-smart-port=event trigger.
When CDP-identified devices advertise multiple capabilities, a switch chooses a capability in this
priority order: switch, router, access point, lightweight access point, phone, host.
To verify that an ASP macro is applied to an interface, use the show running config command.
The macro auto global processing cdp and macro auto global processing lldp commands enables ASP
globally if it is not already enabled, and set the fallback to CDP or LLDP, respectively. However, the no
macro auto global processing [cdp | lldp] command only removes the fallback mechanism. It does not
disable ASP globally; only the no macro auto global processing command disables ASP globally.
The keywords cdp and lldp are also controlled at the interface level; by default, CDP is the fallback
mechanism on an interface. If you prefer LLDP, first enter the no macro auto processing cdp command,
then enter the macro auto processing lldp command.
If you want to activate both CDP and LLDP, you must enable them in sequence. For example, you would
first enter the macro auto processing cdp command, then the macro auto processing lldp command.
Examples
This example shows how enable ASP on a switch and to disable the feature on Gi1/0/1:
Switch(config)# interface interface Gi1/0/1
Switch(config-if)# no macro auto processing
Switch(config)# macro auto global processing
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-442
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
grp_name
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command changes the mode to config-mac-addr-grp, in which you can add or remove a MAC
address or OUI from the group.
You can specify a list of MACs or OUIs, or a range of OUIs (maximum of 5 in the range).
Examples
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-443
Chapter 2
Syntax Description
Command Default
Command Modes
Global configuration
Command History
Release
Modification
Usage Guidelines
Use the no macro auto monitor global configuration command to disable the device classifier. You
cannot disable the device classifier while it is being used by features such as ASP.
Examples
This example shows how to enable the ASP device classifier on a switch:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# macro auto monitor
Switch(config)# end
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-444
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Only use this command when Auto SmartPorts (ASP) is enabled globally; when ASP is disabled
globally, interface-level control has no effect.
Use the macro auto processing interface configuration command to enable ASP macros on a specific
interface. Use the no form of this command to disable ASP on a specific interface before ASP is enabled
globally.
macro auto processing [fallback cdp] [fallback lldp]
no macro auto processing [fallback cdp] [fallback lldp]
Syntax Description
fallback cdp
fallback lldp
Defaults
Command Modes
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
The no macro auto processing command should be configured on all interfaces where ASP is not
desirable (such as Layer 3 and EtherChannel interfaces) before ASP is enabled globally.
At the interface level, the default fallback mechanism is CDP. To change the mechanism to LLDP, enter
the no macro auto processing fallback cdp command, followed by the macro auto processing
fallback lldp command.
Examples
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-445
Chapter 2
Command
Description
Displays detail for all supported user created and built-in triggers.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-446
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command enables you to avoid unnecessary removal of ASP configurations when a feature
intentionally shuts down a link (like EnergyWise, which shuts down inactive links to save energy). When
such a feature is enabled, you don't want ASP macros to be applied and removed unnecessarily. So you
configure the sticky feature.
Examples
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-447
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
These examples show how to apply the system-defined default to the switch:
Switch(config)# macro global apply cisco-global
Changing VTP domain name from gsg-vtp to [smartports] Device mode already VTP TRANSPARENT.
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-448
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to apply the system-defined default to the switch:
Switch (config)# macro global apply system-cpp
Switch (config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-449
Chapter 2
Syntax Description
text
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Enters a description about the macros that are applied to the switch.
Usage Guidelines
This command associates comment text, or the macro name, with a switch. When multiple macros are
applied on a switch, the description text will be from the last applied macro.
Examples
You can verify your settings by entering the show parser macro description privileged EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-450
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
main-cpu
To enter the main CPU submode and manually synchronize the configurations on the two supervisor
engines, use the main-cpu command.
main-cpu
Syntax Description
Defaults
Command Modes
Redundancy mode
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
(Catalyst 4507R only).
Usage Guidelines
Note
Examples
The main CPU submode is used to manually synchronize the configurations on the two supervisor
engines. From the main CPU submode, use the auto-sync command to enable automatic synchronization
of the configuration files in NVRAM.
After you enter the main CPU submode, you can use the auto-sync command to automatically
synchronize the configuration between the primary and secondary route processors based on the primary
configuration. In addition, you can use all of the redundancy commands that are applicable to the main
CPU.
This example shows how to reenable the default automatic synchronization feature using the auto-sync
standard command to synchronize the startup-config and config-register configuration of the active
supervisor engine with the standby supervisor engine. The updates for the boot variables are automatic
and cannot be disabled.
Switch(config)# redundancy
Switch(config-red)# main-cpu
Switch(config-r-mc)# auto-sync standard
Switch(config-r-mc)# end
Switch# copy running-config startup-config
Switch#
Related Commands
Command
Description
auto-sync
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-451
Chapter 2
match
match
To specify a match clause by selecting one or more ACLs for a VLAN access-map sequence, use the
match subcommand. To remove the match clause, use the no form of this command.
match {ip address {acl-number | acl-name}} | {mac address acl-name}
no match {ip address {acl-number | acl-name}} | {mac address acl-name}
Note
Syntax Description
If a match clause is not specified, the action for the VLAN access-map sequence is applied to all packets.
All packets are matched against that sequence in the access map.
ip address acl-number
Selects one or more IP ACLs for a VLAN access-map sequence; valid values
are from 1 to 199 and from 1300 to 2699.
ip address acl-name
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The match clause specifies the IP or MAC ACL for traffic filtering.
The MAC sequence is not effective for IP packets. IP packets should be access controlled by IP match
clauses.
Refer to the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide for additional
configuration guidelines and restrictions.
Refer to the Cisco IOS Command Reference publication for additional match command information.
Examples
This example shows how to define a match clause for a VLAN access map:
Switch(config)# vlan access-map ganymede 10
Switch(config-access-map)# match ip address 13
Switch(config-access-map)#
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-452
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
vlan access-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-453
Chapter 2
Syntax Description
access-group
acl-index-or-name
cos cos-list
(Optional) IP keyword. It specifies that the match is for IPv4 packets only. If
not used, the match is for both IPv4 and IPv6 packets.
Lists up to eight IP Differentiated Services Code Point (DSCP) values to
match against a packet. Separate each value with a space. The range is 0 to
63. You also can enter a mnemonic name for a commonly used value.
[lp] precedence
ip-precedence-list
(Optional) IP keyword. It specifies that the match is for IPv4 packets only. If
not used, the match is for both IPv4 and IPv6 packets.
Lists up to eight IP-precedence values to match against a packet. Separate
each value with a space. The range is 0 to 7. You also can enter a mnemonic
name for a commonly used value.
qos-group value
protocol ip
protocol ipv6
protocol arp
Defaults
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-454
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series
switches.
12.2(40)SG
Support extended to Supervisor Engine 6-E and the Catalyst 4900M chassis.
12.2(46)SG
Added support for the match protocol arp command on the Supervisor
Engine 6-E and Catalyst 4900M chassis.
Before entering the match command, you must first enter the class-map global configuration command
to specify the name of the class whose match criteria you want to establish. The match command is used
to specify which fields in the packets are examined to classify the packets. If a packet matches the
specified criteria, the packet is considered a member of the class and is forwarded according to the
quality of service (QoS) specifications set in the traffic policy.
For the match ip dscp dscp-list or the match ip precedence ip-precedence-list command, you can enter
a mnemonic name for a commonly used value. For example, you can enter the match ip dscp af11
command, which is the same as entering the match ip dscp 10 command. You can enter the match ip
precedence critical command, which is the same as entering the match ip precedence 5 command. For
a list of supported mnemonics, enter the match ip dscp ? or the match ip precedence ? command to
see the command-line help strings.
To match only IPv6 packets, you must use the match protocol ipv6 command. To match only IPv4
packets you can use either the ip prefix or the protocol ip keyword.
To match only ARP packets, you must use the match protocol arp command.
You can configure the match cos cos-list, match ip dscp dscp-list, match ip precedence
ip-precedence-list command in a class map within a policy map.
The match cos cos-list command applies only to Ethernet frames that carry a VLAN tag.
The match qos-group command is used by the class-map to identify a specific QoS group value
assigned to a packet. The QoS group value is local to the switch and is associated with a packet on the
input Qos classification.
Packets that do not meet any of the matching criteria are classified as members of the default traffic class.
You configure it by specifying class-default as the class name in the class policy-map configuration
command. For more information, see the class section on page 2-92.
Examples
This example shows how to create a class map called class2, which matches all the inbound traffic with
DSCP values of 10, 11, and 12:
Switch# configure terminal
Switch(config)# class-map class2
Switch(config-cmap)# match ip dscp 10 11 12
Switch(config-cmap)# exit
Switch#
This example shows how to create a class map called class3, which matches all the inbound traffic with
IP-precedence values of 5, 6, and 7 for both IPv4 and IPv6 traffic:
Switch# configure terminal
Switch(config)# class-map class3
Switch(config-cmap)# match ip precedence 5 6 7
Switch(config-cmap)# exit
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-455
Chapter 2
This example shows how to delete the IP-precedence match criteria and to classify traffic using acl1:
Switch# configure terminal
Switch(config)# class-map class2
Switch(config-cmap)# match ip precedence 5 6 7
Switch(config-cmap)# no match ip precedence
Switch(config-cmap)# match access-group acl1
Switch(config-cmap)# exit
Switch#
This example shows how to specify a class-map that applies only to IPv6 traffic on a Supervisor Engine
6-E:
Switch# configure terminal
Switch(config)# class-map match all ipv6 only
Switch(config-cmap)# match dscp af21
Switch(config-cmap)# match protocol ipv6
Switch(config-cmap)# exit
Switch#
You can verify your settings by entering the show class-map privileged EXEC command.
Related Commands
Command
Description
class-map
show class-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-456
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
match flow ip
To specify match criteria to treat flows with a unique source or destination address as new flows, use the
match flow ip command. To disable this function, use the no form of this command.
match flow ip {source-address [ip destination-address ip protocol L4 source-address L4
destination-address] | destination-address}
no match flow ip {source-address [ip destination-address ip protocol L4 source-address L4
destination-address] | destination-address}
Syntax Description
source-address
ip destination-address
ip protocol L4
source-address L4
destination-address
(Optional) Comprises the full flow keyword; treats each flow with unique
IP source, destination, protocol, and Layer 4 source and destination address
as a new flow.
destination-address
Defaults
Command Modes
Command History
Release
Modification
12.2(25)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)SG
Usage Guidelines
When you specify the source-address keyword, each flow with a unique source address is treated as a
new flow.
When you specify the destination-address keyword, each flow with a unique destination address is
treated as a new flow.
A policy map is called a flow-based policy map when you configure the flow keywords on the class map
that it uses. To attach a flow-based policy map as a child to an aggregate policy map, use the
service-policy command.
Note
The match flow command is available on the Catalyst 4500 series switch only when
Supervisor Engine VI (WS-X4516-10GE) is present.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-457
Chapter 2
match flow ip
Examples
This example shows how to create a flow-based class map associated with a source address:
Switch(config)# class-map match-all c1
Switch(config-cmap)# match flow ip source-address
Switch(config-cmap)# end
Switch#
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip source-address
Switch#
This example shows how to create a flow-based class map associated with a destination address:
Switch(config)# class-map match-all c1
Switch(config-cmap)# match flow ip destination-address
Switch(config-cmap)# end
Switch#
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip destination-address
Switch#
Assume there are two active flows on the Fast Ethernet interface 6/1 with source addresses
192.168.10.20 and 192.168.10.21. The following example shows how to maintain each flow to 1 Mbps
with an allowed burst value of 9000 bytes:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
Service-policy input: p1
Class-map: c1 (match-all)
15432182 packets
Match: flow ip source-address
police: Per-interface
Conform: 64995654 bytes Exceed: 2376965424 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-458
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows two active flows on the Fast Ethernet interface 6/1 with destination addresses of
192.168.20.20 and 192.168.20.21. The following example shows how to maintain each flow to 1 Mbps
with an allowed burst value of 9000 bytes:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip destination-address
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
Service-policy input: p1
Class-map: c1 (match-all)
2965072 packets
Match: flow ip destination-address
police: Per-interface
Conform: 6105636 bytes Exceed: 476652528 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
Assume there are two active flows as shown below on the Fast Ethernet interface 6/1:
SrcIp
DstIp
IpProt SrcL4Port DstL4Port
-------------------------------------------------------192.168.10.10 192.168.20.20 20
6789
81
192.168.10.10 192.168.20.20 20
6789
21
With the following configuration, each flow is policed to a 1000000 bps with an allowed 9000-byte burst
value.
Note
If you use the match flow ip source-address|destination-address command, these two flows are
consolidated into one flow because they have the same source and destination address.
Switch# conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address ip destination-address ip protocol l4
source-port l4 destination-port
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastEthernet 6/1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-459
Chapter 2
match flow ip
Related Commands
Command
Description
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-460
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
mdix auto
To enable the automatic medium-dependent interface crossover (auto-MDIX) feature on the interface,
use the mdix auto command. When auto-MDIX is enabled, the interface automatically detects the
required cable connection type (straight-through or crossover) and configures the connection
appropriately. Use the no form of this command to disable auto-MDIX.
mdix auto
no mdix auto
Syntax Description
Defaults
Auto-MDIX is enabled.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(46)SG
Usage Guidelines
The following linecards support Auto-MDIX through the CLI on their copper media ports:
WS-X4124-RJ45, WS-X4148-RJ45 (hardware revision 3.0 or higher), and WS-X4232-GB-RJ45
(hardware revision 3.0, or higher), WS-X4920-GE-RJ45, and WS-4648-RJ45V+E (Auto-MDIX support
when inline power is disabled on the port).
Linecards that support auto-MDIX by default when port auto-negotiation enabled and cannot be turned
off using an mdix CLI command include: WS-X4448-GB-RJ45, WS-X4548-GB-RJ45,
WS-X4424-GB-RJ45, and WS-X4412-2GB-T.
Linecards that cannot support auto-MDIX functionality, either by default or CLI commands, include:
WS-X4548-GB-RJ45V, WS-X4524-GB-RJ45V, WS-X4506-GB-T, WS-X4148-RJ, WS-X4248-RJ21V,
WS-X4248-RJ45V, WS-X4224-RJ45V, and WS-X4232-GB-RJ.
When you enable auto-MDIX on an interface, you must also set the interface speed to be autoneogiated
so that the feature operates correctly.
When auto-MDIX (and autonegotiation of speed) is enabled on one or both of connected interfaces, link
up occurs even if the cable type (straight-through or crossover) is incorrect.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-461
Chapter 2
mdix auto
Related Commands
Command
Description
speed
show interfaces
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-462
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
media-type
To select the connector for a dual-mode capable port, use the media-type command.
media-type {rj45 | sfp}
Syntax Description
rj45
sfp
Defaults
sfp
Command Modes
Command History
Release
Modification
12.2(20)EWA
Support for this command was introduced for the WS-X4306-GB-T module
and the WS-X4948 chassis.
Usage Guidelines
This command is supported on all ports on the WS-X4306-GB-T module and ports 1/45-48 on the
WS-X4948 chassis.
Entering the show interface capabilities command provides the Multiple Media Types field, which
displays the value no if a port is not dual-mode capable and lists the media types (sfp and rj45) for
dual-mode capable ports.
Examples
This example shows how to configure port 5/45 on a WS-X4948 chassis to use the RJ-45 connector:
Switch(config)# interface gigabitethernet 5/45
Switch(config-if)# media-type rj45
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-463
Chapter 2
mode
mode
To set the redundancy mode, use the mode command.
mode {rpr | sso}
Syntax Description
rpr
sso
Defaults
If you are upgrading the current supervisor engine from Cisco IOS Release 12.2(18)EW or an earlier
release to 12.2(20)EWA, and the RPR mode has been saved to the startup configuration, both supervisor
engines will continue to operate in RPR mode after the software upgrade. To use SSO mode, you must
manually change the redundancy mode to SSO.
Command Modes
Command History
Release
Modification
12.2(20)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
RPR and SSO mode are not supported on Catalyst 4500 series switches that are configured with
Supervisor Engine 2.
The mode command can be entered only from within redundancy configuration mode.
Follow these guidelines when configuring your system to RPR or SSO mode:
You must use identical Cisco IOS images and supervisor engines to support RPR and SSO mode.
Redundancy may not work due to differences between the Cisco IOS release and supervisor engine
capabilities.
Any modules that are not online at the time of a switchover are reset and reloaded on a switchover.
If you perform an OIR of the module within 60 seconds before a stateful switchover, the module
resets during the stateful switchover and the port states are restarted.
The FIB tables are cleared on a switchover. Routed traffic is interrupted until route tables
reconverge.
The redundant supervisor engine reloads on any mode change and begins to work in the current mode.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-464
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
redundancy
redundancy force-switchover
show redundancy
show running-config
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-465
Chapter 2
Syntax Description
name
access-list name
class-map name
Defaults
None
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The access list or class map is defined with configuration commands. The access list or class map should
be defined prior to entering the monitor capture command. We can specify the core filter as a class map,
access lis, t or an explicit in-line filter. If the filter has already been specified when you enter the monitor
capture command, it replaces the older one.
Examples
The following example shows how to define a core system filter using an existing ACL or class-map:
Switch# monitor capture mycap filter access-list myacl
Switch# monitor capture mycap filter class-map mycm
Switch# no monitor capture mycap filter class-map mycm
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-466
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
name
clear
export filename
Defaults
none
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The clear option empties the capture buffer and the export option stores the packets in the capture buffer
to the file. You should use these commands only when the storage destination is a capture buffer. These
commands are usable either during capture or when it has stopped either because one or more end
conditions has been met or you entered the stop command. If you enter the clear command after the
capture has stopped, further export (or decode) and display commands have no impact because the
buffer has no packets.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-467
Chapter 2
Syntax Description
name
interface name
vlan num
Specifies a VLAN.
control-plane
Defaults
None
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Specifies one or more attachment points with direction. We can specify a range of interfaces also. The
command can be repeated as many times as needed to add multiple attachment points.
We need to mention at least one attachment point. For VLAN, the direction has to be set to both.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-468
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
buffer-size <1-100>
ring <2-10>
size <1-100>
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The capture destination can be a file in storage disk or a memory buffer. This command specifies the
parameters related to packet storage.
The file option specifies that the packets must be stored to a file. To reduce or avoid any loss in packet
capture, you can use the buffer-size option. The capture and store operations require more CPU, limiting
the capture throughput.
You can increase the throughput by triggering lock-step mode, wherein the packets are first captured in
the buffer. Within this mode, the duration parameter defines the capture duration. Once the buffer is
full or the duration closes, the buffer is written to the file, greatly increasing the capture throughput. The
lock-step mode is automatically triggered by specifying the buffer size to 32MB or higher.
The size of the capture file can be limited with the size option. The file location must one of the
following:
USB (usb0: )
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-469
Chapter 2
Examples
The following example usages show how to specify a file or a ring of files as the capture destination:
Switch# monitor capture mycap associate buffer-size 1000000file location
bootflash:mycap.pcap
Switch# monitor capture mycap file location bootflash:mycap.pcap size 40
Switch# monitor capture mycap file location bootflash:mycap.pcap ring 4 size 40
Switch# monitor capture mycap file location bootflash:mycap.pcap buffer-size 8
Switch# monitor capture mycap file location bootflash:mycap.pcap ring 4 size 40
buffer-size 16
Switch# no monitor capture mycap file
The following example shows how to make a circular buffer as the capture destination and operate on
the buffer:
Switch# monitor capture mycap int gi 3/1 in match ipv4 any any
Switch# monitor capture mycap buffer circular size 1
Switch# monitor capture mycap start
Switch#
Switch# sh monitor capture mycap buffer
0.000000
10.1.1.164 -> 20.1.1.2
UDP Source port: 20001
1.000000
10.1.1.165 -> 20.1.1.2
UDP Source port: 20001
2.000000
10.1.1.166 -> 20.1.1.2
UDP Source port: 20001
3.000000
10.1.1.167 -> 20.1.1.2
UDP Source port: 20001
4.000000
10.1.1.168 -> 20.1.1.2
UDP Source port: 20001
5.000000
10.1.1.169 -> 20.1.1.2
UDP Source port: 20001
6.000000
10.1.1.170 -> 20.1.1.2
UDP Source port: 20001
7.000000
10.1.1.171 -> 20.1.1.2
UDP Source port: 20001
8.000000
10.1.1.172 -> 20.1.1.2
UDP Source port: 20001
9.000000
10.1.1.173 -> 20.1.1.2
UDP Source port: 20001
10.000000
10.1.1.174 -> 20.1.1.2
UDP Source port: 20001
11.000000
10.1.1.175 -> 20.1.1.2
UDP Source port: 20001
12.000000
10.1.1.176 -> 20.1.1.2
UDP Source port: 20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-470
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
54
00
01
06
16
26
36
46
56
66
76
86
96
a6
b6
c6
75
ee
02
07
17
27
37
47
57
67
77
87
97
a7
b7
c7
d0
00
4e
08
18
28
38
48
58
68
78
88
98
a8
b8
c8
3a
00
21
09
19
29
39
49
59
69
79
89
99
a9
b9
c9
85
00
4e
0a
1a
2a
3a
4a
5a
6a
7a
8a
9a
aa
ba
ca
3f
00
22
0b
1b
2b
3b
4b
5b
6b
7b
8b
9b
ab
bb
cb
00
40
00
0c
1c
2c
3c
4c
5c
6c
7c
8c
9c
ac
bc
cc
00
11
da
0d
1d
2d
3d
4d
5d
6d
7d
8d
9d
ad
bd
cd
00
59
6e
0e
1e
2e
3e
4e
5e
6e
7e
8e
9e
ae
be
ce
00
58
13
0f
1f
2f
3f
4f
5f
6f
7f
8f
9f
af
bf
cf
03
0a
00
10
20
30
40
50
60
70
80
90
a0
b0
c0
d0
01
01
01
11
21
31
41
51
61
71
81
91
a1
b1
c1
d1
08
01
02
12
22
32
42
52
62
72
82
92
a2
b2
c2
63
00
a4
03
13
23
33
43
53
63
73
83
93
a3
b3
c3
24
45
14
04
14
24
34
44
54
64
74
84
94
a4
b4
c4
51
00
01
05
15
25
35
45
55
65
75
85
95
a5
b5
c5
ee
Tu.:.?........E.
[email protected]......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............c$Q.
1.000000
10.1.1.165 -> 20.1.1.2
UDP Source port: 20001
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-471
Chapter 2
Syntax Description
name
duration seconds
packet-length size
packets num
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Specifies session duration, packet segment length and number of packets to be stored
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-472
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Switch# [no] monitor capture mycap match {ipv4 | ipv6} [src-prefix/length | any | host
src-ip-addr] [dest-prefix/length | any | host dest-ip-addr]
Switch# [no] monitor capture mycap match {ipv4 | ipv6} proto {tcp | udp}
[src-prefix/length | any | host src-ip-addr] [eq | gt | lt | neq <0-65535>]
[dest-prefix/length | any | host dest-ip-addr] [eq | gt | lt | neq <0-65535>]
Syntax Description
any
mac mac-match-string
ipv4 ipv4-match-string
ipv6 ipv6-match-string
match name
src-mac-addr
src-mac-mask
host src-mac-addr
dest-mac-addr
dest-mac-mask
host dest-mac-addr
src-prefix/length
host src-ip-addr
dest-prefix/length
host dest-ip-addr
Defaults
none
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-473
Chapter 2
Command History
Usage Guidelines
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
You can specify the core filter as a class map, access list, or an explicit in-line filter. If the filter has
already been specified when you enter this command, it replaces the older one.
The explicit, in-line filter is intended as a simple way to specify a core filter. In certain situations, you
must go through the approval process to change a configuration, which could be time-consuming.
Although explicit filters simplify this process, be aware that support is more extensive for access list and
class maps.
You can capture IPv4, IPv6, MAC, or any traffic by specifying the appropriate keywords. Depending
on the traffic type, the usage varies. For a MAC, you can specify an address or prefix. For IPv4 or IPv6,
you can match on several fields. For source or destination ports, several operators are supported.
Examples
The following example usages show how to set or remove an explicit filter:
Switch# monitor capture mycap match any
Switch# monitor capture mycap match mac any any
Switch# monitor capture mycap match mac host 0000.0a01.0102 host 0000.0a01.0103
Switch# monitor capture mycap match ipv4 any any
Switch# monitor capture mycap match ipv4 host 10.1.1.2 host 20.1.1.2
Switch# monitor capture mycap match ipv4 proto udp 10.1.1.0/24 eq 20001 20.1.1.0/24 eq
20002
Switch# monitor capture mycap match ipv4 proto udp 10.1.1.2/24 eq 20001 any
Switch# no monitor capture mycap match
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-474
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
name
start
capture-filter filter-string
stop
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
These commands start or stop a capture session, assuming all mandatory parameters are specified. We
must ensure that resources like CPU and memory are available before starting the session. Because the
capture and display filters must observe the Wireshark display filter syntax, ensure that the filters are
accurate (for example, specify the filters within double-quotes).
If the packets will be stored and displayed, do not use display filter; in this mode, if a packet is stored,
it is displayed as well. If you provide a display filter, it is ignored.
If a capture filter is specified, the capture is limited to 65536 packets. In this release, there is a limitation
that the timestamp will be incorrect when we use a capture filter.
Examples
The following example shows how to start or stop a capture session in various modes:
Switch# monitor capture mycap int gi 3/1 in match ipv4 any any
Switch# monitor capture mycap file location bootflash:mycap.pcap
Switch# monitor capture mycap limit packets 100 duration 60
Switch#
Switch#
Switch#
Switch#
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-475
Chapter 2
10.1.1.9
10.1.1.10
10.1.1.11
10.1.1.12
10.1.1.13
10.1.1.14
10.1.1.15
10.1.1.16
10.1.1.17
10.1.1.18
10.1.1.19
10.1.1.20
10.1.1.21
10.1.1.22
10.1.1.23
10.1.1.24
10.1.1.25
10.1.1.26
10.1.1.27
10.1.1.28
10.1.1.29
10.1.1.30
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
->
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
10.1.1.96
10.1.1.97
10.1.1.98
10.1.1.99
10.1.1.100
10.1.1.101
10.1.1.102
10.1.1.103
10.1.1.104
10.1.1.105
10.1.1.106
10.1.1.107
10.1.1.108
10.1.1.109
->
->
->
->
->
->
->
->
->
->
->
->
->
->
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
Switch#
Switch# monitor capture mycap start capture-filter "udp.port == 20001" display
display-filter "udp.port == 20002" detailed
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Dec 31, 1969 17:00:00.000000000 PDT
Epoch Time: 0.000000000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-476
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
54
00
01
06
16
26
36
46
56
66
76
86
96
a6
b6
c6
75
ee
02
07
17
27
37
47
57
67
77
87
97
a7
b7
c7
0.000000
3a
00
21
09
19
29
39
49
59
69
79
89
99
a9
b9
c9
85
00
4e
0a
1a
2a
3a
4a
5a
6a
7a
8a
9a
aa
ba
ca
3f
00
22
0b
1b
2b
3b
4b
5b
6b
7b
8b
9b
ab
bb
cb
00
40
00
0c
1c
2c
3c
4c
5c
6c
7c
8c
9c
ac
bc
cc
00
11
da
0d
1d
2d
3d
4d
5d
6d
7d
8d
9d
ad
bd
cd
00
59
6e
0e
1e
2e
3e
4e
5e
6e
7e
8e
9e
ae
be
ce
00
f6
b1
0f
1f
2f
3f
4f
5f
6f
7f
8f
9f
af
bf
cf
01
01
01
11
21
31
41
51
61
71
81
91
a1
b1
c1
d1
08
01
02
12
22
32
42
52
62
72
82
92
a2
b2
c2
ac
00
06
03
13
23
33
43
53
63
73
83
93
a3
b3
c3
69
45
14
04
14
24
34
44
54
64
74
84
94
a4
b4
c4
6e
00
01
05
15
25
35
45
55
65
75
85
95
a5
b5
c5
fd
Tu.:.?........E.
[email protected].......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
.............in.
Switch#
Switch# monitor capture mycap start display display-filter "udp.port == 20002"
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
1.000000
2.000000
3.000000
4.000000
5.000000
5.998993
6.998993
7.998993
8.998993
9.998993
10.998993
10.1.1.41
10.1.1.42
10.1.1.43
10.1.1.44
10.1.1.45
10.1.1.46
10.1.1.47
10.1.1.48
10.1.1.49
10.1.1.50
10.1.1.51
10.1.1.52
->
->
->
->
->
->
->
->
->
->
->
->
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
Switch#
Switch# monitor capture mycap start display display-filter "udp.port == 20002" dump
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-477
Chapter 2
01
01
01
11
21
31
41
51
61
71
81
91
a1
b1
c1
d1
45
14
04
14
24
34
44
54
64
74
84
94
a4
b4
c4
b4
0000
0010
0020
0030
0040
0050
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
54
00
01
06
16
26
36
46
56
66
76
86
96
a6
b6
c6
75
ee
02
07
17
27
37
47
57
67
77
87
97
a7
b7
c7
1.000000
d0
00
4e
08
18
28
38
48
58
68
78
88
98
a8
b8
c8
3a
00
21
09
19
29
39
49
59
69
79
89
99
a9
b9
c9
85
00
4e
0a
1a
2a
3a
4a
5a
6a
7a
8a
9a
aa
ba
ca
3f
00
22
0b
1b
2b
3b
4b
5b
6b
7b
8b
9b
ab
bb
cb
00
40
00
0c
1c
2c
3c
4c
5c
6c
7c
8c
9c
ac
bc
cc
00
11
da
0d
1d
2d
3d
4d
5d
6d
7d
8d
9d
ad
bd
cd
00
59
6e
0e
1e
2e
3e
4e
5e
6e
7e
8e
9e
ae
be
ce
00
87
42
0f
1f
2f
3f
4f
5f
6f
7f
8f
9f
af
bf
cf
03
0a
00
10
20
30
40
50
60
70
80
90
a0
b0
c0
d0
08
01
02
12
22
32
42
52
62
72
82
92
a2
b2
c2
41
00
75
03
13
23
33
43
53
63
73
83
93
a3
b3
c3
0c
00
01
05
15
25
35
45
55
65
75
85
95
a5
b5
c5
5d
Tu.:.?........E.
[email protected]..
..N!N"..nB......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............A..]
54
00
01
06
16
26
36
46
56
66
76
86
96
a6
b6
c6
75
ee
02
07
17
27
37
47
57
67
77
87
97
a7
b7
c7
1.000000
3a
00
21
09
19
29
39
49
59
69
79
89
99
a9
b9
c9
85
00
4e
0a
1a
2a
3a
4a
5a
6a
7a
8a
9a
aa
ba
ca
3f
00
22
0b
1b
2b
3b
4b
5b
6b
7b
8b
9b
ab
bb
cb
00
40
00
0c
1c
2c
3c
4c
5c
6c
7c
8c
9c
ac
bc
cc
00
11
da
0d
1d
2d
3d
4d
5d
6d
7d
8d
9d
ad
bd
cd
00
59
6e
0e
1e
2e
3e
4e
5e
6e
7e
8e
9e
ae
be
ce
00
5c
17
0f
1f
2f
3f
4f
5f
6f
7f
8f
9f
af
bf
cf
01
01
01
11
21
31
41
51
61
71
81
91
a1
b1
c1
d1
08
01
02
12
22
32
42
52
62
72
82
92
a2
b2
c2
9f
00
a0
03
13
23
33
43
53
63
73
83
93
a3
b3
c3
20
45
14
04
14
24
34
44
54
64
74
84
94
a4
b4
c4
8a
00
01
05
15
25
35
45
55
65
75
85
95
a5
b5
c5
e5
Tu.:.?........E.
[email protected]\......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............. ..
10.1.1.173
10.1.1.174
10.1.1.175
10.1.1.176
10.1.1.177
10.1.1.178
10.1.1.179
10.1.1.180
10.1.1.181
10.1.1.182
10.1.1.183
10.1.1.184
10.1.1.185
->
->
->
->
->
->
->
->
->
->
->
->
->
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-478
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Apr 12, 2012 11:46:54.245974000 PDT
Epoch Time: 1334256414.245974000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: 00:00:00:00:03:01 (00:00:00:00:03:01), Dst: 54:75:d0:3a:85:3f
(54:75:d0:3a:85:3f)
Destination: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
Address: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:00:00:00:03:01 (00:00:00:00:03:01)
Address: 00:00:00:00:03:01 (00:00:00:00:03:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-479
Chapter 2
monitor session
monitor session
To enable the SPAN sessions on interfaces or VLANs, use the monitor session command. To remove
one or more source or destination interfaces from a SPAN session, or a source VLAN from a SPAN
session, use the no form of this command.
monitor session session {destination interface {FastEthernet interface-number |
GigabitEthernet interface-number} [encapsulation {isl | dot1q}] [ingress [vlan vlan_id]
[learning]]} | {remote vlan vlan_id} | {source { interface {FastEthernet interface-number |
GigabitEthernet interface-number | Port-channel interface-number}} | [vlan vlan_id]
|{remote vlan vlan_id} | {cpu [queue queue_id | acl { input {copy {rx} | error {rx} | forward
{rx} | punt {rx} | rx} } | output {copy {rx} | error {rx} | forward {rx} | punt {rx} | rx} | all
{rx} | control-packet {rx} | esmp {rx} | l2-forward { adj-same-if {rx} | bridge-cpu {rx} |
ip-option {rx} | ipv6-scope-check-fail {rx} | l2-src-index-check-fail {rx} | mcast-rpf-fail
{rx} | non-arpa {rx} | router-cpu {rx} | ttl-expired {rx} | ucast-rpf-fail {rx} | rx} |
l3-forward { forward {rx} | glean {rx} | receive {rx} | rx} mtu-exceeded {rx} |
unknown-port-vlan-mapping {rx} | unknown-sa {rx}]} [ , | - | rx | tx | both]} | {filter {ip
access-group [name | id]}{vlan vlan_id [ , | - ]} | {packet-type {good | bad}} | {address-type
{unicast | multicast | broadcast} [rx | tx | both]}
no monitor session session {destination interface {FastEthernet interface-number |
GigabitEthernet interface-number} [encapsulation {isl | dot1q}] [ingress [vlan vlan_id]
[learning]]} | {remote vlan vlan_id} | {source {cpu{both | queue | rx | tx} | interface
{FastEthernet interface-number | GigabitEthernet interface-number | Port-channel
interface-number}} | [vlan vlan_id] |{remote vlan vlan_id} | {cpu [queue queue_id | acl
{input {copy {rx} | error {rx} | forward {rx} | punt {rx} | rx} } | output {copy {rx} | error
{rx} | forward {rx} | punt {rx} | rx} | all {rx} | control-packet {rx} | esmp {rx} | l2-forward
{ adj-same-if {rx} | bridge-cpu {rx} | ip-option {rx} | ipv6-scope-check-fail {rx} |
l2-src-index-check-fail {rx} | mcast-rpf-fail {rx} | non-arpa {rx} | router-cpu {rx} |
ttl-expired {rx} | ucast-rpf-fail {rx} | rx} | l3-forward {forward {rx} | glean {rx} | receive
{rx} | rx} mtu-exceeded {rx} | unknown-port-vlan-mapping {rx} | unknown-sa {rx}]} [ , |
- | rx | tx | both]} | {filter {ip access-group [name | id]}{vlan vlan_id [ , | - ]} | {packet-type
{good | bad}} | {address-type {unicast | multicast | broadcast} [rx | tx | both]}
Syntax Description
session
destination
interface
Specifies an interface.
FastEthernet interface-number
GigabitEthernet interface-number
encapsulation
isl
dot1q
ingress
vlan vlan_id
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-480
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
learning
source
Port-channel interface-number
cpu
queue queue_id
acl
input
error
log/copy
punt
rx
output
l2-forward
bridge-cpu
ip-option
ipv6-scope-check-fail
l2-src-index-check-fail
mcast-rpf-fail
non-arpa
router-cpu
ttl-expired
adj-same-if
bridged
ucast-rpf-fail
all
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-481
Chapter 2
monitor session
Defaults
l3-forward
forward
glean
receive
control-packet
esmp
mtu-exceeded
routed
received
rpf-failure
unknown-port-vlan-mapping
unknown-sa
both
rx
tx
filter
ip access-group
name
id
vlan vlan_id
packet-type
good
bad
Received and transmitted traffic, as well as all VLANs, packet types, and address types are monitored
on a trunking interface.
Packets are transmitted untagged out the destination port; ingress and learning are disabled.
All packets are permitted and forwarded as is on the destination port.
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-482
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(11b)EW
Support for differing directions within a single-user session and extended VLAN
addressing was added.
12.1(19)EW
Support for ingress packets, encapsulation specification, packet and address type
filtering, and CPU source sniffing enhancements was added.
12.1(20)EW
Support for remote SPAN and host learning on ingress-enabled destination ports
was added.
12.2(20)EW
12.2(40)SG
Support for Supervisor Engine 6-E and Catlyst 4900M chassis CPU queue options
were added.
Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination
interface to a session that already has a destination interface that is configured, you will get an error. You
must first remove a SPAN destination interface before changing the SPAN destination to a different
interface.
Beginning in Cisco IOS Release 12.1(12c)EW, you can configure sources from different directions
within a single user session.
Note
Beginning in Cisco IOS Release 12.1(12c)EW, SPAN is limited to two sessions containing
ingress sources and four sessions containing egress sources. Bidirectional sources support both
ingress and egress sources.
A particular SPAN session can either monitor VLANs or monitor individual interfaces: you cannot have
a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN
session with a source interface, and then try to add a source VLAN to the same SPAN session, you will
receive an error. You will also receive an error message if you configure a SPAN session with a source
VLAN, and then try to add a source interface to that session. You must first clear any sources for a SPAN
session before switching to another type of source. CPU sources may be combined with source interfaces
and source VLANs.
When configuring the ingress option on a destination port, you must specify an ingress VLAN if the
configured encapsulation type is untagged (the default) or is 802.1Q. If the encapsulation type is ISL,
then no ingress VLAN specification is necessary.
By default, when you enable ingress, no host learning is performed on destination ports. When you enter
the learning keyword, host learning is performed on the destination port, and traffic to learned hosts is
forwarded out the destination port.
If you enter the filter keyword on a monitored trunking interface, only traffic on the set of specified
VLANs is monitored. Port-channel interfaces are displayed in the list of interface options if you have
them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by
entering the monitor session session source vlan vlan-id command.
The packet-type filters are supported only in the Rx direction. You can specify both Rx- and Tx-type
filters and multiple-type filters at the same time (for example, you can use good and unicast to only sniff
nonerror unicast frames). As with VLAN filters, if you do not specify the type, the session will sniff all
packet types.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-483
Chapter 2
monitor session
The queue identifier allows sniffing for only traffic that is sent or received on the specified CPU queues.
The queues may be identified either by number or by name. The queue names may contain multiple
numbered queues for convenience.
Examples
This example shows how to configure IP access group 100 on a SPAN session:
Switch# configure terminal
Switch(config)# monitor session 1 filter ip access-group 100
Switch(config)# end
Switch(config)#
This example shows how to configure the sources with different directions within a SPAN session:
Switch# configure terminal
Switch(config)# monitor session 1 source interface fa2/3 rx
Switch(config)# monitor session 1 source interface fa2/2 tx
Switch(config)# end
This example shows how to remove a source interface from a SPAN session:
Switch# configure terminal
Switch(config)# no monitor session 1 source interface fa2/3
Switch(config)# end
This example shows how to limit SPAN traffic to VLANs 100 through 304:
Switch# configure terminal
Switch(config)# monitor session 1 filter vlan 100 - 304
Switch(config)# end
This example shows how to use queue names and queue number ranges for the CPU as a SPAN source
on Supervisor Engine 6-E:
Switch# configure terminal
Switch(config)# monitor session 2 source cpu queue control-packet rx
Switch(config)# monitor session 3 source cpu queue 10 rx
Switch(config)# end
Note
Related Commands
Command
Description
show monitor
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-484
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
mtu
To enable jumbo frames on an interface by adjusting the maximum size of a packet or maximum
transmission unit (MTU), use the mtu command. To return to the default setting, use the no form of this
command.
mtu bytes
no mtu
Syntax Description
bytes
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
Jumbo frames are supported on nonblocking Gigabit Ethernet ports, switch virtual interfaces (SVI), and
EtherChannels. Jumbo frames are not available for stub-based ports.
The baby giants feature uses the global system mtu size command to set the global baby giant MTU. It
allows all stub-based port interfaces to support an Ethernet payload size of up to 1552 bytes.
Both the system mtu command and the per-interface mtu command work on interfaces that can support
jumbo frames, but the per-interface mtu command takes precedence.
Examples
Related Commands
Command
Description
system mtu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-485
Chapter 2
name
name
To set the MST region name, use the name command. To return to the default name, use the no form of
this command.
name name
no name name
Syntax Description
name
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Specifies the name of the MST region. The name can be any string with a maximum
length of 32 characters.
Usage Guidelines
Two or more Catalyst 4500 series switches with the same VLAN mapping and configuration version
number are considered to be in different MST regions if the region names are different.
Examples
Related Commands
Command
Description
instance
revision
spanning-tree mst
configuration
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-486
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
netflow-lite exporter
Note
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To define an exporter and to enter NetFlow-lite exporter submode, use the netflow-lite exporter
command. To delete an exporter, use the no form of this command.
netflow-lite exporter exporter
no netflow-lite exporter exporter
Syntax Description
exporter
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Specifies an exporter.
The exporter's name identifies the exporter. Mandatory parameters for a minimal complete exporter
configuration are the destination IP address of the collector, source IP address (on the switch) to use and
UDP destination port of the collector. Any unspecified non-mandatory parameters take on default values.
The exporter name can be specified when activating sampling at a data source via the monitor command.
The exporter submode also allows you to specify the refresh frequency for the NetFlow templates.
Metadata about the NetFlow packet sampling process like sampler configuration parameters and snmp
interface table mapping can also be exported periodically to the collector.
Deleting or removing the value of a non-mandatory parameter restores the default.
Examples
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-487
Chapter 2
netflow-lite exporter
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
export-protocol (netflow-lite
exporter submode)
netflow-lite exporter
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-488
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
netflow-lite monitor
Note
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To define a monitor instance on an interface and to enter netflow-lite monitor submode, use the
netflow-lite monitor command. To delete the monitor, use the no form of this command.
netflow-lite monitor sampler-name
no netflow-lite sampler sampler-name
Syntax Description
sampler-name
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Note
Specifies a sample.
Only a single packet sampling instance is supported on a data source. These commands are entered under
the physical port interface mode, port channel interface, or config VLAN mode. Monitor is not supported
on other interfaces. If the physical port is a member of a port channel, applying the monitor to the port
has no effect. You must apply the monitor to the port channel instead.
VLAN sampling is not supported in Cisco IOS Release 15.0(2)SG. It will be supported in a later release.
Mandatory parameters are sampler and exporter. If no exporter is associated with a monitor, no samples
are exported. If so, no input packet sampling occurs for that target interface. A warning message displays
indicating that the sampler or exporter is invalid if any mandatory parameters are missing.
The packet sampling mechanism tries to achieve random 1-in-N sampling. Internally 2 levels of
sampling are done. The accuracy of the first level of sampling depends on the size of the packets arriving
at a given interface. To tune the relative accuracy of the algorithm the average-packet-size parameter
can be used.
The system automatically determines the average packet size at an interface based on observation of
input traffic and uses that value in its first level of sampling.
Valid range of packet sizes that can be used by the algorithm is 64 - 9216 bytes. Any number below 64
bytes is taken to mean that automatic determination of average packet size is desired.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-489
Chapter 2
netflow-lite monitor
Examples
The following example shows how to configure a monitor on a port interface Gigabit 1/3:
Switch# config terminal
Switch(config)# int GigabitEthernet1/3
Switch(config-if)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# exit
Switch(config-if)# exit
Switch(config)# exit
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Active:
TRUE
Sampler:
sampler1
Exporter:
exporter1
Average Packet Size: 0
Statistics:
Packets exported:
0
Packets observed:
0
Packets dropped:
0
Average Packet Size observed: 64
Average Packet Size used: 64
You can verify your settings with the show netflow-lite sampler privileged EXEC command.
Related Commands
Command
Description
average-packet-size
Specifies the average packet size at the observation point.
(netflow-lite monitor submode)
exporter (netflow-lite monitor
submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-490
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
netflow-lite sampler
Note
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To configure packet sampling parameters as a reusable named entity and to enter netflow-lite sampler
submode, use the netflow-lite sampler command. To delete the sampler, use the no form of this
command.
netflow-lite sampler name
no netflow-lite sampler name
Syntax Description
name
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Specifies a sampler.
The sampler CLI construct allows the user to configure the rate at which input packets are to be sampled.
Packet sampling rate can range from 32 to 2^15 in powers of 2. A sampling rate of 1 is allowed for
troubleshooting for up to two 1 Gigabit ports only and is essentially equivalent to rx span. It cannot be
configured on 10GE ports because the bandwidth demand on the fpga for export is too high.
Mandatory parameters are packet rate.
You can update a sampler in use at a target interface, but you cannot remove or unconfigure mandatory
parameters.
All mandatory parameters must be present to validate a sampler. Any unspecified non-mandatory
parameters take on default values.
Examples
This example shows how to configure packet sampling parameters as a reusable named entity and to
display the sampler:
Switch# config terminal
Switch(config)# netflow-lite sampler
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config)# exit
Switch#
sampler1
packet-rate 32
packet-section size 128
packet-offset 16
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-491
Chapter 2
netflow-lite sampler
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
packet-offset (netflow-lite
sampler submode)
packet-rate (netflow-lite
sampler submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-492
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
nmsp
To configure Network Mobility Services Protocol (NMSP) on the switch, use the nmsp command. This
command is available only when your switch is running the cryptographic (encrypted) software image.
Use the no form of this command to return to the default setting.
nmsp {enable | {notification interval {attachment | location} interval-seconds}}
no nmsp {enable | {notification interval {attachment | location} interval-seconds}}
Syntax Description
enable
notification interval
attachment
location
interval-seconds
Defaults
NMSP is disabled, NMSP notification interval attachment and NMSP notification interval location
defaults are 30 seconds.
Command Modes
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use the nmsp global configuration command to enable the switch to send encrypted NMSP location and
attachment notifications to a Cisco Mobility Services Engine (MSE).
Examples
This example shows how to enable NMSP on a switch and set the location notification time to 10
seconds:
Switch(config)# nmsp enable
Switch(config)# nmsp notification interval location 10
Switch(config)#
Related Commands
Command
Description
show nmsp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-493
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use the nmsp attachment suppress interface configuration command to configure an interface to not
send attachment notifications to a Cisco Mobility Services Engine (MSE).
Examples
This example shows how to configure an interface to not send attachment information to the MSE:
Switch(config)# switch interface gigabitethernet1/2
Switch(config-if)# nmsp attachment suppress
Switch(config-if)#
Related Commands
Command
Description
nmsp
show nmsp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-494
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify an options timeout for the NetFlow-lite collector, use the options timeout command. To
delete the value, use the no form of this command.
options {sampler-table | interface-table} timeout seconds
no options {sampler-table | interface-table} timeout second
Syntax Description
sampler-table
interface-table
seconds
Defaults
1800 seconds
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Default timeout value is 1800 seconds or 30 minutes. The timeout value configured really depends on
the collector and how often it needs the templates to be refreshed.
Examples
This example shows how to specify an options timeout for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-495
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-496
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a starting packet offset in netflow-lite submode, use the packet-offset command. To reset to
the default, use the no form of this command.
packet-offset offset
no packet-offset offset
Syntax Description
offset
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Default packet section offset value is 0. The packet section extracted from the sampled packet start at
offset 0 of the packet.
Examples
You can verify your settings with the show netflow-lite sampler privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-497
Chapter 2
Related Commands.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-498
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a packet sampling rate in netflow-lite sampler submode, use the packet rate command. To
delete a packet sampling rate, use the no form of this command.
packet rate n
no packet rate n
Syntax Description
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Packet sampling rate can range from 32 to 2^15 in powers of 2. A rate of 1 is allowed for trouble shooting
(equivalent to rx span) only for two 1Gigabit Ethernet ports. You cannot configure a rate of 1 on 10
Gigabit Ethernet ports because the bandwidth demand for export is too high.
This is a mandatory parameter. Up to 2 x 1 Gigabit Ethernet ports can be configured with 1-in-1
sampling. The best packet sampling rate that can be configured on any 1 Gigabit or 10 Gigabit Ethernet
port is 1-in-32. Packet sampling rates can be configured in powers of 2 (1-in-64, 1-in-128, etc).
Examples
This example shows how to specify a packet sampling rate in netflow-lite sampler submode:
Switch# config terminal
Switch(config)# netflow-lite sampler
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config-netflow-lite-sampler)#
Switch(config)# exit
Switch#
sampler1
packet-rate 32
packet-section size 128
packet-offset 16
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-499
Chapter 2
You can verify your settings with the show netflow-lite sampler privileged EXEC command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-500
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a sampled header size in netflow-lite submode, use the packet-section size command. To
store the default, use the no form of this command.
packet-section size bytes
no packet-section size bytes
Syntax Description
bytes
Defaults
64 bytes
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Specifies the sampled header size. Size ranges from 16 to 252 bytes in
increments of 4 bytes.
Usage Guidelines
Default packet section size is 64 bytes which normally would cover Layer 2, Layer 3, and Layer 4
headers for an input IPv4 packet.
Examples
sampler1
packet-rate 32
packet-section size 128
packet-offset 16
exit
You can verify your settings with the show netflow-lite sampler privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-501
Chapter 2
Related Commands
Command
Description
packet-rate (netflow-lite
sampler submode)
packet-offset (netflow-lite
sampler submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-502
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
pagp learn-method
To learn the input interface of the incoming packets, use the pagp learn-method command. To return to
the default value, use the no form of this command.
pagp learn-method {aggregation-port | physical-port}
no pagp learn-method
Syntax Description
aggregation-port
physical-port
Specifies learning the address on the physical port within the bundle.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to enable physical port address learning within the bundle:
Switch(config-if)# pagp learn-method physical-port
Switch(config-if)#
This example shows how to enable aggregation port address learning within the bundle:
Switch(config-if)# pagp learn-method aggregation-port
Switch(config-if)#
Related Commands
Command
Description
show pagp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-503
Chapter 2
pagp port-priority
pagp port-priority
To select a port in hot standby mode, use the pagp port-priority command. To return to the default
value, use the no form of this command.
pagp port-priority priority
no pagp port-priority
Syntax Description
priority
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The higher the priority, the better the chances are that the port will be selected in the hot standby mode.
Examples
Related Commands
Command
Description
pagp learn-method
show pagp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-504
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
passive-interface
To disable sending routing updates on an interface, use the passive-interface command. To reenable the
sending of routing updates, use the no form of this command.
passive-interface [[default] {interface-type interface-number}] | {range interface-type
interface-number-interface-type interface-number}
no passive-interface [[default] {interface-type interface-number}] | {range interface-type
interface-number-interface-type interface-number}
Syntax Description
default
interface-type
interface-number
range
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can use the passive-interface range command on the following interfaces: FastEthernet,
GigabitEthernet, VLAN, Loopback, Port-channel, 10-GigabitEthernet, and Tunnel. When you use the
passive-interface range command on a VLAN interface, the interface should be the existing VLAN
SVIs. To display the VLAN SVIs, enter the show running config command. The VLANs that are not
displayed cannot be used in the passive-interface range command.
The values that are entered with the passive-interface range command are applied to all the existing
VLAN SVIs.
Before you can use a macro, you must define a range using the define interface-range command.
All configuration changes that are made to a port range through the passive-interface range command
are retained in the running-configuration as individual passive-interface commands.
You can enter the range in two ways:
You can either specify the interfaces or the name of an interface-range macro. An interface range must
consist of the same interface type, and the interfaces within a range cannot span across the modules.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-505
Chapter 2
passive-interface
You can define up to five interface ranges on a single command; separate each range with a comma:
interface range gigabitethernet 5/1-20, gigabitethernet4/5-20.
You cannot specify both a macro and an interface range in the same command. After creating a macro,
you can enter additional ranges. If you have already entered an interface range, the CLI does not allow
you to enter a macro.
You can specify a single interface in the range range value. This makes the command similar to the
passive-interface interface-number command.
Note
The range keyword is only supported in OSPF, EIGRP, RIP, and ISIS router mode.
If you disable the sending of routing updates on an interface, the particular subnet will continue to be
advertised to other interfaces, and updates from other routers on that interface continue to be received
and processed.
The default keyword sets all interfaces as passive by default. You can then configure individual
interfaces where adjacencies are desired using the no passive-interface command. The default keyword
is useful in Internet service provider (ISP) and large enterprise networks where many of the distribution
routers have more than 200 interfaces.
For the Open Shortest Path First (OSPF) protocol, OSPF routing information is neither sent nor received
through the specified router interface. The specified interface address appears as a stub network in the
OSPF domain.
For the Intermediate System-to-Intermediate System (IS-IS) protocol, this command instructs IS-IS to
advertise the IP addresses for the specified interface without actually running IS-IS on that interface. The
no form of this command for IS-IS disables advertising IP addresses for the specified address.
Note
For IS-IS you must keep at least one active interface and configure the interface with the ip router isis
command.
Enhanced Interior Gateway Routing Protocol (EIGRP) is disabled on an interface that is configured as
passive although it advertises the route.
Examples
The following example sends EIGRP updates to all interfaces on network 10.108.0.0 except
GigabitEthernet interface 1/1:
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# router eigrp 109
Switch(config-router)# network 10.108.0.0
Switch(config-router)# passive-interface gigabitethernet 1/1
Switch(config-router)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-506
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The following configuration enables IS-IS on Ethernet interface 1 and serial interface 0 and advertises
the IP addresses of Ethernet interface 0 in its link-state protocol data units (PDUs):
Switch(config-if)# router isis Finance
Switch(config-router)# passive-interface Ethernet 0
Switch(config-router)# interface Ethernet 1
Switch(config-router)# ip router isis Finance
Switch(config-router)# interface serial 0
Switch(config-router)# ip router isis Finance
Switch(config-router)#
The following example sets all interfaces as passive, then activates Ethernet interface 0:
Switch(config-if)# router ospf 100
Switch(config-router)# passive-interface default
Switch(config-router)# no passive-interface ethernet0
Switch(config-router)# network 10.108.0.1 0.0.0.255 area 0
Switch(config-router)#
The following configuration sets the Ethernet ports 3 through 4 on module 0 and GigabitEthernet ports
4 through 7 on module 1 as passive:
Switch(config-if)# router ospf 100
Switch(config-router)# passive-interface range ethernet0/3-4,gigabitethernet1/4-7
Switch(config-router)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-507
Chapter 2
permit
permit
To permit an ARP packet based on matches against the DHCP bindings, use the permit command. To
remove a specified ACE from an access list, use the no form of this command.
permit {[request] ip {any | host sender-ip | sender-ip sender-ip-mask} mac {any | host sender-mac
| sender-mac sender-mac-mask} | response ip {any | host sender-ip | sender-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mask}] mac {any | host sender-mac
| sender-mac sender-mac-mask} [{any | host target-mac | target-mac target-mac-mask}]} [log]
no permit {[request] ip {any | host sender-ip | sender-ip sender-ip-mask} mac {any | host
sender-mac | sender-mac sender-mac-mask} | response ip {any | host sender-ip | sender-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mask}] mac {any | host sender-mac
| sender-mac sender-mac-mask} [{any | host target-mac | target-mac target-mac-mask}]} [log]
Syntax Description
request
(Optional) Requests a match for the ARP request. When request is not
specified, matching is performed against all ARP packets.
ip
any
host sender-ip
sender-ip
sender-ip-mask
mac
host sender-mac
sender-mac
sender-mac-mask
response
ip
host target-ip
target-ip target-ip-mask
mac
host target-mac
target-mac
target-mac-mask
log
(Optional) Logs a packet when it matches the access control entry (ACE).
Defaults
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-508
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Permit clauses can be added to forward or drop ARP packets based on some matching criteria.
Examples
This example shows a host with a MAC address of 0000.0000.abcd and an IP address of 1.1.1.1. This
example shows how to permit both requests and responses from this host:
Switch(config)# arp access-list static-hosts
Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 0000.0000.abcd
Switch(config-arp-nacl)# end
Switch# show arp access-list
ARP access list static-hosts
permit ip host 1.1.1.1 mac host 0000.0000.abcd
Switch#
Related Commands
Command
Description
arp access-list
deny
Permits ARPs from hosts that are configured for static IP when
DAI is enabled and to define an ARP access list and applies it to
a VLAN.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-509
Chapter 2
police
police
To configure the Traffic Policing feature, use the police QoS policy-map class configuration command.
To remove the Traffic Policing feature from the configuration, use the no form of this command.
police {bps | kbps | mbps |gbps} [burst-normal] [burst-max] conform-action action exceed-action
action [violate-action action]
no police {bps | kbps | mbps |gbps} [burst-normal] [burst-max] conform-action action
exceed-action action [violate-action action]
Syntax Description
bps
Average rate, in bits per second. Valid values are 32,000 to 32,000,000,000.
kbps
mbps
gbps
burst-normal
burst-max
conform-action
exceed-action
violate-action
(Optional) Action to take on packets that violate the normal and maximum
burst sizes.
action
Defaults
Command Modes
Policy-map class configuration mode (when specifying a single action to be applied to a market packet)
Policy-map class police configuration mode (when specifying multiple actions to be applied to a marked
packet)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-510
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.2(40)SG
Use the police command to mark a packet with different quality of service (QoS) values based on
conformance to the service-level agreement.
Traffic policing will not be executed for traffic that passes through an interface.
Specifying Multiple Actions
The police command allows you to specify multiple policing actions. When specifying multiple policing
actions when configuring the police command, note the following points:
You cannot specify contradictory actions such as conform-action transmit and conform-action
drop.
The police command can be used with Traffic Policing feature. The Traffic Policing feature works with
a token bucket algorithm. Two types of token bucket algorithms are a single-token bucket algorithm and
a two-token bucket algorithm. A single-token bucket system is used when the violate-action option is
not specified, and a two-token bucket system is used when the violate-action option is specified.
Token Bucket Algorithm with One Token Bucket
The one token bucket algorithm is used when the violate-action option is not specified in the police
command of the command-line interface (CLI).
The conform bucket is initially set to the full size (the full size is the number of bytes specified as the
normal burst size).
When a packet of a given size (for example, B bytes) arrives at specific time (time T) the following
actions occur:
Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the
current time is T, the bucket is updated with (T - T1) worth of bits based on the token arrival rate.
The token arrival rate is calculated as follows:
(time between packets <which is equal to T - T1> * policer rate)/8 bytes
If the number of bytes in the conform bucket B is greater than or equal to 0, the packet conforms
and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the
conform bucket and the conform action is completed for the packet.
If the number of bytes in the conform bucket B (minus the packet size to be limited) is fewer than 0,
the exceed action is taken.
Token Bucket Algorithm with Two Token Buckets (Refer to RFC 2697)
The two-token bucket algorithm is used when the violate-action is specified in the police command CLI.
The conform bucket is initially full (the full size is the number of bytes specified as the normal burst
size).
The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the
maximum burst size).
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-511
Chapter 2
police
The tokens for both the conform and exceed token buckets are updated based on the token arrival rate,
or committed information rate (CIR).
When a packet of given size (for example, B bytes) arrives at specific time (time T) the following
actions occur:
Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the
current arrival of the packet is at t, the bucket is updated with T -T1 worth of bits based on the token
arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform
bucket, the overflow tokens are placed in the exceed bucket.
The token arrival rate is calculated as follows:
(time between packets <which is equal to T-T1> * policer rate)/8 bytes
Examples
If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms
and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the
conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.
If the number of bytes in the conform bucket B is less than 0, the excess token bucket is checked for
bytes by the packet. If the number of bytes in the exceed bucket B is greater than or equal to 0, the
exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed
from the conform bucket.
If the number bytes in the exceed bucket B is fewer than 0, the packet violates the rate and the violate
action is taken. The action is complete for the packet.
This example shows how to define a traffic class (using the class-map command) and associate the
match criteria from the traffic class with the Traffic Policing configuration, which is configured in the
service policy (using the policy-map command). The service-policy command is then used to attach this
service policy to the interface.
In this particular example, Traffic Policing is configured with the average rate at 8000 bits per second
and the normal burst size at 1000 bytes for all packets leaving Gigabit Ethernet interface 6/1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map access-match
Switch(config-cmap)# match access-group 1
Switch(config-cmap)# exit
Switch(config)# policy-map police-setting
Switch(config-pmap)# class access-match
Switch(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output police-setting
Switch(config-if)# end
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the token bucket ((0.25 * 8000)/8),
leaving 800 bytes in the token bucket. If the next packet is 900 bytes, the packet exceeds and the exceed
action (drop) is taken. No bytes are taken from the token bucket.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-512
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Token Bucket Algorithm with Two Token Buckets Example (Refer to RFC 2697)
In this particular example, Traffic Policing is configured with the average rate at 8000 bits per second,
the normal burst size at 1000 bytes, and the excess burst size at 1000 bytes for all packets leaving Gigabit
Ethernet interface 6/1.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map access-match
Switch(config-cmap)# match access-group 1
Switch(config-cmap)# exit
Switch(config)# policy-map police-setting
Switch(config-pmap)# class access-match
Switch(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action
set-qos-transmit 1 violate-action drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output police-setting
Switch(config-if)# end
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the conform token bucket
((0.25 * 8000)/8), leaving 800 bytes in the conform token bucket. If the next packet is 900 bytes, the
packet does not conform because only 800 bytes are available in the conform token bucket.
The exceed token bucket, which starts full at 1000 bytes (as specified by the excess burst size) is then
checked for available bytes. Because enough bytes are available in the exceed token bucket, the exceed
action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving
100 bytes in the exceed token bucket.
If the next packet arrives 0.40 seconds later, 400 bytes are added to the token buckets ((.40 * 8000)/8).
Therefore, the conform token bucket now has 1000 bytes (the maximum number of tokens available in
the conform bucket) and 200 bytes overflow the conform token bucket (because it only 200 bytes were
needed to fill the conform token bucket to capacity). These overflow bytes are placed in the exceed token
bucket, giving the exceed token bucket 300 bytes.
If the arriving packet is 1000 bytes, the packet conforms because enough bytes are available in the
conform token bucket. The conform action (transmit) is taken by the packet and 1000 bytes are removed
from the conform token bucket (leaving 0 bytes).
If the next packet arrives 0.20 seconds later, 200 bytes are added to the token bucket ((.20 * 8000)/8).
Therefore, the conform bucket now has 200 bytes. If the arriving packet is 400 bytes, the packet does not
conform because only 200 bytes are available in the conform bucket. Similarly, the packet does not
exceed because only 300 bytes are available in the exceed bucket. Therefore, the packet violates and the
violate action (drop) is taken.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-513
Chapter 2
police
Related Commands
Command
Description
police (percent)
policy-map
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-514
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
police (percent)
To configure traffic policing on the basis of a percentage of bandwidth available on an interface, use the
police command in QoS policy-map class configuration mode. To remove traffic policing from the
configuration, use the no form of this command.
police cir percent percent [bc conform-burst-in-msec] [pir percent percentage] [be
peak-burst-inmsec]
no police cir percent percent [bc conform-burst-in-msec] [pir percent percentage] [be
peak-burst-inmsec]
Syntax Description
Command Default
cir
Committed information rate. Indicates that the CIR will be used for policing
traffic.
percent
percent
bc
(Optional) Conform burst (bc) size used by the first token bucket for policing
traffic.
conform-burst-in-msec
pir
(Optional) Peak information rate (PIR). Indicates that the PIR will be used
for policing traffic.
percent
percent
be
(Optional) Peak burst (be) size used by the second token bucket for policing
traffic.
peak-burst-in-msec
action
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-515
Chapter 2
police (percent)
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
This command calculates the CIR and PIR on the basis of a percentage of the maximum amount of
bandwidth available on the interface. When a policy map is attached to the interface, the equivalent CIR
and PIR values in bits per second (bps) are calculated on the basis of the interface bandwidth and the
percent value entered with this command. The show policy-map interface command can then be used
to verify the bps rate calculated.
The calculated CIR and PIR bps rates must be in the range of 32,000 and 32,000,000,000 bps. If the rates
are outside this range, the associated policy map cannot be attached to the interface. If the interface
bandwidth changes (for example, more is added), the bps values of the CIR and the PIR are recalculated
on the basis of the revised amount of bandwidth. If the CIR and PIR percentages are changed after the
policy map is attached to the interface, the bps values of the CIR and PIR are recalculated.
This command also allows you to specify the values for the conform burst size and the peak burst size
in milliseconds. If you want bandwidth to be calculated as a percentage, the conform burst size and the
peak burst size must be specified in milliseconds (ms).
Examples
This example shows how to configure traffic policing using a CIR and a PIR based on a percentage of
bandwidth on Gigabit interface 6/2. In this example, a CIR of 20 percent and a PIR of 40 percent have
been specified. Additionally, an optional bc value and be value (300 ms and 400 ms, respectively) have
been specified.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class-map class1
Switch(config-pmap-c)# police cir percent 20 bc 3 ms pir percent 40 be 4 ms
Switch(config-pmap-c)# exit
Switch(config-pmap-c)# interface gigabitethernet 6/2
Switch(config-if)# service-policy output policy
Switch(config-if)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-516
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
police rate
To configure single or dual rate policer, use the police rate command in policy-map configuration mode.
To remove traffic policing from the configuration, use the no form of this command.
Syntax for Bytes Per Second
police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [pack-burst
peak-burst-in-bytes bytes]
no police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps]
[pack-burst peak-burst-in-bytes bytes]
Syntax for Percent
police rate percent percentage [burst ms ms] [peak-rate percent percentage] [pack-burst ms ms]
no police rate percent percentage [burst ms ms] [peak-rate percent percentage] [pack-burst ms
ms]
Syntax Description
units
Specifies the traffic police rate in bits per second. Valid range is 32,000 to
32,000,000,000.
bps
(Optional) Bits per second (bps) will be used to determine the rate at which
traffic is policed.
Note
Command Default
burst burst-in-bytes
bytes
(Optional) Specifies the burst rate, in bytes, will be used for policing traffic.
Valid range is from 64 to 2,596,929,536.
peak-rate
peak-rate-in-bps bps
(Optional) Specifies the peak burst value, in bytes, for the peak rate. Valid
range is from 32,000 to 32,000,000,000.
peak-burst
peak-burst-in-bytes
bytes
(Optional) Specifies the peak burst value, in bytes, will be used for policing
traffic. If the police rate is specified in bps, the valid range of values is 64 to
2,596,929,536.
percent
percentage
burst ms ms
(Optional) Burst rate, in milliseconds, will be used for policing traffic. Valid
range is a number from 1 to 2,000.
peak-rate percent
percentage
peak-burst ms ms
(Optional) Peak burst rate, in milliseconds, will be used for policing traffic.
Valid range is a number from 1 to 2,000.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-517
Chapter 2
police rate
Command Modes
Command History
Release
Modification
12.2(40)SG
This command was introduced on the Catalyst 4500 series switch using a Supervisor
Engine 6-E.
Usage Guidelines
Use the police rate command to limit traffic on the basis of pps, bps, or a percentage of interface
bandwidth.
If the police rate command is issued, but the a rate is not specified, traffic that is destined will be policed
on the basis of bps.
Examples
This example shows how to configure policing on a class to limit traffic to an average rate of 1,500,000
bps:
Switch(config)# class-map c1
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police rate 1500000 burst 500000
Switch(config-pmap-c)# exit
Related Commands
Command
Description
policy-map
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-518
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
cir
Committed information rate (CIR) at which the first token bucket is updated.
cir
Specifies the CIR value in bits per second. The value is a number from 32,000
to 32,000,000,000.
bc
(Optional) Conform burst (bc) size used by the first token bucket for policing.
conform-burst
pir
Peak information rate (PIR) at which the second token bucket is updated.
pir
Specifies the PIR value in bits per second. The value is a number from 32,000
to 32,000,000,000.
be
(Optional) Peak burst (be) size used by the second token bucket for policing.
peak-burst
(Optional) Specifies the peak burst (be) size in bytes. The value is a number
from 64 to 2,596,929,536.
conform-action
(Optional) Action to take on packets that conform to the CIR and PIR.
exceed-action
(Optional) Action to take on packets that conform to the PIR but not the CIR.
violate-action
action
Command Default
Command Modes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-519
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.2(40)SG
This command was introduced on the Catalyst 4500 series switch using a Supervisor
Engine 6-E.
The Tc token bucket is updated at the CIR value each time a packet arrives at the two-rate policer.
The Tc token bucket can contain up to the confirm burst (Bc) value.
The Tp token bucket is updated at the PIR value each time a packet arrives at the two-rate policer.
The Tp token bucket can contain up to the peak burst (Be) value.
The following scenario illustrates how the token buckets are updated:
A packet of B bytes arrives at time t. The last packet arrived at time t1. The CIR and the PIR token
buckets at time t are represented by Tc(t) and Tp(t), respectively. Using these values and in this scenario,
the token buckets are updated as follows:
Tc(t) = min(CIR * (t-t1) + Tc(t1), Bc)
Tp(t) = min(PIR * (t-t1) + Tp(t1), Be)
Marking Traffic
The two-rate policer marks packets as either conforming, exceeding, or violating a specified rate. The
following points (using a packet of B bytes) illustrate how a packet is marked:
If B > Tc(t), the packet is marked as exceeding the specified rate, and the Tp(t) token bucket is
updated as Tp(t) = Tp(t) B.
Otherwise, the packet is marked as conforming to the specified rate, and both token bucketsTc(t) and
Tp(t)are updated as follows:
Tp(t) = Tp(t) B
Tc(t) = Tc(t) B
For example, if the CIR is 100 kbps, the PIR is 200 kbps, and a data stream with a rate of 250 kbps arrives
at the two-rate policer, the packet would be marked as follows:
The flowchart in Figure 2-1 illustrates how the two-rate policer marks packets and assigns a
corresponding action (that is, violate, exceed, or conform) to the packet.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-520
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Figure 2-1
CIR
PIR
Bc
Be
B > Tp
No
B > Tc
No
Packet of size B
Examples
Yes
Violate
Exceed
Conform
Action
Action
Action
60515
Yes
This example shows how to configure two-rate traffic policing on a class to limit traffic to an average
committed rate of 500 kbps and a peak rate of 1 Mbps:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map police
Switch(config-cmap)# match access-group 101
Switch(config-cmap)# policy-map policy1
Switch(config-pmap)# class police
Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop
Switch(config-pmap-c)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
Switch# show policy-map policy1
Policy Map policy1
Class police
police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop
Switch#
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked
as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent.
All traffic marked as exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-521
Chapter 2
In the following example, 1.25 Mbps of traffic is sent (offered) to a policer class:
Switch# show policy-map interface gigabitethernet 6/1
GigabitEthernet6/1
Service-policy output: policy1
Class-map: police (match all)
148803 packets, 36605538 bytes
30 second offered rate 1249000 bps, drop rate 249000 bps
Match: access-group 101
police:
cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
conformed 59538 packets, 14646348 bytes; action: transmit
exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2
violated 29731 packets, 7313826 bytes; action: drop
conformed 499000 bps, exceed 500000 bps violate 249000 bps
Class-map: class-default (match-any)
19 packets, 1990 bytes
30 seconds offered rate 0 bps, drop rate 0 bps
Match: any
Switch#
The two-rate policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and
250 kbps of traffic as violating the specified rate. Packets marked as conforming to the rate will be sent
as is, and packets marked as exceeding the rate will be marked with IP Precedence 2 and then sent.
Packets marked as violating the rate are dropped.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-522
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
policy-map
To create or modify a policy map that can be attached to multiple ports to specify a service policy and
to enter policy-map configuration mode, use the policy-map global configuration command. To delete
an existing policy map and to return to global configuration mode, use the no form of this command.
policy-map policy-map-name
no policy-map policy-map-name
Syntax Description
policy-map-name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Extended support to Supervisor Engine 6-E and the Catalyst 4900M chassis.
Usage Guidelines
Before configuring policies for classes whose match criteria are defined in a class map, use the
policy-map command to specify the name of the policy map to be created or modified. After you enter
the policy-map command, the switch enters policy-map configuration mode. You can configure or
modify the class policies for that policy map and decide how to treat the classified traffic.
These configuration commands are available in policy-map configuration mode:
classDefines the classification match criteria for the specified class map. For more information,
see the class section on page 2-92.
exitExits policy-map configuration mode and returns you to global configuration mode.
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use
the end command.
You can configure class policies in a policy map only if the classes have match criteria defined for them.
To configure the match criteria for a class, use the class-map global configuration and match class-map
configuration commands.
Examples
This example shows how to configure multiple classes in a policy map called policymap2 on a
Supervisor Engine 6-E:
Switch# configure terminal
Switch(config)# policy-map policymap2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-523
Chapter 2
policy-map
This example shows how to delete the policy map called policymap2:
Switch# configure terminal
Switch(config)# no policy-map policymap2
Switch#
You can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
class-map
policy-map
service-policy (interface
configuration)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-524
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
port-channel load-balance
To set the load-distribution method among the ports in the bundle, use the port-channel load-balance
command. To reset the load distribution to the default, use the no form of this command.
port-channel load-balance method
no port-channel load-balance
Syntax Description
method
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Specifies the load distribution method. See the Usage Guidelines section for more
information.
This example shows how to set the load-distribution method to the destination IP address:
Switch(config)# port-channel load-balance dst-ip
Switch(config)#
This example shows how to set the load-distribution method to the source XOR destination IP address:
Switch(config)# port-channel load-balance src-dst-port
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-525
Chapter 2
port-channel load-balance
Related Commands
Command
Description
interface port-channel
show etherchannel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-526
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
port-channel standalone-disable
To disable the EtherChannel standalone option in a port channel, use the port-channel
standalone-disable command in interface configuration mode. To enable this option, use the no form
of this command.
port-channel standalone-disable
no port-channel standalone-disable
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG1
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command can only be used when the port channel protocol type is Link Aggregation Control
Protocol (LACP). It allows you to change the current behavior when a physical port cannot bundle with
an LACP EtherChannel.
Examples
The following example shows how to enable the EtherChannel standalone option in a port channel:
Switch(config-if)# no port-channel standalone-disable
Related Commands
Command
Description
show etherchannel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-527
Chapter 2
port-security mac-address
port-security mac-address
To configure a secure address on an interface for a specific VLAN or VLAN range, use the
port-security mac-address command.
port-security mac-address mac_address
Syntax Description
mac_address
Command Modes
Command History
Release
Modification
12.2(25)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conjunction with
the vlan command, you can use the port-security mac-address command to specify different addresses
on different VLANs.
Examples
This example shows how to configure the secure address 1.1.1 on interface Gigabit Ethernet 1/1 for
VLANs 2-3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security mac-address 1.1.1
Switch(config-if-vlan-range)# end
Switch#
Related Commands
Command
Description
port-security mac-address
sticky
port-security maximum
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-528
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
mac_address
Command Modes
Command History
Release
Modification
12.2(25)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The Sticky feature must be enabled on an interface before you can configure the
port-security mac-address sticky command.
Usage Guidelines
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conjunction with
the vlan command, you can use the port-security mac-address sticky command to specify different
sticky addresses on different VLANs.
The Sticky feature must be enabled on an interface before you can configure the
port-security mac-address sticky command.
Sticky MAC addresses are addresses that persist across switch reboots and link flaps.
Examples
This example shows how to configure the sticky address 1.1.1 on interface Gigabit Ethernet 1/1 for
VLANs 2-3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security mac-address sticky 1.1.1
Switch(config-if-vlan-range)# end
Switch#
Related Commands
Command
Description
port-security mac-address
port-security maximum
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-529
Chapter 2
port-security maximum
port-security maximum
To configure the maximum number of addresses on an interface for a specific VLAN or VLAN range,
use the port-security maximum command.
port-security maximum max_value
Syntax Description
max_value
Command Modes
Command History
Release
Modification
12.2(25)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conjunction with
the vlan command, you can use the port-security maximum command to specify the maximum number
of secure addresses on different VLANs.
If a specific VLAN on a port is not configured with a maximum value, the maximum configured for the
port is used for that VLAN. In this situation, the maximum number of addresses that can be secured on
this VLAN is limited to the maximum value configured on the port.
Each VLAN can be configured with a maximum count that is greater than the value configured on the
port. Also, the sum total of the maximum configured values for all the VLANs can exceed the maximum
configured for the port. In either of these situations, the number of MAC addresses secured on each
VLAN is limited to the lesser of the VLAN configuration maximum and the port configuration
maximum.
Examples
This example shows how to configure a maximum number of addresses (5) on interface
Gigabit Ethernet 1/1 for VLANs 2-3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface g1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security maximum 5
Switch(config-if-vlan-range)# exit
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-530
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
port-security mac-address
port-security mac-address
sticky
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-531
Chapter 2
power dc input
power dc input
To configure the power DC input parameters on the switch, use the power dc input command. To return
to the default power settings, use the no form of this command.
power dc input watts
no power dc input
Syntax Description
watts
Sets the total capacity of the external DC source in watts; valid values are from
300 to 8500.
Defaults
Command Modes
Command History
Release
Modification
12.1(11)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(13)EW
Usage Guidelines
If your interface is not capable of supporting Power over Ethernet, you will receive this message:
Power over Ethernet not supported on interface Admin
Examples
This example shows how to set the total capacity of the external DC power source to 5000 W:
Switch(config)# power dc input 5000
Switch(config)#
Related Commands
Command
Description
show power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-532
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
EEE is disabled
Command Modes
Command History
Release
Modification
Release IOS XE
3.4.0SG and IOS
15.1(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-533
Chapter 2
power inline
power inline
To set the inline-power state for the inline-power-capable interfaces, use the power inline command. To
return to the default values, use the no form of this command.
power inline {auto [max milliwatt] | never | static [max milliwatt] | consumption milliwatt}
no power inline
Syntax Description
Defaults
auto
Sets the Power over Ethernet state to auto mode for inline-power-capable
interfaces.
max milliwatt
(Optional) Sets the maximum power that the equipment can consume; valid
range is from 2000 to 15400 mW for classic modules. For the
WS-X4648-RJ45V-E, the maximum is 20000. For the
WS-X4648-RJ45V+E, the maximum is 30000.
never
Disables both the detection and power for the inline-power capable
interfaces.
static
consumption milliwatt
Sets power allocation per interface; valid range is from 4000 to 15400 for
classic modules. Any non-default value disables automatic adjustment of
power allocation.
Maximum mW mode is set to 15400. For the WS-X4648-RJ45V-E, the maximum mW is set to
20000. For the WS-X4648-RJ45V+E, the maximum mW is set to 30000.
Command Modes
Command History
Release
Modification
12.1(11)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.1(20)EW
12.2(44)SG
Usage Guidelines
If your interface is not capable of supporting Power over Ethernet, you will receive this message:
Power over Ethernet not supported on interface Admin
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-534
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to set the inline-power detection and power for the inline-power-capable
interfaces:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline auto
Switch(config-if)# end
Switch#
This example shows how to disable the inline-power detection and power for the inline-power-capable
interfaces:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline never
Switch(config-if)# end
Switch#
This example shows how to set the permanent Power over Ethernet allocation to 8000 mW for Fast
Ethernet interface 4/1 regardless what is mandated either by the 802.3af class of the discovered device
or by any CDP packet that is received from the powered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline consumption 8000
Switch(config-if)# end
Switch#
This example shows how to pre-allocate Power over Ethernet to 16500 mW for Gigabit Ethernet
interface 2/1 regardless of what is mandated either by the 802.3af class of the discovered device or by
any CDP packet that is received from the powered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# power inline static max 16500
Switch(config-if)# end
Switch#
Related Commands
Command
Description
show power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-535
Chapter 2
Syntax Description
default
milliwatts
Sets the default power allocation in milliwatts; the valid range is from
4000 to 15399. Any non-default value disables automatic adjustment of power
allocation.
Defaults
Command Modes
Command History
Release
Modification
12.1(11)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(20)EW
Usage Guidelines
The inline power consumption command overrides the power allocated to the port through IEEE/Cisco
phone discovery and CDP/LLDP power negotiation. To guarantee safe operation of the system, ensure
that the value configured here is no less than the actual power requirement of the attached device. If the
power drawn by the inline powered devices exceeds the capability of the power supply, it could trip the
power supply.
If your interface is not capable of supporting Power over Ethernet, you will receive this message:
Power over Ethernet not supported on interface Admin
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-536
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to set the Power over Ethernet allocation to use 8000 mW, regardless of any
CDP packet that is received from the powered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# power inline consumption default 8000
Switch(config)# end
Switch#
Related Commands
Command
Description
power inline
show power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-537
Chapter 2
This command is available only on Supervisor Engine 7-E and Supervoisor Engine 7L-E.
To automatically enable power on both signal and spare pairs from a switch port, provided the end-device
is PoE capable on both signal and spare pairs but does not support the CDP or LLDP extensions required
for UPOE, use the power inline four-pair forced command.
power inline four-pair forced
Syntax Description
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
This command was introduced on the Catalyst 4500 series switch using a
Supervisor Engine 7-E and 7L-E.
Usage Guidelines
Although IEEE 802.at only provides for power up to 30W per port, the WS-X4748-UPOE+E module can
provide up to 60W using the spare pair of an RJ45 cable (wires 4,5,7,8) with the signal pair (wires
1,2,3,6). Power on the spare pair is enabled when the switch port and end-device mutually identify
themselves as UPOE capable using CDP or LLDP and the end-device requests for power on the spare
pair to be enabled. When the spare pair is powered, the end-device can negotiate up to 60W power from
the switch using CDP or LLDP.
If the end-device is PoE capable on both signal and spare pairs but does not support the CDP or LLDP
extensions required for UPOE, then the following configuration automatically enables power on both
signal and spare pairs from the switch port
Examples
The following example shows how to automatically enable power on both signal and spare pairs from
switch port gigabit ethernet 2/1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# power inline four-pair forced
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-538
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Do not enter this command if the end-device is incapable of sourcing inline power on the spare pair or
if the end-device supports the CDP or LLDP extensions for UPOE.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-539
Chapter 2
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
15.0(2)SG2/
XE 3.2.2SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Be aware of the potential for console flooding if this command is used on a switch connected to several
PoE devices.
Examples
This example shows how to globally enable PoE status messaging on each interface:
To enable PoE event logging, you use the logging event poe-status global command:
Switch# conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# power inline logging global
Switch(config)# int gigabitEthernet 5/5
Switch(config-if)# shut
Switch(config-if)#
*Oct 17 12:02:48.407: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi5/5: PD removed
Switch(config-if)# no shut
Switch(config-if)#
*Oct 17 12:02:54.915: %ILPOWER-7-DETECT: Interface Gi5/5: Power Device detected: IEEE PD
Related Commands
Command
Description
logging event link-status global (global Changes the default switch-wide global link-status event
configuration)
messaging settings.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-540
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
action
(Optional) Specifies the action to take on the port when a PoE policing fault
occurs (the device consumes more power than its allocated).
errdisable
(Optional) Enables PoE policing on the interface and places the port in an
errdisable state when a PoE policing fault occurs.
log
(Optional) Enables PoE policing on the interface and, if a PoE policing fault
occurs, shuts, restarts the port, and logs an error message.
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
If a port is in the errdisable state because of a PoE policing fault, enter the shut command followed by
a no shut on the interface to make the port operational again.
You can also configure inline-power errdisable autorecovery so that an errdisabled interface is
automatically revived when the errdisable autorecovery timer expires.
Examples
This example shows how to enable PoE policing and configure a policing action:
Switch(config)# int gigabitEthernet 2/1
Switch(config-if)# power inline police
Switch(config-if)# do show power inline police gigabitEthernet 2/1
Available:421(w) Used:39(w) Remaining:382(w)
Interface Admin
State
--------- -----Gi2/1
auto
Oper
State
---------on
Admin
Police
---------errdisable
Oper
Police
---------ok
Cutoff
Power
-----17.4
Oper
Power
----7.6
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-541
Chapter 2
Interface Admin
State
--------- -----Gi2/1
auto
Related Commands
Oper
State
---------on
Admin
Police
---------log
Oper
Police
---------ok
Cutoff
Power
-----17.4
Oper
Power
----9.6
Command
Description
errdisable recovery
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-542
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
This feature only applies in combined mode when both power supply bays contain the 4200 W AC, 6000
W AC, or 9000W power supply.
power redundancy combined max inputs {x | y}
default power redundancy combined max inputs
Syntax Description
x|y
If 4200W or 6000W power supplies are installed, the valid input range is 2-3.
Note
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.4.0SG Support for this command was introduced on the Catalyst 4500 series switch.
and 15.1(2)SG
Usage Guidelines
Using the combined mode power resiliency feature, you can limit the power usage to a maximum of two
or three (configurable) inputs for 4000W and 6000W power supplies. For 9000W power supplies, you
can limit the power usage to a maximum of 2 to 5 inputs, since the 9000W is a triple input power supply.
With two 4200 W AC or 6000 W AC power supplies, a maximum of four inputs are available. With two
9000W, a maximum of six inputs are available. This feature allows you to cap the power usage to that of
two/three inputs or four/five inputs. If one of the power supplies fails, no loss of power occurs because
you have capped its usage to a smaller number of inputs.
If you have max inputs 3 configured with four "good" (220 V) inputs and you limit the user to 5500 W
instead of 7600 W and one subunit fails or is powered off, you have three quality inputs providing 5500
W and the chassis is powered at the same rate as it was prior to the failure event:
Switch# configuration terminal
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-543
Chapter 2
Here is the output of the show power command prior to invoking this feature:
Switch# show power
sh power
Power
Supply Model No
------ ---------------PS1
PWR-C45-4200ACV
PS1-1
PS1-2
PS2
PWR-C45-4200ACV
PS2-1
PS2-2
Type
--------AC 4200W
110V
110V
AC 4200W
110V
110V
Status
----------good
good
good
good
good
good
Fan
Sensor
------good
Inline
Status
------good
good
good
Maximum
Used
Available
-----------140
1360
0
1850
0
40
-----------140 (not to exceed Total Maximum Available = 2100)
Here is the output after invoking this feature. The combined mode was indicated before
Power supplies needed = 2 in the output of the show power command, combined mode is now indicated
by the phrase Power supplies needed by system: 2 Maximum Inputs = 3.
Switch# show power
sh power
Power
Supply Model No
------ ---------------PS1
PWR-C45-4200ACV
PS1-1
PS1-2
PS2
PWR-C45-4200ACV
PS2-1
PS2-2
Type
--------AC 4200W
110V
110V
AC 4200W
110V
110V
Status
----------good
good
good
good
good
good
Fan
Sensor
------good
Inline
Status
------good
good
good
Maximum
Used
Available
-----------140
2400
0
2000
0
40
-----------140 (not to exceed Total Maximum Available = 2728)
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-544
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Here's another example of combined mode resiliency with 9000W power supply with a maximum of six
active inputs, limited to 3 inputs:
Switch#
Power
Supply
-----PS1
PS1-1
PS1-2
PS1-3
PS2
PS2-1
PS2-2
PS2-3
show power
Model No
---------------PWR-C45-9000ACV
PWR-C45-9000ACV
Type
--------AC 9000W
220V
220V
220V
AC 9000W
220V
220V
220V
Status
----------good
good
good
good
good
good
good
good
Fan
Sensor
------good
Inline
Status
------good
good
good
Maximum
Used
Available
-----------1323
2646
0
6022
40
67
-----------1363 (not to exceed Total Maximum Available = 7412)
Examples
The following example shows how to configure the combined mode resiliency feature when a 9000W
AC power supply is detected.
Note
Note
The maximum inputs part of the command is ignored by all power supplies other than 9000 W AC.
Switch# configure terminal
Switch(config)# power redundancy combined max inputs {2 | 5}
The following example shows how to configure the combined mode resiliency feature if f a 9000W AC
power supply is not detected.
Note
Note
The maximum inputs part of the command is ignored by all power supplies other than the 4200 W AC
or 6000 W AC.
Switch# configure terminal
Switch(config)# power redundancy combined max inputs {2 | 3}
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-545
Chapter 2
Related Commands
Command
Description
show power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-546
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
power redundancy-mode
To configure the power settings for the chassis, use the power redundancy-mode command. To return
to the default setting, use the default form of this command.
power redundancy-mode {redundant | combined}
default power redundancy-mode
Syntax Description
redundant
combined
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Caution
The two power supplies must be the same type and wattage.
If you have power supplies with different types or wattages installed in your switch, the switch will not
recognize one of the power supplies. A switch set to redundant mode will not have power redundancy.
A switch set to combined mode will use only one power supply.
In redundant mode, the power from a single power supply must provide enough power to support the
switch configuration.
Table 2-12 lists the maximum available power for chassis and Power over Ethernet for each power
supply.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-547
Chapter 2
power redundancy-mode
Table 2-12
Power Supply
1000 W AC
1300 W AC
Sharing Ratio
Chassis = 1050
Chassis = 1667
2/3
PoE = 0
PoE = 0
2/3
Chassis = 22674
PoE
Chassis2/3
PoE0
Chassis = 1360
PoE = 0
2800 W AC
Chassis = 2473
9/11
PoE = 0
Chassis = 1360
Chassis = 2473
Chassis79/11
PoE = 1400
PoE = 2333
PoE82/3
1. Chassis power includes power for the supervisor engine(s), all line cards, and the fan tray.
2. The efficiency for the 1400 W DC power supply is 0.75, and 0.96 is applied to PoE.
3. DC input can vary for the 1400 W DC power supply and is configurable.
4. Not available for PoE.
5. Not available for PoE.
6. No voice power.
7. Data-only.
8. Inline power.
Special Considerations for the 4200 W AC, 6000 W AC, and 9000W Power Supplies
The 4200 W AC and 6000 W AC power supply has two inputs: each can be powered at 110 or 220 V.
The 9000 W AC power supply has three inputs: each can be powered at 110 or 220V.
As with other power supplies, the two power supplies must be of the same type (6000 W AC or 4200 W
AC or 9000 W AC). Otherwise, the right power supply is put in err-disable state and the left one is
selected. In addition, all the inputs to the chassis must be at the same voltage. In redundant mode, the
inputs to the left and right power supplies must be identical. If the left and right power supplies are
powered in redundant mode, the power values is based on the power supply with the higher output
wattage.
Note
When the system is powered with a 4200 W, 6000 W, or 9000W power supply either in 110 V or 220 V
combined mode operation, the available power is determined by the configuration of the system (the type
of line cards, the number of line cards, number of ports consuming inline power, etc.) and does not reflect
the absolute maximum power.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-548
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
In a matched redundant power supply configuration, if a power supply submodule fails, the other (good)
power supply provides power to its full capability.
Table 2-13 illustrates how the 4200 W AC power supply is evaluated in redundant mode.
Table 2-13
Power Supply
Chassis Power
Inline Power
110 V
660
700
110 V+110 V
or 220 V
1360
1850
220 V+220 V
1360
3700
In combined mode, all the inputs to the chassis must be at the same voltage.
Table 2-14 illustrates how the 4200 W AC power supply is evaluated in combined mode.
Table 2-14
Power Supply
Chassis Power
Inline Power
1200
1320
1800
2000
2200
3100
2200
3100
2200
4700
2200
6200
Table 2-15 illustrates how the 6000 W AC power supply is evaluated in redundant mode.
Table 2-15
Power Supply
Chassis Power
Inline Power
110 V
850
922
1700
1850
220 V+220 V
2200
4800
In combined mode, all the inputs to the chassis must be at the same voltage.
Table 2-16 illustrates how the 6000 W AC power supply is evaluated in combined mode.
Table 2-16
Power Supply
Chassis Power
Inline Power
1400
1670
2360
2560
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-549
Chapter 2
power redundancy-mode
Table 2-16
Power Supply
Chassis Power
Inline Power
3090
3360
4000
4360
4000
6600
4000
8700
Table 2-17 illustrates how the 9000 W AC power supply is evaluated in redundant mode.
Table 2-17
Power Supply
110VAC
960
1000
1100
1460
2000
2200
1460
2500
3300
220VAC
1460
2500
3000
220VAC + 220VAC
1960
5000
6000
1960
7500
9000
1. Power supply output drawings should not exceed the total power.
Table 2-18 illustrates how the 9000 W AC power supply is evaluated in combined mode.
Table 2-18
Power Supply
Total Power
(W)
1594
1420
1790
2627
3320
3610
2627
4150
5420
2019
3458
4520
1615
2367
3620
1615
2130
2710
2828
4150
4930
3762
8300
10140
3762
14400
17210
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-550
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-18
Power Supply
Total Power
(W)
2939
11250
13440
2168
8300
9890
2168
6225
7410
1. Power supply output drawings should not exceed the total power.
Examples
This example shows how to set the power management mode to combined:
Switch(config)# power redundancy-mode combined
Switch(config)#
Related Commands
Command
Description
show power
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-551
Chapter 2
Syntax Description
Defaults
disabled
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
You must enable PPPoE Intermediate Agent globally on a switch before you can use
PPPoE Intermediate Agent on an interface or interface VLAN.
Examples
Related Commands
Command
Description
pppoe intermediate-agent
(global)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-552
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This command takes effect only if you enable the pppoe intermediate-agent global command.
To enable the PPPoE Intermediate Agent feature on an interface, use the pppoe intermediate-agent
command. To disable the feature, use the no form of this command.
pppoe intermediate-agent
no pppoe intermediate-agent
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
PPPoE Intermediate Agent is enabled on an interface provided the PPPoE Intermediate Agent is enabled
both on the switch and the interface.
Examples
This example shows how to enable the PPPoE Intermediate Agent on an interface:
Switch(config-if)# pppoe intermediate-agent
This example shows how to disable the PPPoE Intermediate Agent on an interface:
Switch(config-if)# no pppoe intermediate-agent
Related Commands
Command
Description
pppoe intermediate-agent
format-type (interface)
pppoe intermediate-agent
limit rate
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-553
Chapter 2
Command
Description
pppoe intermediate-agent
trust
pppoe intermediate-agent
vendor-tag strip
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-554
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This command takes effect only if you enable the pppoe intermediate-agent global command.
To enable PPPoE Intermediate Agent on an interface VLAN range, use the pppoe intermediate-agent
global command. To disable the feature, use the no form of this command.
pppoe intermediate-agent
no pppoe intermediate-agent
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Although this command takes effect irrespective of the pppoe intermediate-agent (interface
configuration mode) command, you must enable the pppoe intermediate-agent (global configuration
mode) command.
Examples
This example shows how to enable PPPoE Intermediate Agent on a range of VLANs:
Switch(config-if)# vlan-range 167-368
Switch(config-if-vlan-range)# pppoe intermediate-agent
This example shows how to disable PPPoE Intermediate Agent on a single VLAN:
Switch(config-if)# vlan-range 268
Switch(config-if-vlan-range)# no pppoe intermediate-agent
Related Commands
Command
Description
pppoe intermediate-agent
(interface)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-555
Chapter 2
Syntax Description
access-node-identifier
string string
generic-error-message
string string
identifier-string string
string
option {sp|sv|pv|spv}
Options:
sp = slot + port
sv = slot + VLAN
pv = port + VLAN
spv = slot + port + VLAN
delimiter {,|.|;|/|#}
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Use the access-node-identifier and identifier-string commands to enable the switch to generate the
circuit-id parameters automatically.
The no form of identifier-string command unsets the option and delimiter.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-556
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Use the generic-error-message command to set an error message notifying the sender that the
PPPoE Discovery packet was too large.
Examples
Related Commands
Command
Description
show pppoe
intermediate-agent interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-557
Chapter 2
This command takes effect only if you enable the pppoe intermediate-agent interface configuration
command.
To set circuit-id or remote-id for an interface, use the pppoe intermediate-agent format-type
command. To unset the parameters, use the no form of this command.
pppoe intermediate-agent format-type {circuit-id | remote-id} string string
no pppoe intermediate-agent format-type {circuit-id | remote-id} string string
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Use the pppoe intermediate-agent format-type command to set interface-specific circuit-id and
remote-id values. If an interface-specific circuit-id is not set, the system's automatic generated circuit-id
value is used.
Examples
Related Commands
Command
Description
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
(interface vlan-range)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-558
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This command takes effect only if you enable the pppoe intermediate-agent interface vlan-range
configuration mode command.
To set circuit-id or remote-id for an interface vlan-range, use the
pppoe intermediate-agent format-type interface vlan-range mode command. To unset the parameters,
use the no form of this command.
pppoe intermediate-agent format-type {circuit-id | remote-id} string string
no pppoe intermediate-agent format-type {circuit-id | remote-id} string string
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Use these commands to set circuit-id or remote-id on an interface vlan-range. If the circuit-id is not set,
the systems automatically generated circuit-id is used.
Examples
Related Commands
Command
Description
pppoe intermediate-agent
(interface vlan-range)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-559
Chapter 2
Syntax Description
number
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
If this command is used and the PPPoE Discovery packets that are received exceeds the rate set, the
interface will be error-disabled (shutdown).
Examples
Related Commands
Command
Description
pppoe intermediate-agent
(interface)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-560
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
At least one trusted interface must be present on the switch for PPPoE Intermediate Agent feature to
work.
Set the interface connecting the switch to the PPPoE Server (or BRAS) as trusted.
Examples
This example shows how to disable the trust configuration for an interface:
Switch(config-if)# no pppoe intermediate-agent trust
Related Commands
Command
Description
pppoe intermediate-agent
vendor-tag strip
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-561
Chapter 2
This command takes effect only if you enable the pppoe intermediate-agent interface configuration
command and the pppoe intermediate-agent trust command.
To enable vendor-tag stripping on PPPoE Discovery packets from PPPoE Server (or BRAS), use the
pppoe intermediate-agent vendor-tag strip command. To disable this setting, use the no form of this
command.
pppoe intermediate-agent vendor-tag strip
no pppoe intermediate-agent vendor-tag strip
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Examples
Related Commands
Command
Description
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-562
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
priority
To enable the strict priority queue (low-latency queueing [LLQ]) and to give priority to a class of traffic
belonging to a policy map attached to a physical port, use the priority policy-map class configuration
command. To return to the default setting, use the no form of this command.
priority
no priority
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Use the priority command only in a policy map attached to a physical port. You can use this command
only in class-level classes, you cannot use this command in class class-default.
This command configures LLQ and provides strict-priority queueing. Strict-priority queueing enables
delay-sensitive data, such as voice, to be sent before packets in other queues are sent. The priority queue
is serviced first until it is empty.
You cannot use the bandwidth, dbl, and the shape policy-map class configuration commands with the
priority policy-map class configuration command in the same class within the same policy map.
However, you can use these commands in the same policy map.
You can use police or set class configuration commands with the priority police-map class configuration
command.
If the priority queuing class is not rate limited, you cannot use the bandwidth command, you can use the
bandwidth remaining percent command instead.
Examples
This example shows how to enable the LLQ for the policy map called policy1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class voice
Switch(config-pmap-c)# priority
You can verify your settings by entering the show policy-map privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-563
Chapter 2
priority
Related Commands
Command
Description
bandwidth
class
Specifies the name of the class whose traffic policy you want to
create or change.
dbl
policy-map
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-564
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
private-vlan
To configure private VLANs and the association between a private VLAN and a secondary VLAN, use
the private-vlan command. To return to the default value, use the no form of this command.
private-vlan {isolated | community | twoway-community | primary}
private-vlan association secondary-vlan-list [{add secondary-vlan-list} |
{remove secondary-vlan-list}]
no private-vlan {isolated | community | twoway-community | primary}
no private-vlan association
Syntax Description
isolated
community
twoway-community
primary
association
secondary-vlan-list
add
remove
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(20)EW
15.0(2)SG
Usage Guidelines
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-565
Chapter 2
private-vlan
The secondary_vlan_list parameter cannot contain spaces; it can contain multiple comma-separated
items. Each item can be a single private VLAN ID or a range of private VLAN IDs separated by hyphens.
The secondary_vlan_list parameter can contain multiple community VLAN IDs.
The secondary_vlan_list parameter can contain only one isolated VLAN ID. A private VLAN is defined
as a set of private ports characterized by a common set of VLAN number pairs: each pair is made up of
at least two special unidirectional VLANs and is used by isolated ports or by a community of ports to
communicate with the switches.
An isolated VLAN is a VLAN that is used by the isolated ports to communicate with the promiscuous
ports. The isolated VLAN traffic is blocked on all other private ports in the same VLAN and can be
received only by the standard trunking ports and the promiscuous ports that are assigned to the
corresponding primary VLAN.
A community VLAN is the VLAN that carries the traffic among the community ports and from the
community ports to the promiscuous ports on the corresponding primary VLAN. A community VLAN
is not allowed on a private VLAN trunk.
A promiscuous port is a private port that is assigned to a primary VLAN.
A primary VLAN is a VLAN that is used to convey the traffic from the switches to the customer end
stations on the private ports.
You can specify only one isolated vlan-id value, while multiple community VLANs are allowed. You
can only associate isolated and community VLANs to one VLAN. The associated VLAN list may not
contain primary VLANs. Similarly, a VLAN that is already associated to a primary VLAN cannot be
configured as a primary VLAN.
The private-vlan commands do not take effect until you exit the config-VLAN submode.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become
inactive.
Refer to the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide for additional
configuration guidelines.
Examples
This example shows how to configure VLAN 202 as a primary VLAN and verify the configuration:
Switch# configure terminal
Switch(config)# vlan 202
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
This example shows how to configure VLAN 303 as a community VLAN and verify the configuration:
Switch# configure terminal
Switch(config)# vlan 303
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
303
community
This example shows how to configure VLAN 440 as an isolated VLAN and verify the configuration:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-566
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to create a private VLAN relationship among the primary VLAN 14, the
isolated VLAN 19, and community VLANs 20 and 21:
Switch(config)# vlan 19
Switch(config-vlan) # private-vlan isolated
Switch(config)# vlan 14
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association 19
This example shows how to remove a private VLAN relationship and delete the primary VLAN. The
associated secondary VLANs are not deleted.
Switch(config-vlan)# no private-vlan 14
Switch(config-vlan)#
This example shows how to configure VLAN 550 as a twoway-community VLAN and verify the
configuration:
Switch# configure terminal
Switch(config)# vlan 550
Switch(config-vlan)# private-vlan twoway-community
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
303
community
440
isolated
550
twoway-community
This example shows how to associate community VLANs 303 through 307 and 309 and isolated VLAN
440 with primary VLAN 202 and verify the configuration:
Switch# configure terminal
Switch(config)# vlan 202
Switch(config-vlan)# private-vlan association 303-307,309,440
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary
------202
202
202
202
202
202
202
Secondary
--------303
304
305
306
307
309
440
308
Type
Interfaces
----------------- -----------------------------------------community
community
community
community
community
community
isolated
community
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-567
Chapter 2
private-vlan
Note
This example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the
configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 202 440
Switch(config-if)# end
Switch# show interfaces fastethernet 5/1 switchport
Name: Fa5/1
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Appliance trust: none
Administrative Private Vlan
Host Association: 202 (VLAN0202) 440 (VLAN0440)
Promiscuous Mapping: none
Trunk encapsulation : dot1q
Trunk vlans:
Operational private-vlan(s):
202 (VLAN0202) 440 (VLAN0440)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Related Commands
Command
Description
show vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-568
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
private-vlan mapping
To create a mapping between the primary and the secondary VLANs so that both share the same primary
VLAN SVI, use the private-vlan mapping command. To remove all PVLAN mappings from an SVI, use
the no form of this command.
private-vlan mapping primary-vlan-id {[secondary-vlan-list | {add secondary-vlan-list} |
{remove secondary-vlan-list}]}
no private-vlan mapping
Syntax Description
primary-vlan-id
secondary-vlan-list
add
remove
(Optional) Removes the mapping between the secondary VLAN and the
primary VLAN.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple, comma-separated
items. Each item can be a single PVLAN ID or a range of PVLAN IDs separated by hyphens.
This command is valid in the interface configuration mode of the primary VLAN.
The SVI of the primary VLAN is created at Layer 3.
The traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN.
The SVIs of the existing secondary VLANs do not function and are considered down after this command
is entered.
A secondary SVI can be mapped to only one primary SVI. If the configured PVLANs association is
different from what is specified in this command (if the specified primary-vlan-id is configured as a
secondary VLAN), all the SVIs that are specified in this command are brought down.
If you configure a mapping between two VLANs that do not have a valid Layer 2 association, the
mapping configuration does not take effect.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-569
Chapter 2
private-vlan mapping
Examples
This example shows how to map the interface of VLAN 20 to the SVI of VLAN 18:
Switch(config)# interface vlan 18
Switch(config-if)# private-vlan mapping 18 20
Switch(config-if)#
This example shows how to permit the routing of the secondary VLAN ingress traffic from PVLANs 303
through 307, 309, and 440 and how to verify the configuration:
Switch# config terminal
Switch(config)# interface vlan 202
Switch(config-if)# private-vlan mapping add 303-307,309,440
Switch(config-if)# end
Switch# show interfaces private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- ----------------vlan202
303
isolated
vlan202
304
isolated
vlan202
305
isolated
vlan202
306
isolated
vlan202
307
isolated
vlan202
309
isolated
vlan202
440
isolated
Switch#
This example shows the displayed message that you will see if the VLAN that you are adding is already
mapped to the SVI of VLAN 18. You must delete the mapping from the SVI of VLAN 18 first.
Switch(config)# interface vlan 19
Switch(config-if)# private-vlan mapping 19 add 21
Command rejected: The interface for VLAN 21 is already mapped as s secondary.
Switch(config-if)#
This example shows how to remove all PVLAN mappings from the SVI of VLAN 19:
Switch(config)# interface vlan 19
Switch(config-if)# no private-vlan mapping
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-570
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
show vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-571
Chapter 2
private-vlan synchronize
private-vlan synchronize
To map the secondary VLANs to the same instance as the primary VLAN, use the private-vlan
synchronize command.
private-vlan synchronize
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If you do not map the VLANs to the same instance as the associated primary VLAN when you exit the MST
configuration submode, a warning message displays and lists the secondary VLANs that are not mapped
to the same instance as the associated primary VLAN. The private-vlan synchronize command
automatically maps all secondary VLANs to the same instance as the associated primary VLANs.
Examples
This example assumes that a primary VLAN 2 and a secondary VLAN 3 are associated to VLAN 2, and that
all VLANs are mapped to the CIST instance 1. This example also shows the output if you try to change the
mapping for the primary VLAN 2 only:
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# instance 1 vlan 2
Switch(config-mst)# exit
These secondary vlans are not mapped to the same instance as their primary:
->3
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-572
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
profile
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode, use the profile command.
profile profile_name
Syntax Description
profile_name
Defaults
Command Modes
cfg-call-home
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When you enter the profile profile_name command in call-home mode, the prompt changes to
Switch(cfg-call-home-profile)#, and you have access to the following profile configuration commands:
active
destination address
destination preferred-msg-format
destination transport-method
end
exit
subscribe-to-alert-group all
subscribe-to-alert-group configuration
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-573
Chapter 2
profile
Examples
This example shows how to create and configure a user-defined call-home profile:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination transport-method http
Switch(cfg-call-home-profile)# destination address http
https://172.17.46.17/its/service/oddce/services/DDCEService
Switch(cfg-call-home-profile)# subscribe-to-alert-group configuration
Switch(cfg-call-home-profile)# subscribe-to-alert-group diagnostic severity normal
Switch(cfg-call-home-profile)# subscribe-to-alert-group environment severity notification
Switch(cfg-call-home-profile)# subscribe-to-alert-group syslog severity notification
pattern "UPDOWN"
Switch(cfg-call-home-profile)# subscribe-to-alert-group inventory periodic daily 21:12
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
subscribe-to-alert-group all
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-574
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
profile flow
To enable Media Services Proxy (MSP), use the the profile flow command. To return to the default
setting, use the no form of this command
profile flow
no profile flow
Syntax Description
Defaults
Command Modes
config
Command History
Release
Modification
Release IOS XE
3.4.0SG and IOS
15.1(2)SG)
Usage Guidelines
You must configure the MSP profile flow command to activate the MSP platform Packet parser. This is
because the the MSP device handler is tightly coupled with MSP flow parser. Not enabling this CLI
means that MSP will not send SIP, H323 notifications to IOS sensor.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-575
Chapter 2
Syntax Description
Defaults
On Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948E, policers
account only for the Layer 2 header length in policing features. In contrast, shapers account for header
length as well as IPG in rate calculations.
Command Modes
Global configuration
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948E use the qos
account layer-all encapsulation command to account for Layer 1 header of 20 bytes ( preamble + IPG)
and Layer 2 header in policing features. When this command is configured, policer statistics ( in bytes )
observed in the output of the show policy-map interface command reflect the Layer 1 header length as
well ( 20 bytes per packet).
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-576
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
arpa
dot1q
isl
length len
Specifies the a dditional packet length to account for; the valid range is from 0 to
64 bytes.
Defaults
On Supervisor Engine 6E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948-E, the length
that is specified in the Ethernet header is considered for both IP and non-IP packets. The Layer 2 length
includes the VLAN tag overhead.
Command Modes
Command History
Release
Modification
12.1(19)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Note
On Supervisor Engine 6E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948-E, shaping and
sharing always use Ethernet ARPA length to which 20 bytes of IPv6 overhead is always added for
policing. However, only Layer 2 length including VLAN tag overhead is considered.
The given length is included when policing all IP packets irrespective of the encapsulation with which
it was received. When qos account layer2 encapsulation isl is configured, a fixed length of 48 bytes is
included when policing all IP packets, not only those IP packets that are received with ISL encapsulation.
Sharing and shaping use the length that is specified in the Layer 2 headers.
Examples
This example shows how to include an additional 18 bytes when policing IP packets:
Switch# config terminal
Switch(config)# qos account layer2 encapsulation length 18
Switch (config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-577
Chapter 2
This example shows how to disable the consistent accounting of the Layer 2 encapsulation by the QoS
features:
Switch# config terminal
Switch(config)# no qos account layer2 encapsulation
Switch (config)# end
Switch #
Related Commands
Command
Description
show interfaces
switchport
switchport block
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-578
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
qos trust
To set the trusted state of an interface (for example, whether the packets arriving at an interface are
trusted to carry the correct CoS, ToS, and DSCP classifications), use the qos trust command. To set an
interface to the untrusted state, use the no form of this command.
qos trust {cos | device cisco-phone | dscp | extend [cos priority]}
no qos trust {cos | device cisco-phone | dscp | extend [cos priority]}
Syntax Description
Defaults
cos
Specifies that the CoS bits in incoming frames are trusted and derives the
internal DSCP value from the CoS bits.
device cisco-phone
dscp
Specifies that the ToS bits in the incoming packets contain a DSCP value.
extend
Specifies to extend the trust to Port VLAN ID (PVID) packets coming from
the PC.
cos priority
(Optional) Specifies that the CoS priority value is set to PVID packets; valid
values are from 0 to 7.
Command Modes
Command History
Release
Usage Guidelines
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(11)EW
12.1(19)EW
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
You can only configure the trusted state on physical LAN interfaces.
By default, the trust state of an interface when QoS is enabled is untrusted; when QoS is disabled on the
interface, the trust state is reset to trust DSCP.
When the interface trust state is qos trust cos, the transmit CoS is always the incoming packet CoS (or
the default CoS for the interface, if the packet is not tagged).
When the interface trust state is not qos trust dscp, the security and QoS ACL classification will always
use the interface DSCP and not the incoming packet DSCP.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-579
Chapter 2
qos trust
Trusted boundary should not be configured on the ports that are part of an EtherChannel (that is, a port
channel).
Examples
This example shows how to set the trusted state of an interface to CoS:
Switch(config-if)# qos trust cos
Switch(config-if)#
This example shows how to set the trusted state of an interface to DSCP:
Switch(config-if)# qos trust dscp
Switch(config-if)#
This example shows how to set the Cisco phone as the trust device:
Switch(config-if)# qos trust device cisco-phone
Switch(config-if)#
Related Commands
Command
Description
queue-limit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-580
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
queue-limit
To specify or modify the maximum number of packets the queue can hold for a class policy configured
in a policy map, use the queue-limit command. To remove the queue packet limit from a class, use the
no form of this command.
queue-limit number-of-packets
no queue-limit number-of-packets
Syntax Description
number-of-packets
Defaults
By default, each physical interface on a Catalyst 4500 switch has a default queue based on the number
of slots in a chassis and the number of ports on the linecards.
Command Modes
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
Number of packets that the queue for this class can accumulate; valid range
is 16 to 8184. This number must be a multiple of 8.
This class-based queuing (CBQ) command applies only to the Supervisor Engine 6-E as part of the MQC
support on the Catalyst 4500 Supervisor Engine.
By default, each physical interface on a Catalyst 4500 switch comes up with a default queue. The size
of this queue is based on the number of slots in a chassis as well as the number of ports on the line card
in each slot. The switch supports 512K queue entries of which 100 K are set aside as a common sharable
pool. The remaining 412 K entries are equally distributed among the slots. Each slot further divides its
allocated queue entries equally among its ports.
CBQ creates a queue for every class for which a class map is defined. Packets satisfying the match
criterion for a class accumulate in the queue reserved for the class until they are sent, which occurs when
the queue is serviced by the fair queuing process. When the maximum packet threshold you defined for
the class is reached, queuing of any further packets to the class queue causes tail drop or, if DBL is
configured for the class policy, packet drop to take effect.
Note
The queue-limit command is supported only after you first configure a scheduling action, such as
bandwidth, or priority, except when you configure queue-limit in the class-default class of an output QoS
policy-map.s
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-581
Chapter 2
queue-limit
Examples
This example shows how to configure a policy-map called policy11 to contain policy for a class called
acl203. Policy for this class is set so that the queue reserved for it has a maximum packet limit of 40:
Switch# configure terminal
Switch (config)# policy-map policy11
Switch (config-pmap)# class acl203
Switch (config-pmap-c)# bandwidth 2000
Switch (config-pmap-c)# queue-limit 40
Switch (config-pmap-c)# end
Switch#
Related Commands
Command
Description
bandwidth
class
Specifies the name of the class whose traffic policy you want to
create or change.
policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-582
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
redundancy
To enter the redundancy configuration mode, use the redundancy command in the global configuration
mode.
redundancy
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R and 4510R only).
Usage Guidelines
The redundancy configuration mode is used to enter the main CPU submode.
To enter the main CPU submode, use the main-cpu command in the redundancy configuration mode.
The main CPU submode is used to manually synchronize the configurations on the two supervisor
engines.
From the main CPU submode, use the auto-sync command to enable automatic synchronization of the
configuration files in NVRAM.
Use the no command to disable redundancy. If you disable redundancy, then reenable redundancy, the
switch returns to default redundancy settings.
Use the exit command to exit the redundancy configuration mode.
Examples
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-583
Chapter 2
redundancy
Command
Description
auto-sync
main-cpu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-584
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
ignore
validate
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
12.2(44)SG
Usage Guidelines
To display all mismatched commands, use the show redundancy config-sync failures mcl command.
To clean the MCL, remove all mismatched commands from the active supervisor engines running
configuration, revalidate the MCL with a modified running configuration using the redundancy
config-sync validate mismatched-commands command, then reload the standby supervisor engine.
You could also ignore the MCL by entering the redundancy config-sync ignore
mismatched-commands command and reloading the standby supervisor engine; the system changes to
SSO mode.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-585
Chapter 2
Note
If you ignore the mismatched commands, the out-of-sync configuration at the active supervisor
engine and the standby supervisor engine still exists.
You can verify the ignored MCL with the show redundancy config-sync ignored mcl command.
If SSO mode cannot be established between the active and standby supervisor engines because of an
incompatibility in the configuration file, a mismatched command list (MCL) is generated at the active
supervisor engine and a reload into RPR mode is forced for the standby supervisor engine. Subsequent
attempts to establish SSO, after removing the offending configuration and rebooting the standby
supervisor engine with the exact same image, might cause the
C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL and
ISSU-3-PEER_IMAGE_INCOMPATIBLE messages to appear because the peer image is listed as
incompatible. If the configuration problem can be corrected, you can clear the peer image from the
incompatible list with the redundancy config-sync ignore mismatched-commands EXEC command
while the peer is in a standby cold (RPR) state. This action allows the standy supervisor engine to boot
in standby hot (SSO) state when it reloads.
Examples
This example shows how to validate removal of entries from the MCL:
Switch# redundancy config-sync validate mismatched-commands
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-586
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
redundancy force-switchover
To force a switchover from the active to the standby supervisor engine, use the redundancy
force-switchover command.
redundancy force-switchover
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R only).
Usage Guidelines
Before using this command, refer to the Performing a Software Upgrade section of the Catalyst 4500
Series Switch Cisco IOS Software Configuration Guide for additional information.
The redundancy force-switchover command conducts a manual switchover to the redundant supervisor
engine. The redundant supervisor engine becomes the new active supervisor engine running the
Cisco IOS image. The modules are reset.
The old active supervisor engine reboots with the new image and becomes the standby supervisor engine.
Examples
This example shows how to switch over manually from the active to the standby supervisor engine:
Switch# redundancy force-switchover
Switch#
Related Commands
Command
Description
redundancy
show redundancy
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-587
Chapter 2
redundancy reload
redundancy reload
To force a reload of one or both supervisor engines, use the redundancy reload command.
redundancy reload {peer | shelf}
Syntax Description
peer
shelf
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R only).
Usage Guidelines
Before using this command, refer to the Performing a Software Upgrade section of the Catalyst 4500
Series Switch Cisco IOS Software Configuration Guide for additional information.
The redundancy reload shelf command conducts a reboot of both supervisor engines. The modules are
reset.
Examples
This example shows how to manually reload one or both supervisor engines:
Switch# redundancy reload shelf
Switch#
Related Commands
Command
Description
redundancy
show redundancy
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-588
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
mod
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command applies only to the Access Gateway Module on Catalyst 4500 series switches.
The valid values for mod depends on the chassis used. For example, if you have a Catalyst 4506 chassis,
valid values for the module are from 2 to 6. If you have a 4507R chassis, valid values are from 3 to 7.
When you execute the remote login module mod command, the prompt changes to Gateway#
The remote login module command is identical to the session module mod and the attach module mod
commands.
Examples
This example shows how to remotely log in to the Access Gateway Module:
Switch# remote login module 5
Attaching console to module 5
Type 'exit' at the remote prompt to end the session
Gateway>
Related Commands
Command
Description
attach module
session module
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-589
Chapter 2
remote-span
remote-span
To convert a VLAN into an RSPAN VLAN, use the remote-span command. To convert an RSPAN
VLAN to a VLAN, use the no form of this command.
remote-span
no remote-span
Syntax Description
Defaults
RSPAN is disabled.
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
monitor session
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-590
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
validation none
(Optional) Specifies that the checksum associated with the contents of the file
specified by the URL is not verified.
url
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the URL is not provided, the switch tries to read the file from the configured URL.
Examples
This example shows how to renew the DHCP binding database while bypassing the CRC checks:
Switch# renew ip dhcp snooping database validation none
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-591
Chapter 2
Syntax Description
vlan-id
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
The VLAN ID range is from 1 to 4094. The default is VLAN 1; the range to
configure is 2 to 4094.
If the VLAN does not already exist, this command does not create the VLAN.
To avoid the delay introduced by relaying messages in software for link-failure or VLAN-blocking
notification during load balancing, REP floods packets at the hardware flood layer (HFL) to a regular
multicast address. These messages are flooded to the whole network, not just the REP segment. Switches
that do not belong to the segment treat them as data traffic. Configuring an administrative VLAN for the
whole domain can control flooding of these messages.
If no REP administrative VLAN is configured, the default is VLAN 1.
There can be only one administrative VLAN on a switch and on a segment.
The administrative VLAN cannot be the RSPAN VLAN.
Examples
This example shows how to configure VLAN 100 as the REP administrative VLAN:
Switch(config)# rep admin vlan 100
You can verify your settings by entering the show interface rep detail privileged EXEC command.
Related Commands
Command
Description
Displays detailed REP configuration and status for all interfaces or the
specified interface, including the administrative VLAN.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-592
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
id port-id
Identify the VLAN blocking alternate port by entering the unique port ID that is
automatically generated when REP is enabled. The REP port ID is a 16-character
hexadecimal value. You can view the port ID for an interface by entering the show
interface interface-id rep detail command.
neighbor_offset
Identify the VLAN blocking alternate port by entering the offset number of a
neighbor. The range is 256 to +256; a value of 0 is invalid. The primary edge port
has an offset number of 1; positive numbers above 1 identify downstream
neighbors of the primary edge port. Negative numbers identify the secondary edge
port (offset number -1) and its downstream neighbors.
preferred
Identify the VLAN blocking alternate port as the segment port on which you
entered the rep segment segment-id preferred interface configuration command.
Note
Defaults
Entering the preferred keyword does not ensure that the preferred port is
the alternate port; it gives it preference over other similar ports.
vlan
vlan-list
all
The default behavior after you enter the rep preempt segment privileged EXEC command (for manual
preemption) is to block all VLANs at the primary edge port. This behavior remains until you configure
the rep block port command.
If the primary edge port cannot determine which port is to be the alternate port, the default action is no
preemption and no VLAN load balancing.
Command Modes
Interface configuration
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
You must enter this command on the REP primary edge port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-593
Chapter 2
When you select an alternate port by entering an offset number, this number identifies the downstream
neighbor port of an edge port. The primary edge port has an offset number of 1; positive numbers above
1 identify downstream neighbors of the primary edge port. Negative numbers identify the secondary
edge port (offset number -1) and its downstream neighbors. See Neighbor Offset Numbers in a REP
SegmentFigure 2-2.
Neighbor Offset Numbers in a REP Segment
Uplink
switch B
Uplink
switch C
Forwarding
(1-50)
gi2/0/6
Forwarding
(51-100)
gi2/0/8
Switch A
Note
201398
Figure 2-2
You would never enter an offset value of 1 because that is the offset number of the primary edge port
itself.
If you have configured a preempt delay time by entering the rep preempt delay seconds interface
configuration command and a link failure and recovery occurs, VLAN load balancing begins after the
configured preemption time period elapses without another link failure. The alternate port specified in
the load-balancing configuration blocks the configured VLANs and unblocks all other segment ports. If
the primary edge port cannot determine the alternate port for VLAN balancing, the default action is no
preemption.
Each port in a segment has a unique port ID. The port ID format is similar to the one used by the spanning
tree algorithm: a port number (unique on the bridge) associated to a MAC address (unique in the
network). To determine the port ID of a port, enter the show interface interface-id rep detail privileged
EXEC command.
There is no limit to the number of times that you can enter the rep block port id port-id vlan vlan-list
interface configuration command. You can block an unlimited number, range, or sequence of VLANs.
When you use the rep block port id port-id vlan vlan-list interface configuration command on a REP
primary edge port to block a VLAN list and then use the same command to block another VLAN list on
the same port, the second VLAN list does not replace the first VLAN list but is appended to the first
VLAN list.
When you use the rep block port id port-id vlan vlan-list interface configuration command on a REP
primary edge port to block a VLAN list on one port and then use the same command to block another
VLAN list on another port, the original port number and VLAN list are overwritten.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-594
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to configure REP VLAN load balancing on the Switch B primary edge port
(Gigabit Ethernet port 1/0/1) and to configure Gigabit Ethernet port 1/1 of Switch A as the alternate port
to block VLANs 1 to 100. The alternate port is identified by its port ID, shown in bold in the output of
the show interface rep detail command for the Switch A port.
Switch A# show interface gigabitethernet1/1 rep detail
GigabitEthernet1/1 REP enabled
Segment-id: 2 (Segment)
PortID: 0080001647FB1780
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 007F001647FB17800EEE
Port Role: Open
Blocked Vlan: <empty>
Admin-vlan: 1
Preempt Delay Timer: 35 sec
Load-balancing block port: none
Load-balancing block vlan: none
STCN Propagate to:
PDU/TLV statistics:
LSL PDU rx: 107122, tx: 192493
Switch
Switch
Switch
Switch
B# config t
(config)# interface gigabitethernet1/0/1
(config-if)# rep block port id 0080001647FB1780 vlan 1-100
(config-if)# exit
This example shows how to configure VLAN load balancing by using a neighbor offset number and how
to verify the configuration by entering the show interfaces rep detail privileged EXEC command:
Switch# config t
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep block port 6 vlan 1-110
Switch (config-if)# end
Switch# show interface GigabitEthernet1/1 rep detail
GigabitEthernet1/1 REP enabled
Segment-id: 2 (Segment)
PortID: 0080001647FB1780
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 007F001647FB178009C3
Port Role: Open
Blocked Vlan: <empty>
Admin-vlan: 3
Preempt Delay Timer: 35 sec
Load-balancing block port: 6
Load-balancing block vlan: 1-110
STCN Propagate to: none
LSL PDU rx: 1466780, tx: 3056637
HFL PDU rx: 2, tx: 0
BPA TLV rx: 1, tx: 2119695
BPA (STCN, LSL) TLV rx: 0, tx: 0
BPA (STCN, HFL) TLV rx: 0, tx: 0
EPA-ELECTION TLV rx: 757406, tx: 757400
EPA-COMMAND TLV rx: 1, tx: 1
EPA-INFO TLV rx: 178326, tx: 178323
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-595
Chapter 2
Related Commands
Command
Description
Configures a waiting period after a segment port failure and recovery before
REP VLAN load balancing is triggered.
Displays REP detailed configuration and status for all interfaces or the
specified interface, including the administrative VLAN.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-596
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
rep lsl-age-timer
Use the rep lsl-age-timer interface configuration command on a Resilient Ethernet Protocol (REP) port
to configure the Link Status Layer (LSL) age timer for the time period that the REP interface remains
up without receiving a hello from the REP neighbor. Use the no form of this command to return to the
default time.
rep lsl-age timer value
no rep lsl-age timer
Syntax Description
value
Defaults
The REP link shuts down if it does not receive a hello message from a neighbor within 5000 ms.
Command Modes
Interface configuration
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
The age-out time in milliseconds. The range is from 120 to 10000 ms in 40-ms
increments. The default is 5000 ms (5 seconds).
The LSL hello timer is set to the age-timer value divided by 3 so that there should be at least two LSL
hellos sent during the LSL age-timer period. If no hellos are received within that time, the REP link shuts
down.
In Cisco IOS Release 12.2(52)SE, the LSL age-timer range changed from 3000 to 10000 ms in 500-ms
increments to 120 to 10000 ms in 40-ms increments. If the REP neighbor device is not running Cisco
IOS Release 12.2(52)SE or later, you must use the shorter time range because the device does not accept
values out of the earlier range.
EtherChannel port channel interfaces do not support LSL age-timer values less than 1000 ms. If you try
to configure a value less than 1000 ms on a port channel, you receive an error message and the command
is rejected.
Examples
This example shows how to configure the REP LSL age timer on a REP link to 7000 ms:
Switch(config)# interface GigabitEthernet1/1
Switch(config-if)# rep lsl-age-timer 7000
Switch(config-if)# exit
You can verify the configured ageout time by entering the show interfaces rep detail privileged EXEC
command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-597
Chapter 2
rep lsl-age-timer
Related Commands
Command
Description
Displays REP configuration and status for all interfaces or the specified
interface, including the configured LSL age-out timer value.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-598
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
seconds
Defaults
No preemption delay is set. If you do not enter the rep preempt delay command, the default is manual
preemption with no delay.
Command Modes
Interface configuration
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
Set the number of seconds to delay REP preemption. The range is 15 to 300.
You must enter this command on the REP primary edge port.
You must enter this command and configure a preempt time delay if you want VLAN load balancing to
automatically trigger after a link failure and recovery.
If VLAN load balancing is configured, after a segment port failure and recovery, the REP primary edge
port starts a delay timer before VLAN load balancing occurs. Note that the timer restarts after each link
failure. When the timer expires, the REP primary edge alerts the alternate port to perform VLAN load
balancing (configured by using the rep block port interface configuration command) and prepares the
segment for the new topology. The configured VLAN list is blocked at the alternate port, and all other
VLANs are blocked at the primary edge port.
Do not configure VLAN load balancing on an interface that carries Ethernet over multiprotocol label
switching (EoMPLS) traffic. VLAN load balancing across the REP ring might cause some of the
EoMPLS traffic to not be forwarded.
Examples
This example shows how to configure REP preemption time delay of 100 seconds on the primary edge
port:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# rep preempt delay 100
Switch(config-if)# exit
You can verify your settings by entering the show interfaces rep privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-599
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-600
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
segment-id
Defaults
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
When you enter the rep preempt segment segment-id command, a confirmation message appears before
the command is executed because preemption can cause network disruption.
Enter this command on the switch on the segment that has the primary edge port.
If you do not configure VLAN load balancing, entering this command results in the default
behaviorthe primary edge port blocks all VLANs.
You configure VLAN load balancing by entering the rep block port {id port-id | neighbor_offset |
preferred} vlan {vlan-list | all} interface configuration command on the REP primary edge port before
you manually start preemption.
There is not a no version of this command.
Examples
This example shows how to manually trigger REP preemption on segment 100 with the confirmation
message:
Switch)# rep preempt segment 100
The command will cause a momentary traffic disruption.
Do you still want to continue? [confirm]
Related Commands
Command
Description
show interfaces rep [detail] Displays REP configuration and status for all interfaces or the specified
interface.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-601
Chapter 2
rep segment
rep segment
Use the rep segment interface configuration command to enable Resilient Ethernet Protocol (REP) on
the interface and to assign a segment ID to it. Use the no form of this command to disable REP on the
interface.
rep segment segment-id [edge [no-neighbor] [primary]] [preferred]
no rep segment
Syntax Description
segment-id
edge
(Optional) Identify the interface as one of the two REP edge ports. Entering the edge
keyword without the primary keyword configures the port as the secondary edge
port.
no-neighbor
primary
(Optional) On an edge port, specify that the port is the primary edge port. A segment
has only one primary edge port. If you configure two ports in a segment as the
primary edge port, for example ports on different switches, the REP selects one of
them to serve as the segment primary edge port.
preferred
(Optional) Specify that the port is the preferred alternate port or the preferred port
for VLAN load balancing.
Configuring a port as preferred does not guarantee that it becomes the
alternate port; it merely gives it a slight edge among equal contenders. The
alternate port is usually a previously failed port.
Note
Defaults
Command Modes
Interface configuration
Command History
Release
Modification
12.2(44)SG
15(02)SG
Usage Guidelines
REP ports must be Layer 2 trunk ports. A non-ES REP port can be either an IEEE 802.1Q trunk port or
an ISL trunk port.
REP ports should not be configured as one of these port types:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-602
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Tunnel port
Access port
You must configure two edge ports on each REP segment, a primary edge port and a port to act as a
secondary edge port. If you configure two ports in a segment as the primary edge port, for example ports
on different switches, the configuration is allowed, but the REP selects one of them to serve as the
segment primary edge port.
REP is supported on EtherChannels, but not on an individual port that belongs to an EtherChannel.
segment ports, or one regular port and one edge no-neighbor port. An edge port and regular
segment port on a switch cannot belong to the same segment.
If two ports on a switch belong to the same segment and one is configured as an edge port and
one as a regular segment port (a misconfiguration), the edge port is treated as a regular segment
port.
If you configure two ports in a segment as the primary edge port, for example ports on different switches,
the REP selects one of them to serve as the segment primary edge port. Enter the show rep topology
privileged EXEC command on a port in the segment to verify which port is the segment primary edge
port.
REP interfaces come up in a blocked state and remain in a blocked state until notified that it is safe to
unblock. You need to be aware of this to avoid sudden connection losses.
You should configure REP only in networks with redundancy. Configuring REP in a network without
redundancy causes loss of connectivity.
In networks where ports on a neighboring switch do not support REP, you can configure the non-REP
facing ports as edge no-neighbor ports. These ports inherit all properties of edge ports and you can
configure them as any other edge port, including to send STP or REP topology change notices to the
aggregation switch. In this case, the STP topology change notice (TCN) that is sent is a multiple
spanning-tree (MST) STP message.
Examples
This example shows how to enable REP on a regular (nonedge) segment port:
Switch (config)# interface gigabitethernet1/0/1
Switch (config-if)# rep segment 100
This example shows how to enable REP on a port and identify the port as the REP primary edge port:
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep segment 100 edge primary
This example shows how to configure the same configuration when the interface has no external REP
neighbor:
Switch# configure terminal
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep segment 100 edge no-neighbor primary
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-603
Chapter 2
rep segment
This example shows how to enable REP on a port and identify the port as the REP secondary edge port:
Switch (config)# interface GigabitEthernet1/1
Switch (config-if)# rep segment 100 edge
You can verify your settings by entering the show interfaces rep privileged EXEC command. To verify
which port in the segment is the primary edge port, enter the show rep topology privileged EXEC
command.
Related Commands
Command
Description
Displays REP configuration and status for all interfaces or the specified
interface.
Displays information about all ports in the segment, including which one was
configured and selected as the primary edge port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-604
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
rep stcn
Use the rep stcn interface configuration command on a Resilient Ethernet Protocol (REP) edge port to
configure the port to send REP segment topology change notifications (STCNs) to another interface, to
other segments, or to Spanning Tree Protocol (STP) networks. Use the no form of this command to
disable the sending of STCNs to the interface, segment, or STP network.
rep stcn {interface interface-id | segment id-list | stp}
no rep stcn {interface | segment | stp}
Syntax Description
Identify one REP segment or list of segments to receive STCNs. The range is 1
to 1024. You can also configure a sequence of segments (for example 3-5, 77,
100).
stp
Defaults
Command Modes
Interface configuration
Command History
Release
Modification
12.2(44)SG
Usage Guidelines
Examples
This example shows how to configure a REP edge port to send STCNs to segments 25 to 50:
Switch (config)# interface GigabitEthernet1/1
Switch (config-if)# rep stcn segment 25-50
Switch (config-if)# exit
You can verify your settings by entering the show interfaces rep detail privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-605
Chapter 2
rep stcn
Related Commands
Command
Description
Displays REP configuration and status for all interfaces or the specified
interface.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-606
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
reset
To leave the proposed new VLAN database but remain in VLAN configuration mode and reset the
proposed new database to be identical to the VLAN database currently implemented, use the reset
command.
reset
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to reset the proposed new VLAN database to the current VLAN database:
Switch(vlan-config)# reset
RESET completed.
Switch(vlan-config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-607
Chapter 2
revision
revision
To set the MST configuration revision number, use the revision command. To return to the default settings,
use the no form of this command.
revision version
no revision
Syntax Description
version
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Caution
Examples
If two Catalyst 4500 series switches have the same configuration but have different configuration
revision numbers, they are considered to be part of two different regions.
Be careful when using the revision command to set the MST configuration revision number because a
mistake can put the switch in a different region.
Related Commands
Command
Description
instance
name
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-608
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To activate sampling on an interface in netflow-lite monitor submode, use the sampler command. To
delete a sampler, use the no form of this command.
sampler sampler-name
no sampler sampler-name
Syntax Description
sampler-name
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Specifies a sampler.
Usage Guidelines
You can enter this command under the physical port interface mode, port channel interface, or config
VLAN mode.
Examples
The following example shows how to configure a monitor on a port interface Gigabit 1/3:
Switch# config terminal
Switch(config)# int GigabitEthernet1/3
Switch(config-if)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# exit
Switch(config-if)# exit
Switch(config)# exit
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Sampler:
sampler1
Exporter:
exporter1
Average Packet Size: 128
Statistics:
Packets exported:
0
Packets observed:
0
Packets dropped:
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-609
Chapter 2
You can verify your settings with the show netflow-lite sampler privileged EXEC command.
Related Commands
Command
Description
average-packet-size
Specifies the average packet size at the observation point.
(netflow-lite monitor submode)
exporter (netflow-lite monitor
submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-610
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
input
output
policy-map name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EWA
Usage Guidelines
Note
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conjunction with
the vlan-range command, you can use the service-policy command to specify different QoS policies on
different VLANs.
Examples
This example shows how to attach a policy map to Fast Ethernet interface 5/20:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 5/20
Switch(config-if)# service-policy input pmap1
Switch(config-if)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-611
Chapter 2
This example shows how to apply policy map p1 for traffic in VLANs 20 and 400, and policy map p2
for traffic in VLANs 300 through 301:
Switch# configure terminal
Switch(config)# interface gigabitEthernet 6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan-range 20,400
Switch(config-if-vlan-range)# service-policy input p1
Switch(config-if-vlan-range)# exit
Switch(config-if)# vlan-range 300-301
Switch(config-if-vlan-range)# service-policy output p2
Switch(config-if-vlan-range)# end
Switch# show policy-map interface gigabitEthernet 6/1 vlan 20
GigabitEthernet6/1 vlan 20
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
Switch# show policy-map interface gigabitEthernet 6/1
GigabitEthernet6/1 vlan 20
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 300
Service-policy output: p2
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 301
Service-policy output: p2
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 400
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-612
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
This example shows how to attach a policy map to a VLAN using a Supervisor Engine 6-E:
Switch# configure terminal
Switch(config)#vlan configuration 20
Switch(config-vlan-config)#service-policy out policy-vlan
Switch(config-vlan-config)#end
Switch#
Related Commands
Command
Description
class-map
policy-map
service-policy (interface
configuration)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-613
Chapter 2
Syntax Description
policy-map-name
Defaults
Command Modes
Command History
Release
Usage Guidelines
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Added support for Supervisor Engine 6-E and Catalyst 4900M chassis.
Use the service-policy command only in a hierarchical policy map attached to a physical port. This
command is valid in policy maps at level two of the hierarchy.
You can create a hierarchy by having the parent policy map specify marking and/or policing actions and
having the child policy map specify the queueing actions.
If you enter this command in policy-map class configuration mode, you return to policy-map
configuration mode by using the exit command. To return to privileged EXEC mode, use the end
command.
Examples
This example shows how to create a hierarchical service policy in the service policy called parent:
Switch# configure terminal
Switch(config)# policy-map child
Switch(config-pmap)# class voice
Switch(config-pmap-c)# priority
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# policy-map parent
Switch(config-pmap)# class class1
Switch(config-pmap-c)# police 32k
Switch(config-pmap-c)# service-policy child
Switch#
You can verify your settings by entering the show policy-map privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-614
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
bandwidth
class
Specifies the name of the class whose traffic policy you want to
create or change.
dbl
policy-map
priority
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-615
Chapter 2
Syntax Description
input
Applies the specified service policy to the packets that are entering the
control plane.
policy-map-name
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
In this release, the only policy-map accepted on the control-plane is system-cpp-policy. It is already
attached to the control-plane at start up. If not (due to some error conditions), it is recommended to use
the global macro system-cpp command to attach it to the control-plane. The system-cpp-policy created
by the system contains system predefined classes. For these predefined classes, you can change the
policing parameters but you should not make any other change to the classes.
You can define your own class-maps and append them to the end of the system-cpp-policy policy-map.
Examples
This example shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2 to
forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets to be policed at the specified rate:
Switch(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Switch(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate limit all other Telnet traffic.
Switch(config)# access-list 140 permit tcp any any eq telnet
! Define class-map telnet-class.
Switch(config)# class-map telnet-class
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map control-plane-policy
Switch(config-pmap)# class telnet-class
Switch(config-pmap-c)# police 80000 conform transmit exceed drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
! Define aggregate control plane service for the active Route Processor.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-616
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Switch(config)# control-plane
Switch(config-cp)# service-policy input control-plane-policy
Switch(config-cp)# exit
Related Commands
Command
Description
control-plane
policy-map
show policy-map
control-plane
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-617
Chapter 2
session module
session module
Note
This command is only supported in SSO mode and does not work in RPR mode.
To log in to the standby supervisor engine using a virtual console, use the session module configuration
command.
session module mod
Syntax Description
mod
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Catalyst 4500 series switches can be configured with two supervisor engines to provide redundancy.
When the switch is powered, one of the supervisor engines becomes active and remains active until a
switchover occurs. The other supervisor engine remains in standby mode.
Each supervisor engine has its own console port. Access to the standby supervisor engine is possible
only through the console port of the standby supervisor engine. Therefore, you must connect to the
standby console to access, monitor or debug the standby supervisor.
The virtual console for the standby supervisor engine enables you to access the standby console from the
active supervisor engine without requiring a physical connection to the standby console. It uses IPC over
EOBC to communicate with the standby supervisor engine and emulates the standby console on the
active supervisor engine. Only one active standby console session is active at any time.
The virtual console for the standby supervisor engine allows users who are logged onto the active
supervisor engine to remotely execute show commands on the standby supervisor engine and view the
results on the active supervisor engine. Virtual console is available only from the active supervisor
engine.
You can access the standby virtual console from the active supervisor engine with the attach module,
session module, or remote login commands on the active supervisor engine. You must be in privilege
EXEC mode (level 15) to run these commands to access the standby console.
Note
The session module command is identical to the attach module mod and the remote login module mod
commands.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-618
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Once you enter the standby virtual console, the terminal prompt automatically changes to
hostname-standby-console#, where hostname is the configured name of the switch. The prompt is
restored back to the original prompt when you exit the virtual console.
You exit the virtual console with the exit or quit commands. When the inactivity period of the terminal
on the active supervisor engine where you logged in exceeds the configured idle time, you are
automatically logged out of the terminal on the active supervisor engine. In such a case, the virtual
console session is also terminated. Virtual console session is also automatically terminated when the
standby is rebooted. After the standby boots up, you need to create another virtual console session.
The following limitations apply to the standby virtual console:
Examples
All commands on the virtual console run to completion. It does not provide the auto-more feature;
it behaves as if the terminal length 0 command has been executed. It is also non-interactive.
Therefore, a running command cannot be interrupted or aborted by any key sequence on the active
supervisor engine. If a command produces considerable output, the virtual console displays it on the
supervisor screen.
The virtual console is non-interactive. Because the virtual console does not detect the interactive
nature of a command, any command that requires user interaction causes the virtual console to wait
until the RPC timer aborts the command.
The virtual console timer is set to 60 seconds. The virtual console returns to its prompt after 60
seconds. During this time, you cannot abort the command from the keyboard. You must wait for the
timer to expire before you continue.
You cannot use virtual console to view debug and syslog messages that are being displayed on the
standby supervisor engine. The virtual console only displays the output of commands that are
executed from the virtual console. Other information that is displayed on the real standby console
does not appear on the virtual console.
To log in to the standby supervisor engine using a virtual console, do the following:
Switch# session module 2
Connecting to standby virtual console
Type "exit" or "quit" to end this session
Switch-standby-console# exit
Switch#
Related Commands
Command
Description
attach module
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-619
Chapter 2
set
set
To mark IP traffic by setting a class of service (CoS), a Differentiated Services Code Point (DSCP), or
IP-precedence in the packet, use the set policy-map class configuration command. To remove the traffic
classification, use the no form of this command.
set {cos new-cos | [ip] {dscp new-dscp | precedence new-precedence} | qos group value}
no set cos new-cos | ip {dscp new-dscp | precedence new-precedence} | qos group value}
Syntax Description
cos new-cos
ip dscp new-dscp
ip precedence new-precedence
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Added support for Supervisor Engine 6-E and Catalyst 4900M chassis.
Usage Guidelines
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-620
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to create a policy map called p1 with CoS values assigned to different traffic
types. Class maps for voice and video-data have already been created.
Switch# configure terminal
Switch(config)# policy-map
Switch(config-pmap)# class
Switch(config-pmap-c)# set
Switch(config-pmap)# exit
Switch(config-pmap)# class
Switch(config-pmap-c)# set
Switch(config-pmap)# exit
Switch#
p1
voice
cos 1
video-data
cos 2
You can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
policy-map
show policy-map
trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-621
Chapter 2
set cos
set cos
To set the Layer 2 class of service (CoS) value of a packet, use the set cos command in policy-map class
configuration mode. To remove a specific CoS value setting, use the no form of this command.
set cos {cos-value | from-field [table table-map-name]}
no set cos {cos-value | from-field [table table-map-name]}
Syntax Description
cos-value
from-field
precedence
dscp
cos
qos group
table
(Optional) Indicates that the values set in a specified table map will be used
to set the CoS value.
table-map-name
(Optional) Name of the table map used to specify the CoS value. The table
map name can be a maximum of 64 alphanumeric characters.
Command Default
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
The set cos command can be used in an ingress as well as an egress policy map attached to an interface
or VLAN.
You can use this command to specify the from-field packet-marking category to be used for mapping
and setting the CoS value. The from-field packet-marking categories are as follows:
Precedence
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-622
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
If you specify a from-field category but do not specify the table keyword and the applicable
table-map-name argument, the default action will be to copy the value associated with the from-field
category as the CoS value. For instance, if you configure the set cos precedence command, the
precedence value will be copied and used as the CoS value.
You can do the same for the DSCP marking category. That is, you can configure the set cos dscp
command, and the DSCP value will be copied and used as the CoS value.
Note
If you configure the set cos dscp command, only the first three bits (the class selector bits) of the DSCP
field are used.
Note
If you configure the set cos qos group command, only the three least significant bits of the qos group
field are used.
Examples
This example shows how to configure a policy map called cos-set and assign different CoS values for
different types of traffic. This example assumes that the class maps called voice and video-data have
already been created.
Switch# configure terminal
Switch(config)# policy-map cos-set
Switch(config-pmap)# class voice
Switch(config-pmap-c)# set cos 1
Switch(config-pmap-c)# exit
Switch(config-pmap)# class video-data
Switch(config-pmap-c)# set cos 2
Switch(config-pmap-c)# end
Switch#
This example shows how to configure a policy map called policy-cos and to use the values defined in a
table map called table-map1. The table map called table-map1 was created earlier with the table-map
(value mapping) command. For more information about the table-map (value mapping) command, see
the table-map (value mapping) command page.
This example shows how the setting of the CoS value is based on the precedence value defined in
table-map1:
Switch# configure terminal
Switch(config)# policy-map policy-cos
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set cos precedence table table-map1
Switch(config-pmap-c)# end
Switch#
Related Commands
Command
Description
match (class-map
configuration)
policy-map
service-policy (policy-map
class)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-623
Chapter 2
set cos
Command
Description
set dscp
set precedence
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-624
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
set dscp
To mark a packet by setting the differentiated services code point (DSCP) value in the type of service
(ToS) byte, use the set dscp command in policy-map class configuration mode. To remove a previously
set DSCP value, use the no form of this command.
set [ip] dscp {dscp-value | from-field [table table-map-name]}
no set [ip] dscp {dscp-value | from-field [table table-map-name]
Syntax Description
ip
(Optional) Specifies that the match is for IPv4 packets only. If not used, the
match is on both IPv4 and IPv6 packets.
dscp-value
A number from 0 to 63 that sets the DSCP value. A mnemonic name for
commonly used values can also be used.
from-field
cos
qos-group
dscp
precedence
table
table-map-name
(Optional) Used in conjunction with the table keyword. Name of the table
map used to specify the DSCP value. The name can be a maximum of 64
alphanumeric characters.
Command Default
Disabled
Command Modes
Command History
Release
Modification
12.2(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Added support for from-field on Supervisor Engine 6-E and Catalyst 4900M.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-625
Chapter 2
set dscp
Usage Guidelines
Once the DSCP bit is set, other quality of service (QoS) features can then operate on the bit settings.
DSCP and Precedence Values Are Mutually Exclusive
The set dscp command cannot be used with the set precedence command to mark the same packet. The
two values, DSCP and precedence, are mutually exclusive. A packet can have one value or the other, but
not both.
You can use this command to specify the from-field packet-marking category to be used for mapping
and setting the DSCP value. The from-field packet-marking categories are as follows:
QoS group
Precedence
If you specify a from-field category but do not specify the table keyword and the applicable
table-map-name argument, the default action will be to copy the value associated with the from-field
category as the DSCP value. For instance, if you configure the set dscp cos command, the CoS value
will be copied and used as the DSCP value.
Note
The CoS field is a three-bit field, and the DSCP field is a six-bit field. If you configure the set dscp cos
command, only the three bits of the CoS field will be used.
If you configure the set dscp qos-group command, the QoS group value will be copied and used as the
DSCP value.
The valid value range for the DSCP is a number from 0 to 63. The valid value range for the QoS group
is a number from 0 to 63.
Set DSCP Values in IPv6 Environments
When this command is used in IPv6 environments, the default match occurs on both IP and IPv6 packets.
However, the actual packets set by this function are only those which meet the match criteria of the
class-map containing this function.
Set DSCP Values for IPv6 Packets Only
To set DSCP values for IPv6 values only, the match protocol ipv6 command must also be used. Without
that command, the DSCP match defaults to match both IPv4 and IPv6 packets.
Set DSCP Values for IPv4 Packets Only
To set DSCP values for IPv4 packets only, use the ip keyword in the match command for classification.
Without the ip keyword, the match occurs on both IPv4 and IPv6 packets.
Examples
In the following example, the policy map called policy1 is created to use the packet-marking values
defined in a table map called table-map1. The table map was created earlier with the table-map (value
mapping) command. For more information about the table-map (value mapping) command, see the
table-map (value mapping) command page.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-626
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how the DSCP value is set according to the CoS value defined in the table map
called table-map1.
Switch# configure terminal
Switch(config)# policy-map policy1
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set dscp cos table table-map1
Switch(config-pmap-c)# end
Switch#
Related Commands
Command
Description
match (class-map
configuration)
policy-map
service-policy (policy-map
class)
set cos
set precedence
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-627
Chapter 2
set precedence
set precedence
To set the precedence value in the packet header, use the set precedence command in policy-map class
configuration mode. To remove the precedence value, use the no form of this command.
set precedence {precedence-value | from-field [table table-map-name]}
no set precedence {precedence-value | from-field [table table-map-name]}
Syntax Description
precedence-value
A number from 0 to 7 that sets the precedence bit in the packet header.
from-field
cos
qos-group
dscp
precedence
table
(Optional) Indicates that the values set in a specified table map will be used
to set the precedence value.
table-map-name
(Optional) Name of the table map used to specify a precedence value based
on the class of service (CoS) value. The name can be a maximum of 64
alphanumeric characters.
Command Default
Disabled
Command Modes
Command History
Release
Modification
12.2(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Usage Guidelines
Command Compatibility
The set precedence command cannot be used with the set dscp command to mark the same packet. The
two values, DSCP and precedence, are mutually exclusive. A packet can be one value or the other, but
not both.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-628
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can use this command to specify the from-field packet-marking category to be used for mapping
and setting the precedence value. The from-field packet-marking categories are as follows:
CoS
QoS group
DSCP
Precedence
If you specify a from-field category but do not specify the table keyword and the applicable
table-map-name argument, the default action will be to copy the value associated with the from-field
category as the precedence value. For instance, if you configure the set precedence cos command, the
CoS value will be copied and used as the precedence value.
You can do the same for the QoS group-marking category. That is, you can configure the set precedence
qos-group command, and the QoS group value will be copied and used as the precedence value.
The valid value range for the precedence value is a number from 0 to 7. The valid value range for the
QoS group is a number from 0 to 63. Therefore, when configuring the set precedence qos-group
command the three least significant bits of qos-group are copied to precedence.
Precedence Values in IPv6 Environments
When this command is used in IPv6 environments it can set the value in both IPv4 and IPv6 packets.
However, the actual packets set by this function are only those that meet the match criteria of the
class-map containing this function.
Setting Precedence Values for IPv6 Packets Only
To set the precedence values for IPv6 packets only, the match protocol ipv6 command must also be used
in the class-map that classified packets for this action. Without the match protocol ipv6 command, the
class-map may classify both IPv6 and IPv4 packets, (depending on other match criteria) and the set
precedence command will act upon both types of packets.
Setting Precedence Values for IPv4 Packets Only
To set the precedence values for IPv4 packets only, use a command involving the ip keyword like the
match ip precedence or match ip dscp command or include the match protocol ip command along
with the others in the class map. Without the additional ip keyword, the class-map may match both IPv6
and IPv4 packets (depending on the other match criteria) and the set precedence or set dscp command
may act upon both types of packets.
Examples
In the following example, the policy map named policy-cos is created to use the values defined in a table
map named table-map1. The table map named table-map1 was created earlier with the table-map (value
mapping) command. For more information about the table-map (value mapping) command, see the
table-map (value mapping) command page.
This example shows how the precedence value is set according to the CoS value defined in table-map1.
Switch# configure terminal
Switch(config)# policy-map policy-cos
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set precedence cos table table-map1
Switch(config-pmap-c)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-629
Chapter 2
set precedence
Related Commands
Command
Description
match (class-map
configuration)
policy-map
service-policy (policy-map
class)
set cos
set dscp
set qos-group
set precedence
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-630
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
set qos-group
To set a quality of service (QoS) group identifier (ID) that can be used later to classify packets, use the
set qos-group command in policy-map class configuration mode. To remove the group ID, use the no
form of this command.
set qos-group group-id
no set qos-group group-id
Syntax Description
group-id
Command Default
Command Modes
Command History
Release
Modification
12.2(40)SG
Support for this command was introduced on the Catalyst 4500 series
switch using a Supervisor Engine 6-E and Catalyst 4900M chassis.
Usage Guidelines
The set qos-group command allows you to associate a group ID with a packet. This association is made
through a service-policy attached to an interface or VLAN in the input direction. The group ID can be
later used in the output direction to apply QoS service policies to the packet.
Examples
p1
c1
qos
qos-group 5
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-631
Chapter 2
set qos-group
Related Commands
Command
Description
match (class-map
configuration)
policy-map
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-632
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
rate
Specifies an average rate for traffic shaping; the range is 16000 to 10000000000.
Post-fix notation (k, m, and g) is optional and a decimal point is allowed.
bps
kbps
mbps
gbps
percent
percent_value
(Optional) Specifies a percentage of the bandwidth used for traffic shaping; valid
values are from 1 to 100 percent.
Defaults
Command Modes
Command History
Release
Modification
12.2(40)SG
This command was introduced on the Catalyst 4500 series switch using a
Supervisor Engine 6E.
Usage Guidelines
Use the shape command only in a policy map attached to a physical port. This command is valid in
policy maps at any level of the hierarchy.
Shaping is the process of delaying out-of-profile packets in queues so that they conform to a specified
profile. Shaping is distinct from policing. Policing drops packets that exceed a configured threshold, but
shaping buffers packets so that traffic remains within the threshold. Shaping offers greater smoothness
in handling traffic than policing.
You cannot use the bandwidth, dbl, and the shape policy-map class configuration commands with the
priority policy-map class configuration command in the same class within the same policy map.
However, you can use these commands in the same policy map.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-633
Chapter 2
Examples
This example shows how to limit the specified traffic class to a data transmission rate of 256 kbps:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# shape average 256000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
You can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
Command
Description
bandwidth
class
Specifies the name of the class whose traffic policy you want to
create or change.
dbl
policy-map
service-policy (policy-map
class)
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-634
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
rate
(Optional) Specifies an average rate for traffic shaping; the range is 16000 to
1000000000. Post-fix notation (k, m, and g) is optional and a decimal point is
allowed.
percent
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Traffic shaping is available on all the ports, and it sets an upper limit on the bandwidth.
When the high shape rates are configured on the Catalyst 4500 Supervisor Engine II-Plus-10GE
(WS-X4013+10GE), the Catalyst 4500 Supervisor Engine V (WS-X4516), and the Catalyst 4500
Supervisor Engine V-10GE (WS-X4516-10GE), the shaped traffic rate may not be achieved in situations
that involve contention and unusual packet size distributions. On the ports that are multiplexed through
a Stub ASIC and connected to the backplane gigaports, the shape rates above 7 Mbps may not be
achieved under worst-case conditions. On ports that are connected directly to the backplane gigaports,
or the supervisor engine gigaports, the shape rates above 50 Mbps may not be achieved under worst-case
conditions.
Some examples of ports that are connected directly to the backplane are as follows:
Uplink ports on Supervisor Engine II+, II+10GE, III, IV, V, and V-10GE
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-635
Chapter 2
All ports on the 24-port modules and the 48-port modules are multiplexed through a Stub ASIC. Some
examples of ports multiplexed through a Stub ASIC are as follows:
Examples
This example shows how to configure a maximum bandwidth (70 percent) for the interface fa3/1:
Switch(config)# interface fastethernet3/1
Switch(config-if)# tx-queue 3
Switch(config-if-tx-queue)# shape 70m
Switch(config-if-tx-queue)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-636
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
shell trigger
Use the shell trigger global configuration command to create a user defined trigger. Use the no form of
this command to delete the trigger.
shell trigger identifier description
no shell trigger identifier description
Syntax Description
Defaults
identifier
Specifies the event trigger identifier. The identifier should have no spaces or
hyphens between words.
description
CISCO_PHONE_EVENT
CISCO_SWITCH_EVENT
CISCO_ROUTER_EVENT
CISCO_WIRELESS_AP_EVENT
CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
DMP
IPVSC
Command Modes
Global configuration
Command History
Release
Modification
12.2(50)SE
Usage Guidelines
Use this command to create user-defined event triggers in conjunction with the macro auto execute
global configuration command.
To support dynamic device discovery when using 802.1X authentication, configure the RADIUS
authentication server to support the Cisco attribute-value (AV) pair: auto-smart-port=event trigger.
This command is mainly used for 802.1X authentication based triggers provided 802.1X or MAB is
supported, enabling you to map new platform strings or device IDs to their respective macros or
functions.
Examples
This example shows how to create a user-defined event trigger called RADIUS_MAB_EVENT:
Switch# configure terminal
Switch(config)# shell trigger RADIUS_MAB_EVENT MAC_AuthBypass Event
Switch(config)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-637
Chapter 2
shell trigger
Related Commands
Command
Description
show shell
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-638
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
22
Chapter 2
Syntax Description
interface
interface-number
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series
switch.
12.2(25)EW
Usage Guidelines
The valid values for the port number depend on the chassis used.
Examples
This example shows how to display the ACL configuration on the Fast Ethernet interface 6/1:
Switch# show access-group mode interface fa6/1
Interface FastEthernet6/1:
Access group mode is: merge
Switch#
Related Commands
Command
Description
access-group mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-639
Chapter 2
show adjacency
show adjacency
To display information about the Layer 3 switching adjacency table, use the show adjacency command.
show adjacency [{interface interface-number} | {null interface-number} | {port-channel number}
| {vlan vlan-id} | detail | internal | summary]
Syntax Description
interface
interface-number
(Optional) Module and port number; see the Usage Guidelines section for
valid values.
null
interface-number
port-channel
number
vlan vlan-id
detail
(Optional) Displays the information about the protocol detail and timer.
internal
summary
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.2(25)EW
Usage Guidelines
The interface-number argument designates the module and port number. Valid values for
interface-number depend on the specified interface type and the chassis and module that are used. For
example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module
that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13, and valid values
for the port number are from 1 to 48.
Hardware Layer 3 switching adjacency statistics are updated every 60 seconds.
The following information is contained in the show adjacency command:
Protocol interface.
Interface address.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-640
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
Time left before the adjacency rolls out of the adjacency table. After it rolls out, a packet must use
the same next hop to the destination.
Address
172.20.52.1(3045)
172.20.52.22(11)
This example shows how to display protocol detail and timer information:
Switch# show adjacency detail
Protocol Interface
IP
FastEthernet2/3
IP
FastEthernet2/3
Address
172.20.52.1(3045)
0 packets, 0 bytes
000000000FF920000380000000000000
00000000000000000000000000000000
00605C865B2800D0BB0F980B0800
ARP
03:58:12
172.20.52.22(11)
0 packets, 0 bytes
000000000FF920000380000000000000
00000000000000000000000000000000
00801C93804000D0BB0F980B0800
ARP
03:58:06
Switch#
This example shows how to display adjacency information for a specific interface:
Switch# show adjacency fastethernet2/3
Protocol Interface
Address
IP
FastEthernet2/3
172.20.52.1(3045)
IP
FastEthernet2/3
172.20.52.22(11)
Switch#
Related Commands
Command
Description
debug adjacency
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-641
Chapter 2
Syntax Description
group groupaddr
source sourceaddr
interface interfacename
Defaults
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Examples
UTC
UTC
UTC
UTC
Sat
Sat
Sat
Sat
Sep
Sep
Sep
Sep
13
13
13
13
2008
2008
2008
2008
UTC
UTC
UTC
UTC
Sat
Sat
Sat
Sat
Sep
Sep
Sep
Sep
13
13
13
13
2008
2008
2008
2008
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-642
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series
switch.
Examples
This example shows how to display the ARP ACL information for a switch:
Switch# show arp access-list
ARP access list rose
permit ip 10.101.1.1 0.0.0.255 mac any
permit ip 20.3.1.0 0.0.0.255 mac any
Related Commands
Command
Description
access-group mode
arp access-list
Permits ARPs from hosts that are configured for static IP when
DAI is enabled, defines an ARP access list, and applies the access
list to a VLAN.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-643
Chapter 2
show authentication
show authentication
To display the Auth Manager information, use the show authentication command in EXEC or
Privileged EXEC mode.
show authentication {interface interface | registrations | sessions [session-id session-id] [handle
handle] [interface interface] [mac mac] [method method]
Syntax Description
interface interface
Displays all of the Auth Manager details associated with the specified interface.
registrations
sessions
Displays details of the current Auth Manager sessions (for example, client
devices). If you do not enter any optional specifiers, all current active sessions
are displayed. You can enter the specifiers singly or in combination to display
a specific session (or group of sessions).
(Optional) Specifies the particular handle for which Auth Manager information
is displayed. Range is 1 to 4294967295.
mac mac
method method
mab
webauth
Command Default
Command Modes
EXEC
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Note
Table 2-19 describes the significant fields shown in the show authentication display.
The possible values for the status of sessions are given below. For a session in terminal state, Authz
Success or Authz Failed are displayed. No methods is displayed if no method has provided a result.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-644
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-19
Field
Description
Idle
The session has been initialized and no methods have run yet.
Running
No methods
Authc Success
Authc Failed
Authz Success
Authz Failed
Table 2-20 lists the possible values for the state of methods. For a session in terminal state, Authc
Success, Authc Failed, or Failed over are displayed (the latter indicates a method ran and failed over
to the next method which did not provide a result. Not run is displayed in the case of sessions that are
synchronized on standby.
Table 2-20
Examples
Method State
State Level
Description
Not run
Terminal
Running
Intermediate
Failed over
Terminal
Authc Success
Terminal
Authc Failed
Terminal
The following example shows how to display authentication methods registered with Auth Manager:
Switch# show authentication registrations
Auth Methods registered with the Auth Manager:
Handle Priority Name
3 0 dot1x
2 1 mab
1 2 webauth
Switch#
The following example shows how to display Auth Manager details for a specific interface:
Switch# show authentication interface gigabitethernet1/23
Client list:
MAC Address Domain Status Handle Interface
000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/0/23
Available methods list:
Handle Priority Name
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-645
Chapter 2
show authentication
3 0 dot1x
Runnable methods list:
Handle Priority Name
3 0 dot1x
Switch#
The following example shows how to display all Auth Manager sessions on the switch:
Switch# show authentication sessions
Interface MAC Address
Method
Domain
Gi3/45
(unknown)
N/A
DATA
Gi3/46
(unknown)
N/A
DATA
Status
Authz Failed
Authz Success
Session ID
0908140400000007003651EC
09081404000000080057C274
The following example shows how to display all Auth Manager sessions on an interface:
Switch# show authentication sessions int gi 3/46
Interface: GigabitEthernet3/46
MAC Address: Unknown
IP Address: Unknown
Status: Authz Success
Domain: DATA
Oper host mode: multi-host
Oper control dir: both
Authorized By: Guest Vlan
Vlan Policy: 4094
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 09081404000000080057C274
Acct Session ID: 0x0000000A
Handle: 0xCC000008
Runnable methods list:
Method
State
dot1x
Failed over
The following example shows how to display Auth Manager session for a specified MAC address:
Switch# show authentication sessions mac 000e.84af.59bd
Interface: GigabitEthernet1/23
MAC Address: 000e.84af.59bd
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Authorized By: Authentication Server
Vlan Policy: 10
Handle: 0xE0000000
Runnable methods list:
Method State
dot1x Authc Success
Switch#
The following example shows how to display all clients authorized via a specified auth method:
Switch# show authentication sessions method mab
No Auth Manager contexts match supplied criteria
Switch# show authentication sessions method dot1x
MAC Address Domain Status Handle Interface
000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/23
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-646
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
authentication
control-direction
authentication critical
recovery delay
authentication event
authentication fallback
authentication host-mode
authentication open
authentication order
authentication periodic
authentication
port-control
authentication priority
authentication timer
authentication violation
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-647
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the IP address of the TFTP server and to display whether or not the
switch is currently acquiring the configuration file on the TFTP server:
Switch# show auto install status
Status
DHCP Server
TFTP Server
Config File Fetched
:
:
:
:
The first IP address in the display indicates the server that is used for the automatic installation. The
second IP address indicates the TFTP server that provided the configuration file.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-648
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface interface-id
begin
exclude
include
expression
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The show auto qos interface interface-id command displays the auto-QoS configuration; it does not
display any user changes to the configuration that might be in effect.
To display information about the QoS configuration that might be affected by auto-QoS on a
non-Supervisor Engine 6-E, use one of these commands:
show qos
show running-config
Expressions are case sensitive. For example, if you enter exclude output, the lines that contain output
do not appear, but the lines that contain Output appear.
Examples
This example shows output from the show auto qos command when auto-QoS is enabled:
Switch# show auto qos
GigabitEthernet1/2
auto qos voip cisco-phone
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-649
Chapter 2
show bootflash:
show bootflash:
To display information about the bootflash: file system, use the show bootflash: command.
show bootflash: [all | chips | filesys]
Syntax Description
all
chips
filesys
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-650
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-651
Chapter 2
show bootvar
show bootvar
To display BOOT environment variable information, use the show bootvar command.
show bootvar
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-652
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
Syntax Description
This command will be deprecated in future Cisco IOS releases; use the diagnostic start command
instead.
interface interface Interface type; valid values are fastethernet and gigabitethernet.
interface-number
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The TDR test is supported on Catalyst 4500 Series Switches running Cisco IOS Release 12.2(25)SG for
the following line cards only:
WS-X4548-GB-RJ45
WS-X4548-GB-RJ45V
WS-X4524-GB-RJ45V
WS-X4013+TS
WS-C4948
WS-C4948-10GE
Examples
This example shows how to display information about the TDR test:
Switch# show cable-diagnostics tdr interface gi4/13
Interface Speed Local pair Cable length Remote channel
Gi4/13
0Mbps
1-2
102 +-2m
Unknown
3-6
100 +-2m
Unknown
4-5
102 +-2m
Unknown
7-8
102 +-2m
Unknown
Switch#
Status
Fault
Fault
Fault
Fault
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-653
Chapter 2
Table 2-21 describes the fields in the show cable-diagnostics tdr command output.
Table 2-21
Related Commands
Field
Description
Interface
Interface tested.
Speed
Pair
Cable Length
Channel
Status
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-654
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show call-home
To display the configured CallHome information, use the show call-home command in privileged EXEC
mode.
show call-home [alert-group | detail | mail-server | profile {all | name} | statistics]
Syntax Description
alert-group
detail
mail-server
profile all
profile name
statistics
Command Default
Command Modes
Command History
Release
Modification
12.2(52)SG
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-655
Chapter 2
show call-home
State
------Disable
Disable
Disable
Enable
Disable
Description
------------------------------configuration info
diagnostic info
environmental info
inventory info
syslog info
Profiles:
Profile Name: campus-noc
Profile Name: CiscoTAC-1
Switch#
State
------Disable
Disable
Disable
Enable
Disable
Description
------------------------------configuration info
diagnostic info
environmental info
inventory info
syslog info
Profiles:
Profile Name: campus-noc
Profile status: ACTIVE
Preferred Message Format: long-text
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): Not yet set up
Alert-group
-----------------------inventory
Severity
-----------normal
Syslog-Pattern
-----------------------N/A
Severity
-----------N/A
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-656
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Severity
-----------minor
warning
normal
Syslog-Pattern
-----------------------.*
Switch#
Severity
-----------major
Description
------------------------------configuration info
diagnostic info
environmental info
inventory info
syslog info
Switch#
Severity
-----------normal
Syslog-Pattern
-----------------------N/A
Severity
-----------N/A
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-657
Chapter 2
show call-home
Severity
-----------major
Switch#
Severity
-----------minor
warning
normal
Syslog-Pattern
-----------------------.*
Severity
-----------major
Email
-------------------0
0
0
0
0
0
0
0
0
HTTP
-----------------0
0
0
0
0
0
0
0
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-658
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Total In-Queue
Config
Diagnostic
Environment
Inventory
SysLog
Test
Request
Send-CLI
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Total Failed
Config
Diagnostic
Environment
Inventory
SysLog
Test
Request
Send-CLI
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Total Ratelimit
-dropped
Config
Diagnostic
Environment
Inventory
SysLog
Test
Request
Send-CLI
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-659
Chapter 2
Syntax Description
type
(Optional) Interface type that is connected to the neighbors about which you
want information; possible valid values are ethernet, fastethernet,
gigabitethernet, tengigabitethernet, port-channel, and vlan.
number
detail
Defaults
Command Modes
Command History
Release
Modification
12.2(25)EW
Usage Guidelines
The vlan keyword is supported in Catalyst 4500 Series Switches that are configured with a Supervisor
Engine 2.
The port-channel values are from 0 to 282; values from 257 to 282 are supported on the CSM and the
FWSM only.
Examples
This example shows how to display the information about the CDP neighbors:
Switch# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID
Local Intrfce
Holdtme
Capability Platform Port ID
lab-7206
Eth 0
157
R
7206VXR
Fas 0/0/0
lab-as5300-1
Eth 0
163
R
AS5300
Fas 0
lab-as5300-2
Eth 0
159
R
AS5300
Eth 0
lab-as5300-3
Eth 0
122
R
AS5300
Eth 0
lab-as5300-4
Eth 0
132
R
AS5300
Fas 0/0
lab-3621
Eth 0
140
R S
3631-telcoFas 0/0
008024 2758E0
Eth 0
132
T
CAT3000
1/2
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-660
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-22 describes the fields that are shown in the example.
Table 2-22
Field
Definition
Device ID
Local Intrfce
Holdtme
Capability
Platform
Port ID
This example shows how to display detailed information about your CDP neighbors:
Switch# show cdp neighbors detail
------------------------Device ID: lab-7206
Entry address(es):
IP address: 172.19.169.83
Platform: cisco 7206VXR, Capabilities: Router
Interface: Ethernet0, Port ID (outgoing port): FastEthernet0/0/0
Holdtime : 123 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 5800 Software (C5800-P4-M), Version 12.1(2)
Copyright (c) 1986-2002 by Cisco Systems, Inc.
advertisement version: 2
Duplex: half
------------------------Device ID: lab-as5300-1
Entry address(es):
IP address: 172.19.169.87
.
.
.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-661
Chapter 2
Table 2-23 describes the fields that are shown in the example.
Table 2-23
Related Commands
Field
Definition
Device ID
Entry address(es)
Platform
Capabilities
Interface
Holdtime
Version:
advertisement version:
Duplex:
Command
Description
show cdp traffic (refer to Cisco Displays traffic information from the CDP table.
IOS documentation)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-662
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show class-map
To display class map information, use the show class-map command.
show class-map class_name
Syntax Description
class_name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)SG
Examples
This example shows how to display class map information for all class maps:
Switch# show class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-any class-simple (id 2)
Match any
Class Map match-all ipp5 (id 1)
Match ip precedence 5
Class Map match-all agg-2 (id 3)
Switch#
This example shows how to display class map information for a specific class map:
Switch# show class-map ipp5
Class Map match-all ipp5 (id 1)
Match ip precedence 5
Switch#
Assume there are two active flows as shown below on Fast Ethernet interface 6/1:
SrcIp
DstIp
IpProt SrcL4Port DstL4Port
-------------------------------------------------------192.168.10.10 192.168.20.20 20
6789
81
192.168.10.10 192.168.20.20 20
6789
21
With following configuration, each flow will be policed to a 1000000 bps with an allowed 9000-byte
burst value.
Note
If you use the match flow ip source-address|destination-address command, these two flows are
consolidated into one flow and they have the same source and destination address.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-663
Chapter 2
show class-map
Related Commands
Command
Description
class-map
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-664
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
mac
mac-address
Specifies the MAC address of the device for which the sensor cache entries are to be
displayed.
all
Defaults
Command Modes
Privileged EXEC
Command History
Release
Modification
Usage Guidelines
Use the show device-sensor cache command to display a list of TLV fields or options received from a
particular device or from all devices.
Examples
The following is sample output from the show device-sensor cache mac mac-address command:
Router# show device-sensor cache mac 0024.14dc.df4d
Device: 0024.14dc.df4d on port GigabitEthernet1/0/24
-------------------------------------------------Proto
Type:Name
Len Value
cdp
26:power-available-type
16 00 1A 00 10
cdp
22:mgmt-address-type
17 00 16 00 11
0E
cdp
11:duplex-type
5 00 0B 00 05
cdp
9:vtp-mgmt-domain-type
4 00 09 00 04
cdp
4:capabilities-type
8 00 04 00 08
cdp
1:device-name
14 00 01 00 0E
lldp
0:end-of-lldpdu
2 00 00
lldp
8:management-address
14 10 0C 05 01
lldp
7:system-capabilities
6 0E 04 00 14
lldp
4:port-description
23 08 15 47 69
74 31 2F 30
lldp
5:system-name
12 0A 0A 73 75
dhcp
82:relay-agent-info
20 52 12 01 06
14 DC DF 80
dhcp
12:host-name
12 0C 0A 73 75
dhcp
61:client-identifier
32 3D 1E 00 63
64 63 2E 64
00 00 00 01 00 00 00 00 FF FF FF FF
00 00 00 01 01 01 CC 00 04 09 1B 65
01
00 00 00 28
73 75 70 70 6C 69 63 61 6E 74
09
00
67
2F
70
00
1B
04
61
32
70
04
65 0E 03 00 00 00 01 00
62 69 74 45 74 68 65 72 6E 65
34
6C 69 63 61 6E 74
00 18 01 18 02 08 00 06 00 24
70 70 6C 69 63 61 6E 74
69 73 63 6F 2D 30 30 32 34 2E 31 34
66 34 64 2D 47 69 31 2F 30 2F 32 34
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-665
Chapter 2
dhcp
57:max-message-size
4 39 02 04 80
The following is sample output from the show device-sensor cache all command:
Router# show device-sensor cache all
Device: 001c.0f74.8480 on port GigabitEthernet2/1
-------------------------------------------------Proto
Type:Name
Len Value
dhcp
52:option-overload
3 34 01 03
dhcp
60:class-identifier
11 3C 09 64
dhcp
55:parameter-request-list
8 37 06 01
dhcp
61:client-identifier
27 3D 19 00
37 34 2E
dhcp
57:max-message-size
4 39 02 04
6F
42
63
38
80
63
06
69
34
08
05
05
05
06
09
00 00 00 00
00
00
01
00 01
63 69 73 63 6F
73
03
73
38
69
43
63
30
73 31 2E 30
96
6F 2D 30 30 31 63 2E 30 66
2D 56 6C 31
The following table describes the significant fields shown in the display:
Related Commands
Field
Description
Device
MAC address of the device and the interface which it is connected to.
Proto
Type
Type of TLV.
Name
Len
Value
Command
Description
debug device-sensor
device-sensor
accounting
Adds the Device Sensor protocol data to accounting records and generates
additional accounting events when new sensor data is detected.
device-sensor filter-list Creates a CDP or LLDP filter containing a list of options that can be included
or excluded in the Device Sensor output.
device-sensor filter-list Creates a DHCP filter containing a list of options that can be included or
dhcp
excluded in the Device Sensor output.
show device-sensor
cache
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-666
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
all
num
Module number.
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.2(20)EWA
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the test suite, monitoring interval, and test attributes for all the
modules of the chassis:
Switch# show diagnostic content module all
module 1:
Diagnostics test suite attributes:
B/* - Basic ondemand test / NA
P/V/* - Per port test / Per device test / NA
D/N/* - Disruptive test / Non-disruptive test / NA
S/* - Only applicable to standby unit / NA
X/* - Not a health monitoring test / NA
F/* - Fixed monitoring interval test / NA
E/* - Always enabled monitoring test / NA
A/I - Monitoring is active / Monitoring is inactive
m/* - Mandatory bootup test, can't be bypassed / NA
o/* - Ongoing test, always active / NA
ID
====
1)
2)
3)
Test Name
==========================================
supervisor-bootup ----------------------->
packet-memory-bootup -------------------->
packet-memory-ongoing ------------------->
Attributes
============
**D****I**
**D****I**
**N****I*o
Testing Interval
(day hh:mm:ss.ms)
=================
not configured
not configured
not configured
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-667
Chapter 2
module 6:
Diagnostics test suite attributes:
B/* - Basic ondemand test / NA
P/V/* - Per port test / Per device test / NA
D/N/* - Disruptive test / Non-disruptive test / NA
S/* - Only applicable to standby unit / NA
X/* - Not a health monitoring test / NA
F/* - Fixed monitoring interval test / NA
E/* - Always enabled monitoring test / NA
A/I - Monitoring is active / Monitoring is inactive
m/* - Mandatory bootup test, can't be bypassed / NA
o/* - Ongoing test, always active / NA
Testing Interval
ID
Test Name
Attributes
(day hh:mm:ss.ms)
==== ========================================== ============ =================
1) linecard-online-diag --------------------> **D****I**
not configured
Switch#
Related Commands
Command
Description
show diagnostic result module Displays the module-based diagnostic test results.
show diagnostic result module Displays the results of the bootup packet memory test.
test 2
show diagnostic result module Displays the results from the ongoing packet memory test.
test 3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-668
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
slot-num
all
test
test-id
test-id-range
all
detail
Defaults
A summary of the test results for all modules in the chassis is displayed.
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the summary results for all modules in the chassis:
Switch# show diagnostic result module
Current bootup diagnostic level: minimal
module 1:
Overall diagnostic result: PASS
Diagnostic level at card bootup: bypass
Test results: (. = Pass, F = Fail, U = Untested)
1) supervisor-bootup -----------------------> U
2) packet-memory-bootup --------------------> U
3) packet-memory-ongoing -------------------> U
module 4:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-669
Chapter 2
module 5:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
module 6:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
This example shows how to display the online diagnostics for module 1:
Switch# show diagnostic result module 1 detail
Current bootup diagnostic level: minimal
module 1:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
1) supervisor-bootup -----------------------> .
Error code -------------------------->
Total run count --------------------->
Last test execution time ------------>
First test failure time ------------->
Last test failure time -------------->
Last test pass time ----------------->
Total failure count ----------------->
Consecutive failure count ----------->
0 (DIAG_SUCCESS)
0
n/a
n/a
n/a
n/a
0
0
Loopback ...
4: . 5: . 6: . 7: . 8: . 9: . 10: . 11: .
16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: .
28: . 29: . 30: . 31: .
6: .
7: .
8: .
9: . 10: . 11: .
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-670
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
12: . 13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: .
24: . 25: . 26: . 27: . 28: . 29: . 30: . 31: .
...
5: .
17: .
29: .
41: .
53: .
6: .
18: .
30: .
42: .
54: .
7: .
19: .
31: .
43: .
8: .
20: .
32: .
44: .
Module 1 Passed
___________________________________________________________________________
2) packet-memory-bootup --------------------> .
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 0
Last test execution time ------------> n/a
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> n/a
Total failure count -----------------> 0
Consecutive failure count -----------> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
___________________________________________________________________________
3) packet-memory-ongoing -------------------> U
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 0
Last test execution time ------------> n/a
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> n/a
Total failure count -----------------> 0
Consecutive failure count -----------> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-671
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-672
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
all
test test-id
(Optional) Specifies the number for the tdr test on the platform.
detail
Defaults
Non-detailed results.
Command Modes
EXEC mode
Command History
Release
Modification
12.2(25)SG
Usage Guidelines
The detail keyword is intended for use by Cisco support personnel when analyzing failures.
Examples
This example shows how to display the results of the bootup packet memory tests:
Switch# show diagnostic result module 6 detail
module 6:
Overall diagnostic result:PASS
Test results:(. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
1) linecard-online-diag --------------------> .
Error code -------------------------->
Total run count --------------------->
Last test execution time ------------>
First test failure time ------------->
Last test failure time -------------->
Last test pass time ----------------->
Total failure count ----------------->
Consecutive failure count ----------->
0 (DIAG_SUCCESS)
1
Jan 21 2001 19:48:30
n/a
n/a
Jan 21 2001 19:48:30
0
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-673
Chapter 2
U
S
P
G
Ports 1
.
2
.
3
.
4
.
5
.
6
.
7
.
8
.
9
.
10
.
11
.
12
.
13
.
14
.
15
.
16
.
Ports 17
.
18
.
19
.
20
.
21
.
22
.
23
.
24
.
25
.
26
.
27
.
28
.
29
.
30
.
31
.
32
.
Ports 33
.
34
.
35
.
36
.
37
.
38
.
39
.
40
.
41
.
42
.
43
.
44
.
45
.
46
.
47
.
48
.
=
=
=
=
Unknown
Stub failure
Port failure
GBIC integrity check failure
___________________________________________________________________________
2) online-diag-tdr:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
---------------------------------------------------------------------------. U U U U U U U U U U U U U U U U U U U U U U U
Port 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
---------------------------------------------------------------------------U U U U U U U U U U U U U U U U U U U U U U U U
0 (DIAG_SUCCESS)
1
Jan 22 2001 03:01:54
n/a
n/a
Jan 22 2001 03:01:54
0
0
Detailed Status
--------------TDR test is in progress on interface Gi6/1
___________________________________________________________________________
Switch#
Related Commands
Command
Description
diagnostic start
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-674
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
detail
Defaults
Non-detailed results.
Command Modes
EXEC mode
Command History
Release
Modification
12.2(18)EW
Usage Guidelines
The detail keyword is intended for use by Cisco support personnel when analyzing failures.
Examples
This example shows how to display the results of the bootup packet memory tests:
Switch# show diagnostic result module 1 test 2
Test results: (. = Pass, F = Fail, U = Untested)
2) packet-memory-bootup ------------> .
This example shows how to display detailed results from the bootup packet memory tests:
Switch# show diagnostic result module 2 test 2 detail
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
2) packet-memory-bootup ------------> .
Error code ------------------> 0 (DIAG_SUCCESS)
Total run count -------------> 0
Last test execution time ----> n/a
First test failure time -----> n/a
Last test failure time ------> n/a
Last test pass time ---------> n/a
Total failure count ---------> 0
Consecutive failure count ---> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-675
Chapter 2
Related Commands
Command
Description
show diagnostic result module Displays the results from the ongoing packet memory test.
test 3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-676
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Module number.
detail
Defaults
Non-detailed results.
Command Modes
EXEC mode
Command History
Release
Modification
12.2(18)EW
Usage Guidelines
The detail keyword is intended for use by Cisco support personnel when analyzing failures.
Examples
This example shows how to display the results from the ongoing packet memory tests:
Switch# show diagnostic result module 1 test 3
Test results: (. = Pass, F = Fail, U = Untested)
3) packet-memory-ongoing -----------> .
This example shows how to display the detailed results from the ongoing packet memory tests:
Switch# show diagnostic result module 1 test 3 detail
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
3) packet-memory-ongoing -----------> .
Error code ------------------> 0 (DIAG_SUCCESS)
Total run count -------------> 0
Last test execution time ----> n/a
First test failure time -----> n/a
Last test failure time ------> n/a
Last test pass time ---------> n/a
Total failure count ---------> 0
Consecutive failure count ---> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-677
Chapter 2
Related Commands
Command
Description
show diagnostic result module Displays the results of the bootup packet memory test.
test 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-678
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show dot1x
To display the 802.1X statistics and operational status for the entire switch or for a specified interface,
use the show dot1x command.
show dot1x [interface interface-id] | [statistics [interface interface-id]] | [all]
Syntax Description
interface interface-id
statistics
(Optional) Displays 802.1X statistics for the switch or the specified interface.
all
Defaults
Command Modes
Command History
Release
Usage Guidelines
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
12.2(25)EWA
Support for currently assigned reauthentication timer (if the timer is configured to
honor the Session-Timeout value) was added.
12.2(31)SG
Support for port direction control and critical recovery was added.
If you do not specify an interface, the global parameters and a summary are displayed. If you specify an
interface, the details for that interface are displayed.
If you enter the statistics keyword without the interface option, the statistics are displayed for all
interfaces. If you enter the statistics keyword with the interface option, the statistics are displayed for
the specified interface.
Expressions are case sensitive. For example, if you enter exclude output, the lines that contain output
are not displayed, but the lines that contain Output are displayed.
The show dot1x command displays the currently assigned reauthentication timer and time remaining
before reauthentication, if reauthentication is enabled.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-679
Chapter 2
show dot1x
Examples
This example shows how to display the output from the show dot1x command:
Switch# show dot1x
Sysauthcontrol = Disabled
Dot1x Protocol Version = 2
Dot1x Oper Controlled Directions = Both
Dot1x Admin Controlled Directions = Both
Critical Recovery Delay = 500
Critical EAP = Enabled
Switch#
This example shows how to display the 802.1X statistics for a specific port:
Switch# show dot1x interface fastethernet6/1
Dot1x Info for FastEthernet6/1
----------------------------------PAE
= AUTHENTICATOR
PortControl
= AUTO
ControlDirection
= Both
HostMode
= MULTI_DOMAIN
ReAuthentication
= Disabled
QuietPeriod
= 60
ServerTimeout
= 30
SuppTimeout
= 30
ReAuthPeriod
= 3600 (Locally configured)
ReAuthMax
= 2
MaxReq
= 2
TxPeriod
= 30
RateLimitPeriod
= 0
Dot1x Authenticator Client List
------------------------------Domain
= DATA
Supplicant
= 0000.0000.ab01
Auth SM State
= AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status
Authentication Method
Authorized By
Vlan Policy
=
=
=
=
AUTHORIZED
Dot1x
Authentication Server
12
Domain
Supplicant
Auth SM State
Auth BEND SM Stat
Port Status
Authentication Method
Authorized By
=
=
=
=
=
=
=
VOICE
0060.b057.4687
AUTHENTICATED
IDLE
AUTHORIZED
Dot1x
Authentication Server
Switch#
Note
Table 2-24 provides a partial list of the displayed fields. The remaining fields in the display show internal
state information. For a detailed description of these state machines and their settings, refer to the
802.1X specification.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-680
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-24
Field
Description
PortStatus
Port Control
MultiHosts
This is an example of output from the show dot1x statistics interface gigabitethernet1/1 command.
Table 2-25 describes the fields in the display.
Switch# show dot1x statistics interface gigabitethernet1/1
PortStatistics Parameters for Dot1x
-------------------------------------------TxReqId = 0
TxReq = 0
TxTotal = 0
RxStart = 0
RxLogoff = 0 RxRespId = 0 RxResp = 0
RxInvalid = 0 RxLenErr = 0 RxTotal= 0
RxVersion = 0 LastRxSrcMac 0000.0000.0000
Switch#
Table 2-25
Field
Description
TxReq/TxReqId
TxTotal
RxStart
RxLogoff
RxRespId
RxResp
RxInvalid
RxLenError
Number of EAPOL frames that have been received in which the packet
body length field is invalid.
RxTotal
Number of valid EAPOL frames of any type that have been received.
RxVersion
LastRxSrcMac
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-681
Chapter 2
show dot1x
Related Commands
Command
Description
dot1x critical
dot1x guest-vlan
dot1x max-reauth-req
dot1x port-control
mac-address-table notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-682
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show energywise
Use the show energywise privileged EXEC command to display the EnergyWise settings and status of
the entity and the power over Ethernet (PoE) ports.
show energywise [categories | children | domain | events | level [children | current [children] |
delta children] | neighbors | recurrences | statistics | usage [children] | version] [ | {begin |
exclude | include} expression]
Syntax Description
categories
children
(Optional) Displays the status of the entity and the PoE ports.
domain
events
(Optional) Displays the last ten events (messages) sent to other entities in the
domain.
level children
current children
delta children
childrenAvailable power levels for the entity and the PoE ports.
deltaDifference between the current and available power levels for the
entity.
(Optional) childrenDifference between the current and available
power levels for the entity and the PoE ports.
neighbors
(Optional) Displays the neighbor tables for the domains to which the entity
belongs.
recurrences
statistics
usage children
version
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
do not appear, but the lines that contain Output appear.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-683
Chapter 2
show energywise
Examples
Name
---lobby.1
Usage
----558.0 (W)
Lvl
--10
Imp
--1
Type
---parent
Usage
----558.0 (W)
0.0
(W)
0.0
(W)
Lvl
--10
10
10
Imp
--1
1
1
Type
---parent
child
child
Name
---lobby.1
Levels (Watts)
0
1
2
3
4
5
6
7
8
9
10
-------------------------------------------------------------0.0
558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0
Name
---lobby.1
Gi1.0.1
Gi1.0.2
Gi1.0.3
Gi1.0.4
Gi1.0.5
Gi1.0.1
truncated>
Levels (Watts)
0
1
2
3
4
5
6
7
8
9
10
-------------------------------------------------------------0.0
558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0 558.0
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
0.0
15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4 15.4
Value
----558.0 (W)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-684
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Gi1/0/2
Gi1.0.2
Gi1/0/3
Gi1.0.3
Gi1/0/4
Gi1.0.4
Gi1/0/5
Gi1.0.5
<output truncated>
1
1
1
1
15.4
15.4
15.4
15.4
(W)
(W)
(W)
(W)
Levels (Watts)
0
1
2
3
4
5
6
7
8
9
10
------------------------------------------------------------------------558.0 0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
Name
---lobby.1
Interface
--------Gi1/0/1
Gi1/0/2
Gi1/0/3
Gi1/0/4
<output
Name
---lobby.1
Gi1.0.1
Gi1.0.2
Gi1.0.3
Gi1.0.4
truncated>
recurrences
Action Lvl Cron
------ --- ---SET
3 minutes: 0 hour: 8 day: * month: * weekday: *
SET
3 minutes: 0 hour: 8 day: * month: * weekday: *
SET
3 minutes: 0 hour: 8 day: * month: * weekday: *
Events:
14
Usage
_____
558.0 (W)
Caliber
_______
max
Usage
_____
558.0 (W)
0.0 (W)
0.0 (W)
0.0 (W)
0.0 (W)
0.0 (W)
Caliber
_______
max
presumed
presumed
presumed
presumed
presumed
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-685
Chapter 2
show energywise
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-686
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show environment
To display the environment alarm, operational status, and current reading for the chassis, use the show
environment command.
show environment [alarm] | [status [chassis | fantray | powersupply | supervisor]] |
[temperature]
Syntax Description
alarm
status
chassis
fantray
(Optional) Specifies the status of the fan tray, and shows fan tray power consumption.
powersupply
supervisor
temperature
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Support for the ability to display generic environment information with the show
environment command was added.
Examples
This example shows how to display information about the environment alarms, operational status, and
current temperature readings for the chassis:
Switch# show environment
no alarm
Chassis Temperature
= 32 degrees Celsius
Chassis Over Temperature Threshold
= 75 degrees Celsius
Chassis Critical Temperature Threshold = 95 degrees Celsius
Power
Supply
-----PS1
PS2
Model No
--------------PWR-C45-1400AC
none
Power Supply
(Nos in Watts)
-------------PS1
PS2
Max
Inline
-----0
--
Type
--------AC 1400W
-Min
Inline
-----0
--
Fan
Status
----------good
--
Max
System
-----1360
--
Min
System
-----1360
--
Sensor
-----good
-Absolute
Maximum
-------1400
--
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-687
Chapter 2
show environment
This example shows how to display information about the environment alarms:
Switch# show environment alarm
no alarm
Switch#
This example shows how to display information about the power supplies, chassis type, and fan trays:
Switch#
Power
Supply
-----PS1
PS2
Power Supply
(Nos in Watts)
-------------PS1
PS2
Max
Inline
-----0
--
Type
--------AC 1400W
-Min
Inline
-----0
--
Status
----------good
--
Max
System
-----1360
--
Min
System
-----1360
--
Fan
Sensor
-----good
-Absolute
Maximum
-------1400
--
This example shows how to display information about the fan tray:
Switch# show environment status fantray
Fantray : good
Power consumed by Fantray : 50 Watts
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-688
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display information about the power supply:
Switch#
Power
Supply
-----PS1
PS2
PS3
Switch#
Type
--------AC 400W
AC 400W
--
Status
------good
good
--
Fan
Sensor
-----good
good
--
This example shows how to display information about the supervisor engine:
Switch# show environment status supervisor
Supervisor Led Color :Green
Switch#
This example shows how to display information about the temperature of the chassis:
Switch#
Chassis
Chassis
Chassis
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-689
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
Examples
This example shows how to display the error disable detection status:
Switch# show errdisable detect
ErrDisable Reason
Detection status
-------------------------------udld
Enabled
bpduguard
Enabled
security-violatio
Enabled
channel-misconfig
Disabled
psecure-violation
Enabled
vmps
Enabled
pagp-flap
Enabled
dtp-flap
Enabled
link-flap
Enabled
l2ptguard
Enabled
gbic-invalid
Enabled
dhcp-rate-limit
Enabled
unicast-flood
Enabled
storm-control
Enabled
ilpower
Enabled
arp-inspection
Enabled
Switch#
Related Commands
Command
Description
errdisable detect
errdisable recovery
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-690
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
Examples
This example shows how to display recovery timer information for error disable:
Switch# show errdisable recovery
ErrDisable Reason
Timer Status
-----------------------------udld
Disabled
bpduguard
Disabled
security-violatio
Disabled
channel-misconfig
Disabled
vmps
Disabled
pagp-flap
Disabled
dtp-flap
Disabled
link-flap
Disabled
l2ptguard
Disabled
psecure-violation
Disabled
gbic-invalid
Disabled
dhcp-rate-limit
Disabled
unicast-flood
Disabled
storm-control
Disabled
arp-inspection
Disabled
Timer interval:30 seconds
Interfaces that will be enabled at the next timeout:
Interface
--------Fa7/32
Errdisable reason
----------------arp-inspect
Time left(sec)
-------------13
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-691
Chapter 2
Command
Description
errdisable detect
errdisable recovery
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-692
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show etherchannel
To display EtherChannel information for a channel, use the show etherchannel command.
show etherchannel [channel-group] {port-channel | brief | detail | summary | port | load-balance
| protocol}
Syntax Description
channel-group
(Optional) Number of the channel group; valid values are from 1 to 64.
port-channel
brief
detail
summary
port
load-balance
protocol
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(13)EW
Usage Guidelines
If you do not specify a channel group, all channel groups are displayed.
In the output below, the Passive port list field is displayed for Layer 3 port channels only. This field
means that the physical interface, which is still not up, is configured to be in the channel group (and
indirectly is in the only port channel in the channel group).
Examples
This example shows how to display port-channel information for a specific group:
Switch# show etherchannel 1 port-channel
Port-channels in the group:
---------------------Port-channel: Po1
-----------Age of the Port-channel
= 02h:35m:26s
Logical slot/port
= 10/1
Number of ports in agport = 0
GC
= 0x00000000
HotStandBy port = null
Passive port list
= Fa5/4 Fa5/5
Port state
= Port-channel L3-Ag Ag-Not-Inuse
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-693
Chapter 2
show etherchannel
This example shows how to display a summary of information for a specific group:
Switch# show etherchannel 1 brief
Group state = L3
Ports: 2
Maxports = 8
port-channels: 1 Max port-channels = 1
Switch#
This example shows how to display detailed information for a specific group:
Switch# show etherchannel 1 detail
Group state = L3
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Ports in the group:
------------------Port: Fa5/4
-----------Port state
Channel group
Port-channel
Port indx
Flags:
S
A
Timers: H
S
=
=
=
=
C
P
Q
I
Local information:
Port
Fa5/4
Flags State
d
U1/S1
Timers
Hello
Partner PAgP
Interval Count
Priority
1s
0
128
Learning Group
Method Ifindex
Any
0
S
A
Timers: H
S
=
=
=
=
C
P
Q
I
Local information:
Port
Fa5/5
Flags State
d
U1/S1
Timers
Hello
Partner PAgP
Interval Count
Priority
1s
0
128
Learning Group
Method Ifindex
Any
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-694
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display a one-line summary per channel group:
Switch# show etherchannel summary
Flags: D - down
P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M
u
w
d
met
This example shows how to display EtherChannel port information for all ports and all groups:
Switch# show etherchannel port
Channel-group listing:
----------------------Group: 1
---------Ports in the group:
------------------Port: Fa5/4
-----------Port state
Channel group
Port-channel
Port indx
Flags:
S
A
Timers: H
S
=
=
=
=
C
P
Q
I
Local information:
Hello
Partner
PAgP
Learning
Group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-695
Chapter 2
show etherchannel
Port
Fa5/4
Flags State
d
U1/S1
Timers
Interval Count
1s
0
Priority
128
Method
Any
Ifindex
0
S
A
Timers: H
S
=
=
=
=
C
P
Q
I
<...output truncated...>
Switch#
Related Commands
(Mode ON)
Command
Description
channel-group
interface port-channel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-696
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show flowcontrol
To display the per-interface status and statistics related to flow control, use the show flowcontrol
command.
show flowcontrol [module slot | interface interface]
Syntax Description
module slot
interface interface
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Usage Guidelines
Table 2-26 describes the fields in the show flowcontrol command output.
Table 2-26
Field
Description
Port
Send-Flowcontrol-Admin
Send-Flowcontrol-Oper
Receive-Flowcontrol-Admin
Receive-Flowcontrol-Oper
RxPause
TxPause
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-697
Chapter 2
show flowcontrol
Examples
This example shows how to display the flow control status on all the Gigabit Ethernet interfaces:
Switch# show flowcontrol
Port
Send FlowControl
admin
oper
--------- -------- -------Te1/1
off
off
Te1/2
off
off
Gi1/3
off
off
Gi1/4
off
off
Gi1/5
off
off
Gi1/6
off
off
Gi3/1
off
off
Gi3/2
off
off
Gi3/3
off
off
Gi3/4
off
off
Gi3/5
off
off
Gi3/6
off
off
Switch#
Receive FlowControl
admin
oper
-------- -------on
off
on
off
desired on
desired on
desired on
desired on
desired off
desired off
desired off
desired off
desired off
desired off
RxPause TxPause
------0
0
0
0
0
0
0
0
0
0
0
0
------0
0
0
0
0
0
0
0
0
0
0
0
This example shows how to display the flow control status on module 1:
Switch# show flowcontrol module 1
Port
Send FlowControl Receive FlowControl
admin
oper
admin
oper
------------ -------- -------- -------Gi1/1
desired off
off
off
Gi1/2
on
disagree on
on
Switch#
RxPause TxPause
------- ------0
0
0
0
This example shows how to display the flow control status on Gigabit Ethernet interface 3/4:
Switch# show flowcontrol interface gigabitethernet3/4
Port
Send FlowControl Receive FlowControl RxPause TxPause
admin
oper
admin
oper
------------ -------- -------- -------------- ------Gi3/4
off
off
on
on
0
0
Switch#
This example shows how to display the flow control status on 10-Gigabit Ethernet interface 1/1:
Switch# show flowcontrol interface tengigabitethernet1/1
Port
Send FlowControl Receive FlowControl RxPause TxPause
admin
oper
admin
oper
--------- -------- -------- -------- -------------- ------Te1/1
off
off
on
off
0
0
Switch#
Related Commands
Command
Description
channel-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-698
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
module
number
port-group
Defaults
X2 mode.
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
When a TwinGig converter is enabled or disabled, the number and type of ports on the line card change
dynamically. The terminology must reflect this behavior. In Cisco IOS, 10-Gigabit ports are named
TenGigabit and 1-Gigabit ports are named Gigabit. Starting with Cisco IOS Release 12.2(40)SG, to
avoid having ports named TenGigabit1/1 and Gigabit1/1, the 10-Gigabit and 1-Gigabit port numbers are
independent. The WS-X4606-10GE-E module with six X2 ports are named
TenGigabit<slot-num>/<1-6>, and the SFP ports are named Gigabit<slot-num>/<7-18>.
In the Supervisor Engine 6-E and Catalyst 4900M chassis, the ports are connected to the switching
engine through a stub ASIC. This stub ASIC imposes some limitations on the ports: Gigabit and
10-Gigabit ports cannot be mixed on a single stub ASIC; they must either be all 10-Gigabit (X2), or all
Gigabit (TwinGig converter and SFP). The faceplates of X2 modules show this stub-port grouping, either
with an actual physical grouping, or a box drawn around a grouping.
Examples
This example shows to determine how the X2 holes on a module are grouped on a WS-X4606-10GE-E:
Switch# show hw-module module 1 port-group
Module
Port-group
Active
Inactive
------------------------------------------------------------1
1
Te1/1-3
Gi1/7-12
1
2
Te1/4-6
Gi1/13-18
Switch#
Related Commands
Command
Description
hw-module port-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-699
Chapter 2
Defaults
Command Modes
Command History
Release
Modification
12.2(25)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the active uplink mode is different than configured mode, the output displays the change.
By default, the current (operational) uplink selection is displayed.
Examples
This example shows the output displaying the current (active) uplinks:
Switch# show hw-module uplink
Active uplink configuration is TenGigabitEthernet
This example shows the output for redundant systems in SSO mode if the 10-Gigabit Ethernet uplinks
are active, and the Gigabit Ethernet uplinks are selected:
Switch# show hw-module uplink
Active uplink configuration is TenGigabitEthernet
(will be GigabitEthernet after next reload)
A 'redundancy reload shelf' or power-cycle of chassis is required to
apply the new configuration
This example shows the output for redundant systems in RPR mode if the 10-Gigabit Ethernet uplinks
are active, and the Gigabit Ethernet uplinks are selected:
Switch# show hw-module uplink
Active uplink configuration is TenGigabitEthernet
(will be GigabitEthernet after next reload)
A reload of active supervisor is required to apply the new configuration.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-700
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show idprom
To display the IDPROMs for the chassis, supervisor engine, module, power supplies, fan trays, clock
module, and multiplexer (mux) buffer, use the show idprom command.
show idprom {all | chassis | module [mod] | interface int_name | supervisor | power-supply
number | fan-tray}
Syntax Description
all
chassis
module
mod
interface int_name
supervisor
power-supply number
fan-tray
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.1(13)EW
12.2(18)EW
Enhanced the show idprom interface output to include the hexadecimal display of
the GBIC/SFP SEEPROM contents.
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Usage Guidelines
When you enter the show idprom interface command, the output lines for Calibration type and Rx
(receive) power measurement may not be displayed for all GBICs.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-701
Chapter 2
show idprom
Examples
This example shows how to display IDPROM information for the GBICs on the Gigabit Ethernet
interface 1/2:
Switch# show idprom interface gigabitethernet1/2
GBIC Serial EEPROM Contents:
Common Block:
Identifier
= GBIC [0x1]
Extended Id
= Not specified/compliant with defined MOD_DEF [0x0]
Connector
= SC connector [0x1]
Transceiver
Speed
= Not available [0x0]
Media
= Not available [0x0]
Technology
= Not available [0x0]
Link Length
= Not available [0x0]
GE Comp Codes
= Not available [0x0]
SONET Comp Codes = Not available [0x0]
Encoding
= 8B10B [0x1]
BR, Nominal
= 1300000000 MHz
Length(9u) in km = GBIC does not support single mode fibre, or the length
must be determined from the transceiver technology.
Length(9u)
= > 25.4 km
Length(50u)
= GBIC does not support 50 micron multi-mode fibre, or the
length must be determined from the transceiver technology.
Length(62.5u)
= GBIC does not support 62.5 micron multi-mode fibre, or
the length must be determined from transceiver technology.
Length(Copper)
= GBIC does not support copper cables, or the length must
be determined from the transceiver technology.
Vendor name
= CISCO-FINISAR
Vendor OUI
= 36965
Vendor Part No.
= FTR-0119-CSC
Vendor Part Rev. = B
Wavelength
= Not available
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-702
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
CC_BASE
= 0x1A
Extended ID Fields
Options
= Loss of Signal implemented TX_FAULT signal implemented TX_DISABLE is
implemented and disables the serial output [0x1A]
BR, max
= Unspecified
BR, min
= Unspecified
Vendor Serial No. = K1273DH
Date code
= 030409
Diag monitoring
= Implemented
Calibration type = Internal
Rx pwr measuremnt = Optical Modulation Amplitude (OMA)
Address change
= Required
CC_EXT
= 0xB2
Vendor Specific ID Fields:
20944D30 29 00 02 80 22 33 38 3D C7 67 83 E8 DF 65 6A AF
20944D40 1A 80 ED 00 00 00 00 00 00 00 00 00 38 23 3C 1B
0x0000
0x0010
0x0020
0x0030
0x0040
0x0050
0x0060
0x0070
Switch#
01
49
2D
20
20
20
E8
00
0D
4E
30
00
20
64
DF
38
00
49
31
00
20
00
65
23
00
53
31
00
20
00
6A
3C
FF
41
39
1A
20
B2
AF
1B
)..."38=Gg^Ch_ej/
............8#<.
................
....CISCO-FINISA
R
..^PeFTR-0119
-CSC
B
....
....K1273DH
030409 d..2
)..^@"38=Gg^C._ej.
.^@m.........8#<.
This example shows how to display IDPROM information for the 10-Gigabit Ethernet interface 1/1:
Switch# show idprom interface tengigabitethernet1/1
X2 Serial EEPROM Contents:
Non-Volatile Register (NVR) Fields
X2 MSA Version supported
:0xA
NVR Size in bytes
:0x100
Number of bytes used
:0xD0
Basic Field Address
:0xB
Customer Field Address
:0x77
Vendor Field Address
:0xA7
Extended Vendor Field Address
:0x100
Reserved
:0x0
Transceiver type
:0x2 =X2
Optical connector type
:0x1 =SC
Bit encoding
:0x1 =NRZ
Normal BitRate in multiple of 1M b/s :0x2848
Protocol Type
:0x1 =10GgE
Standards Compliance Codes :
10GbE Code Byte 0
10GbE Code Byte 1
SONET/SDH Code Byte 0
SONET/SDH Code Byte 1
SONET/SDH Code Byte 2
SONET/SDH Code Byte 3
10GFC Code Byte 0
10GFC Code Byte 1
10GFC Code Byte 2
10GFC Code Byte 3
Transmission range in 10m
Fibre Type :
Fibre Type Byte 0
:0x2 =10GBASE-LR
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x3E8
:0x40 =NDSF only
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-703
Chapter 2
show idprom
:0x0 =Unspecified
Specific
00 00 00
00 00 00
00 00 00
00 00 00
9A 34 4A
F4 AC 1A
:
00
00
00
00
24
D7
00
00
00
11
CB
11
00
00
00
E2
00
08
00
00
00
69
00
01
00
00
00
A9
00
36
00
00
00
2F
00
00
00
00
00
95
00
00
00
00
C6
00
00
00
00
EE
00
00
00
00
D2
00
00
00
00
DA
00
00
00
00
B3
EF
00
00
00
FD
FC
This example shows how to display IDPROM information for the supervisor engine:
Switch# show idprom supervisor
Supervisor Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 4153
Idprom Size = 256
Block Count = 2
FRU Major Type = 0x4101
FRU Minor Type = 333
OEM String = Cisco Systems, Inc.
Product Number = WS-X4014
Serial Number = JAB05320CCE
Part Number = 73-6854-04
Part Revision = 05
Manufacturing Deviation String = 0
Hardware Revision = 0.4
Manufacturing Bits = 0x0000
Engineering Bits = 0x0000
Snmp OID = 0.0.0.0.0.0.0.0
Power Consumption = 0
RMA Failure Code = 0 0 0 0
Supervisor Block Signature = 0x4101
Supervisor Block Version = 1
Supervisor Block Length = 24
Supervisor Block Checksum = 548
Feature Bits = 0x0000000000000000
Card Feature Index = 95
MAC Base = 0007.0ee5.2a44
MAC Count = 2
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-704
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display IDPROM information for the chassis:
Switch# show idprom chassis
Chassis Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 4285
Idprom Size = 256
Block Count = 2
FRU Major Type = 0x4001
FRU Minor Type = 24
OEM String = Cisco Systems, Inc.
Product Number = WS-C4507R
Serial Number = FOX04473737
Part Number = 73-4289-02
Part Revision = 02
Manufacturing Deviation String = 0x00
Hardware Revision = 0.2
Manufacturing Bits = 0x0000
Engineering Bits = 0x0000
Snmp OID = 0.0.0.0.0.0.0.0
Chassis Block Signature = 0x4001
Chassis Block Version = 1
Chassis Block Length = 22
Chassis Block Checksum = 421
Feature Bits = 0x0000000000000000
MAC Base = 0004.dd42.2600
MAC Count = 1024
Switch#
This example shows how to display IDPROM information for power supply 1:
Switch# show idprom power-supply 1
Power Supply 0 Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 10207
Idprom Size = 256
Block Count = 1
FRU Major Type = 0xAB01
FRU Minor Type = 8224
OEM String = Cisco Systems, Inc.
Product Number = WS-CAC-1440W
Serial Number = ACP05180002
Part Number = 34-XXXX-01
Part Revision = A0
Manufacturing Deviation String =
Hardware Revision = 1.1
Manufacturing Bits = 0x0000
Engineering Bits = 0x3031
Snmp OID = 9.12.3.65535.65535.65535.65535.65535
Power Consumption = -1
RMA Failure Code = 255 255 255 255
Power Supply Block Signature = 0xFFFF
PowerSupply Block Version = 255
PowerSupply Block Length = 255
PowerSupply Block Checksum = 65535
Feature Bits = 0x00000000FFFFFFFF
Current @ 110V = -1
Current @ 220V = -1
StackMIB OID = 65535
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-705
Chapter 2
show idprom
Switch#
This example shows how to display IDPROM information for the fan tray:
Switch# show idprom fan-tray
Fan Tray Idprom :
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 19781
Idprom Size = 256
Block Count = 1
FRU Major Type = 0x4002
FRU Minor Type = 0
OEM String = "Cisco Systems"
Product Number = WS-X4502-fan
Serial Number =
Part Number =
Part Revision =
Manufacturing Deviation String =
Hardware Revision = 0.1
Manufacturing Bits = 0xFFFF
Engineering Bits = 0xFFFF
Snmp OID = 65535.65535.65535.65535.65535.65535.65535.65535
Power Consumption = -1
RMA Failure Code = 255 255 255 255
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-706
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show interfaces
To display traffic on a specific interface, use the show interfaces command.
show interfaces [{{fastethernet mod/interface-number} | {gigabitethernet
mod/interface-number} | {tengigabitethernet mod/interface-number} | {null
interface-number} | vlan vlan_id} | status}]
Syntax Description
fastethernet
mod/interface-number
gigabitethernet
mod/interface-number
tengigabitethernet
mod/interface-number
null interface-number
vlan vlan_id
status
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500
series switch.
Usage Guidelines
12.2(31)SGA
12.2(52)SG
The statistics are collected per VLAN for Layer 2 switched packets and Layer 3 switched packets. The
statistics are available for both unicast and multicast. The Layer 3 switched packet counts are available
for both the ingress and egress directions. The per-VLAN statistics are updated every 5 seconds.
In some cases, the duplex mode that is displayed by the show interfaces command is different than that
displayed by the show running-config command. The duplex mode that is displayed in the show
interfaces command is the actual duplex mode that the interface is running. The show interfaces
command shows the operating mode for an interface, but the show running-config command shows the
configured mode for an interface.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-707
Chapter 2
show interfaces
If you do not enter any keywords, all counters for all modules are displayed.
Line cards that support auto-MDIX configuration on their copper media ports include: WS-X4124-RJ45,
WS-X4148-RJ with hardware revision 3.0 or later, and WS-X4232-GB-RJ with hardware revision 3.0 or
later.
Examples
This example shows how to display traffic for Gigabit Ethernet interface 2/5:
Switch# show interfaces gigabitethernet2/5
GigabitEthernet9/5 is up, line protocol is up (connected) (vlan-err-dis)
Hardware is C4k 1000Mb 802.3, address is 0001.64f8.3fa5 (bia 0001.64f8.3fa5)
Internet address is 172.20.20.20/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched: ucast: 8199 pkt, 1362060 bytes - mcast: 6980 pkt, 371952 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
300114 packets input, 27301436 bytes, 0 no buffer
Received 43458 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
15181 packets output, 1955836 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Switch#
This example shows how to display traffic for 10-Gigabit Ethernet interface 1/1:
Switch# show interfaces tengigabitethernet1/1
Name: Tengigabitethernet1/1
Switchport: Enabled
Administrative Mode: private-vlan promiscuous trunk
Operational Mode: private-vlan promiscuous (suspended member of bundle Po1)
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: none
Trunking Native Mode VLAN: none
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 304 (VLAN0304)
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk
Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: 802.1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Administrative private-vlan mapping trunk: New 202 (VLAN0202) 303 (VLAN0303) 304
(VLAN0304) 204 (VLAN0204) 305 (VLAN0305) 306 (VLAN0306)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-708
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to verify the status of auto-MDIX on an RJ-45 port:
Note
You can verify the configuration setting and the operational state of auto-MDIX on the interface by
entering the show interfaces EXEC command. This field is applicable and appears only on the
show interfaces command output for 10/100/1000BaseT RJ-45 copper ports on supported linecards
including WS-X4124-RJ45, WS-X4148-RJ with hardware revision 3.0 or later, and WS-X4232-GB-RJ
with hardware revision 3.0 or later.
FastEthernet6/3 is up, line protocol is up (connected)
Hardware is Fast Ethernet Port, address is 0003.6ba8.ee68 (bia 0003.6ba8.ee68)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is 10/100BaseTX
input flow-control is unsupported output flow-control is unsupported
Auto-MDIX on (operational: on)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
157082 packets output, 13418032 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Switch#
This example shows how to display status information for Gigabit Ethernet interface 1/2:
Switch# show interfaces gigabitethernet1/2 status
Port
Name
Status
Vlan
Duplex
Gi1/2
notconnect
1
auto
Switch#
Speed Type
1000 1000-XWDM-RXONLY
This example shows how to display status information for the interfaces on the supervisor engine:
Switch# show interfaces status
Port
Te1/1
Te1/2
Switch#
Name
Status
connected
connected
Vlan
1
1
Duplex
full
full
Speed Type
10G 10GBase-LR
10G 10GBase-LR
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-709
Chapter 2
Syntax Description
interface
switch-num
/mod
/port
Defaults
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Statistics are collected on a per-VLAN basis for Layer 2-switched packets and Layer 3-switched packets.
Statistics are available for both unicast and multicast traffic. The Layer 3-switched packet counts are
available for both ingress and egress directions. The per-VLAN statistics are updated every 5 seconds.
In some cases, you might see a difference in the duplex mode that is displayed between the show
interfaces (virtual switch) command and the show running-config switch (virtual switch) command.
In this case, the duplex mode that is displayed in the show interfaces (virtual switch) command is the
actual duplex mode that the interface is running. The show interfaces (virtual switch) command shows
the operating mode for an interface, while the show running-config switch (virtual switch) command
shows the configured mode for an interface.
If you do not specify an interface, the information for all interfaces is displayed.
The output of the show interfaces GigabitEthernet command displays an extra 4 bytes for every packet
that is sent or received. The extra 4 bytes are the Ethernet frame CRC in the input and output byte
statistics.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-710
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
The following example shows how to display traffic for a specific interface:
Router# show interfaces GigabitEthernet switch 1/3/3
GigabitEthernet1/3/3 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 000f.2305.49c0 (bia 000f.2305.49c0)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is LH
input flow-control is off, output flow-control is on
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:19, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched: ucast: 360 pkt, 23040 bytes - mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
437 packets input, 48503 bytes, 0 no buffer
Received 76 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
86 packets output, 25910 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Router#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-711
Chapter 2
Syntax Description
all
(Optional) Displays all the interface counters including errors, trunk, and detail.
detail
errors
storm-control
trunk
module mod
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.2(18)EW
Usage Guidelines
If you do not enter any keywords, all the counters for all modules are displayed.
The display for the storm-control keyword includes the suppressed multicast bytes.
Examples
This example shows how to display the error counters for a specific module:
Switch# show interfaces counters errors module 1
Port
Gi1/1
Gi1/2
Port
Gi1/1
Gi1/2
Switch#
Align-Err
0
0
FCS-Err
0
0
Single-Col Multi-Col
0
0
0
0
Xmit-Err
0
0
Rcv-Err UnderSize
0
0
0
0
Runts
0
0
Giants
0
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-712
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display the traffic that is seen by a specific module:
Switch# show interfaces counters module 1
Port
Gi1/1
Gi1/2
Port
Gi1/1
Gi1/2
Switch#
InOctets
0
0
InUcastPkts
0
0
InMcastPkts
0
0
InBcastPkts
0
0
OutOctets
0
0
OutUcastPkts
0
0
OutMcastPkts
0
0
OutBcastPkts
0
0
This example shows how to display the trunk counters for a specific module:
Switch# show interfaces counters trunk module 1
Port
Gi1/1
Gi1/2
Switch#
TrunkFramesTx
0
0
TrunkFramesRx
0
0
WrongEncap
0
0
This example shows how to display the number of packets that are discarded due to suppression:
Switch# show interfaces counters storm-control
Multicast Suppression : Enabled
Port
Fa5/35
Switch#
Related Commands
BcastSuppLevel
10.00%
TotalSuppressionDiscards
6278550
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-713
Chapter 2
Syntax Description
interface
switch-num
/mod
/port
errors
etherchannel
protocol status
storm-control
(Optional) Displays the discard count and the level settings for each mode.
Defaults
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The show interfaces counters command displays the number of all of the packets arriving and includes
the number of packets that may be dropped by the interface due to the storm-control settings. To display
the total number of dropped packets, you can enter the show interfaces counters storm-control
command.
The show interfaces counters storm-control command displays the discard count and the level settings
for each mode. The discard count is a total of all three modes.
If you do not enter any keywords, all counters for all modules are displayed.
If you do not specify an interface, the information for all interfaces is displayed.
When you enter the show interfaces interface counters etherchannel command, follow these
guidelines:
If interface specifies a physical port, the command displays the message "Etherchannel not enabled
on this interface."
If interface is omitted, the command displays the counters for all port channels (in the system) and
for their associated physical ports.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-714
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
If interface specifies a port channel, the command displays the counters for the port channel and all
of the physical ports that are associated with it. In addition, when you enter the command specifying
the primary aggregator in a Link Aggregation Control Protocol (LACP) port channel with multiple
aggregators, the output includes the statistics for all of the aggregators in the port channels and for
the ports that are associated with them.
The following example shows how to display the error counters for a specific:
Router# show interfaces gigabitethernet 2/4/47 counters errors
Port
Align-Err
FCS-Err
Xmit-Err
Rcv-Err UnderSize OutDiscards
Gi2/4/47
0
0
0
0
0
0
Port
Single-Col Multi-Col Late-Col Excess-Col Carri-Sen
Runts
s
Gi2/4/47
0
0
0
0
0
0
0
Port
SQETest-Err Deferred-Tx IntMacTx-Err IntMacRx-Err Symbol-Err
Gi2/4/47
0
0
0
0
0
Router#
The following example shows how to display traffic that is seen by a specific interface:
Router# show interfaces gigabitethernet 1/2/5 counters
Port
InOctets
InUcastPkts
InMcastPkts
InBcastPkts
Gi1/2/5
0
0
0
0
Port
OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/2/5
0
0
0
0
Router#
The following example shows how to display the counters for all port channels (in the system) and their
associated physical ports:
Router# show interfaces counters etherchannel
Port
InOctets
InUcastPkts
InMcastPkts
Po1
0
0
0
Po3
0
0
0
Po10
16341138343
77612803
12212915
Gi1/4/1
15628478622
77612818
7525970
Gi1/4/2
712662881
0
4686951
Po20
33887345029
88483183
11506653
Gi2/4/1
33326378013
88491521
7177393
Gi2/4/2
562904837
0
4330030
Port
OutOctets OutUcastPkts OutMcastPkts
Po1
0
0
0
Po3
0
0
0
Po10
33889238079
14101204
99999327
Gi1/4/1
33326354634
14101205
95669326
Gi1/4/2
562904707
7
4330029
Po20
16338422056
14353951
89573339
Gi2/4/1
15628501864
14232410
85017290
Gi2/4/2
712663011
121541
4565416
Router#
InBcastPkts
0
0
14110863
14110865
5
14101212
14101663
6
OutBcastPkts
0
0
0
0
0
0
0
0
The following example shows how to display the counters for all port channels (in the system) and their
associated physical ports in Cisco IOS Release 12.2(50)SY and later releases:
Router# show interfaces counters etherchannel
Port
InOctets
InUcastPkts
InMcastPkts
Po1
0
0
0
Po3
0
0
0
Po10
16341138343
77612803
12212915
Gi1/4/1
15628478622
77612818
7525970
Gi1/4/2
712662881
0
4686951
Po20
33887345029
88483183
11506653
Gi2/4/1
33326378013
88491521
7177393
InBcastPkts
0
0
14110863
14110865
5
14101212
14101663
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-715
Chapter 2
Gi2/4/2
Router#
562904837
4330030
The following example shows how to display the protocols enabled for a specific interface:
Router# show interfaces gigabitethernet 1/2/5 counters protocol status
Protocols allocated:
GigabitEthernet1/2/5: Other, IP
Router#
The following example shows how to display the discard count and the level settings for each mode for
a specific interface:
Router# show interfaces gigabitethernet 1/2/5 counters storm-control
Port
UcastSupp %
McastSupp %
BcastSupp %
TotalSuppDiscards
Gi1/2/5
100.0
100.0
100.0
0
Router#
Related Commands
Command
Description
clear counters
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-716
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-717
Chapter 2
Syntax Description
module mod_num
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the interface state is up, the command displays 0:00. If the interface state is down, the time (in hours,
minutes, and seconds) is displayed.
Examples
Name
Down Time
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
Name
Down Time
1 minute 28
1 minute 28
1 minute 28
1 minute 28
secs
secs
secs
secs
In this example, the cable has been disconnected from the port for 1 minute and 28 seconds.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-718
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
module mod
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the MTU size for all interfaces on module 1:
Switch> show interfaces mtu module 1
Port
Name
Gi1/1
Gi1/2
Switch>
Related Commands
MTU
1500
1500
Command
Description
mtu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-719
Chapter 2
Syntax Description
active
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Related Commands
Command
Description
private-vlan
private-vlan mapping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-720
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
err-disabled
inactive
module module
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
12.2(52)SG
Usage Guidelines
When at least one VLAN on a port is error-disabled the output for the show interfaces status command
will display vl-err-dis in the VLAN column.
Examples
Status
connected
connected
Vlan
Duplex Speed Type
1
full
10G
10GBase-LR
vl-err-dis full
10G
10GBase-LR
This example shows how to display the status of interfaces in an error-disabled state:
Switch# show interfaces status err-disabled
Port
Name
------Fa9/4
Fa9/5
Fa9/6
Switch#
Status
Reason
-----------notconnect
link-flap
err-disabled
psecure_violation
connected
psecure_violation
Err-Disabled VLANs
------------------3-5
10,15
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-721
Chapter 2
This example shows how to display the Gigabit Ethernet interfaces on a WS-X4606-10GE-E switch
using the TwinGig Convertor:
Switch# show interfaces status module 1
Port Name Status Vlan Duplex Speed Type
Te1/1 inactive 1 full 10G No X2
Te1/2 inactive 1 full 10G No X2
Te1/3 inactive 1 full 10G No X2
Te1/4 notconnect 1 full 10G No X2
Te1/5 notconnect 1 full 10G No X2
Te1/6 notconnect 1 full 10G No X2
Gi1/7 notconnect 1 full 1000 No Gbic
Gi1/8 notconnect 1 full 1000 No Gbic
Gi1/9 notconnect 1 full 1000 No Gbic
Gi1/10 notconnect 1 full 1000 No Gbic
Gi1/11 notconnect 1 full 1000 No Gbic
Gi1/12 notconnect 1 full 1000 No Gbic
Gi1/13 inactive 1 full 1000 No Gbic
Gi1/14 inactive 1 full 1000 No Gbic
Gi1/15 inactive 1 full 1000 No Gbic
Gi1/16 inactive 1 full 1000 No Gbic
Gi1/17 inactive 1 full 1000 No Gbic
Gi1/18 inactive 1 full 1000 No Gbic
Switch#
Related Commands
Command
Description
errdisable detect
hw-module port-group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-722
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface-id
module mod
(Optional) Limits the display to interfaces on the specified module; valid values are
from 1 to 6.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.2(18)EW
Support for displaying the status of native VLAN tagging in the command output.
15.1.0 SG
Support for PVLAN modes over EtherChannel. Modes include: private-vlan host,
private-vlan promiscuous, private-vlan trunk secondary, and private-vlan trunk
promiscuous.
Examples
This example shows how to display switch-port information using the begin output modifier:
Switch# show interfaces switchport | include VLAN
Name: Fa5/6
Access Mode VLAN: 200 (VLAN0200)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: ALL
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-723
Chapter 2
This example shows how to display the status of native VLAN tagging on the port:
Switch# show interfaces f3/1 switchport
show interface f3/1 switchport
Name: Fa3/1
Switchport: Enabled
Administrative Mode: private-vlan promiscuous
Operational Mode: private-vlan trunk secondary
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: 1
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: 1
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings:
10 (VLAN0010) 100 (VLAN0100)
Operational private-vlan:
10 (VLAN0010) 100 (VLAN0100)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-724
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
int_name
detail
(Optional) Displays the calibrated values and the A2D readouts if the readout values
differ from the calibrated values. Also displays the high-alarm, high-warning,
low-warning, and low-alarm thresholds.
module mod
The noninterface-specific versions of the show interfaces transceiver command are enabled by default.
The interface-specific versions of these commands are enabled by default if the specified interface has
a transceiver (GBIC or SFP) that is configured for diagnostic monitoring, and the transceiver is in a
module that supports diagnostic monitoring.
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(18)EW
Usage Guidelines
The show interfaces transceiver command provides useful information under the following conditions:
At least one transceiver is installed on a chassis that is configured for diagnostic monitoring.
If you notice that the alarm and warning flags have been set on a transceiver, reenter the command to
confirm.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-725
Chapter 2
Examples
This example shows how to display diagnostic monitoring data for all interfaces with transceivers
installed on the switch:
Switch# show interfaces transceiver
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
Optical
Optical
Temperature Voltage Current
Tx Power Rx Power
Port
(Celsius)
(Volts) (mA)
(dBm)
(dBm)
------- ----------- ------- -------- -------- -------Gi1/1
48.1
3.30
0.0
8.1 ++
N/A
Gi1/2
33.0
3.30
1.8
-10.0
-36.9
Gi2/1
43.7
5.03
50.6 +
-16.7 -N/A
Gi2/2
39.2
5.02
25.7
0.8
N/A
Switch#
Note
The value for the Optical Tx Power (in dBm) equals ten times log (Tx Power in mW). If the Tx
Power value is 3 mW, then the Optical Tx Power value equals 10 * log (3), which equals 10 *
.477 or 4.77 dBm. The Optical Rx Power value behaves similarly. If the Tx Power or the Rx
Power is zero, then its dBm value is undefined and is shown as N/A (not applicable).
This example shows how to display detailed diagnostic monitoring data, including calibrated values,
alarm and warning thresholds, A2D readouts, and alarm and warning flags. The A2D readouts are
reported separately in parentheses only if they differ from the calibrated values:
Switch# show interfaces transceiver detail
mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
A2D readouts (if they differ), are reported in parentheses.
The threshold values are calibrated.
High Alarm
Threshold
(Celsius)
---------100.0
100.0
70.0
70.0
High Warn
Threshold
(Celsius)
--------100.0
100.0
60.0
60.0
Low Warn
Threshold
(Celsius)
--------0.0
0.0
5.0
5.0
Low Alarm
Threshold
(Celsius)
--------0.0
0.0
0.0
0.0
Port
------Gi1/1
Gi1/2
Gi2/1
Gi2/2
Voltage
(Volts)
--------------3.30
3.30
5.03
5.02
High Alarm
Threshold
(Volts)
---------6.50
6.50
5.50
5.50
High Warn
Threshold
(Volts)
--------6.50
6.50
5.25
5.25
Low Warn
Threshold
(Volts)
--------N/A
N/A
4.75
4.75
Low Alarm
Threshold
(Volts)
--------N/A
N/A
4.50
4.50
Port
------Gi1/1
Gi1/2
Gi2/1
Gi2/2
Current
(milliamperes)
----------------0.0
1.7
50.6
+
25.8
High Alarm
Threshold
(mA)
---------130.0
130.0
60.0
60.0
High Warn
Threshold
(mA)
--------130.0
130.0
40.0
40.0
Low Warn
Threshold
(mA)
--------N/A
N/A
10.0
10.0
Low Alarm
Threshold
(mA)
--------N/A
N/A
5.0
5.0
Temperature
Port
(Celsius)
------- -----------------Gi1/1
48.1
Gi1/2
34.9
Gi2/1
43.5
Gi2/2
39.1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-726
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Port
------Gi1/1
Gi1/2
Gi2/1
Gi2/2
Port
------Gi1/1
Gi1/2
Gi2/1
Gi2/2
Switch#
Optical
Transmit Power
(dBm)
----------------8.1
++
-9.8
-16.7 (-13.0) -0.8 ( 5.1)
High Alarm
Threshold
(dBm)
---------8.1
8.1
3.4
3.4
High Warn
Threshold
(dBm)
--------8.1
8.1
3.2
3.2
Low Warn
Threshold
(dBm)
--------N/A
N/A
-0.3
-0.3
Low Alarm
Threshold
(dBm)
--------N/A
N/A
-0.5
-0.5
Optical
Receive Power
(dBm)
----------------N/A
-30.9
N/A (-28.5)
N/A (-19.5)
High Alarm
Threshold
(dBm)
---------8.1
8.1
5.9
5.9
High Warn
Threshold
(dBm)
--------8.1
8.1
-6.7
-6.7
Low Warn
Threshold
(dBm)
--------N/A
N/A
-28.5
-28.5
Low Alarm
Threshold
(dBm)
--------N/A
N/A
-28.5
-28.5
This example shows how to display the monitoring data for the interfaces that have transceivers installed
on module 2:
Switch# show interfaces transceiver module 2
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
Port
------Gi2/1
Gi2/2
Switch#
Temperature
(Celsius)
----------43.7
39.2
Voltage
(Volts)
------5.03
5.02
Current
(mA)
-------50.6 +
25.7
Optical
Tx Power
(dBm)
--------16.7 -0.8
Optical
Rx Power
(dBm)
-------N/A
N/A
This example shows how to display the detailed monitoring data for the interfaces that have transceivers
installed on module 2:
Switch# show interfaces transceiver detail module 2
mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
A2D readouts (if they differ), are reported in parentheses.
The threshold values are calibrated.
Temperature
Port
(Celsius)
------- -----------------Gi2/1
43.5
Gi2/2
39.1
Port
------Gi2/1
Gi2/2
Voltage
(Volts)
--------------5.03
5.02
High Alarm
Threshold
(Celsius)
---------70.0
70.0
High Warn
Threshold
(Celsius)
--------60.0
60.0
Low Warn
Threshold
(Celsius)
--------5.0
5.0
Low Alarm
Threshold
(Celsius)
--------0.0
0.0
High Alarm
Threshold
(Volts)
---------5.50
5.50
High Warn
Threshold
(Volts)
--------5.25
5.25
Low Warn
Threshold
(Volts)
--------4.75
4.75
Low Alarm
Threshold
(Volts)
--------4.50
4.50
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-727
Chapter 2
Port
------Gi2/1
Gi2/2
Current
(milliamperes)
----------------50.6
+
25.8
High Alarm
Threshold
(mA)
---------60.0
60.0
High Warn
Threshold
(mA)
--------40.0
40.0
Low Warn
Threshold
(mA)
--------10.0
10.0
Low Alarm
Threshold
(mA)
--------5.0
5.0
Port
------Gi2/1
Gi2/2
Optical
Transmit Power
(dBm)
-----------------16.7 (-13.0) -0.8 ( 5.1)
High Alarm
Threshold
(dBm)
---------3.4
3.4
High Warn
Threshold
(dBm)
--------3.2
3.2
Low Warn
Threshold
(dBm)
---------0.3
-0.3
Low Alarm
Threshold
(dBm)
---------0.5
-0.5
Optical
Receive Power
(dBm)
----------------N/A (-28.5)
N/A (-19.5)
High Alarm
Threshold
(dBm)
---------5.9
5.9
High Warn
Threshold
(dBm)
---------6.7
-6.7
Low Warn
Threshold
(dBm)
---------28.5
-28.5
Low Alarm
Threshold
(dBm)
---------28.5
-28.5
Port
------Gi2/1
Gi2/2
Switch#
This example shows how to display the monitoring data for the transceivers on interface Gi1/2:
Switch# show interfaces g1/2 transceiver
ITU Channel 23 (1558.98 nm),
Transceiver is externally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
Port
------Gi2/1
Switch#
Temperature
(Celsius)
----------43.7
Voltage
(Volts)
------5.03
Current
(mA)
-------50.6 +
Optical
Tx Power
(dBm)
--------16.7 --
Optical
Rx Power
(dBm)
-------N/A
This example shows how to display detailed the monitoring data for the transceivers on interface Gi1/2:
Switch# show interfaces g1/2 transceiver detail
ITU Channel 23 (1558.98 nm),
Transceiver is externally calibrated.
mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
A2D readouts (if they differ), are reported in parentheses.
The threshold values are calibrated.
Temperature
Port
(Celsius)
------- -----------------Gi2/1
43.5
Port
------Gi2/1
Voltage
(Volts)
--------------5.03
High Alarm
Threshold
(Celsius)
---------70.0
High Warn
Threshold
(Celsius)
--------60.0
Low Warn
Threshold
(Celsius)
--------5.0
Low Alarm
Threshold
(Celsius)
--------0.0
High Alarm
Threshold
(Volts)
---------5.50
High Warn
Threshold
(Volts)
--------5.25
Low Warn
Threshold
(Volts)
--------4.75
Low Alarm
Threshold
(Volts)
--------4.50
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-728
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Port
------Gi2/1
Current
(milliamperes)
----------------50.6
+
High Alarm
Threshold
(mA)
---------60.0
High Warn
Threshold
(mA)
--------40.0
Low Warn
Threshold
(mA)
--------10.0
Low Alarm
Threshold
(mA)
--------5.0
Port
------Gi2/1
Optical
Transmit Power
(dBm)
-----------------16.7 (-13.0) --
High Alarm
Threshold
(dBm)
---------3.4
High Warn
Threshold
(dBm)
--------3.2
Low Warn
Threshold
(dBm)
---------0.3
Low Alarm
Threshold
(dBm)
---------0.5
Optical
Receive Power
(dBm)
----------------N/A (-28.5)
High Alarm
Threshold
(dBm)
---------5.9
High Warn
Threshold
(dBm)
---------6.7
Low Warn
Threshold
(dBm)
---------28.5
Low Alarm
Threshold
(dBm)
---------28.5
Port
------Gi2/1
Switch#
Related Commands
Command
Description
show idprom
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-729
Chapter 2
Syntax Description
module mod
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
(Optional) Limits the display to interfaces on the specified module; valid values are
from 1 to 6.
Usage Guidelines
If you do not specify a keyword, only information for trunking ports is displayed.
Examples
Mode
routed
routed
routed
routed
routed
off
off
off
desirable
desirable
routed
routed
Encapsulation
negotiate
negotiate
negotiate
negotiate
negotiate
negotiate
negotiate
negotiate
n-isl
negotiate
negotiate
negotiate
Status
routed
routed
routed
routed
routed
not-trunking
not-trunking
not-trunking
trunking
not-trunking
routed
routed
Native vlan
1
1
1
1
1
10
10
1
1
1
1
1
routed
negotiate
routed
Port
Fa5/1
Fa5/2
Fa5/3
Fa5/4
Fa5/5
Fa5/6
Fa5/7
Fa5/8
Fa5/9
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-730
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Fa5/10
Fa5/11
Fa5/12
none
none
none
Fa5/48
none
Port
Vlans allowed and active in management domain
Fa5/1
none
Fa5/2
none
Fa5/3
none
Fa5/4
none
Fa5/5
none
Fa5/6
none
Fa5/7
none
Fa5/8
200
Fa5/9
1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8
02,850,917,999,1002-1005
Fa5/10
none
Fa5/11
none
Fa5/12
none
Fa5/48
none
Port
Vlans in spanning tree forwarding state and not pruned
Fa5/1
none
Fa5/2
none
Fa5/3
none
Fa5/4
none
Fa5/5
none
Fa5/6
none
Fa5/7
none
Fa5/8
200
Fa5/9
1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8
02,850,917,999,1002-1005
Fa5/10
none
Fa5/11
none
Fa5/48
Switch#
none
This example shows how to display trunking information for active trunking ports:
Switch# show interfaces trunk
Port
Fa5/9
Mode
desirable
Encapsulation
n-isl
Port
Fa5/9
Status
trunking
Native vlan
1
Port
Vlans allowed and active in management domain
Fa5/9
1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8
02,850,917,999,1002-1005
Port
Vlans in spanning tree forwarding state and not pruned
Fa5/9
1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8
02,850,917,999,1002-1005
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-731
Chapter 2
Syntax Description
statistics
vlan vlan-range
interfaces interface-name
(Optional) Displays the trust state and the rate limit of ARP packets for
the provided interface. When the interface name is not specified, the
command displays the trust state and rate limit for all applicable
interfaces in the system.
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the statistics of packets that have been processed by DAI for
VLAN 3:
Switch# show ip arp inspection statistics vlan 3
Vlan
---3
Forwarded
--------31753
Dropped
------102407
Vlan
---3
DHCP Permits
-----------31753
ACL Permits
----------0
Vlan
Dest MAC Failures
-------------------3
0
Switch#
DHCP Drops
---------102407
ACL Drops
---------0
IP Validation Failures
---------------------0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-732
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display the statistics of packets that have been processed by DAI for all
active VLANs:
Switch# show ip arp inspection statistics
Vlan
---1
2
3
4
100
101
1006
1007
Forwarded
--------0
0
68322
0
0
0
0
0
Dropped
------0
0
220356
0
0
0
0
0
Vlan
---1
2
3
4
100
101
1006
1007
DHCP Permits
-----------0
0
68322
0
0
0
0
0
ACL Permits
----------0
0
0
0
0
0
0
0
Vlan
Dest MAC Failures
-------------------1
0
2
0
3
0
4
0
100
0
101
0
1006
0
1007
0
Switch#
DHCP Drops
---------0
0
220356
0
0
0
0
0
ACL Drops
---------0
0
0
0
0
0
0
0
IP Validation Failures
---------------------0
0
0
0
0
0
0
0
This example shows how to display the configuration and operating state of DAI for VLAN 1:
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---1
Vlan
---1
Switch#
Configuration
------------Enabled
Operation
--------Active
ACL Logging
----------Deny
DHCP Logging
-----------Deny
ACL Match
---------
Static ACL
----------
This example shows how to display the trust state of Fast Ethernet interface 6/1:
Switch# show ip arp inspection interfaces fastEthernet 6/1
Interface
Trust State
Rate (pps)
Burst Interval
--------------- --------------------------------Fa6/1
Untrusted
20
5
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-733
Chapter 2
This example shows how to display the trust state of the interfaces on the switch:
Switch# show ip arp inspection interfaces
Interface
Trust State
Rate (pps)
--------------- -------------------Gi1/1
Untrusted
15
Gi1/2
Untrusted
15
Gi3/1
Untrusted
15
Gi3/2
Untrusted
15
Fa3/3
Trusted
None
Fa3/4
Untrusted
15
Fa3/5
Untrusted
15
Fa3/6
Untrusted
15
Fa3/7
Untrusted
15
Switch#
Related Commands
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-734
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the current contents of the log buffer before and after the buffers are
cleared:
Switch# show ip arp inspection log
Total Log Buffer Size : 10
Syslog rate : 0 entries per 10 seconds.
Interface
--------------Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
Fa6/3
-Switch#
Vlan
----1
1
1
1
1
1
1
1
1
1
--
Sender MAC
Sender IP
Num of Pkts
----------------- --------------- ----------0002.0002.0002 1.1.1.2
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.3
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.4
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.5
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.6
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.7
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.8
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.9
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.10
1(12:02:52 UTC Fri
0002.0002.0002 1.1.1.11
1(12:02:52 UTC Fri
--5(12:02:52 UTC Fri
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
Apr
25
25
25
25
25
25
25
25
25
25
25
2003)
2003)
2003)
2003)
2003)
2003)
2003)
2003)
2003)
2003)
2003)
This example shows how to clear the buffer with the clear ip arp inspection log command:
Switch# clear ip arp inspection log
Switch# show ip arp inspection log
Total Log Buffer Size : 10
Syslog rate : 0 entries per 10 seconds.
No entries in log buffer.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-735
Chapter 2
Related Commands
Command
Description
arp access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-736
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan_num
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display the prefixes for a specific VLAN:
Switch# show ip cef vlan 1003
Prefix
Next Hop
0.0.0.0/0
172.20.52.1
0.0.0.0/32
receive
10.7.0.0/16
172.20.52.1
10.16.18.0/23
172.20.52.1
Switch#
Interface
FastEthernet3/3
FastEthernet3/3
FastEthernet3/3
This example shows how to display detailed IP CEF information for a specific VLAN:
Switch# show ip cef vlan 1003 detail
IP Distributed CEF with switching (Table Version 2364), flags=0x0
1383 routes, 0 reresolve, 0 unresolved (0 old, 0 new)
1383 leaves, 201 nodes, 380532 bytes, 2372 inserts, 989 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 9B6C9823
3 CEF resets, 0 revisions of existing leaves
refcounts: 54276 leaf, 51712 node
Adjacency Table has 5 adjacencies
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-737
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EWA
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-738
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Description
ip dhcp snooping
Syntax Description
ip-address
mac-address
vlan vlan_num
interface interface_num
Defaults
If no argument is specified, the switch will display the entire DHCP snooping binding table.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
DHCP snooping is enabled on a VLAN only if both the global snooping and the VLAN snooping are
enabled.
To configure a range of VLANs, use the optional last_vlan argument to specify the end of the VLAN
range.
Examples
This example shows how to display the DHCP snooping binding entries for a switch:
IP Address
----------10.0.0.1
Lease (seconds)
---------------1600
Type
------------dhcp-snooping
VLAN
-----
Interface
-----------100
FastEthernet3/1
This example shows how to display an IP address for DHCP snooping binding entries:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-739
Chapter 2
IP Address
Lease (seconds)
-------------------------172.100.101.102
1600
Type
------------dhcp-snooping
VLAN
-----
Interface
-----------100
FastEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-740
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display the MAC address for the DHCP snooping binding entries:
Switch# show ip dhcp snooping binding 55.5.5.2 0002.b33f.3d5f
MacAddress
-----------------00:02:B3:3F:3D:5F
Switch#
IpAddress
--------------55.5.5.2
Lease(sec)
---------492
Type
------------dhcp-snooping
VLAN Interface
---- -------------------99 FastEthernet6/36
This example shows how to display the DHCP snooping binding entries MAC address for a specific
VLAN:
Switch# show ip dhcp snooping binding 55.5.5.2 0002.b33f.3d5f vlan 99
MacAddress
-----------------00:02:B3:3F:3D:5F
Switch#
IpAddress
--------------55.5.5.2
Lease(sec)
---------479
Type
------------dhcp-snooping
VLAN
---99
Interface
-------------------FastEthernet6/36
This example shows how to display the dynamic DHCP snooping binding entries:
Switch# show ip dhcp snooping binding dynamic
MacAddress
----------0000.0100.0201
Switch#
IP Address
----------10.0.0.1
Lease (seconds)
---------------1600
Type
-----------dhcp-snooping
VLAN
-----
Interface
-----------100
FastEthernet3/1
This example shows how to display the DHCP snooping binding entries on VLAN 100:
Switch# show ip dhcp snooping binding vlan 100
MacAddress
----------0000.0100.0201
Switch#
IP Address
----------10.0.0.1
Lease (seconds)
---------------1600
Type
-----------dhcp-snooping
VLAN
-----
Interface
-----------100
FastEthernet3/1
This example shows how to display the DHCP snooping binding entries on Ethernet interface 0/1:
Switch# show ip dhcp snooping binding interface fastethernet3/1
MacAddress
----------0000.0100.0201
Switch#
IP Address
----------10.0.0.1
Lease (seconds)
---------------1600
Type
-----------dhcp-snooping
VLAN
-----
Interface
-----------100
FastEthernet3/1
Table 2-27 describes the fields in the show ip dhcp snooping command output.
Table 2-27
Field
Description
Mac Address
IP Address
Lease (seconds)
Type
VLAN
Interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-741
Chapter 2
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-742
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
Examples
:
:
:
:
:
0
0
0
0
0
Startup Failures
Failed Transfers
Failed Reads
Failed Writes
:
:
:
:
0
0
0
0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-743
Chapter 2
:
:
:
:
:
21
0
0
0
0
Startup Failures
Failed Transfers
Failed Reads
Failed Writes
:
:
:
:
0
21
0
21
:
0
0
0
Expired leases
:
Unsupported vlans :
0
0
Expired leases
:
Unsupported vlans :
0
0
Switch#
Related Commands
Command
Description
ip dhcp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-744
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
fastethernet
slot/port
(Optional) Specifies the Fast Ethernet interface and the number of the slot and
port.
gigabitethernet
slot/port
(Optional) Specifies the Gigabit Ethernet interface and the number of the slot
and port; valid values are from 1 to 9.
tengigabitethernet
slot/port
(Optional) Specifies the 10-Gigabit Ethernet interface and the number of the
slot and port; valid values are from 1 to 2.
null
interface-number
(Optional) Specifies the null interface and the number of the interface; the only
valid value is 0.
vlan vlan_id
(Optional) Specifies the VLAN and the number of the VLAN; valid values are
from 1 to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Usage Guidelines
If you omit the optional arguments, the show ip igmp interface command displays information about
all interfaces.
Examples
This example shows how to view IGMP information for VLAN 200:
Switch# show ip igmp interface vlan 200
IGMP snooping is globally enabled
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP-ONLY mode on this VLAN
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-745
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-746
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
profile number
Defaults
Command Modes
Command History
Release
Modification
12.1(11b)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Related Commands
Command
Description
ip igmp profile
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-747
Chapter 2
Syntax Description
querier
(Optional) Specifies that the display will contain IP address and version information.
groups
(Optional) Specifies that the display will list VLAN members sorted by group IP
addresses.
mrouter
(Optional) Specifies that the display will contain information on dynamically learned
and manually configured multicast switch interfaces.
vlan vlan_id
(Optional) Specifies a VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
a.b.c.d
summary
sources
(Optional) Specifies a list of the source IPs for the specified group.
hosts
(Optional) Specifies a list of the host IPs for the specified group.
count
(Optional) Specifies a display of the total number of group addresses learned by the
system on a global or per-VLAN basis.
Defaults
Command Modes
EXEC
Command History
Release
Usage Guidelines
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.1(20)EW
Added support to display configuration state for IGMPv3 explicit host tracking.
You can also use the show mac-address-table multicast command to display the entries in the MAC
address table for a VLAN that has IGMP snooping enabled.
You can display IGMP snooping information for VLAN interfaces by entering the show ip igmp
snooping command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-748
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to display the global snooping information on the switch:
Switch# show ip igmp snooping
Global IGMP Snooping configuration:
----------------------------------IGMP snooping
: Enabled
IGMPv3 snooping
: Enabled
Report suppression
: Enabled
TCN solicit query
: Disabled
TCN flood query count
: 2
Vlan 1:
-------IGMP snooping
IGMPv2 immediate leave
Explicit host tracking
Multicast router learning mode
CGMP interoperability mode
Vlan 2:
-------IGMP snooping
IGMPv2 immediate leave
Explicit host tracking
Multicast router learning mode
CGMP interoperability mode
Switch>
:
:
:
:
:
Enabled
Disabled
Enabled
pim-dvmrp
IGMP_ONLY
:
:
:
:
:
Enabled
Disabled
Enabled
pim-dvmrp
IGMP_ONLY
:
:
:
:
:
Enabled
Disabled
Enabled
pim-dvmrp
IGMP_ONLY
This example shows how to display IGMP querier information for all VLANs on a switch:
Switch# show ip igmp snooping querier
Vlan
IP Address
IGMP Version
Port
--------------------------------------------------2
10.10.10.1
v2
Router
3
172.20.50.22
v3
Fa3/15
Switch>
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-749
Chapter 2
This example shows how to display IGMP querier information for VLAN 5 when running IGMPv2:
Switch# show ip igmp snooping querier vlan 5
IP address
:5.5.5.10
IGMP version
:v2
Port
:Fa3/1
Max response time
:10s
Switch>
This example shows how to display IGMP querier information for VLAN 5 when running IGMPv3:
Switch# show ip igmp snooping querier vlan 5
IP address
:5.5.5.10
IGMP version
:v3
Port
:Fa3/1
Max response time
:10s
Query interval
:60s
Robustness variable
:2
Switch>
This example shows how to display snooping information for a specific group:
Switch# show ip igmp snooping group
Vlan
Group
Version
Ports
--------------------------------------------------------2
224.0.1.40
v3
Router
2
224.2.2.2
v3
Fa6/2
Switch>
This example shows how to display the groups host types and ports in VLAN 1:
Switch# show ip igmp snooping group vlan 1
Vlan
Group
Host Type
Ports
--------------------------------------------------------1
229.2.3.4
v3
fa2/1 fa2/3
1
224.2.2.2
v3
Fa6/2
Switch>
This example shows how to display the groups host types and ports in VLAN 1:
Switch# show ip igmp snooping group vlan 10 226.6.6.7
Vlan
Group
Version
Ports
--------------------------------------------------------10
226.6.6.7
v3
Fa7/13, Fa7/14
Switch>
This example shows how to display the current state of a group with respect to a source IP address:
Switch# show ip igmp snooping group vlan 10 226.6.6.7 sources
Source information for group 226.6.6.7:
Timers: Expired sources are deleted on next IGMP General Query
SourceIP
Expires
Uptime
Inc Hosts Exc Hosts
------------------------------------------------------2.0.0.1
00:03:04 00:03:48 2
0
2.0.0.2
00:03:04 00:02:07 2
0
Switch>
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-750
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display the current state of a group with respect to a host MAC address:
Switch# show ip igmp snooping group vlan 10 226.6.6.7 hosts
IGMPv3 host information for group 226.6.6.7
Timers: Expired hosts are deleted on next IGMP General Query
Host (MAC/IP) Filter mode
Expires
Uptime
# Sources
------------------------------------------------------------175.1.0.29
INCLUDE
stopped
00:00:51
2
175.2.0.30
INCLUDE
stopped
00:04:14
2
Switch>
This example shows how to display multicast router information for VLAN 1:
Switch# show ip igmp snooping mrouter vlan 1
vlan
ports
-----+---------------------------------------1
Gi1/1,Gi2/1,Fa3/48,Router
Switch#
This example shows how to display the total number of group addresses learned by the system globally:
Switch# show ip igmp snooping group count
Total number of groups:
54
Switch>
This example shows how to display the total number of group addresses learned on VLAN 5:
Switch# show ip igmp snooping group vlan 5 count
Total number of groups:
30
Switch>
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-751
Chapter 2
Syntax Description
interface interface_num
vlan vlan_id
reporter a.b.c.d
source a.b.c.d
group a.b.c.d
Defaults
Command Modes
Command History
Release
Modification
12.1(20)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Usage Guidelines
This command is valid only if explicit host tracking is enabled on the switch.
Examples
This example shows how to display host membership for the Gigabit Ethernet interface 4/1:
Switch# show ip igmp snooping membership interface gigabitethernet4/1
#channels: 5
#hosts : 1
Source/Group Interface Reporter Uptime Last-Join Last-Leave
40.40.40.2/224.10.10.10 Gi4/1 20.20.20.20 00:23:37 00:06:50 00:20:30
40.40.40.4/224.10.10.10Gi4/1 20.20.20.20 00:39:42 00:09:17 Switch#
This example shows how to display host membership for VLAN 20 and group 224.10.10.10:
Switch# show ip igmp snooping membership vlan 20 source 40.40.40.2 group 224.10.10.10
#channels: 5
#hosts : 1
Source/Group Interface Reporter Uptime Last-Join Last-Leave
40.40.40.2/224.10.10.10 Gi4/1 20.20.20.20 00:23:37 00:06:50 00:20:30
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-752
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display host membership information for VLAN 20 and to delete the explicit
host tracking:
Switch# show ip igmp snooping membership vlan 20
Snooping Membership Summary for Vlan 20
-----------------------------------------Total number of channels:5
Total number of hosts
:4
Source/Group
Interface
Reporter
Uptime
Last-Join/
Last-Leave
------------------------------------------------------------------------------------------------------40.0.0.1/224.1.1.1
Fa7/37
0002.4ba0.a4f6
00:00:04 00:00:04 /
-
40.0.0.2/224.1.1.1
Fa7/37
0002.fd80.f770
00:00:17 00:00:17 /
-
40.0.0.3/224.1.1.1
Fa7/36
20.20.20.20
00:00:04 00:00:04 /
-
40.0.0.4/224.1.1.1
Fa7/35
20.20.20.210
00:00:17 00:00:17 /
-
40.0.0.5/224.1.1.1
Fa7/37
0002.fd80.f770
00:00:17 00:00:17 /
-
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-753
Chapter 2
Syntax Description
vlan vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
Usage Guidelines
(Optional) Specifies a VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
You can also use the show mac-address-table multicast command to display entries in the MAC
address table for a VLAN that has IGMP snooping enabled.
You can display IGMP snooping information for the VLAN interfaces by entering the show ip igmp
interface vlan vlan-num command.
Examples
This example shows how to display snooping information for a specific VLAN:
Switch# show ip igmp snooping mrouter vlan 1
vlan
ports
-----+---------------------------------------1
Gi1/1,Gi2/1,Fa3/48,Switch
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-754
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan_num
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Number of the VLAN; valid values are from 1 to 1001 and from 1006 to 4094.
Usage Guidelines
You can also use the show mac-address-table multicast command to display the entries in the MAC
address table for a VLAN that has IGMP snooping enabled.
Examples
This example shows how to display snooping information for a specific VLAN:
Switch# show ip igmp snooping vlan 2
vlan 2
---------IGMP snooping is globally enabled
IGMP snooping TCN solicit query is globally enabled
IGMP snooping global TCN flood query count is 2
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP_ONLY mode on this Vlan
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-755
Chapter 2
Related Commands
Command
Description
ip igmp snooping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-756
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show ip interface
To display the usability status of interfaces that are configured for IP, use the show ip interface
command.
show ip interface [type number]
Syntax Description
type
number
Defaults
Command Modes
EXEC
Command History
Release
Modification
12.2(25)EW
Usage Guidelines
The Cisco IOS software automatically enters a directly connected route in the routing table if the
interface is usable. A usable interface is one through which the software can send and receive packets.
If the software determines that an interface is not usable, it removes the directly connected routing entry
from the routing table. Removing the entry allows the software to use dynamic routing protocols to
determine backup routes to the network, if any.
If the interface can provide two-way communication, the line protocol is marked up. If the interface
hardware is usable, the interface is marked up.
If you specify an optional interface type, you see information only on that specific interface.
If you specify no optional arguments, you see information on all the interfaces.
When an asynchronous interface is encapsulated with PPP or Serial Line Internet Protocol (SLIP), IP
fast switching is enabled. The show ip interface command on an asynchronous interface that is
encapsulated with PPP or SLIP displays a message indicating that IP fast switching is enabled.
Examples
This example shows how to display the usability status for a specific VLAN:
Switch# show ip interface vlan 1
Vlan1 is up, line protocol is up
Internet address is 10.6.58.4/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-757
Chapter 2
show ip interface
Table 2-28 describes the fields that are shown in the example.
Table 2-28
Field
Description
Ethernet0 is up
line protocol is up
Internet address and subnet mask IP address and subnet mask of the interface.
Broadcast address
Broadcast address.
MTU
Helper address
Secondary address
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-758
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-28
Field
Description
Proxy ARP
Security level
Split horizon
ICMP redirects
ICMP unreachables
IP fast switching
IP SSE switching
Router Discovery
Status of compression.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-759
Chapter 2
show ip mfib
show ip mfib
To display all active Multicast Forwarding Information Base (MFIB) routes, use the show ip mfib
command.
show ip mfib [all | counters | log [n]]
Syntax Description
all
(Optional) Specifies all routes in the MFIB, including those routes that are used to
accelerate fast switching but that are not necessarily in the upper-layer routing protocol
table.
counters
(Optional) Specifies the counts of MFIB-related events. Only nonzero counters are
shown.
log
(Optional) Specifies a log of the most recent number of MFIB-related events. The most
recent event is first.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Support for command introduced on the Supervisor Engine 6-E and Catalyst 4900M
chassis.
Usage Guidelines
In the Supervisor Engine 6-E and Catalyst 4900M chassis, the output of the show ip mfib command does
not display any hardware counters.
The MFIB table contains a set of IP multicast routes; each route in the MFIB table contains several flags
that associate to the route.
The route flags indicate how a packet that matches a route is forwarded. For example, the IC flag on an
MFIB route indicates that some process on the switch needs to receive a copy of the packet. These flags
are associated with MFIB routes:
Internal Copy (IC) flagSet on a route when a process on the switch needs to receive a copy of all
packets matching the specified route.
Signaling (S) flagSet on a route when a switch process needs notification that a packet matching
the route is received. In the expected behavior, the protocol code updates the MFIB state in response
to having received a packet on a signaling interface.
Connected (C) flagWhen set on a route, the C flag has the same meaning as the S flag, except that
the C flag indicates that only packets sent by directly connected hosts to the route should be signaled
to a protocol process.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-760
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
A route can also have a set of flags associated with one or more interfaces. For an (S,G) route, the flags
on interface 1 indicate how the ingress packets should be treated and whether packets matching the route
should be forwarded onto interface 1. These per-interface flags are associated with the MFIB routes:
Accepting (A)Set on the RPF interface when a packet that arrives on the interface and that is
marked as Accepting (A) is forwarded to all Forwarding (F) interfaces.
Forwarding (F)Used with the A flag as described above. The set of forwarding interfaces together
form a multicast olist or output interface list.
Signaling (S)Set on an interface when a multicast routing protocol process in Cisco IOS needs to
be notified of ingress packets on that interface.
Not Platform (NP) fast-switchedUsed with the F flag. A forwarding interface is also marked as
Not Platform fast-switched whenever that output interface cannot be fast-switched by the platform
hardware and requires software forwarding.
For example, the Catalyst 4506 switch with Supervisor Engine III cannot switch tunnel interfaces in
hardware so these interfaces are marked with the NP flag. When an NP interface is associated with
a route, a copy of every ingress packet arriving on an Accepting interface is sent to the switch
software forwarding path for software replication and then forwarded to the NP interface.
Examples
Related Commands
Command
Description
Clears the global MFIB counters and the counters for all
active MFIB routes.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-761
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display all currently active fast-drop entries and whether fast drop is enabled.
Switch# show ip mfib fasttdrop
MFIB fastdrop is enabled.
MFIB fast-dropped flows:
(10.0.0.1, 224.1.2.3, Vlan9 ) 00:01:32
(10.1.0.2, 224.1.2.3, Vlan9 ) 00:02:30
(1.2.3.4, 225.6.7.8, Vlan3) 00:01:50
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-762
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show ip mroute
To display IP multicast routing table information, use the show ip mroute command.
show ip mroute [interface_type slot/port | host_name | host_address [source] | active [kbps |
interface_type num] | count | pruned | static | summary]
Syntax Description
interface_type
slot/port
(Optional) Interface type and number of the slot and port; valid values for
interface type are fastethernet, gigabitethernet, tengigabitethernet, null, and
vlan.
host_name
host_address
source
active
(Optional) Displays the rate that active sources are sending to multicast groups.
kbps
interface_type num
count
pruned
static
summary
Defaults
Command Modes
Command History
Release
Usage Guidelines
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
If you omit all the optional arguments and keywords, the show ip mroute command displays all the
entries in the IP multicast routing table.
The show ip mroute active kbps command displays all the sources sending at a rate greater than or equal
to kbps.
The multicast routing table is populated by creating source, group (S,G) entries from star, group (*,G)
entries. The star refers to all source addresses, the S refers to a single source address, and the G
refers to the destination multicast group address. In creating (S,G) entries, the software uses the best path
to that destination group found in the unicast routing table (through Reverse Path Forwarding (RPF).
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-763
Chapter 2
show ip mroute
Examples
This example shows how to display all the entries in the IP multicast routing table:
Switch# show ip mroute
IP Multicast Routing Table
Flags:D - Dense, S - Sparse, s - SSM Group, C - Connected, L - Local,
P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,
J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running
A - Advertised via MSDP, U - URD, I - Received Source Specific Host
Report
Outgoing interface flags:H - Hardware switched
Timers:Uptime/Expires
Interface state:Interface, Next-Hop or VCD, State/Mode
(*, 230.13.13.1), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC
Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20
Outgoing interface list:
GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H
(*, 230.13.13.2), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC
Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD
Outgoing interface list:
GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H
(10.20.1.15, 230.13.13.1), 00:14:31/00:01:40, flags:CJT
Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD
Outgoing interface list:
GigabitEthernet4/9, Forward/Sparse-Dense, 00:14:31/00:00:00, H
(132.206.72.28, 224.2.136.89), 00:14:31/00:01:40, flags:CJT
Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD
Outgoing interface list:Null
Switch#
This example shows how to display the rate that the active sources are sending to the multicast groups
and to display only the active sources that are sending at greater than the default rate:
Switch# show ip mroute active
Active IP Multicast Sources - sending > = 4 kbps
Group: 224.2.127.254, (sdr.cisco.com)
Source: 146.137.28.69 (mbone.ipd.anl.gov)
Rate: 1 pps/4 kbps(1sec), 4 kbps(last 1 secs), 4 kbps(life avg)
Group: 224.2.201.241, ACM 97
Source: 130.129.52.160 (webcast3-e1.acm97.interop.net)
Rate: 9 pps/93 kbps(1sec), 145 kbps(last 20 secs), 85 kbps(life avg)
Group: 224.2.207.215, ACM 97
Source: 130.129.52.160 (webcast3-e1.acm97.interop.net)
Rate: 3 pps/31 kbps(1sec), 63 kbps(last 19 secs), 65 kbps(life avg)
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-764
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display route and packet count information:
Switch# show ip mroute count
IP Multicast Statistics
56 routes using 28552 bytes of memory
13 groups, 3.30 average sources per group
Forwarding Counts:Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second
Other counts:Total/RPF failed/Other drops(OIF-null, rate-limit etc)
Group:224.2.136.89, Source count:1, Group pkt count:29051
Source:132.206.72.28/32, Forwarding:29051/-278/1186/0, Other:85724/8/56665
Switch#
Field
Description
Flags:
D - Dense
S - Sparse
s - SSM Group
C - Connected
L - Local
P - Pruned
R - Rp-bit set
Status of the (S,G) entry; is the (S,G) entry pointing toward the RP.
The R - Rp-bit set is typically a prune state along the shared tree
for a particular source.
F - Register flag
T - SPT-bit set
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-765
Chapter 2
show ip mroute
Table 2-29
Field
J - Join SPT
Description
For (*, G) entries, indicates that the rate of traffic flowing down the
shared tree is exceeding the SPT-Threshold set for the group. (The
default SPT-Threshold setting is 0 kbps.) When the J - Join SPT
flag is set, the next (S,G) packet received down the shared tree
triggers an (S,G) join in the direction of the source causing the
switch to join the source tree.
For (S, G) entries, indicates that the entry was created because the
SPT-Threshold for the group was exceeded. When the J - Join SPT
flag is set for (S,G) entries, the switch monitors the traffic rate on
the source tree and attempts to switch back to the shared tree for
this source if the traffic rate on the source tree falls below the
groups SPT-Threshold for more than one minute.
The switch measures the traffic rate on the shared tree and
compares the measured rate to the groups SPT-Threshold once
every second. If the traffic rate exceeds the SPT-Threshold, the
J- Join SPT flag is set on the (*, G) entry until the next
measurement of the traffic rate. The flag is cleared when the next
packet arrives on the shared tree and a new measurement interval
is started.
If the default SPT-Threshold value of 0 Kbps is used for the group,
the J- Join SPT flag is always set on (*, G) entries and is never
cleared. When the default SPT-Threshold value is used, the switch
immediately switches to the shortest-path tree when traffic from a
new source is received.
Timer:
Uptime/Expires.
Interface state:
(*, 224.0.255.1)
(198.92.37.100/32,
224.0.255.1)
uptime
How long (in hours, minutes, and seconds) the entry has been in the
IP multicast routing table.
expires
How long (in hours, minutes, and seconds) until the entry is
removed from the IP multicast routing table on the outgoing
interface.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-766
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-29
Related Commands
Field
Description
RP
flags:
Incoming interface
RPF neighbor
DVMRP or Mroute
Ethernet0
Forward/Dense
Forward/Sparse
time/time
(uptime/expiration time)
Per interface, how long (in hours, minutes, and seconds) the entry
has been in the IP multicast routing table. Following the slash (/),
how long (in hours, minutes, and seconds) until the entry is
removed from the IP multicast routing table.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-767
Chapter 2
Syntax Description
ip-address
mac-address
dhcp-snooping
static
vlan vlan-id
interface interface-name
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
Lease(sec)
---------infinite
Type
------------static
VLAN Interface
---- -------------------10
FastEthernet6/10
Switch#
This example shows how to display the static IP binding entry of IP address 11.0.01:
Switch# show ip source binding 11.0.0.1 0000.000A.000B static vlan 10 interface Fa6/10
show ip source binding 11.0.0.1 0000.000A.000B static vlan 10 interface Fa6/10
MacAddress
IpAddress
Lease(sec) Type
VLAN Interface
------------------ --------------- ---------- ------------- ---- -------------------00:00:00:0A:00:0B
11.0.0.1
infinite
static
10
FastEthernet6/10
Switch#
Related Commands
Command
Description
ip source binding
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-768
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface interface_num
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
These examples show how to display the IP source guard configuration and filters on a particular
interface with the show ip verify source interface command:
This output appears when DHCP snooping is enabled on VLANs 1020, interface fa6/1 has IP
source filter mode that is configured as IP, and an existing IP address binding 10.0.0.1 is on
VLAN 10:
Interface
--------fa6/1
fa6/1
Note
Filter-mode
----------active
active
IP-address
--------------10.0.0.1
deny-all
Mac-address
--------------
Vlan
--------10
11-20
The second entry shows that a default PVACL (deny all IP traffic) is installed on the port for
those snooping-enabled VLANs that do not have a valid IP source binding.
This output appears when you enter the show ip verify source interface fa6/2 command and DHCP
snooping is enabled on VLANs 1020, interface fa6/1 has IP source filter mode that is configured
as IP, and there is an existing IP address binding 10.0.0.1 on VLAN 10:
Interface
--------fa6/2
Filter-type
----------ip
ip
Filter-type
----------ip
Filter-mode IP-address
----------- --------------inactive-trust-port
Mac-address
--------------
Vlan
---------
This output appears when you enter the show ip verify source interface fa6/3 command and the
interface fa6/3 does not have a VLAN enabled for DHCP snooping:
Interface
--------fa6/3
Filter-type
----------ip
Filter-mode IP-address
----------- --------------inactive-no-snooping-vlan
Mac-address
--------------
Vlan
---------
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-769
Chapter 2
This output appears when you enter the show ip verify source interface fa6/4 command and the
interface fa6/4 has an IP source filter mode that is configured as IP MAC and the existing IP MAC
that binds 10.0.0.2/aaaa.bbbb.cccc on VLAN 10 and 11.0.0.1/aaaa.bbbb.cccd on VLAN 11:
Interface
--------fa6/4
fa6/4
fa6/4
Filter-mode
----------active
active
active
IP-address
--------------10.0.0.2
11.0.0.1
deny-all
Mac-address
-------------aaaa.bbbb.cccc
aaaa.bbbb.cccd
deny-all
Vlan
--------10
11
12-20
This output appears when you enter the show ip verify source interface fa6/5 command and the
interface fa6/5 has IP source filter mode that is configured as IP MAC and existing IP MAC binding
10.0.0.3/aaaa.bbbb.ccce on VLAN 10, but port security is not enabled on fa6/5:
Interface
--------fa6/5
fa6/5
Note
Filter-type
----------ip-mac
ip-mac
ip-mac
Filter-type
----------ip-mac
ip-mac
Filter-mode
----------active
active
IP-address
--------------10.0.0.3
deny-all
Mac-address
-------------permit-all
permit-all
Vlan
--------10
11-20
Enable port security first because the DHCP security MAC filter cannot apply to the port or
VLAN.
This output appears when you enter the show ip verify source interface fa6/6 command and the
interface fa6/6 does not have IP source filter mode that is configured:
DHCP security is not configured on the interface fa6/6.
This example shows how to display all the interfaces on the switch that have DHCP snooping security
and IP Port Security tracking enabled with the show ip verify source command.
The output is an accumulation of per-interface show CLIs:
Interface
--------fa6/1
fa6/1
fa6/2
Fa6/3
Fa6/3
Fa6/3
fa6/4
fa6/4
fa6/4
fa6/5
fa6/5
Filter-type
----------ip
ip
ip
ip trk
ip trk
ip trk
ip-mac
ip-mac
ip-mac
ip-mac
ip-mac
Filter-mode IP-address
----------- --------------active
10.0.0.1
active
deny-all
inactive-trust-port
active
40.1.1.24
active
40.1.1.20
active
40.1.1.21
active
10.0.0.2
active
11.0.0.1
active
deny-all
active
10.0.0.3
active
deny-all
Mac-address
--------------
Vlan
--------10
11-20
10
10
10
aaaa.bbbb.cccc
aaaa.bbbb.cccd
deny-all
permit-all
permit-all
10
11
12-20
10
11-20
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-770
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
ip igmp snooping
ip source binding
ip verify source
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-771
Chapter 2
show ip wccp
show ip wccp
To display the Web Cache Communication Protocol (WCCP) global configuration and statistics, use the
show ip wccp command in user EXEC or privileged EXEC mode.
show ip wccp [service-number [view | detail] | interfaces [cef | counts | detail] | web-cache]
Syntax Description
service-number
(Optional) Identification number of the web cache service group being controlled
by the cache. The number can be from 0 to 254. For web caches using Cisco cache
engines, the reverse proxy service is indicated by a value of 99.
interfaces
cef
(Optional) CEF interface statistics, including the number of input, output, dynamic,
static, and multicast services.
counts
(Optional) WCCP interface count statistics, including the number of CEF and
process-switched output and input packets redirected.
detail
web-cache
view
(Optional) Other members of a particular service group, have or have not been
detected.
detail
Command Modes
Command History
Release
Modification
15.0(2)SG
Usage Guidelines
Use the clear ip wccp command to reset the counter for the Packets Redirected information.
Use the show ip wccp service-number command to get the Total Packets S/W Redirected count. The
Total Packets S/W Redirected count is the number of packets redirected in software.
Use the show ip wccp service-number detail command to get the Packets Redirected count. The
Packets Redirected count is the number of packets redirected in software.
Use the show ip wccp web-cache detail command to get an indication of which traffic is redirected to
which cache engine.
Use the show ip wccp command to show the configured WCCP services and a summary of their current
state.
For cache-engine clusters using Cisco cache engines, the reverse proxy service-number is indicated by
a value of 99.
All the packet statistics correspond to packets switched in software.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-772
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This section contains examples and field descriptions for the following forms of this command:
show ip wccp
The following is sample output from the show ip wccp service-number command:
Switch# show ip wccp 90
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
100.1.1.16
2.0
Service Identifier: 90
Number of Service Group Clients:
Number of Service Group Routers:
Total Packets s/w Redirected:
Process:
CEF:
Redirect Access-list:
Total Packets Denied Redirect:
Total Packets Unassigned:
Group Access-list:
Total Messages Denied to Group:
Total Authentication failures:
Total Bypassed Packets Received:
1
1
0
0
0
-none0
0
-none0
0
0
Field
Description
Router information
Protocol Version
Service Identifier
The number of clients that are visible to the router and other
clients in the service group.
Redirect Access-list
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-773
Chapter 2
show ip wccp
Table 30
Field
Description
Group Access-list
The following is sample output from the show ip wccp service-number view command for service
group 1:
Switch# show ip wccp 1 view
WCCP Router Informed of:
10.168.88.10
10.168.88.20
WCCP Cache Engines Visible
10.168.88.11
10.168.88.12
WCCP Cache Engines Not Visible:
-none-
Note
Field
Description
A list of clients that are visible to the router and other clients in
the service group.
A list of clients in the service group that are not visible to the
router and other clients in the service group.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-774
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The following example displays WCCP client information and WCCP router statistics that include the
type of services:
Switch# show ip wccp 91 detail
WCCP Client information:
WCCP Client ID:
Protocol Version:
State:
Redirection:
Packet Return:
Packets Redirected:
Connect Time:
Assignment:
10.10.10.2
2.0
Usable
L2
GRE
0
00:05:23
MASK
Mask SrcAddr
DstAddr
SrcPort DstPort
---- ------------------- ------0000: 0x00000000 0x00000001 0x0000 0x0000
Value
----0000:
0001:
SrcAddr
------0x00000000
0x00000000
DstAddr
------0x00000000
0x00000001
SrcPort
------0x0000
0x0000
DstPort
------0x0000
0x0000
CE-IP
----0x0A0A0A02 (10.10.10.2)
0x0A0A0A02 (10.10.10.2)
The following is sample output from the show ip wccp interfaces command:
Switch# show ip wccp interfaces
WCCP interface configuration:
FastEthernet10/4
Output services: 2
Input services: 3
Mcast services: 1
Exclude In:
FALSE
Field
Description
Output services
Input services
Mcast services
Exclude In
The following is sample output from the show ip wccp web-cache command:
Switch# show ip wccp web-cache
Global WCCP information:
Router information:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-775
Chapter 2
show ip wccp
Router Identifier:
Protocol Version:
10.10.11.10
2.0
1
1
0
0
0
0
no_linux
0
0
-none0
0
Field
Description
Protocol Version
Service Identifier
Number of Service Group Clients Number of clients using the router as their home router.
Number of Service Group Routers The number of routers in the service group.
Total Packets s/w Redirected
Redirect access-list
Total number of packets that were not redirected because they did
not match the access list.
Number of packets that were not redirected because they were not
assigned to any cache engine. Packets may not be assigned during
initial discovery of cache engines or when a cache is dropped
from a cluster.
Group access-list
The following example displays web cache engine information and WCCP router statistics for the
web cache service:
Switch# show ip wccp web-cache detail
WCCP Client information:
WCCP Client ID:
Protocol Version:
State:
Redirection:
Packet Return:
10.10.10.2
2.0
Usable
L2
GRE
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-776
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Packets Redirected:
Connect Time:
Assignment:
0
00:23:19
MASK
Mask SrcAddr
DstAddr
SrcPort DstPort
---- ------------------- ------0000: 0x00000000 0x00000001 0x0000 0x0000
Value
----0000:
0001:
SrcAddr
------0x00000000
0x00000000
DstAddr
------0x00000000
0x00000001
SrcPort
------0x0000
0x0000
DstPort
------0x0000
0x0000
CE-IP
----0x0A0A0A02 (10.10.10.2)
0x0A0A0A02 (10.10.10.2)
Field
Description
The header for the area that contains fields for information on
clients.
WCCP Client ID
Protocol Version
State
Packets Redirected
Connect Time
The amount of time the cache engine has been connected to the
router.
show ip wccp
Switch# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.10.11.10
2.0
1
1
0
0
0
-none0
0
-none0
0
0
Service Identifier: 91
Number of Service Group Clients:
Number of Service Group Routers:
1
1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-777
Chapter 2
show ip wccp
Related Commands
0
0
0
-none0
0
-none0
0
0
Command
Description
clear ip wccp
ip wccp
ip wccp redirect
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-778
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show ipc
To display IPC information, use the show ipc command.
show ipc {nodes | ports | queue | status}
Syntax Description
nodes
ports
queue
status
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
IPC Master
GALIOS IPC:Card 1
GALIOS IPC:Card 2
Last Last
Sent Heard
0
0
0
0
12
26
Type
unicast
unicast
unicast
unicast
unicast
seat_id =
Name
(current/peak/total)
IPC Master:Zone
IPC Master:Echo
IPC Master:Control
Remote TTY Server Port
GALIOS RF :Active
0x2020000 last sent = 0
heard = 1635
10000.6
unicast
GALIOS RED:Active
index = 0 seat_id = 0x2020000 last sent = 0
2020000.3
2020000.4
2020000.5
2020000.6
2020000.7
unicast
unicast
unicast
unicast
unicast
GALIOS
GALIOS
Slave:
GALIOS
GALIOS
heard = 2
0/1/1635
0/1/2
IPC:Card 2:Control
RFS :Standby
Remote TTY Client Port
RF :Standby
RED:Standby
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-779
Chapter 2
show ipc
This example shows how to display the contents of the IPC retransmission queue:
Switch# show ipc queue
There are 0 IPC messages waiting for acknowledgement in the transmit queue.
There are 0 IPC messages waiting for a response.
There are 0 IPC messages waiting for additional fragments.
There are 0 IPC messages currently on the IPC inboundQ.
There are 0 messages currently in use by the system.
Switch#
This example shows how to display the status of the local IPC server:
Switch# show ipc status
IPC System Status:
This processor is the IPC master server.
6000 IPC message headers in cache
3363 messages in, 1680 out, 1660 delivered to local port,
1686 acknowledgements received, 1675 sent,
0 NACKS received, 0 sent,
0 messages dropped on input, 0 messages dropped on output
0 no local port, 0 destination unknown, 0 no transport
0 missing callback or queue, 0 duplicate ACKs, 0 retries,
0 message timeouts.
0 ipc_output failures, 0 mtu failures,
0 msg alloc failed, 0 emer msg alloc failed, 0 no origs for RPC replies
0 pak alloc failed, 0 memd alloc failed
0 no hwq, 1 failed opens, 0 hardware errors
No regular dropping of IPC output packets for test purposes
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-780
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface
Defaults
None
Command Modes
Interface mode
Command History
Release
Modification
12.2(54)SG
The show ipv6 first-hop counters command was introduced on the Catalyst
4500 series switch.
15.0(2)SG, XE 3.3.0SG Same behavior, new syntax; show ipv6 snooping counters
Examples
This example provides a sample output for the show ipv6 snooping counters command on interface
Gi2/49:
Switch# show ipv6 snooping counters int gi 2/48
Received messages on Gi2/48:
Protocol
Protocol message
ICMPv6
RS
RA
NS
0
0
0
NA
0
REDIR
0
CPS
0
CPA
0
NS
0
NA
0
REDIR
0
CPS
0
CPA
0
NS
NA
REDIR
CPS
CPA
Note
Related Commands
Only RA (Router Advertisement) and REDIR (Router Redirected packets) counters are supported in
Cisco IOS Release 12.2(54)SG.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-781
Chapter 2
Syntax Description
vlan vlan-id
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Use this command to display MLD snooping configuration for the switch or for a specific VLAN.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Examples
This is an example of output from the show ipv6 mld snooping vlan command. It shows snooping
characteristics for a specific VLAN.
Switch> show ipv6 mld snooping vlan 100
Global MLD Snooping configuration:
------------------------------------------MLD snooping
: Enabled
MLDv2 snooping (minimal)
: Enabled
Listener message suppression : Enabled
TCN solicit query
: Disabled
TCN flood query count
: 2
Robustness variable
: 3
Last listener query count
: 2
Last listener query interval : 1000
Vlan 100:
-------MLD snooping
MLDv1 immediate leave
Explicit host tracking
Multicast router learning mode
Robustness variable
Last listener query count
Last listener query interval
:
:
:
:
:
:
:
Disabled
Disabled
Enabled
pim-dvmrp
3
2
1000
This is an example of output from the show ipv6 mld snooping command. It displays snooping
characteristics for all VLANs on the switch.
Switch> show ipv6 mld snooping
Global MLD Snooping configuration:
-------------------------------------------
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-782
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
MLD snooping
MLDv2 snooping (minimal)
Listener message suppression
TCN solicit query
TCN flood query count
Robustness variable
Last listener query count
Last listener query interval
Vlan 1:
-------MLD snooping
MLDv1 immediate leave
Explicit host tracking
Multicast router learning mode
Robustness variable
Last listener query count
Last listener query interval
:
:
:
:
:
:
:
:
Enabled
Enabled
Enabled
Disabled
2
3
2
1000
:
:
:
:
:
:
:
Disabled
Disabled
Enabled
pim-dvmrp
1
2
1000
:
:
:
:
:
:
:
Disabled
Disabled
Enabled
pim-dvmrp
3
2
1000
<output truncated>
Vlan 951:
-------MLD snooping
MLDv1 immediate leave
Explicit host tracking
Multicast router learning mode
Robustness variable
Last listener query count
Last listener query interval
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-783
Chapter 2
Syntax Description
vlan vlan-id
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Use this command to display MLD snooping switch ports for the switch or for a specific VLAN.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Examples
This is an example of output from the show ipv6 mld snooping mrouter command. It displays snooping
characteristics for all VLANs on the switch that are participating in MLD snooping.
Switch>
Vlan
---2
72
200
This is an example of output from the show ipv6 mld snooping mrouter vlan command. It shows
multicast switch ports for a specific VLAN.
Switch>
Vlan
---2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-784
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
vlan vlan-id
Command Modes
Command History
Release
Modification
12.2(40)SG
Usage Guidelines
Use the show ipv6 mld snooping querier command to display the MLD version and IPv6 address of a
detected device that sends MLD query messages, which is also called a querier. A subnet can have
multiple multicast switches but has only one MLD querier. The querier can be a Layer 3 switch.
The show ipv6 mld snooping querier command output also shows the VLAN and interface on which
the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the
querier is a router, the output shows the port number on which the querier is learned in the Port field.
The output of the show ipv6 mld snoop querier vlan command displays the information received in
response to a query message from an external or internal querier. It does not display user-configured
VLAN values, such as the snooping robustness variable on the particular VLAN. This querier
information is used only on the MASQ message that is sent by the switch. It does not override the
user-configured robustness variable that is used for aging out a member that does not respond to query
messages.
VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD snooping.
Examples
This is an example of output from the show ipv6 mld snooping querier command:
Switch> show ipv6 mld snooping querier
Vlan
IP Address
MLD Version Port
------------------------------------------------------------2
FE80::201:C9FF:FE40:6000 v1
Gi3/0/1
This is an example of output from the show ipv6 mld snooping querier vlan command:
Switch> show ipv6 mld snooping querier vlan 2
IP address : FE80::201:C9FF:FE40:6000
MLD version : v1
Port : Gi3/0/1
Max response time : 1000s
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-785
Chapter 2
Related Commands
Command
Description
ipv6 mld snooping robustness-variable Configures the number of IP version 6 (IPv6) MLD queries
that the switch sends before deleting a listener that does not
respond.
ipv6 mld snooping tcn
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-786
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
entries
Displays a list of Capability Types and Dependent Capability Types that are
included in a single Capability Entry. Types within an entry can also be
independent.
groups
Displays a list of Capability Entries in priority order (the order that they will
be negotiated on a session).
types
client_id
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Capability is a functionality that an ISSU client can support and is required to interoperate with peers.
When an ISSU-aware client establishes its session with the peer, an ISSU negotiation takes place. The
ISSU infrastructure uses the registered information to negotiate the capabilities and the message version
to be used during the session.
Examples
The following example shows how to display the ISSU capability types for the IP host ISSU client
(clientid=2082):
Switch# show issu capability types 2082
Client_ID = 2082, Entity_ID = 1 :
Cap_Type = 0
Switch#
The following example shows how to display the ISSU capabilities entries for the IP host ISSU client
(clientid=2082):
Switch# show issu capability entries 2082
Client_ID = 2082, Entity_ID = 1 :
Cap_Entry = 1 :
Cap_Type = 0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-787
Chapter 2
The following example shows how to display the ISSU capabilities groups for the IP host ISSU client
(clientid=2082):
Switch# show issu capability groups 2082
Client_ID = 2082, Entity_ID = 1 :
Cap_Group = 1 :
Cap_Entry = 1
Cap_Type = 0
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-788
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
peer_uid
Defaults
Displays a list of clients registered to the ISSU infrastructure at the supervisor engine where the
command is entered.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
To implement ISSU versioning functionality, a client must first register itself, client capability, and client
message information with the ISSU infrastructure during the system initialization.
Examples
issu clients
2, Client_Name = ISSU Proto client, Entity_Count = 1
3, Client_Name = ISSU RF, Entity_Count = 1
4, Client_Name = ISSU CF client, Entity_Count = 1
5, Client_Name = ISSU Network RF client, Entity_Count = 1
7, Client_Name = ISSU CONFIG SYNC, Entity_Count = 1
8, Client_Name = ISSU ifIndex sync, Entity_Count = 1
9, Client_Name = ISSU IPC client, Entity_Count = 1
10, Client_Name = ISSU IPC Server client, Entity_Count = 1
11, Client_Name = ISSU Red Mode Client, Entity_Count = 1
100, Client_Name = ISSU rfs client, Entity_Count = 1
110, Client_Name = ISSU ifs client, Entity_Count = 1
200, Client_Name = ISSU Event Manager client, Entity_Count = 1
2002, Client_Name = CEF Push ISSU client, Entity_Count = 1
2003, Client_Name = ISSU XDR client, Entity_Count = 1
2004, Client_Name = ISSU SNMP client, Entity_Count = 1
2010, Client_Name = ARP HA, Entity_Count = 1
2012, Client_Name = ISSU HSRP Client, Entity_Count = 1
2021, Client_Name = XDR Int Priority ISSU client, Entity_Count = 1
2022, Client_Name = XDR Proc Priority ISSU client, Entity_Count = 1
2023, Client_Name = FIB HWIDB ISSU client, Entity_Count = 1
2024, Client_Name = FIB IDB ISSU client, Entity_Count = 1
2025, Client_Name = FIB HW subblock ISSU client, Entity_Count = 1
2026, Client_Name = FIB SW subblock ISSU client, Entity_Count = 1
2027, Client_Name = Adjacency ISSU client, Entity_Count = 1
2028, Client_Name = FIB IPV4 ISSU client, Entity_Count = 1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-789
Chapter 2
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
Client_ID
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
2054,
2058,
2059,
2067,
2068,
2070,
2071,
2072,
2073,
2077,
2078,
2079,
2081,
2082,
2083,
2084,
4001,
4002,
4003,
4004,
4005,
Base Clients:
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Client_Name =
Related Commands
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
Client_Name
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
ISSU
ISIS
ISIS
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
ISSU
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-790
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
negotiated
stored
xml
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Before attempting an ISSU, you should know the compatibility level between the old and the new Cisco
IOS software versions on the active and the standby supervisor engines. ISSU will not work if the two
versions are incompatible.
The compatibility matrix is available on Cisco.com so that you can also veiw in advance whether an
upgrade can be performed with the ISSU process. The compatibility matrix during the ISSU process and
later by entering the show issu comp-matrix command. To display information on the negotiation of the
compatibility matrix data between two software versions on a given system, use the show issu
comp-matrix negotiated command.
Compatibility matrix data is stored with each Cisco IOS software image that supports ISSU capability.
To display stored compatibility matrix information, use the show issu comp-matrix stored command.
The compatibility matrix information are built-in any Cisco IOS ISSU image. The ISSU infrastructure
performs a matrix lookup as soon as the communication with the standby supervisor engine is
established. There are three possible results from the lookup operation:
CompatibleThe Base-level system infrastructure and all optional HA-aware subsystems are
compatible. In-service upgrade or downgrade between these versions will succeed with minimal
service impact.
Base-Level CompatibleOne or more of the optional HA-aware subsystems are not compatible.
Although an in-service upgrade or downgrade between these versions will succeed, some
subsystems will not be able to maintain their state during the switchover. Prior to attempting an
in-service upgrade or downgrade, the impact of this on operation and service of the switch must be
considered carefully.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-791
Chapter 2
Examples
IncompatibleA set of core system infrastructure must be able to execute in a stateful manner for
SSO to function correctly. If any of these required features or subsystems is not compatible in two
different Cisco IOS images, the two versions of the Cisco IOS images are declared Incompatible.
This means that an in-service upgrade or downgrade between these versions is not possible. The
systems operates in RPR mode during the period when the versions of Cisco IOS at the active and
standby supervisor engines differ.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-792
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
4003
4004
4005
301
401
1
262182
262146
262149
19
22
4
1
1
1
COMPATIBLE
COMPATIBLE
COMPATIBLE
negotiate
negotiate
negotiate
negotiate
negotiate
negotiate
negotiate
List of Clients:
Cid
Client Name
Base/Non-Base
================================================
2
ISSU Proto client
Base
3
ISSU RF
Base
4
ISSU CF client
Base
5
ISSU Network RF client
Base
7
ISSU CONFIG SYNC
Base
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-793
Chapter 2
8
9
10
11
100
110
200
2002
2003
2004
2008
2010
2012
2021
2022
2023
2024
2025
2026
2027
2028
2054
2058
2059
2067
2068
2070
2071
2072
2073
2077
2078
2079
2081
2082
2083
2084
4001
4002
4003
4004
4005
12.2(31)SGA
Compatibility
------------Comp(3)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-794
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-795
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Endpoint is an execution unit within a redundancy domain. There are only 2 endpoints on the Catalyst
4500 series switch redundant chassis: 1 and 2. The endpoints correspond to the slot numbers for the
supervisor engine. The ISSU infrastructure communicates between these two endpoints to establish
session and to perform session negotiation for ISSU clients.
Examples
Compatibility
Same
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-796
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
client_id
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Entity is a logical group of sessions with some common attributes (like capability list and message type).
Currently, most ISSU clients on the Catalyst 4500 series switch have only one entity.
Examples
The following example shows how to display the entity information for a specified ISSU client:
Switch#show issu entities 2072
Client_ID = 2072 :
Entity_ID = 1, Entity_Name = ISSU dot1x entity :
MsgType MsgGroup CapType CapEntry CapGroup
Count
Count
Count
count
Count
28
1
1
1
1
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-797
Chapter 2
Syntax Description
session_id
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Examples
(Optional) Provides detailed information about the FSM for the specified
session.
The following example displays and verifies the ISSU state after LOADVERSION:
Switch# show issu fsm 26
Session_ID = 26 :
FSM_Name
Curr_State
Old_State
Error_Reason
FSM_L1
TRANS
A_VER
none
FSM_L2_HELLO
EXIT
RCVD
none
FSM_L2_A_CAP
A_EXIT
A_RSP
none
FSM_L2_P_CAP
P_INIT
unknown
none
FSM_L2_A_VER
A_EXIT
A_RES_RSP
none
FSM_L2_P_VER
P_INIT
unknown
none
FSM_L2_TRANS
COMP
COMP
none
Current FSM is FSM_L2_TRANS
Session is compatible
Negotiation started at 00:01:07.688, duration is 0.148 seconds
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-798
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
groups
types
client_id
Defaults
If client ID is not specified, displays message groups or message types information for all clients
registered to the ISSU infrastructure.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Messages are sync-data (also known as checkpoint data) sent between two endpoints.
When an ISSU-aware client establishes its session with a peer, an ISSU negotiation takes place. The
ISSU infrastructure uses the registered information to negotiate the capabilities and the message version
to be used during the session.
Examples
The following example shows how to display the message groups for Client_id 2082:
Switch#show issu message groups 2082
Client_ID = 2082, Entity_ID = 1 :
Message_Group = 1 :
Message_Type = 1,
Message_Type = 2,
Switch#
Version_Range = 1 ~ 2
Version_Range = 1 ~ 2
The following example shows how to display the message types for Client_id 2082:
Switch#show issu message types 2082
Client_ID = 2082, Entity_ID = 1 :
Message_Type = 1, Version_Range = 1 ~ 2
Message_Ver = 1,
Message_Mtu = 12
Message_Ver = 2,
Message_Mtu = 8
Message_Type = 2, Version_Range = 1 ~ 2
Message_Ver = 1,
Message_Mtu = 32
Message_Ver = 2,
Message_Mtu = 28
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-799
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-800
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
capability
version
session_id
(Optional) Specifies the ISSU session ID for which the capability or version
information is displayed.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Examples
The following example shows how to display the message types for a specific group:
Switch# show issu negotiated capability 26
Session_ID = 26 :
Cap_Type = 0,
Cap_Result = 1
No cap value assigned
Switch# show issu negotiated version 26
Session_ID = 26 :
Message_Type = 1, Negotiated_Version = 1,
Message_Type = 2, Negotiated_Version = 1,
Related Commands
Message_MTU = 44
Message_MTU = 4
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-801
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
Examples
Related Commands
Command
Description
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-802
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
client_id
Defaults
Displays session information for all clients registered to the ISSU infrastructure.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
Session is bidirectional and a reliable connection is established between two endpoints. Sync-data and
negotiation messages are sent to the peer endpoint through a session. On a Catalyst 4500 series switch,
each ISSU-aware client has a maximum of one session at each endpoint.
When an ISSU-aware client establishes its session with the peer, an ISSU negotiation takes place. The
ISSU infrastructure uses the registered information to negotiate the capabilities and the message version
to be used during the session.
Examples
Session_Name = dot1x :
Negotiate
Role
PRIMARY
Negotiated
Cap
Result
GroupID
COMPATIBLE
1
(no policy)
Msg
GroupID
1
Session
Signature
0
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-803
Chapter 2
Syntax Description
slot_number
(Optional) Specifies the slot number whose ISSU state needs to be displayed
(1 or 2).
detail
(Optional) Provides detailed information about the state of the active and
standby supervisor engines.
Defaults
The command displays the ISSU state and current booted image name of both the active and standby
supervisor engines.
Command Modes
Command History
Release
Modification
12.2(31)SGA
Usage Guidelines
It might take several seconds after the issu loadversion command is entered for Cisco IOS software to
load onto the standby supervisor engine and the standby supervisor engine to transition to SSO mode. If
you enter the show issu state command too soon, you might not see the information you need.
Examples
The following example displays and verifies the ISSU state after LOADVERSION:
Switch# show issu state detail
Slot
RP State
ISSU State
Boot Variable
Operating Mode
Primary Version
Secondary Version
Current Version
=
=
=
=
=
=
=
=
1
Active
Load Version
bootflash:old_image,12
Stateful Switchover
bootflash:old_image
bootflash:new_image
bootflash:old_image
Slot
RP State
ISSU State
Boot Variable
Operating Mode
Primary Version
Secondary Version
Current Version
=
=
=
=
=
=
=
=
2
Standby
Load Version
bootflash:new_image,12;bootflash:old_image,12
Stateful Switchover
bootflash:old_image
bootflash:new_image
bootflash:new_image
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-804
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
issu abortversion
issu acceptversion
Halts the rollback timer and ensures that the new Cisco IOS
software image is not automatically stopped during the
ISSU process.
issu commitversion
Loads the new Cisco IOS software image into the new
standby supervisor engine.
issu loadversion
issu runversion
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-805
Chapter 2
show l2protocol-tunnel
show l2protocol-tunnel
To display information about the Layer 2 protocol tunnel ports, use the show l2protocol-tunnel
command. This command displays information for the interfaces with protocol tunneling enabled.
show l2protocol-tunnel [interface interface-id] [[summary] | {begin | exclude | include}
expression]
Syntax Description
interface interface-id
summary
begin
(Optional) Displays information beginning with the line that matches the
expression.
exclude
(Optional) Displays information that excludes lines that match the expression.
include
expression
Command Modes
Command History
Release
Modification
12.2(18)EW
This command was first introduced on the Catalyst 4500 series switch.
12.2(25)EW
Usage Guidelines
After enabling Layer 2 protocol tunneling on an access or 802.1Q tunnel port with the l2protocol-tunnel
command, you can configure some or all of these parameters:
Shutdown threshold
Drop threshold
If you enter the show l2protocol-tunnel [interface interface-id] command, only information about the
active ports on which all the parameters are configured appears.
If you enter the show l2protocol-tunnel summary command, only information about the active ports
on which some or all of the parameters are configured appears.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
do not appear, but the lines that contain Output appear.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-806
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
Decapsulation
Counter
---------------1866
12
860
0
211
2350
13
67
5848
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Drop
Counter
---------------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Protocol
Shutdown
Threshold
(cdp/stp/vtp)
(pagp/lacp/udld)
-------------------/----/-------/----/---1100/1100/1100
----/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/-------/----/----
Drop
Status
Threshold
(cdp/stp/vtp)
(pagp/lacp/udld)
---------------- -------------/----/---up
----/----/-------/----/---up
900/ 900/ 900
----/----/---up
----/----/-------/----/---up
----/----/-------/----/---down
----/----/-------/----/---down
----/----/-------/----/---down
----/----/-------/----/---down
----/----/----
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-807
Chapter 2
show l2protocol-tunnel
Related Commands
Command
Description
l2protocol-tunnel
l2protocol-tunnel cos
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-808
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show lacp
To display LACP information, use the show lacp command.
show lacp [channel-group] {counters | internal | neighbors | sys-id}
Syntax Description
channel-group
(Optional) Number of the channel group; valid values are from 1 to 64.
counters
internal
neighbors
sys-id
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 Series Switches.
Usage Guidelines
This command is not supported on systems that are configured with a Supervisor Engine I.
If you do not specify a channel-group value, all channel groups are displayed.
You can enter the optional channel-group value to specify a channel group for all keywords, except the
sys-id keyword.
Examples
This example shows how to display LACP statistical information for a specific channel group:
Switch# show lacp 1 counters
LACPDUs
Marker
LACPDUs
Port
Sent
Recv
Sent
Recv
Pkts Err
--------------------------------------------------Channel group: 1
Fa4/1
8
15
0
0
3
0
Fa4/2
14
18
0
0
3
0
Fa4/3
14
18
0
0
0
Fa4/4
13
18
0
0
0
Switch#
The LACPDUs Sent and Recv columns display the LACPDUs sent and received on each specific
interface.
The LACPDUs Pkts and Err columns display the marker protocol packets.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-809
Chapter 2
show lacp
This example shows how to display internal information for the interfaces belonging to a specific channel:
Switch# show lacp 1 internal
Flags: S - Device sends PDUs at slow rate. F - Device sends PDUs at fast rate.
A - Device is in Active mode.
P - Device is in Passive mode.
Channel group 1
Port
Fa4/1
Fa4/2
Fa4/3
Fa4/4
Switch#
Flags
saC
saC
saC
saC
State
bndl
bndl
bndl
bndl
LACPDUs
Interval
30s
30s
30s
30s
LACP Port
Priority
32768
32768
32768
32768
Admin
Key
100
100
100
100
Oper
Key
100
100
100
100
Port
Number
0xc1
0xc2
0xc3
0xc4
Port
State
0x75
0x75
0x75
0x75
Field
Description
State
downPort is down.
LACPDUs Interval
Interval setting.
Admin Key
Administrative key.
Oper Key
Operator key.
Port Number
Port number.
Port State
State variables for the port encoded as individual bits within a single
octet with the following meaning [1]:
bit0: LACP_Activity
bit1: LACP_Timeout
bit2: Aggregation
bit3: Synchronization
bit4: Collecting
bit5: Distributing
bit6: Defaulted
bit7: Expired
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-810
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display LACP neighbors information for a specific port channel:
Switch# show lacp 1 neighbor
Flags: S - Device sends PDUs at slow rate. F - Device sends PDUs at fast rate.
A - Device is in Active mode.
P - Device is in Passive mode.
Channel group 1 neighbors
Partner
Port
System ID
Fa4/1
8000,00b0.c23e.d84e
Fa4/2
8000,00b0.c23e.d84e
Fa4/3
8000,00b0.c23e.d84e
Fa4/4
8000,00b0.c23e.d84e
Port
Priority
32768
32768
32768
32768
Fa4/1
Fa4/2
Fa4/3
Fa4/4
Switch#
Admin
Key
200
200
200
200
Partner
Port Number
0x81
0x82
0x83
0x84
Oper
Key
200
200
200
200
Age
29s
0s
0s
0s
Flags
P
P
P
P
Port
State
0x81
0x81
0x81
0x81
In the case where no PDUs have been received, the default administrative information is displayed in
braces.
This example shows how to display the LACP system identification:
Switch> show lacp sys-id
8000,AC-12-34-56-78-90
Switch>
The system identification is made up of the system priority and the system MAC address. The first two bytes
are the system priority, and the last six bytes are the globally administered individual MAC address associated
to the system.
Related Commands
Command
Description
lacp port-priority
lacp system-priority
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-811
Chapter 2
show license
show license
To display information about the software license, use the show license command.
.show license [agent [counters | session] [all | detail [feature-name] | feature | file | statistics |
status | udi | right-to-use | summary | permanent | in-use | image levels | evaluation | expiring]
Syntax Description
agent
all
detail feature-name
feature
file
statistics
status
udi
Shows all the unique device identifier (UDI) values that can be licensed in
a system
right-to-use
summary
permanent
in-use
image levels
evaluation
expiring
Defaults
Command Modes
Command History
Release
Modification
IOS XE 3.1.0
Support for show license introduced on the Catalyst 4500 Series Switches.
IOS XE 3.4.2
Usage Guidelines
Use this command to display license information and to help with troubleshooting issues related to Cisco
IOS software licenses. It displays all the licenses in the system.
This command also displays those features that are available but not licensed to execute (i.e., multiple
license can be active but not in use (execute) simulteously). Only one type license can be used at a given
time. Output is grouped according to how the features are stored in license storage (i.e., .where license
information is stored on the device).
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-812
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples).
These are examples of output from the show license agent command:
Switch# show license agent counters
License Agent Counters
Request Messages Received:0: Messages with Errors:0
Request Operations Received:0: Operations with Errors:0
Notification Messages Sent:1: Transmission Errors:0
Switch# show license agent session
License Agent Sessions: 0 open, maximum is 9
Switch# show license ?
agent show license agent
all Displays All The License(s).
call-home Show license call-home information
detail Displays Details Of A Given License.
evaluation Displays Evaluation License(s)
expiring Displays Expiring License(s).
feature Displays License Enabled Features.
file Displays All The License File(s).
handle show license handle
image show license image level
in-use Displays License That Are In-Use.
permanent Displays Permanent License(s)
right-to-use show permanent right-to-use licenses
statistics Displays License Statistics.
status Displays License Status.
summary Displays Brief Summary Of All License(s).
udi Displays UDI Value
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-813
Chapter 2
show license
This is an example of output from the show license detail entservices command:
Switch# show license detail entservices
Feature: entservices Period Left: 8 weeks 3 days
Index: 1 Feature: entservices Version: 1.0
License Type: Evaluation
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 3 days
License State: Active, Not in Use, EULA accepted
License Count: Non-Counted
License Priority: Low
Store Index: 0
Store Name: Dynamic Evaluation License Storage
Index: 2 Feature: entservices Version: 1.0
License Type: PermanentRightToUse
License State: Inactive
License Count: Non-Counted
Store Index: 1
Store Name: Dynamic Evaluation License Storage
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-814
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
License Index: 2
License: 11 ipbase 1.0 LONG TRIAL DISABLED 1440 DISABLED STANDALONE ADD INFINITE_KEYS
INFINITE_KEYS NEVER NEVER NiL SLM_CODE DEMO NiL NiL Ni NiL NiL 5_MINS NiL
YXNJUtpFJiC2Rpdt1SJNVQBCpQUBNt59tdkJJTgKwmLTKj:vmp,sVkMiiRYLfMHQfj$AQEBIf8B//kagzg0R7bT5rn
6dVYVPUFmxB1UsblGgbkInHYo55DJzHE/Bqnlf9keNdSyzPbUhSRqwInXo3snsLU7rOtdOxoIxYZAo3LYmUJ+MFzsq
lhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJfEPQIx6tZ++/Vtc/q3SF/5Ko8XCY=
Comment:
Hash: H6zsXVLv9TFlmTfFGm0tK4VHJ2Q=
License Index: 3
License: 12 ipbase 1.0 LONG TRIAL DISABLED DISABLED DISABLED STANDALONE ADD INFINITE_KEYS
INFINITE_KEYS 1 JAN 2006 1 JAN 2035 NiL NiL SLM_CODE DEMO NiL NiL Ni NiL NiL 5_MINS
NOTLOCKEDNOTLOCKEDHBL
Zh0GdIANTlXwW6LJgQ95LB0aCazzbsjSOL4HUaqcySLcOvcLq,d04oTgS8pJbHIO3BaD0tgELHog9egQWj9bCJ3,sm
2jRaJkgkhYKO9BrbWYLOA,mO3Qe2E,TPJou8fms:LtvrfctzLbujmB0XcB68MPLm$AQEBIf8B//+O8JwRWipzfjtWl
AItclx+D6NLhKMyqS1hJoxCM1Txgw8BpmG5QQY5nCiE14CPvVKRqwInXo3s+nsLU7rOtdOxoIxYZAo3LYmUJ+MFzsq
lhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJfEPQIx6tZ++/Vtc/q3SF/5Ko8XCY=
Comment:
Hash: S3Ks+G07ueugA9hMFPkXGTF12So=
When you enter the show license udi command on WS-C4507R+E, this output appears:
Switch# show license udi
Device# PID SN UDI
-
*0 WS-C4507R+E FOX1327G52D WS-C4507R+E:FOX1327G52D
Note
The show license udi command output shows details on the current switch.
Displays all the Right to use licenses present on the device and their status. It contains license details:
license state, licenses currently in use, and whether the EULA is accepted by the user.
Switch# show license right-to-use
License Store: Built-In License Storage
StoreIndex: 1
Feature: ipservices
Version: 1.0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-815
Chapter 2
show license
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-816
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-817
Chapter 2
show mab
show mab
To display MAC authentication bypass (MAB) information, use the show mab command in EXEC
mode.
show mab {interface interface interface-number | all} [detail]
Syntax Description
interface interface
interface-number
all
detail
Command Default
None.
Command Modes
Command History
Release
Modification
12.2(50)SG
Usage Guidelines
Field
Description
Mac-Auth-Bypass
MAB state
Inactivity Timeout
Inactivity timeout
Client MAC
MAB SM state
Auth Status
Authorization status
Table 2-37 lists the possible values for the state of the MAB state machine.
Table 2-37
State
State Level
Description
Initialize
Intermediate
Acquiring
Intermediate
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-818
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-37
Authorizing
Intermediate
Terminate
Terminal
Table 2-38 lists the possible displayed values for the MAB authorization status.
Table 2-38
Examples
Status
Description
AUTHORIZED
UNAUTHORIZED
The following example shows how to display MAB information for a specific interface:
Switch# show mab interface GigaEthernet1/3
MAB details for GigaEthernet1/3
------------------------------------Mac-Auth-Bypass = Enabled
Inactivity Timeout = None
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-819
Chapter 2
show mab
The following example shows how to display detailed MAB information for a specific interface:
Switch# show mab interface gigabitethernet1/1 detail
MAB details for GigaEthernet1/1
------------------------------------Mac-Auth-Bypass = Enabled
Inactivity Timeout = None
MAB Client List
--------------Client MAC = 000f.23c4.a401
MAB SM state = TERMINATE
Auth Status = AUTHORIZED
Switch#
Related Commands
Command
Description
mab
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-820
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface
(Optional) Specifies the interface type; valid values are ethernet, fastethernet,
gigabitethernet, tengigabitethernet, pos, atm, port-channel, and ge-wan.
interface-number
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The valid values for the port number depend on the chassis used.
Examples
This example shows how to display the ACL configuration on interface fast 6/1:
Switch# show mac access-group interface fast 6/1
Interface FastEthernet6/1:
Inbound access-list is simple-mac-acl
Outbound access-list is not set
Related Commands
Command
Description
access-group mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-821
Chapter 2
Syntax Description
mac_addr
protocol protocol
vlan vlan_id
(Optional) Displays entries for the specific VLAN only; valid values are
from 1 to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Usage Guidelines
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the internal VLAN number.
The keyword definitions for the protocol variable are as follows:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-822
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to display MAC address table information for a specific MAC address:
Switch# show mac-address-table address 0030.94fc.0dff
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/2
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-823
Chapter 2
Syntax Description
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Examples
This example shows how to display the currently configured aging time for all VLANs:
Switch#
Vlan
---100
200
Switch#
This example shows how to display the currently configured aging time for a specific VLAN:
Switch#
Vlan
---100
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-824
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-825
Chapter 2
Syntax Description
vlan vlan_id
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Examples
This example shows how to display the entry count for a specific VLAN:
Switch# show mac-address-table count vlan 1
MAC Entries for Vlan 1:
Dynamic Unicast Address Count:
Static Unicast Address (User-defined) Count:
Static Unicast Address (System-defined) Count:
Total Unicast MAC Addresses In Use:
Total Unicast MAC Addresses Available:
Multicast MAC Address Count:
Total Multicast MAC Addresses Available:
Switch#
Related Commands
0
0
1
1
32768
1
16384
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-826
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-827
Chapter 2
Syntax Description
address mac_addr
protocol protocol
vlan vlan_id
(Optional) Displays entries for a specific VLAN; valid values are from 1
to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Usage Guidelines
ip specifies IP protocol.
The show mac-address-table dynamic command output for an EtherChannel interface changes the port
number designation (such as, 5/7) to a port group number (such as, Po80).
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the internal VLAN number.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-828
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to display all the dynamic MAC address entries:
Switch# show mac-address-table dynamic
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.0201
dynamic ip
FastEthernet6/15
1
0000.0000.0202
dynamic ip
FastEthernet6/15
1
0000.0000.0203
dynamic ip,assigned
FastEthernet6/15
1
0000.0000.0204
dynamic ip,assigned
FastEthernet6/15
1
0000.0000.0205
dynamic ip,assigned
FastEthernet6/15
2
0000.0000.0101
dynamic ip
FastEthernet6/16
2
0000.0000.0102
dynamic ip
FastEthernet6/16
2
0000.0000.0103
dynamic ip,assigned
FastEthernet6/16
2
0000.0000.0104
dynamic ip,assigned
FastEthernet6/16
2
0000.0000.0105
dynamic ip,assigned
FastEthernet6/16
Switch#
This example shows how to display the dynamic MAC address entries with a specific protocol type (in
this case, assigned):
Switch# show mac-address-table dynamic protocol assigned
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.0203
dynamic ip,assigned
FastEthernet6/15
1
0000.0000.0204
dynamic ip,assigned
FastEthernet6/15
1
0000.0000.0205
dynamic ip,assigned
FastEthernet6/15
2
0000.0000.0103
dynamic ip,assigned
FastEthernet6/16
2
0000.0000.0104
dynamic ip,assigned
FastEthernet6/16
2
0000.0000.0105
dynamic ip,assigned
FastEthernet6/16
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-829
Chapter 2
Syntax Description
type
slot/port
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Usage Guidelines
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the internal VLAN number.
Examples
This example shows how to display MAC address table information for a specific interface:
Switch# show mac-address-table interface fastethernet6/16
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------2
0000.0000.0101
dynamic other
FastEthernet6/16
2
0000.0000.0102
dynamic other
FastEthernet6/16
2
0000.0000.0103
dynamic other
FastEthernet6/16
2
0000.0000.0104
dynamic other
FastEthernet6/16
2
0000.0000.0105
dynamic other
FastEthernet6/16
2
0000.0000.0106
dynamic other
FastEthernet6/16
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------2
ffff.ffff.ffff
system Fa6/16
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-830
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-831
Chapter 2
Syntax Description
vlan vlan-id
| begin
| exclude
| include
expression
Defaults
Command Modes
User EXEC
Command History
Release
Modification
12.2(54)SG
This command was modified to support the learning disable feature on the
Catalyst 4500 series switch.
Usage Guidelines
To display configured VLANs, and whether MAC address learning is enabled or disabled, use the
show mac address-table learning command without keywords. .
To display the learning status on an individual VLAN, use the command with a specific VLAN ID.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
do not appear, but the lines that contain Output appear.
Examples
This example shows that MAC address learning is disabled on VLAN 200:
Switch> show mac address-table learning
VLAN
Learning Status
-----------------1
yes
100
yes
200
no
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-832
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
count
igmp-snooping
user
vlan vlan_num
(Optional) Displays information for a specific VLAN only; valid values are from
1 to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the the internal VLAN number.
Examples
This example shows how to display multicast MAC address table information for a specific VLAN:
Switch# show mac-address-table multicast vlan 1
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
Switch#
This example shows how to display the number of multicast MAC entries for all VLANs:
Switch# show mac-address-table multicast count
MAC Entries for all vlans:
Multicast MAC Address Count:
141
Total Multicast MAC Addresses Available:
16384
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-833
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-834
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
change
interface
interface-id
mac-move
threshold
learn-fail
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(52)SG
Support for learn-fail keyword, Supervisor Engine 6-E, and Catalyst 4900M chassis
added.
Usage Guidelines
Use the show mac-address-table notification change command to display the MAC change
notification interval, the maximum number of entries allowed in the history table, the history table
contents, and whether the MAC change feature is enabled or disabled.
Use the interface keyword to display the flags for all interfaces. If the interface-id is included, only the
flags for that interface are displayed.
Examples
This example shows how to display all the MAC address notification information:
Switch# show mac-address-table notification change
MAC Notification Feature is Enabled on the switch
Interval between Notification Traps : 1 secs
Number of MAC Addresses Added : 5
Number of MAC Addresses Removed : 1
Number of Notifications sent to NMS : 3
Maximum Number of entries configured in History Table : 500
Current History Table Length : 3
MAC Notification Traps are Enabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-835
Chapter 2
323
323
323
323
This example shows how to display the MAC address change status on the FastEthernet interface 7/1:
Switch# show mac-address-table notification change interface FastEthernet 7/1
MAC Notification Feature is Enabled on the switch
Interface
MAC Added Trap MAC Removed Trap
---------------------- ---------------FastEthernet7/1
Enabled
Disabled
Switch#
This example shows how to display the MAC address move status:
Switch# show mac-address-table notification mac-move
MAC Move Notification: Enabled
Switch#
This example shows how to display the MAC address table utilization status:
Switch# show mac-address-table notification threshold
Status
limit
Interval
-------------+-----------+------------enabled
50
120
Switch#
This example shows how to display general information of MAC learning failure notifications:
Switch# show mac address-table notification learn-fail
Status
limit
Interval
-------------+-----------+------------disabled
2000
120
Related Commands
Command
Description
clear mac-address-table
mac-address-table notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-836
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
assigned
ip
ipx
other
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the the internal VLAN number.
Examples
This example shows how to display the MAC address table entries that have a specific protocol type (in
this case, assigned):
Switch# show mac-address-table protocol assigned
vlan
mac address
type
protocol qos
ports
-----+---------------+--------+---------+---+-------------------------------200 0050.3e8d.6400 static
assigned -- Switch
100 0050.3e8d.6400 static
assigned -- Switch
5 0050.3e8d.6400 static
assigned -- Switch
4092 0000.0000.0000 dynamic assigned -- Switch
1 0050.3e8d.6400 static
assigned -- Switch
4 0050.3e8d.6400 static
assigned -- Switch
4092 0050.f0ac.3058 static
assigned -- Switch
4092 0050.f0ac.3059 dynamic assigned -- Switch
1 0010.7b3b.0978 dynamic assigned -- Fa5/9
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-837
Chapter 2
This example shows the other output for the previous example:
Switch# show mac-address-table protocol other
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.0201
dynamic other
FastEthernet6/15
1
0000.0000.0202
dynamic other
FastEthernet6/15
1
0000.0000.0203
dynamic other
FastEthernet6/15
1
0000.0000.0204
dynamic other
FastEthernet6/15
1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
2
0000.0000.0101
dynamic other
FastEthernet6/16
2
0000.0000.0102
dynamic other
FastEthernet6/16
2
0000.0000.0103
dynamic other
FastEthernet6/16
2
0000.0000.0104
dynamic other
FastEthernet6/16
Fa6/1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/2
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
2
ffff.ffff.ffff
system Fa6/16
1002
ffff.ffff.ffff
system
1003
ffff.ffff.ffff
system
1004
ffff.ffff.ffff
system
1005
ffff.ffff.ffff
system
Fa6/1
ffff.ffff.ffff
system Switch,Fa6/1
Fa6/2
ffff.ffff.ffff
system Switch,Fa6/2
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-838
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
address mac_addr
protocol protocol
vlan vlan_id
(Optional) Displays the entries for a specific VLAN; valid values are from
1 to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Usage Guidelines
For the MAC address table entries that are used by the routed ports, the routed port name is displayed in
the vlan column not the internal VLAN number.
The keyword definitions for the protocol argument are as follows:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-839
Chapter 2
Examples
This example shows how to display all the static MAC address entries:
Switch# show mac-address-table static
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/2
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
2
ffff.ffff.ffff
system Fa6/16
1002
ffff.ffff.ffff
system
1003
ffff.ffff.ffff
system
1004
ffff.ffff.ffff
system
1005
ffff.ffff.ffff
system
Fa6/1
ffff.ffff.ffff
system Switch,Fa6/1
Fa6/2
ffff.ffff.ffff
system Switch,Fa6/2
.
.
Switch#
This example shows how to display the static MAC address entries with a specific protocol type (in this
case, assigned):
Switch# show mac-address-table static protocol assigned
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Fa6/2
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
2
ffff.ffff.ffff
system Fa6/16
1002
ffff.ffff.ffff
system
1003
ffff.ffff.ffff
system
1004
ffff.ffff.ffff
system
1005
ffff.ffff.ffff
system
Fa6/1
ffff.ffff.ffff
system Switch,Fa6/1
Fa6/2
ffff.ffff.ffff
system Switch,Fa6/2
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-840
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-841
Chapter 2
Syntax Description
vlan vlan_id
(Optional) Displays the entries for a specific VLAN; valid values are from 1 to
4094.
protocol protocol
(Optional) Specifies a protocol. See the Usage Guidelines section for more
information.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
For the MAC address table entries used by the routed ports, the routed port name is displayed in the
vlan column not the the internal VLAN number.
The keyword definitions for the protocol variable are as follows:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-842
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to display information about the MAC address table for a specific VLAN:
Switch# show mac-address-table vlan 1
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.0201
dynamic ip
FastEthernet6/15
1
0000.0000.0202
dynamic ip
FastEthernet6/15
1
0000.0000.0203
dynamic other
FastEthernet6/15
1
0000.0000.0204
dynamic other
FastEthernet6/15
1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
Switch#
This example shows how to display MAC address table information for a specific protocol type:
Switch# show mac-address-table vlan 100 protocol other
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.0203
dynamic other
FastEthernet6/15
1
0000.0000.0204
dynamic other
FastEthernet6/15
1
0030.94fc.0dff
static ip,ipx,assigned,other Switch
Multicast Entries
vlan
mac address
type
ports
-------+---------------+-------+------------------------------------------1
ffff.ffff.ffff
system Switch,Fa6/15
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-843
Chapter 2
Syntax Description
No keywords
Command History
Release
Modification
12.2(54)SG
Examples
This example shows how to displaythe configuration of the MAC address group:
Switch# show macro auto address-group
MAC Address Group Configuration:
Group Name
OUI
MAC ADDRESS
-------------------------------------------------------------testGroup
2222.2222.2222
1111.1111.1111
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-844
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
device_id
Defaults
None
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command displays the default values as well as the currently used values if configured.
Examples
This example shows how to display the default information for the device access-point:
Switch# show macro auto device access-point
Device:access-point
Default Macro:CISCO_AP_AUTO_SMARTPORT
Current Macro:CISCO_AP_AUTO_SMARTPORT
Configurable Parameters:NATIVE_VLAN
Defaults Parameters:NATIVE_VLAN=1
Current Parameters:NATIVE_VLAN=1
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-845
Chapter 2
Syntax Description
interface_id
Defaults
None
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
Examples
This example shows how to display Auto SmartPorts status and the applied macros:
Switch# show macro auto int gi3/8
Global Auto Smart Port Status
Auto Smart Ports Enabled
Fallback : CDP Disabled, LLDP Disabled
Interface
Auto Smart Port
Fallback
Macro Description(s)
-------------------------------------------------------------Gi3/8
TRUE
None
CISCO_PHONE_EVENT
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-846
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Command Default
User EXEC
Privileged EXEC
Command History
Release
Modification
Usage Guidelines
Device classifier (DC) is enabled by default when you enable a client application (for example, Auto
Smartports) that uses its functionality. Use the show macro auto monitor clients command to display
the clients that are using the DC feature on the switch.
As long as any clients are using the DC, you cannot disable it by using the no macro auto monitor
command. If you attempt to disable the DC while a client is using it, an error message appears.
Examples
This example shows how to use the show macro auto monitor clients privileged EXEC command to
view the clients using the DC on the switch:
Switch# show macro auto monitor clients
Client Name
====================
Auto Smart Ports
This example shows the error message that appears when you attempt to disable DC while a client is
using it:
Switch(config)# no macro auto monitor
These subsystems should be disabled before disabling Device classifier
Auto Smart Ports
% Error - device classifier is not disabled
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-847
Chapter 2
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-848
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
detail
filter string
interface interface_id
mac mac_address
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
Usage Guidelines
Use this command to display the devices connected to a switch. Use the show macro auto device
privileged EXEC command to display the configurable parameters for a device.
Examples
This example shows how to use the show macro auto monitor device privileged EXEC command with
no optional keywords to view the devices connected to the switch:
Switch# show macro auto monitor device
MAC_Address
Port_Id
Profile Name
==============
=======
============================
000a.b8c6.1e07
Gi1/0/2
Cisco-Device
001f.9e90.1250
Gi1/0/4
Cisco-AP-Aironet-1130
======================================================
This example shows how to use the show macro auto monitor device privileged EXEC command with
the optional mac-address keyword to view summary information about the connected device with the
specified MAC address:
Switch# show macro auto monitor device mac-address 001f.9e90.1250
MAC_Address
Port_Id
Profile Name
==============
=======
============================
001f.9e90.1250
Gi1/0/4
Cisco-AP-Aironet-1130
==========================================================
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-849
Chapter 2
This example shows how to use the show macro auto monitor device privileged EXEC command with
the optional mac-address and detail keywords to view detailed information about the connected device
with the specified MAC address:
Switch# show macro auto monitor device mac-address 001f.9e90.1250 detail
MAC_Address
Port_Id
Certainty Parent
ProfileType Profile Name
Device_Name
==============
=======
========= ======
===========
============================
===========
001f.9e90.1250
Gi1/0/4
40
2
Built-in
Cisco-AP-Aironet-1130
cisco AIR-LAP1131AG-E-K9
==========================================================================================
=======
This example shows how to use the show macro auto monitor device privileged EXEC command with
the optional interface keyword to view summary information about the device connected to the specified
interface:
Switch# show macro auto monitor device interface gi 1/0/2
MAC_Address
Port_Id
Profile Name
==============
=======
============================
000a.b8c6.1e07
Gi1/0/2
Cisco-Device
=====================================================
This example shows how to use the show macro auto monitor device privileged EXEC command with
the optional interface and detail keywords to view detailed information about the device connected to
the specified interface:
Switch# show macro auto monitor device interface gi 1/0/2 detail
MAC_Address
Port_Id
Certainty Parent
ProfileType Profile Name
Device_Name
==============
=======
========= ======
===========
============================
===========
000a.b8c6.1e07
Gi1/0/2
10
0
Default
Cisco-Device
cisco
WS-C2960-48TT-L
==========================================================================================
=======
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-850
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
table
built-in
default
filter string
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
Usage Guidelines
This command displays all the device types recognized by the device classification engine. The number
of available device types is the number of profiles stored on the switch. Because the number of profiles
can be very large, you can use the filter keyword to limit the command output.
Examples
This example shows how to use the show macro auto monitor type privileged EXEC command with
no optional keywords to view the devices recognized by the device classifier:
Switch# show macro auto monitor type table
Valid
Type
Profile Name
=========== ========= ==================
Valid
Default
Apple-Device
Valid
Default
Aruba-Device
Valid
Default
Avaya-Device
Valid
Default
Avaya-IP-Phone
Valid
Default
BlackBerry
Valid
Default
Cisco-Device
Valid
Default
Cisco-IP-Phone
Valid
Default
Cisco-IP-Phone-7902
Valid
Default
Cisco-IP-Phone-7905
Valid
Default
Cisco-IP-Phone-7906
Valid
Default
Cisco-IP-Phone-7910
Valid
Default
Cisco-IP-Phone-7911
Valid
Default
Cisco-IP-Phone-7912
Valid
Default
Cisco-IP-Phone-7940
Valid
Default
Cisco-IP-Phone-7941
Valid
Default
Cisco-IP-Phone-7942
min Conf
========
10
10
10
20
20
10
20
70
70
70
70
70
70
70
70
70
ID
====
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-851
Chapter 2
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Invalid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Default
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Cisco-IP-Phone-7945
Cisco-IP-Phone-7945G
Cisco-IP-Phone-7960
Cisco-IP-Phone-7961
Cisco-IP-Phone-7962
Cisco-IP-Phone-7965
Cisco-IP-Phone-7970
Cisco-IP-Phone-7971
Cisco-IP-Phone-7975
Cisco-IP-Phone-7985
Cisco-IP-Phone-9971
Cisco-WLC-2100-Series
DLink-Device
Enterasys-Device
HP-Device
HP-JetDirect-Printer
Lexmark-Device
Lexmark-Printer-E260dn
Microsoft-Device
Netgear-Device
NintendoWII
Nortel-Device
Nortel-IP-Phone-2000-Series
SonyPS3
XBOX360
Xerox-Device
Xerox-Printer-Phaser3250
Aruba-AP
Cisco-Access-Point
Cisco-IP-Conference-Station-7935
Cisco-IP-Conference-Station-7936
Cisco-IP-Conference-Station-7937
DLink-DAP-1522
Cisco-AP-Aironet-1130
Cisco-AP-Aironet-1240
Cisco-AP-Aironet-1250
Cisco-AIR-LAP
Cisco-AIR-LAP-1130
Cisco-AIR-LAP-1240
Cisco-AIR-LAP-1250
Cisco-AIR-AP
Cisco-AIR-AP-1130
Cisco-AIR-AP-1240
Cisco-AIR-AP-1250
Sun-Workstation
Linksys-Device
LinksysWAP54G-Device
HTC-Device
MotorolaMobile-Device
VMWare-Device
ISE-Appliance
Cisco-Device
Cisco-Router
Router
Cisco-IP-Camera
Cisco-IP-Camera-2xxx
Cisco-IP-Camera-2421
Cisco-IP-Camera-2500
Cisco-IP-Camera-2520
Cisco-IP-Camera-2530
Cisco-IP-Camera-4xxx
Cisco-Transparent-Bridge
Transparent-Bridge
Cisco-Source-Bridge
70
70
70
70
70
70
70
70
70
70
70
40
10
10
10
30
10
30
10
10
10
10
20
10
20
10
30
20
10
70
70
70
20
30
30
30
25
30
50
50
25
30
50
50
10
20
30
10
10
10
10
10
10
10
10
30
50
50
50
50
50
8
8
10
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
0
1
2
3
4
5
6
7
8
9
10
11
12
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-852
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Valid
Related Commands
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Built-in
Cisco-Switch
Cisco-IP-Phone
IP-Phone
Cisco-DMP
Cisco-DMP-4305G
Cisco-DMP-4310G
Cisco-DMP-4400G
Cisco-WLC-2100-Series
Cisco-Access-Point
Cisco-AIR-LAP
Cisco-AIR-AP
Linksys-Device
10
20
20
10
70
70
70
40
10
30
30
20
13
14
15
16
17
18
19
20
21
22
23
24
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-853
Chapter 2
show module
show module
To display information about the module, use the show module command.
show module [mod | all]
Syntax Description
mod
(Optional) Number of the module; valid values vary from chassis to chassis.
all
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Enhanced the output of the show idprom interface command to include the
10-Gigabit Ethernet interface.
Usage Guidelines
In the Mod Sub-Module fields in the command output, the show module command displays the
supervisor engine number but appends the uplink daughter cards module type and information.
If the PoE consumed by the module is more than 50 W above the administratively allocated PoE, the
Status displays as PwrOver. If the PoE consumed by the module is more than 50 W above the PoE
module limit, the Status displays as PwrFault.
Examples
This example shows how to display information for all the modules.
This example shows the show module command output for a system with inadequate power for all
installed modules. The system does not have enough power for Module 5; the Status displays it as
PwrDeny.
Switch# show module all
Mod Ports Card Type
Model
Serial No.
----+-----+--------------------------------------+-----------------+----------1
2 1000BaseX (GBIC) Supervisor(active)
WS-X4014
JAB054109GH
2
6 1000BaseX (GBIC)
WS-X4306
00000110
3
18 1000BaseX (GBIC)
WS-X4418
JAB025104WK
5
0 Not enough power for module
WS-X4148-FX-MT
00000000000
6
48 10/100BaseTX (RJ45)
WS-X4148
JAB023402RP
M MAC addresses
Hw Fw
Sw
Status
--+--------------------------------+---+------------+----------------+--------1 005c.9d1a.f9d0 to 005c.9d1a.f9df 0.5 12.1(11br)EW 12.1(20020313:00 Ok
2 0010.7bab.9920 to 0010.7bab.9925 0.2
Ok
3 0050.7356.2b36 to 0050.7356.2b47 1.0
Ok
5 0001.64fe.a930 to 0001.64fe.a95f 0.0
PwrDeny
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-854
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Ok
This example shows how to display information for all the modules on the switch:
Switch# show module
Chassis Type : WS-C4506
Power consumed by backplane : 0 Watts
Mod Ports Card Type
Model
Serial No.
---+-----+--------------------------------------+------------------+----------1
6 XG (X2), 1000BaseX (SFP) Supervisor(ac WS-X4517
""
3
6 1000BaseX (GBIC)
WS-X4306
00000110
M MAC addresses
Hw Fw
Sw
Status
--+--------------------------------+---+------------+----------------+--------1 0004.dd46.7700 to 0004.dd46.7705 0.0 12.2(20r)EW( 12.2(20040513:16 Ok
3 0010.7bab.9920 to 0010.7bab.9925 0.2
Ok
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-855
Chapter 2
show monitor
show monitor
To display information about the SPAN session, use the show monitor command.
show monitor [session] [range session-range | local | remote | all | session-number] [detail]
Syntax Description
session
range
session-range
local
remote
all
session-number
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
12.1(13)EW
12.1(19)EW
12.1(20)EW
Added support to display configuration state for remote SPAN and learning.
12.2(20)EW
This example shows how to display whether ACLs are applied to a given SPAN session on a
Catalyst 4500 series switch:
Switch# show monitor
Session 1
--------Type
Source Ports
Both
Destination Ports
Encapsulation
Ingress
Learning
Filter VLANs
IP Access-group
:
:
:
:
:
:
:
:
:
Local Session
Fa6/1
Fa6/2
Native
Disabled
Disabled
1
10
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-856
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display the detailed SPAN information for session 1:
Switch# show monitor session 1 detail
Session 1
--------Type
: Local Session
Source Ports
:
RX Only
: None
TX Only
: None
Both
: Gi1/1, CPU
Source VLANs
:
RX Only
: None
TX Only
: None
Both
: None
Source RSPAN VLAN : Fa6/1
Destination Ports : Fa6/1
Encapsulation : DOT1Q
Ingress : Enabled, default VLAN = 2
Filter VLANs
: None
Filter Types RX : Good
Filter Types TX : None
Dest Rspan Vlan : 901
Ingress : Enabled, default VLAN=2
Learning : Disabled
IP Access-group : None
Switch#
This example shows how to display SPAN information for session 1 beginning with the line that starts
with Destination:
Switch# show monitor session 1 | begin Destination
Destination Ports: None
Filter VLANs:
None
Switch#
Switch#
Related Commands
Command
Description
monitor session
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-857
Chapter 2
Syntax Description
Defaults
name
parameter
Reconstructs and displays the exec commands for specifying the capture point.
buffer [brief |
detailed | dump]
Source the packets from the capture buffer, decode and display them in brief,
detailed or dump mode.
If the capture point name is not provided, the command displays all the capture point details.
If the display mode is not specified, the command defaults to brief mode.
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
When the command is issued with no parameters, it displays the details of all the capture points. When
specified with a capture point name and no other parameters, it displays the details of the specific capture
point name. With the parameter keyword, the command reconstructs the commands that describe the
capture point and displays them.
The buffer option displays the packets from the capture buffer. This option is applicable only if the
capture point directs the captured packets to the buffer. The packets can be decoded and displayed in
either the brief, detailed, or dump mode. The default mode is brief.
Examples
Following are example of how to use the show monitor capture command:
Switch# show
0.000000
1.000000
2.000000
3.000000
4.000000
5.000000
6.000000
7.000000
8.000000
9.000000
10.000000
11.000000
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-858
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
12.000000
13.000000
14.000000
15.000000
16.000000
17.000000
18.000000
19.000000
20.000000
21.000000
10.1.1.227
10.1.1.228
10.1.1.229
10.1.1.230
10.1.1.231
10.1.1.232
10.1.1.233
10.1.1.234
10.1.1.235
10.1.1.236
->
->
->
->
->
->
->
->
->
->
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
20.1.1.2
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
Source
Source
Source
Source
Source
Source
Source
Source
Source
Source
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20001
20001
20001
20001
20001
20001
20001
20001
20001
20001
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
Destination
port:
port:
port:
port:
port:
port:
port:
port:
port:
port:
20002
20002
20002
20002
20002
20002
20002
20002
20002
20002
54
00
01
06
16
26
36
46
56
66
76
86
96
a6
b6
c6
75
ee
02
07
17
27
37
47
57
67
77
87
97
a7
b7
c7
d0
00
4e
08
18
28
38
48
58
68
78
88
98
a8
b8
c8
3a
00
21
09
19
29
39
49
59
69
79
89
99
a9
b9
c9
85
00
4e
0a
1a
2a
3a
4a
5a
6a
7a
8a
9a
aa
ba
ca
3f
00
22
0b
1b
2b
3b
4b
5b
6b
7b
8b
9b
ab
bb
cb
00
40
00
0c
1c
2c
3c
4c
5c
6c
7c
8c
9c
ac
bc
cc
00
11
da
0d
1d
2d
3d
4d
5d
6d
7d
8d
9d
ad
bd
cd
00
59
6d
0e
1e
2e
3e
4e
5e
6e
7e
8e
9e
ae
be
ce
00
25
e0
0f
1f
2f
3f
4f
5f
6f
7f
8f
9f
af
bf
cf
03
0a
00
10
20
30
40
50
60
70
80
90
a0
b0
c0
d0
01
01
01
11
21
31
41
51
61
71
81
91
a1
b1
c1
d1
08
01
02
12
22
32
42
52
62
72
82
92
a2
b2
c2
03
00
d7
03
13
23
33
43
53
63
73
83
93
a3
b3
c3
3e
45
14
04
14
24
34
44
54
64
74
84
94
a4
b4
c4
d0
00
01
05
15
25
35
45
55
65
75
85
95
a5
b5
c5
33
Tu.:.?........E.
[email protected]%......
..N!N"..m.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
.............>.3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-859
Chapter 2
Syntax Description
name
display-filter filter-string
Defaults
brief
Command Modes
Command History
Release
Modification
IOS XE 3.3.0SG/
15.1(1)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
If no display filter is specified, then all the packets in the file are displayed. Because the display filter
must observe the Wireshark display filter syntax, ensure that the display filter is accurate. Also, use a
double quotes when specifying the filter.
Examples
This example shows how to display packets from a .pcap file with a display filter:
Switch# show monitor capture file bootflash:test.pcap display-filter
Destination port:
Destination port:
Destination port:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-860
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
4
3.000000
20002
5
4.000000
20002
6
5.000000
20002
7
6.000000
20002
8
7.000000
20002
9
8.000000
20002
10
9.000000
20002
11 10.000000
20002
12 11.000000
20002
13 12.000000
20002
14 13.000000
20002
15 14.000000
20002
16 15.000000
20002
17 16.000000
20002
18 17.000000
20002
19 18.000000
20002
20 19.000000
20002
21 20.000000
20002
22 21.000000
20002
23 22.000000
20002
24 23.000000
20002
25 24.000000
20002
26 25.000000
20002
27 26.000000
20002
28 27.000000
20002
29 28.000000
20002
30 29.000000
20002
31 30.000000
20002
32 31.000000
20002
33 32.000000
20002
34 33.000000
20002
35 34.000000
20002
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-861
Chapter 2
36 35.000000
20002
37 36.000000
20002
38 37.000000
20002
39 38.000000
20002
40 39.000000
20002
41 40.000000
20002
42 41.000000
20002
43 42.000000
20002
44 43.000000
20002
45 44.000000
20002
46 45.000000
20002
47 46.000000
20002
48 47.000000
20002
49 48.000000
20002
50 49.000000
20002
51 50.000000
20002
52 51.000000
20002
53 52.000000
20002
54 53.000000
20002
55 54.000000
20002
56 55.000000
20002
57 56.000000
20002
58 57.000000
20002
59 58.000000
20002
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
Destination port:
This example shows how to display a detailed output from a .pcap file:
Switch# show monitor capture file bootflash:mycap.pcap detailed
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Mar 21, 2012 14:35:09.111993000 PDT
Epoch Time: 1332365709.111993000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-862
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
................
10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
................
20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
!"#$%&'()*+,-./
30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f
0123456789:;<=>?
40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f
@ABCDEFGHIJKLMNO
50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f
PQRSTUVWXYZ[\]^_
60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f
`abcdefghijklmno
70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f
pqrstuvwxyz{|}~.
80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f
................
90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f
................
a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af
................
b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf
................
c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
................
d0 d1
..
Data: 000102030405060708090a0b0c0d0e0f1011121314151617...
[Length: 210]
Frame 2: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Mar 21, 2012 14:35:10.111993000 PDT
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-863
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To displays information about the collector and global stats, use the show netflow-lite exporter
command.
show netflow-lite exporter exporter-name
Syntax Description
exporter-name
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Usage Guidelines
Examples
This example shows how to display information about the collector and global stats:
Switch# show netflow-lite exporter e1
Netflow-lite Exporter e1:
Description:
Exporter
Network Protocol Configuration:
Destination IP address:
192.168.1.1
VRF label:
cisc
Source IP Address:
10.1.1.5
DSCP:
0x1
TTL:
30
COS:
1
Transport Protocol Configuration:
Transport Protocol:
UDP
Destination Port:
1234
Source Port:
65535
Export Protocol Configuration:
Export Protocol:
netflow-v9
Exporter Statistics:
Export packets sent:
36
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-864
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
export-protocol (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-865
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To display information about a particular packet or per data source stats, use the show netflow-lite
monitor command.
show netflow-lite monitor monitor-number interface interface-name
show netflow-lite monitor monitor-number vlan vlan-id
Syntax Description
monitor-number
interface-name
Specifies an interface.
vlan-id
Specifies a VLAN.
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Usage Guidelines
This command displays information about a particular packet or per data source stats. The interface can
be either a physical port or a VLAN.
This command displays the following packet sampling statistics:
The packetsObserved statistic accounts for packets that are dropped by input ACL or QoS policer.
The exported packets only represent samples from the non-dropped packet population.
Examples
These examples show how to display information about a particular packet or per data source stats:
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Active:
TRUE
Sampler:
sampler1
Exporter:
exporter1
Average Packet Size: 0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-866
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Statistics:
Packets exported:
0
Packets observed:
0
Packets dropped:
0
Average Packet Size observed: 64
Average Packet Size used: 64
Switch# show netflow-lite monitor 1 vlan 2
VlanID-2:
Netflow-lite Monitor-1:
Active:
TRUE
Sampler:
sampler1
Exporter:
exporter1
Average Packet Size: 0
Statistics:
Packets exported:
0
Packets observed:
0
Packets dropped:
0
Average Packet Size observed: 64
Average Packet Size used: 64
Related Commands
Command
Description
average-packet-size
Specifies the average packet size at the observation point.
(netflow-lite monitor submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-867
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To display information about a sampler, use the show netflow-lite sampler command.
show netflow-lite sampler sampler-name
Syntax Description
sampler-name
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Examples
Related Commands
Command
Description
packet-offset (netflow-lite
sampler submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-868
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show nmsp
To display the Network Mobility Services Protocol (NMSP) information for the switch, use the show
nmsp command. This command is available only when your switch is running the cryptographic
(encrypted) software image.
show nmsp {attachment suppress interface | capability | notification interval | statistics
{connection | summary} | status | subscription {detail | summary}}
Syntax Description
attachment suppress
interface
capability
notification interval
statistics connection |
summary
status
subscription detail |
summary
Command Modes
Command History
Release
Modification
12.2(52)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This is an example of output from the show nmsp attachment suppress interface command:
Switch# show nmsp attachment suppress interface
NMSP Attachment Suppression Interfaces
-------------------------------------GigabitEthernet1/1
GigabitEthernet1/2
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-869
Chapter 2
show nmsp
This is an example of output from the show nmsp notification interval command:
Switch# show nmsp notification interval
NMSP Notification Intervals
---------------------------------Attachment notify interval: 30 sec (default)
Location notify interval: 30 sec (default)
Switch#
This is an example of output from the show nmsp statistics connection and show nmsp statistics
summary commands:
Switch# show nmsp statistics connection
NMSP Connection Counters
---------------------------------Connection 1:
Connection status: UP
Freed connection: 0
Tx message count
----------------------Subscr Resp: 1
Capa Notif: 1
Atta Resp: 1
Atta Notif: 0
Loc Resp: 1
Loc Notif: 0
Rx message count
----------------------Subscr Req: 1
Capa Notif: 1
Atta Req: 1
Loc Req: 1
Unsupported msg: 0
Switch#
Switch# show nmsp statistics summary
NMSP Global Counters
-----------------------Send too big msg: 0
Failed socket write: 0
Partial socket write: 0
Socket write would block: 0
Partial socket write: 0
Failed socket read: 0
Socket read would block: 0
Transmit Q full: 0
Max Location Nofity Msg: 0
Max Attachement Notify Msg: 0
Max TX Q Size: 0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-870
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This is an example of output from the show nmsp show subscription detail and show nmsp show
subscription summary commands:
Switch# show nmsp subscription detail
Mobility Services Subscribed by 172.19.35.109:
Services
Subservices
-----------------------------Attachment:
Wired Station
Location:
Subscription
Switch# show nmsp subscription summary
Mobility Services Subscribed:
MSE IP Address
Services
--------------------172.19.35.109
Attachment, Location
Switch#
Related Commands
Command
Description
nmsp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-871
Chapter 2
show pagp
show pagp
To display information about the port channel, use the show pagp command.
show pagp [group-number] {counters | dual-active | internal | neighbor}
Syntax Description
group-number
counters
dual-active
internal
neighbor
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can enter any show pagp command to display the active PAgP port-channel information. To display
the nonactive information, enter the show pagp command with a group.
Examples
This example shows how to display information about the PAgP counter:
Switch# show pagp counters
Information
Flush
Port
Sent
Recv
Sent
Recv
-------------------------------------Channel group: 1
Fa5/4
2660
2452
0
0
Fa5/5
2676
2453
0
0
Channel group: 2
Fa5/6
289
261
0
0
Fa5/7
290
261
0
0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-872
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Channel group 30
Dual-Active Partner Partner Partner
Port Detect Capable Name Port Version
Te3/1 Yes VS1-Reg2 Te1/1/7 1.1
Te4/1 Yes VS1-Reg2 Te2/2/8 1.1
Channel group 32
Dual-Active Partner Partner Partner
Port Detect Capable Name Port Version
Gi1/43 Yes VS3 Gi1/1/43 1.1
Gi1/44 Yes VS3 Gi1/1/44 1.1
Gi1/45 Yes VS3 Gi1/1/45 1.1
Gi1/46 Yes VS3 Gi2/1/46 1.1
Gi1/47 Yes VS3 Gi2/1/47 1.1
Gi1/48 Yes VS3 Gi2/1/48 1.1
Gi2/3 Yes VS3 Gi1/1/1 1.1
Gi2/4 Yes VS3 Gi2/1/1 1.1
Switch#
Channel group 1
Port
Fa5/4
Fa5/5
Switch#
Flags State
SC
U6/S7
SC
U6/S7
Timers
Hello
Interval
30s
30s
Partner PAgP
Count
Priority
1
128
1
128
Learning
Method
Any
Any
IfIndx
129
129
This example shows how to display PAgP neighbor information for all neighbors:
Switch# show pagp neighbor
Flags: S - Device is sending Slow hello.
A - Device is in Auto mode.
Partner
Device ID
0050.0f10.230c
0050.0f10.230c
Partner
Port
2/45
2/46
Partner
Age Flags
2s SAC
27s SAC
Group
Cap.
2D
2D
Partner
Device ID
0050.0f10.230c
0050.0f10.230c
Partner
Port
2/47
2/48
Partner
Age Flags
10s SAC
11s SAC
Group
Cap.
2F
2F
Switch#
Related Commands
Command
Description
pagp learn-method
pagp port-priority
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-873
Chapter 2
Syntax Description
group-number
Defaults
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Examples
Partner
Version
N/A
The following example shows how to display dual-active detection information for a specific port
channel:
Router# show pagp dual-active
PAgP dual-active detection enabled: Yes
PAgP dual-active version: 1.1
Channel group 3 dual-active detect capability w/nbrs Dual-Active trusted group: No
Dual-Active
Partner
Partner
Partner
Port
Detect Capable Name
Port
Version
Fa1/2/33 No
None
None
N/A
Channel group 4
Dual-Active trusted group: Yes
No interfaces configured in the channel group
Channel group 5
Dual-Active trusted group: Yes
Channel group 5 is not participating in PAGP
Channel group 10 dual-active detect capability w/nbrs Dual-Active trusted group: Yes
Dual-Active
Partner
Partner
Partner
Port
Detect Capable Name
Port
Version
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-874
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Gi1/6/1
Yes
mr-rogers-nbr
Gi2/5/1
Yes
mr-rogers-nbr
Channel group 11 dual-active detect capability
Dual-Active
Partner
Port
Detect Capable Name
Gi1/6/2
Yes
mr-rogers-nbr
Gi2/5/2
Yes
mr-rogers-nbr
Channel group 12 dual-active detect capability
Dual-Active
Partner
Port
Detect Capable Name
Fa1/2/13 Yes
mr-rogers-nbr
Fa1/2/14 Yes
mr-rogers-nbr
Gi2/1/15 Yes
mr-rogers-nbr
Gi2/1/16 Yes
mr-rogers-nbr
Router#
Gi1/5/1
1.1
Gi1/5/2
1.1
w/nbrs Dual-Active trusted group: No
Partner
Partner
Port
Version
Gi1/3/1
1.1
Gi1/3/2
1.1
w/nbrs Dual-Active trusted group: Yes
Partner
Partner
Port
Version
Fa1/2/13 1.1
Fa1/2/14 1.1
Fa1/2/15 1.1
Fa1/2/16 1.1
The following example shows how to display dual-active detection information for a specific port
channel:
Router# show pagp dual-active
PAgP dual-active detection enabled: Yes
PAgP dual-active version: 1.1
Channel group 3 dual-active detect capability w/nbrs
Dual-Active trusted group: No
Dual-Active
Partner
Partner
Port
Detect Capable Name
Port
Fa1/2/33 No
None
None
Router#
Related Commands
Partner
Version
N/A
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-875
Chapter 2
show policy-map
show policy-map
To display information about the policy map, use the show policy-map command.
show policy-map [policy_map_name]
Syntax Description
policy_map_name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display information for all the policy maps:
Switch# show policy-map
Policy Map ipp5-policy
class ipp5
set ip precedence 6
Switch#
This example shows how to display information for a specific policy map:
Switch# show policy ipp5-policy
Policy Map ipp5-policy
class ipp5
set ip precedence 6
Switch#
Related Commands
Command
Description
class-map
policy-map
show class-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-876
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
input
class class-name
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
The show policy-map control-plane command displays information for aggregate control-plane
services that control the number or rate of packets that are going to the process level.
Examples
This example shows that the policy map TEST is associated with the control plane. This policy map
polices traffic that matches the class-map TEST, while allowing all other traffic (that matches the
class-map class-default) to go through as is. Table 2-39 describes the fields shown in the display.
Switch# show policy-map control-plane
Control Plane
Service-policy input: system-cpp-policy
Class-map: system-cpp-eapol (match-all)
0 packets
Match: access-group name system-cpp-eapol
Class-map: system-cpp-bpdu-range (match-all)
0 packets
Match: access-group name system-cpp-bpdu-range
Class-map: system-cpp-cdp (match-all)
28 packets
Match: access-group name system-cpp-cdp
police: Per-interface
Conform: 530 bytes Exceed: 0 bytes
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-877
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-878
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-39
Field
Description
Fields Associated with Classes or Service Policies
Service-policy input
Class-map
Match
Related Commands
police
conformed
exceeded
Command
Description
control-plane
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-879
Chapter 2
Syntax Description
fastethernet interface-number
gigabitethernet interface-number
port-channel number
vlan vlan_id
input
output
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)SG
Examples
This example shows how to display the statistics and configurations of all input and output policies
attached to an interface:
Switch# show policy-map interface
FastEthernet6/1
service-policy input:ipp5-policy
class-map:ipp5 (match-all)
0 packets
match:ip precedence 5
set:
ip precedence 6
class-map:class-default (match-any)
0 packets
match:any
0 packets
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-880
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
service-policy output:ipp5-policy
class-map:ipp5 (match-all)
0 packets
match:ip precedence 5
set:
ip precedence 6
class-map:class-default (match-any)
0 packets
match:any
0 packets
Switch#
This example shows how to display the input policy statistics and configurations for a specific interface:
Switch# show policy-map interface fastethernet 5/36 input
service-policy input:ipp5-policy
class-map:ipp5 (match-all)
0 packets
match:ip precedence 5
set:
ip precedence 6
class-map:class-default (match-any)
0 packets
match:any
0 packets
Switch#
With the following configuration, each flow is policed to a 1000000 bps with an allowed 9000-byte burst
value.
Note
If you use the match flow ip source-address|destination-address command, these two flows are
consolidated into one flow and they have the same source and destination address.
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address ip destination-address ip protocol l4
source-port l4 destination-port
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
class-map c1
match flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
!
policy-map p1
class c1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-881
Chapter 2
Related Commands
Command
Description
class-map
policy-map
show class-map
show qos
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-882
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface interface-id
vlan vlan-id
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to display policy-map statistics on VLAN 20 on the Gigabit Ethernet 6/1
interface:
Switch# show policy-map interface gigabitEthernet 3/1 vlan 20
GigabitEthernet3/1 vlan 20
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
Switch#
This example shows how to display policy-map statistics on VLAN 100 on the FastEthernet interface:
Switch# show policy-map interface fastEthernet 6/1 vlan 100
FastEthernet6/1 vlan 100
Service-policy input: p1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-883
Chapter 2
Class-map: c1 (match-all)
0 packets
Match: ip dscp af11 (10)
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
This example shows how to display policy-map statistics on VLAN 100 on the FastEthernet interface:
Switch# show policy-map interface gigabitethernet 3/1 vlan 100
GigabitEthernet3/1 vlan 100
Service-policy input: p1
Class-map: c1 (match-all)
0 packets
Match: ip dscp af11 (10)
police:
rate 128000 bps, burst 4000 bytes
conformed 0 packets, 0 bytes; action:
transmit
exceeded 0 packets, 0 bytes; action:
drop
conformed 0 bps, exceeded 0 bps
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-884
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show port-security
To display the port security settings for an interface or for the switch, use the show port-security
command.
show port-security [address] [interface interface-id]
[interface port-channel port-channel-number] [vlan vlan-id]
Syntax Description
address
(Optional) Displays all secure MAC addresses for all ports or for a specific
port.
interface interface-id
interface port-channel
port channel-number
vlan vlan-id
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(18)EW
Usage Guidelines
12.2(25)EWA
12.2(31)SGA
If you enter the command without keywords, the output includes the administrative and operational
status of all secure ports on the switch.
If you enter the interface-id value or port-channel-interface value, the show port-security command
displays port security settings for the interface.
If you enter the address keyword, the show port-security address command displays the secure MAC
addresses for all interfaces and the aging information for each secure address.
If you enter the interface-id value and the address keyword, the show port-security address interface
command displays all the MAC addresses for the interface with aging information for each secure
address. You can also use this command to display all the MAC addresses for an interface even if you
have not enabled port security on it.
Sticky MAC addresses are addresses that persist across switch reboots and link flaps.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-885
Chapter 2
show port-security
Examples
This example shows how to display port security settings for the entire switch:
Switch# show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count)
(Count)
(Count)
--------------------------------------------------------------------------Fa3/1
2
2
0
Restrict
Fa3/2
2
2
0
Restrict
Fa3/3
2
2
0
Shutdown
Fa3/4
2
2
0
Shutdown
Fa3/5
2
2
0
Shutdown
Fa3/6
2
2
0
Shutdown
Fa3/7
2
2
0
Shutdown
Fa3/8
2
2
0
Shutdown
Fa3/10
1
0
0
Shutdown
Fa3/11
1
0
0
Shutdown
Fa3/12
1
0
0
Restrict
Fa3/13
1
0
0
Shutdown
Fa3/14
1
0
0
Shutdown
Fa3/15
1
0
0
Shutdown
Fa3/16
1
0
0
Shutdown
Po2
3
1
0
Shutdown
--------------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:8
Max Addresses limit in System (excluding one mac per port) :3072
Global SNMP trap control for port-security
:20 (traps per second)
Switch#
This example shows how to display port security settings for interface Fast Ethernet port 1:
Switch# show port-security
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address
Security Violation Count
Switch#
This example shows how to display all secure MAC addresses configured on all switch interfaces:
Switch# show port-security address
Secure Mac Address Table
------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------1
0000.0001.0000
SecureConfigured
Fa3/1
15 (I)
1
0000.0001.0001
SecureConfigured
Fa3/1
14 (I)
1
0000.0001.0100
SecureConfigured
Fa3/2
1
0000.0001.0101
SecureConfigured
Fa3/2
1
0000.0001.0200
SecureConfigured
Fa3/3
1
0000.0001.0201
SecureConfigured
Fa3/3
1
0000.0001.0300
SecureConfigured
Fa3/4
1
0000.0001.0301
SecureConfigured
Fa3/4
1
0000.0001.1000
SecureDynamic
Fa3/5
1
0000.0001.1001
SecureDynamic
Fa3/5
1
0000.0001.1100
SecureDynamic
Fa3/6
-
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-886
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
1
0000.0001.1101
SecureDynamic
Fa3/6
1
0000.0001.1200
SecureSticky
Fa3/7
1
0000.0001.1201
SecureSticky
Fa3/7
1
0000.0001.1300
SecureSticky
Fa3/8
1
0000.0001.1301
SecureSticky
Fa3/8
1
0000.0001.2000
SecureSticky
Po2
------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:8
Max Addresses limit in System (excluding one mac per port) :3072
This example shows how to display the maximum allowed number of secure MAC addresses and the
current number of secure MAC addresses on interface Gigabitethernet1/1:
Switch# show port-security interface gigabitethernet1/1 vlan
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
4
22
3
5
22
1
6
22
2
This example shows how to display the port security settings on interface Gigabitethernet1/1 for
VLANs 2 and 3:
Switch# show port-security interface gigabitethernet1/1 vlan 2-3
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
This example shows how to display all secure MAC addresses configured on interface
Gigabitethernet1/1 with aging information for each address.
Switch# show port-security interface gigabitethernet1/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
4
0001.0001.0001
SecureConfigured
Gi1/1
4
0001.0001.0003
SecureSticky
Gi1/1
6
0001.0001.0001
SecureConfigured
Gi1/1
6
0001.0001.0002
SecureConfigured
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
This example shows how to display all secure MAC addresses configured on VLANs 2 and 3 on interface
Gigabitethernet1/1 with aging information for each address:
Switch# show port-security interface gigabitethernet1/1 address vlan 2-3
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
2
0001.0001.0003
SecureSticky
Gi1/1
-
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-887
Chapter 2
show port-security
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
Switch#
This example shows how to display the maximum allowed number of secure MAC addresses and the
current number of secure MAC addressees on Fast Ethernet port 1:
Switch# show port-security interface fastethernet5/1 vlan
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
5
22
1
6
22
2
Switch#
This example shows how to display the port security settings on Fast Ethernet port 1 for VLANs 2 and 3:
Switch# show port-security interface fastethernet5/1 vlan 2-3
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
Switch#
This example shows how to display all secure MAC addresses configured on Fast Ethernet port 1 with
aging information for each address.
Switch# show port-security interface fastethernet5/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
2
0001.0001.0003
SecureSticky
Gi1/1
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
4
0001.0001.0001
SecureConfigured
Gi1/1
4
0001.0001.0002
SecureSticky
Gi1/1
4
0001.0001.0003
SecureSticky
Gi1/1
5
0001.0001.0001
SecureConfigured
Gi1/1
6
0001.0001.0001
SecureConfigured
Gi1/1
6
0001.0001.0002
SecureConfigured
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
Switch#
This example shows how to display all secure MAC addresses configured on VLANs 2 and 3 on
Fast Ethernet port 1 with aging information for each address:
Switch# show port-security interface fastethernet5/1 address vlan 2-3
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
-
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-888
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
2
0001.0001.0003
SecureSticky
Gi1/1
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
Switch#
This example shows how to display all secure MAC addresses configured on all switch interfaces:
Switch# show port-security address
Secure Mac Address Table
------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------1
0000.0001.0000
SecureConfigured
Fa3/1
15 (I)
1
0000.0001.0001
SecureConfigured
Fa3/1
14 (I)
1
0000.0001.0100
SecureConfigured
Fa3/2
1
0000.0001.0101
SecureConfigured
Fa3/2
1
0000.0001.0200
SecureConfigured
Fa3/3
1
0000.0001.0201
SecureConfigured
Fa3/3
1
0000.0001.0300
SecureConfigured
Fa3/4
1
0000.0001.0301
SecureConfigured
Fa3/4
1
0000.0001.1000
SecureDynamic
Fa3/5
1
0000.0001.1001
SecureDynamic
Fa3/5
1
0000.0001.1100
SecureDynamic
Fa3/6
1
0000.0001.1101
SecureDynamic
Fa3/6
1
0000.0001.1200
SecureSticky
Fa3/7
1
0000.0001.1201
SecureSticky
Fa3/7
1
0000.0001.1300
SecureSticky
Fa3/8
1
0000.0001.1301
SecureSticky
Fa3/8
------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:8
Max Addresses limit in System (excluding one mac per port) :3072
Switch#
This example shows how to display the maximum allowed number of secure MAC addresses and the
current number of secure MAC addresses on interface Gigabitethernet1/1:
Switch# show port-security interface gigabitethernet1/1 vlan
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
4
22
3
5
22
1
6
22
2
Switch#
This example shows how to display the port security settings on interface Gigabitethernet1/1 for VLANs
2 and 3:
Switch# show port-security interface gigabitethernet1/1 vlan 2-3
Default maximum: 22
VLAN Maximum
Current
2
22
3
3
22
3
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-889
Chapter 2
show port-security
This example shows how to display all secure MAC addresses configured on interface
Gigabitethernet1/1 with aging information for each address.
Switch# show port-security interface gigabitethernet1/1 address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
4
0001.0001.0001
SecureConfigured
Gi1/1
4
0001.0001.0003
SecureSticky
Gi1/1
6
0001.0001.0001
SecureConfigured
Gi1/1
6
0001.0001.0002
SecureConfigured
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
Switch#
This example shows how to display all secure MAC addresses configured on VLANs 2 and 3 on interface
Gigabitethernet1/1 with aging information for each address:
Switch# show port-security interface gigabitethernet1/1 address vlan 2-3
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age(mins)
--------------------------------2
0001.0001.0001
SecureConfigured
Gi1/1
2
0001.0001.0002
SecureSticky
Gi1/1
2
0001.0001.0003
SecureSticky
Gi1/1
3
0001.0001.0001
SecureConfigured
Gi1/1
3
0001.0001.0002
SecureSticky
Gi1/1
3
0001.0001.0003
SecureSticky
Gi1/1
-----------------------------------------------------------------------Total Addresses: 12
Switch#
Related Commands
Command
Description
switchport port-security
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-890
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show power
To display information about the power status, use the show power command.
show power [available | capabilities | detail | inline {[interface] detail | consumption default |
module mod detail}} | module | status | supplies]
Syntax Description
available
capabilities
detail
inline
interface detail
consumption default
status
supplies
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)SG
12.2(52)SG
Usage Guidelines
If a powered device is connected to an interface with external power, the switch does not recognize the
powered device. The Device column in the output of the show power inline command displays as
unknown.
If your port is not capable of supporting PoE, you will receive this message:
Power over Ethernet not supported on interface Admin
The show power inline interface | module command displays the amount of power that is used to operate
a Cisco IP Phone. To view the amount of power requested, use the show cdp neighbors command.
Because FPGAs and other hardware components on the WS-X4548-RJ45V+ and WS-X4648-RJ45V+E
modules consume PoE, the operating PoE consumption for an 802.3af-compliant module can be nonzero
when there are no powered devices attached to the module. The operating PoE can vary by as much as
20 W because of fluctuations in the PoE that is consumed by the hardware components.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-891
Chapter 2
show power
Examples
This example shows how to display information about the general power supply:
Switch#
Power
Supply
-----PS1
PS2
show power
Model No
---------------PWR-C45-2800AC
PWR-C45-1000AC
Type
--------AC 2800W
AC 1000W
Status
----------good
err-disable
Fan
Sensor
-----good
good
Inline
Status
-----good
n.a.
Maximum
Used
Available
-----------328
1360
0
1400
10
40
---338 (not to exceed Total Maximum Available = 750)
This example shows how to display the amount of available system power:
Switch# show power available
Power Summary
(in Watts)
Available
Used
------------- --------- -----System Power
1360
280
Inline Power
1400
0
Maximum Power
2800
280
Switch#
Note
Remaining
--------1080
1400
2520
The Inline Power Oper column displays the PoE consumed by the powered devices attached to the
module in addition to the PoE consumed by the FPGAs and other hardware components on the module.
The Inline Power Admin column displays only the PoE allocated by the powered devices attached to
the module.
This example shows how to display the power status information:
Switch#
Power
Supply
-----PS1
PS2
Power Supply
(Nos in Watts)
-------------PS1
PS2
Switch#
Max
Inline
-----1400
1400
Type
--------AC 2800W
AC 2800W
Min
Inline
-----1400
1400
Status
----------good
good
Max
System
-----1360
1360
Min
System
-----1360
1360
Fan
Sensor
-----good
good
Inline
Status
-----good
good
Absolute
Maximum
-------2800
2800
This example shows how to verify the PoE consumption for the switch:
Switch# show power inline consumption default
Default PD consumption : 5000 mW
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-892
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Remaining:560(w)
Oper
Power(Watts)
From PS
To Device
--------- ------ ---------- ---------- ---------Fa3/1
auto
on
17.3
15.4
Fa3/2
auto
on
4.5
4.0
Fa3/3
auto
on
7.1
6.3
Fa3/4
auto
on
7.1
6.3
Fa3/5
auto
on
17.3
15.4
Fa3/6
auto
on
17.3
15.4
Fa3/7
auto
on
4.5
4.0
Fa3/8
auto
on
7.9
7.0
Fa3/9
auto
on
17.3
15.4
Fa3/10
auto
on
17.3
15.4
Fa3/11
auto
off
0
0
Fa3/12
auto
off
0
0
Fa3/13
auto
off
0
0
Fa3/14
auto
off
0
0
Fa3/15
auto
off
0
0
Fa3/16
auto
off
0
0
Fa3/17
auto
off
0
0
Fa3/18
auto
off
0
0
Device
Class
------------------Ieee PD
Ieee PD
Cisco IP Phone 7960
Cisco IP Phone 7960
Ieee PD
Ieee PD
Ieee PD
Ieee PD
Ieee PD
Ieee PD
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
----0
1
0
n/a
0
0
1
2
3
4
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
10
on
117.5
104.6
Switch#
This example shows how to display the number of power supplies needed by the system:
Switch# show power supplies
Power supplies needed by system = 2
Switch#
This example shows how to display the PoE status for Fast Ethernet interface 3/1:
Switch# show power inline fastethernet3/1
Available:677(w) Used:11(w) Remaining:666(w)
Interface Admin
Oper
Power(Watts)
Device
Class
From PS
To Device
--------- ------ ---------- ---------- ---------- ------------------- ----Fa3/1
on
auto
11.2
10.0
Ieee PD
Interface
AdminPowerMax
AdminConsumption
(Watts)
(Watts)
---------- --------------- -------------------Fa3/1
Switch#
Note
15.4
10.0
When the Supervisor Engine II+TS is used with the 1400 W DC power supply (PWR-C45-1400DC), and
only one 12.5 A input of the DC power supply is used, the supervisor engines power consumption may
vary depending on whether there is any linecard inserted at slot 2 and 3, as well as on the type of
linecards inserted. This amount varies between 155 W and 330 W. This variability also affects the
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-893
Chapter 2
show power
maximum amount of available supervisor engine inline power, which can also vary from 0 W to 175 W.
Therefore, it is possible for a supervisor engine to deny inline power to some connected inline power
devices when one or more linecards are inserted into the chassis.
The output of the commands show power detail and show power module display the supervisor
engines variable power consumption and its inline power summary:
Switch# show power detail
sh power detail
Power
Supply Model No
------ ---------------PS1
PWR-C45-1400DC
PS1-1
PS1-2
PS1-3
PS2
none
Type
--------DCSP1400W
12.5A
15.0A
15.0A
--
Status
----------good
good
off
off
--
Fan
Sensor
------good
Inline
Status
------n.a.
--
--
Mod
Model
---- ----------------1
WS-X4013+TS
2
WS-X4506-GB-T
3
WS-X4424-GB-RJ45
-Fan Tray
----------------------Total
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-894
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Mod
Model
---- ------------------1
WS-X4748-RJ45V+E
2
WS-X4712-SFP+E
5
WS-X45-SUP7-E
-Fan Tray
------------------------Total
in reset
-------35
5
100
--------140
Note
Allocated
Value: 20.0
drawn from the source: 11.0
available to the device: 10.3
Actual consumption
Measured at the port: 5.0
Maximum Power drawn by the device since powered on: 5.2
Absent Counter: 0
Over Current Counter: 0
Short Current Counter: 0
Invalid Signature Counter: 0
Power Denied Counter: 0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-895
Chapter 2
show power
This example shows how to display the PoE status for all all ports of the module:
Switch# show module
Chassis Type : WS-C4503-E
Power consumed by backplane : 0 Watts
Mod Ports Card Type
Model
Serial No.
---+-----+--------------------------------------+------------------+---1
6 Sup 6-E 10GE (X2), 1000BaseX (SFP)
WS-X45-SUP6-E
JAE1132SXRP
3
48 10/100/1000BaseT POE E Series
WS-X4648-RJ45V-E
JAE114740YF
M MAC addresses
Hw Fw
Sw
Status
--+--------------------------------+---+------------+----------------+-1 0017.94c8.f580 to 0017.94c8.f585 0.4 12.2(44r)SG( 12.2(52) Ok
3 001e.7af1.f5d0 to 001e.7af1.f5ff 1.0
Ok
Allocated
Value: 20.0
drawn from the source: 0.0
available to the device: 0.0
Actual consumption
Measured at the port: 0.0
Maximum Power drawn by the device since powered on: 0.0
Absent Counter: 0
Over Current Counter: 0
Short Current Counter: 0
Invalid Signature Counter: 0
Power Denied Counter: 0
Interface: Gi3/2
Inline Power Mode: auto
Operational status: off
Device Detected: no
Device Type: n/a
IEEE Class: n/a
Discovery mechanism used/configured: Ieee and Cisco
Police: off
Power
Admin
Power
Power
Allocated
Value: 20.0
drawn from the source: 0.0
available to the device: 0.0
Actual consumption
Measured at the port: 0.0
Maximum Power drawn by the device since powered on: 0.0
Absent Counter: 0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-896
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Allocated
Value: 20.0
drawn from the source: 0.0
available to the device: 0.0
Actual consumption
Measured at the port: 0.0
Maximum Power drawn by the device since powered on: 0.0
Absent Counter: 0
Over Current Counter: 0
Short Current Counter: 0
Invalid Signature Counter: 0
Power Denied Counter: 0
Interface: Gi3/4
Inline Power Mode: auto
Operational status: off
Device Detected: no
Device Type: n/a
IEEE Class: n/a
Discovery mechanism used/configured: Ieee and Cisco
Police: off
Power
Admin
Power
Power
Allocated
Value: 20.0
drawn from the source: 0.0
available to the device: 0.0
Actual consumption
Measured at the port: 0.0
Maximum Power drawn by the device since powered on: 0.0
Absent Counter: 0
Over Current Counter: 0
Short Current Counter: 0
Invalid Signature Counter: 0
Power Denied Counter: 0
Interface: Gi3/5
Inline Power Mode: auto
Operational status: off
Device Detected: no
Device Type: n/a
IEEE Class: n/a
Discovery mechanism used/configured: Ieee and Cisco
Police: off
Power Allocated
Admin Value: 20.0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-897
Chapter 2
show power
Related Commands
Command
Description
power dc input
power inline
power redundancy-mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-898
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interfacename
(optional) Displays PoE policing and monitoring status for a particular interface.
module n
(optional) Display PoE policing and monitoring status for all interfaces on this
module.
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The Oper Power field displays the true power consumption of the connected device.
The show power inline police command with no keywords displays PoE policing status for all interfaces
in the chassis.
If this command is executed at the global level, the last line of the output under Oper Power field displays
the total true inline power consumption of all devices connected to the switch.
Examples
This example shows how to display PoE policing status for a interface GigabitEthernet 2/1:
Switch# show power inline police gigabitEthernet 2/1
Available:421(w) Used:44(w) Remaining:377(w)
Interface Admin
State
--------- -----Gi2/1
auto
Related Commands
Oper
State
---------on
Admin
Police
---------errdisable
Oper
Police
---------ok
Cutoff
Power
-----22.6
Oper
Power
----9.6
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-899
Chapter 2
Syntax Description
interface interface
Defaults
Command Modes
Command History
Release
Modification
12.2(50)SG
Support for this command was introduced on the Catalyst 4500 series
switch.
Examples
This example shows how to display PPPoE Intermediate Agent statistics on an interface:
Switch# show pppoe intermediate-agent statistics interface g3/7
Interface : GigabitEthernet3/7
Packets received
All = 3
PADI = 0 PADO = 0
PADR = 0 PADS = 0
PADT = 3
Packets dropped:
Rate-limit exceeded = 0
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
Vlan 2: Packets received PADI = 6 PADO = 0 PADR = 6 PADS = 0 PADT = 6
Vlan 3: Packets received PADI = 4 PADO = 0 PADR = 4 PADS = 0 PADT = 4
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-900
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
pppoe intermediate-agent
(global)
pppoe intermediate-agent
format-type (global)
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
format-type (interface)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-901
Chapter 2
show qos
show qos
To display QoS information, use the show qos command.
show qos
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Examples
This example shows the output that might be displayed if you do not enter any keywords:
Switch# show qos
QoS is enabled globally
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-902
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
aggregate_name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
The aggregate policer name is case sensitive.
Examples
This example shows the output if you do not enter any keywords:
Switch# show qos aggregate policer
Policer aggr-1
Rate(bps):10000000 Normal-Burst(bytes):1000000
conform-action:transmit exceed-action:policed-dscp-transmit
Policymaps using this policer:
ipp5-policy
Switch#
Related Commands
Command
Description
qos trust
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-903
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-904
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
fastethernet interface-number
gigabitethernet interface-number
vlan vlan_id
port-channel number
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(13)EW
12.1(19)EW
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Examples
Bandwidth
(bps)
31250000
31250000
31250000
31250000
ShapeRate
(bps)
disabled
disabled
disabled
disabled
Priority
N/A
N/A
normal
N/A
QueueSize
(packets)
240
240
240
240
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-905
Chapter 2
Related Commands
Command
Description
show qos
tx-queue
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-906
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
cos
dscp
policed
tx-queue
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-907
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-908
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show redundancy
To display redundancy facility information, use the show redundancy command.
show redundancy {clients | counters | history | states}
Syntax Description
clients
counters
history
(Optional) Displays a log of past status and related information for the redundancy
facility.
states
(Optional) Displays information about the redundancy facility state, such as disabled,
initialization, standby, active.
Defaults
Command Modes
Command History
Release
Modification
12.1.(13)EW
Support for this command was introduced on the Catalyst 4500 series switch
(Catalyst 4507R only).
12.2(31)SGA
Examples
This example shows how to display information about the redundancy facility:
Switch# show redundancy
Switch# show redundancy
4507r-demo#show redundancy
Redundant System Information :
-----------------------------Available system uptime
Switchovers system experienced
Standby failures
Last switchover reason
=
=
=
=
Hardware Mode
Configured Redundancy Mode
Operating Redundancy Mode
Maintenance Mode
Communications
=
=
=
=
=
Duplex
Stateful Switchover
Stateful Switchover
Disabled
Up
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-909
Chapter 2
show redundancy
RF_INTERNAL_MSG
Redundancy Mode RF
GALIOS_CONFIG_SYNC
RF_LAST_CLIENT Switch
This example shows how to display the redundancy facility counter information:
Switch# show redundancy counters
Redundancy Facility OMs
comm link up = 1
comm link down down = 0
invalid client tx
null tx by client
tx failures
tx msg length invalid
=
=
=
=
0
0
0
0
=
=
=
=
0
0
0
0
buffers tx
tx buffers unavailable
buffers rx
buffer release errors
=
=
=
=
1535
0
1530
0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-910
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display information about the redundancy facility state:
Switch# show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 2
Redundancy Mode
Redundancy Mode
Split Mode
Manual Swact
Communications
client count = 21
client_notification_TMR
keep_alive TMR
keep_alive count
keep_alive threshold
RF debug mask
Switch#
=
=
=
=
=
240000 milliseconds
9000 milliseconds
0
18
0x0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-911
Chapter 2
show redundancy
Related Commands
Command
Description
redundancy
redundancy force-switchover
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-912
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
failures
ignored
bem
(Deprecated)
mcl
Displays commands that exist in the active supervisor engines running configuration,
but are not supported by the image on the standby supervisor engine.
prc
Displays a Parser Return Code (PRC) failure and forces the system to operate in RPR
mode provided there is a mismatch in the return code for a command execution at the
active and standby supervisor engine.
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SGA
12.2(44)SG
Usage Guidelines
When two versions of Cisco IOS images are involved, the command sets supported by two images might
differ. If any of those mismatched commands are executed on the active supervisor engine, the standby
supervisor engine might not recognize those commands. This causes a config mismatch condition. If the
syntax check for the command fails on standby supervisor engine during a bulk sync, the command is
moved into the MCL and the standby supervisor engine is reset. To display all the mismatched
commands, use the show redundancy config-sync failures mcl command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-913
Chapter 2
Remove all mismatched commands from the active supervisor engines running configuration.
Step 2
Step 3
Step 2
Reload the standby supervisor engine; the system transitions to SSO mode.
Note
Step 3
If you ignore the mismatched commands, the out-of-sync configuration at the active supervisor
engine and the standby supervisor engine still exists.
You can verify the ignored MCL with the show redundancy config-sync ignored mcl command.
Each command sets a return code in the action function that implements the command. This return code
indicates whether or not the command successfully executes. The active supervisor engine maintains the
PRC after executing a command. The standby supervisor engine executes the command and sends PRC
back to the active supervisor engine. PRC failure occurs if these two PRCs do not match. If a PRC error
occurs at the standby supervisor engine either during bulk sync or LBL sync, the standby supervisor
engine is reset. To display all PRC failures, use the show redundancy config-sync failures prc
command.
To display best effort method (BEM) errors, use the show redundancy config-sync failures bem
command.
Examples
The following example shows how to display the ISSU BEM failures:
Switch# show redundancy config-sync failures bem
BEM Failed Command List
----------------------The list is Empty
Switch#
The following example shows how to display the ISSU MCL failures:
Switch# show redundancy config-sync failures mcl
Mismatched Command List
----------------------The list is Empty
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-914
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The following example shows how to display the ISSU PRC failures:
Switch# show redundancy config-sync failures prc
PRC Failed Command List
------------------------------interface FastEthernet3/2
! <submode> "interface"
- channel-protocol pagp
! </submode> "interface"
Related Commands
Command
Description
redundancy config-sync
mismatched-commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-915
Chapter 2
show running-config
show running-config
To display the module status and configuration, use the show running-config command.
show running-config [module slot]
Syntax Description
module slot
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
(Optional) Specifies the module slot number; valid values are from 1 to 6.
In some cases, you might see a difference in the duplex mode displayed when you enter the show
interfaces command and the show running-config command. If you do see a difference, the duplex
mode displayed in the show interfaces command is the actual duplex mode that the interface is running.
The show interfaces command shows the operating mode for an interface, while the show
running-config command shows the configured mode for an interface.
The show running-config command output for an interface may display a duplex mode configuration
but no configuration for the speed. When no speed is displayed in the output, it indicates that the
interface speed is configured to be auto and that the duplex mode shown becomes the operational setting
once the speed is configured to something other than auto. With this configuration, it is possible that the
operating duplex mode for that interface does not match the duplex mode shown with the show
running-config command.
Examples
This example shows how to display the module and status configuration for all modules:
Switch# show running-config
03:23:36:%SYS-5-CONFIG_I:Configured from console by consolesh runn
Building configuration...
Current configuration:3268 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
power supplies required 1
ip subnet-zero
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-916
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
!
!
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
Switch#
This example shows the output for the show running-config command when you have enabled the
switchport voice vlan command:
Switch# show running-config int fastethernet 6/1
Building configuration...
Current configuration:133 bytes
!
interface FastEthernet6/1
switchport voice vlan 2
no snmp trap link-status
spanning-tree portfast
channel-group 1 mode on
end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-917
Chapter 2
Syntax Description
No keywords
Defaults
None
Command Modes
Priviledged EXEC
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command only displays the contents of builtin shell functions. To display the contents of user
created functions, use the show shell triggers command.
Examples
This example illustrates how to display configurations included for all the shell functions:
Switch# show shell functions
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-918
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
No keywords
Defaults
None
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
This command displays builtin triggers and user defined triggers (with their mapped functions).
Examples
This example illustrates how to display detail for all supported triggers:
Switch#
Trigger
Trigger
Trigger
Trigger
Related Commands
Command
Description
shell trigger
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-919
Chapter 2
show slavebootflash:
show slavebootflash:
To display information about the standby bootflash file system, use the show slavebootflash: command.
show slavebootflash: [all | chips | filesys]
Syntax Description
all
chips
filesys
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-920
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-921
Chapter 2
show slaveslot0:
show slaveslot0:
To display information about the file system on the standby supervisor engine, use the show slaveslot0:
command.
show slot0: [all | chips | filesys]
Syntax Description
all
(Optional) Displays all flash information including the output from the show slot0:
chips and show slot0: filesys commands.
chips
filesys
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-922
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-923
Chapter 2
show slot0:
show slot0:
To display information about the slot0: file system, use the show slot0: command.
show slot0: [all | chips | filesys]
Syntax Description
all
(Optional) Displays all flash information including the output from the show slot0:
chips and show slot0: filesys commands.
chips
filesys
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-924
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
B0B0
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-925
Chapter 2
show spanning-tree
show spanning-tree
To display spanning-tree state information, use the show spanning-tree command.
show spanning-tree [bridge_group | active | backbonefast | bridge [id] | inconsistentports |
interface type | root | summary [total] | uplinkfast | vlan vlan_id | pathcost method | detail]
Syntax Description
bridge_group
(Optional) Specifies the bridge group number; valid values are from 1 to 255.
active
backbonefast
bridge
id
inconsistentports
interface type
(Optional) Specifies the interface type and number; valid values are fastethernet,
gigabitethernet, tengigabitethernet, port-channel (1 to 64), and vlan (1 to
4094).
root
summary
total
uplinkfast
vlan vlan_id
(Optional) Specifies the VLAN ID; valid values are from 1 to 4094.
pathcost method
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(25)EW
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-926
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to display spanning-tree information on the active interfaces only:
Switch# show spanning-tree active
UplinkFast is disabled
BackboneFast is disabled
VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0050.3e8d.6401
Configured hello time 2, max age 20, forward delay 15
Current root has priority 16384, address 0060.704c.7000
Root port is 265 (FastEthernet5/9), cost of root path is 38
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 18:13:54 ago
Times: hold 1, topology change 24, notification 2
hello 2, max age 14, forward delay 10
Timers: hello 0, topology change 0, notification 0
Port 265 (FastEthernet5/9) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 129.9.
Designated root has priority 16384, address 0060.704c.7000
Designated bridge has priority 32768, address 00e0.4fac.b000
Designated port id is 128.2, designated path cost 19
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 3, received 32852
Switch#
:
:
:
:
:
:
0
0
0
0
0
0
This example shows how to display spanning-tree information for the bridge:
Switch# show spanning-tree bridge
VLAN1
Bridge ID Priority
32768
Address
0050.3e8d.6401
Hello Time
2 sec Max Age 20 sec
VLAN2
Bridge ID Priority
32768
Address
0050.3e8d.6402
Hello Time
2 sec Max Age 20 sec
VLAN3
Bridge ID Priority
32768
Address
0050.3e8d.6403
Hello Time
2 sec Max Age 20 sec
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-927
Chapter 2
show spanning-tree
Priority
32768
Address
0030.94fc.0a00
Hello Time
2 sec Max Age 20 sec
Aging Time 300
Interface
Name
------------------FastEthernet6/15
VLAN2
Spanning tree enabled protocol ieee
Root ID
Priority
32768
Address
0030.94fc.0a01
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
32768
Address
0030.94fc.0a01
Hello Time
2 sec Max Age 20 sec
Aging Time 300
Interface
Name
------------------FastEthernet6/16
Switch#
Designated
Cost Bridge ID
Port ID
---- -------------------- ------0 32768 0030.94fc.0a00 129.79
Designated
Cost Bridge ID
Port ID
---- -------------------- ------0 32768 0030.94fc.0a01 129.80
This example shows how to display spanning-tree information for Fast Ethernet interface 5/9:
Switch# show spanning-tree interface fastethernet5/9
Interface Fa0/10 (port 23) in Spanning tree 1 is ROOT-INCONSISTENT
Port path cost 100, Port priority 128
Designated root has priority 8192, address 0090.0c71.a400
Designated bridge has priority 32768, address 00e0.1e9f.8940
Designated port is 23, path cost 115
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
The port is in the portfast mode
Switch#
This example shows how to display spanning-tree information for a specific VLAN:
Switch# show spanning-tree vlan 1
VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0030.94fc.0a00
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 5 last change occurred 01:50:47 ago
from FastEthernet6/16
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers:hello 0, topology change 0, notification 0, aging 300
Port 335 (FastEthernet6/15) of VLAN1 is forwarding
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-928
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Port path cost 19, Port priority 128, Port Identifier 129.79.
Designated root has priority 32768, address 0030.94fc.0a00
Designated bridge has priority 32768, address 0030.94fc.0a00
Designated port id is 129.79, designated path cost 0
Timers:message age 0, forward delay 0, hold 0
Number of transitions to forwarding state:1
BPDU:sent 6127, received 0
Switch#
This example shows how to display spanning-tree information for a specific bridge group:
Switch# show spanning-tree vlan 1
UplinkFast is disabled
BackboneFast is disabled
Switch#
This example shows how to display the total lines of the spanning-tree state section:
Switch# show spanning-tree summary totals
Root bridge for:VLAN1, VLAN2.
PortFast BPDU Guard is disabled
EtherChannel misconfiguration guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Default pathcost method used is short
Name
Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ---------2 VLANs 0
0
0
2
2
Switch#
This example shows how to determine whether any ports are in root inconsistent state:
Switch#
Name
Interface
Inconsistency
-------------------- -------------------- -----------------VLAN1
FastEthernet3/1
Root Inconsistent
Number of inconsistent ports (segments) in the system:1
Switch#
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-929
Chapter 2
show spanning-tree
Command
Description
spanning-tree backbonefast
spanning-tree cost
spanning-tree guard
spanning-tree port-priority
spanning-tree uplinkfast
spanning-tree vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-930
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
configuration
instance-id
detail
interface interface
(Optional) Interface type and number; valid values for type are fastethernet,
gigabitethernet, tengigabitethernet, port-channel, and vlan. See the Usage
Guidelines section for more information.
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
Usage Guidelines
This command is not supported on systems that are configured with a Supervisor Engine I.
In the output display of the show spanning-tree mst configuration command, a warning message might
display. This message appears if you do not map secondary VLANs to the same instance as the associated
primary VLAN. The display includes a list of the secondary VLANs that are not mapped to the same
instance as the associated primary VLAN. The warning message is as follows:
These secondary vlans are not mapped to the same instance as their primary:
-> 3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-931
Chapter 2
Examples
This example shows how to display MST information for a specific interface:
Switch# show spanning-tree mst 0 interface fastethernet4/1 detail
Edge port: no (trunk) port guard : none
(default)
Link type: point-to-point (point-to-point) bpdu filter: disable
(default)
Boundary : internal bpdu guard : disable
(default)
FastEthernet4/1 of MST00 is designated forwarding
Vlans mapped to MST00 1-2,4-2999,4000-4094
Port info port id 128.193 priority 128 cost
200000
Designated root address 0050.3e66.d000 priority 8193
cost 20004
Designated ist master address 0002.172c.f400 priority 49152
cost 0
Designated bridge address 0002.172c.f400 priority 49152 port id
128.193
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 492, received 3
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-932
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
spanning-tree mst
Sets the path cost and port-priority parameters for any MST
instance.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-933
Chapter 2
show storm-control
show storm-control
To display the broadcast storm control settings on the switch or on the specified interface, use the
show storm-control command.
show storm-control [interface-id | broadcast]
Supervisor Engine 6-E and Catalyst 4900M chassis
Syntax Description
interface-id
broadcast
multicast
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
12.2(40)SG
Added support for the Supervisor Engine 6-E and Catalyst 4900M chassis.
Usage Guidelines
When you enter an interface ID, the storm control thresholds are displayed for the specified interface.
If you do not enter an interface ID, the settings are displayed for the broadcast traffic type for all ports
on the switch.
Examples
This is an example of output from the show storm-control command when no keywords are entered.
Because no traffic type keyword was entered, the broadcast storm control settings are displayed.
Switch# show storm-control
Interface Filter State
Upper
--------- ------------- ------Gi2/1
Forwarding
30.00%
Gi4/1
Forwarding
30.00%
Gi4/3
Forwarding
30.00%
Switch#
Lower
------30.00%
30.00%
30.00%
Current
------N/A
N/A
N/A
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-934
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This is an example of output from the show storm-control multicast command on a Supervisor
Engine 6-E:
Switch# show storm-control multicast //Supervisor Engine 6-E
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- ----Fa6/2
Blocking
Enabled
Enabled
61%
Switch#
This is an example of output from the show storm-control command on a Supervisor Engine 6-E when
no keywords are entered:
Switch# show storm-control
Interface Filter State
This is an example of output from the show storm-control command for a specified interface:
Switch# show storm-control fastethernet2/17
Interface Filter State
Level
Current
--------- ------------- ------- ------Fa2/17
Forwarding
50.00%
0.00%
Switch#
This is an example of output from the show storm-control command for a specified interface on a
Supervisor Engine 6-E:
Switch# show storm-control interface fastethernet6/1
Interface Filter State
Broadcast Multicast
Level
--------- ------------- ----------------Fa6/1
Blocking
Enabled
Disabled
81%
Switch#
Table 2-40
Field
Description
Interface
Filter State
Level
Displays the threshold level set on the interface for broadcast traffic.
Current
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-935
Chapter 2
show storm-control
Related Commands
Command
Description
storm-control
show running-config
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-936
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
detail
detail-active
bridge
pagp
summary
link
counters
port-channel
ports
redundancy
role
slot-map
Defaults
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
Use this command to display configuration and status information for a VSS.
The show switch virtual link detail command displays the output of the show switch virtual link
commands and the show vslp lmp internal commands. In the output, the entry "show int" is displayed
for all the VSL members.
The show switch virtual dual-active pagp command displays dual-active trust mode status.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-937
Chapter 2
Examples
The following example shows how to display configuration and status information for the VSS:
In virtual switch mode with skipping config-register but not yet rebooted:
The following example shows how to display the virtual switch link information:
Router# show switch virtual link
VSL Status
: UP
VSL Uptime
: 4 hours, 26 minutes
VSL SCP Ping
: Pass (or Fail)
OK (or Not OK)
VSL ICC (Ping)
: Pass (or Fail)
VSL Control Link
: Te1/3/1
Router#
The following example shows how to display the virtual switch link counter information:
Router# show switch virtual link counters
Port
InOctets
InUcastPkts
Po10
66340451
190415
Te1/3/1
66981250
194528
Po20
42116619
92926
Te2/2/1
42117401
92932
Port
OutOctets OutUcastPkts
InMcastPkts
15637
15770
16406
16406
OutMcastPkts
InBcastPkts
112069
112072
128593
128593
OutBcastPkts
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-938
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Po10
Te1/3/1
Po20
Te2/2/1
Port
Te1/3/1
Po10
Te1/3/1
Po20
Te2/3/1
Router#
39030669
42133252
66948309
66957613
Align-Err
FCS-Err
0
0
0
0
0
0
0
0
0
0
112680
129182
112069
112070
Xmit-Err
0
0
0
0
0
0
0
0
0
0
105482
0
108824
0
210227
0
210233
0
Rcv-Err UnderSize OutDiscards
0
0
0
0
0
0
0
0
0
0
The following example shows how to display the virtual switch link port-channel information:
Router# show switch virtual link port-channel
VSL Port Channel Information
Flags: D - down
P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
Router#
This example shows how to display information for BFD dual-active detection:
Router# show switch virtual dual-active bfd
Bfd dual-active detection enabled: Yes
Bfd dual-active interface pairs configured:
interface1 Gi1/9/48 interface2 Gi2/1/48
Group Port-channel Protocol
Ports
------+-------------+-----------+--------------------------------------------10
Po10(RU)
Te1/3/1(P)
20
Po20(RU)
Te2/2/1(P)
Router#
The following example shows how to display the virtual switch link port information:
Router# show switch virtual link port
VSL Link Info
: Configured: 3
Operational: 1
Peer
Peer
Peer
Interface
State
MAC
Switch Interface
----------------------------------------------------------------------Gi1/3/1
link_down
Gi1/5/4
operational
0013.5fcb.1480 2
Gi1/6/4
Gi1/5/5
link_down
Last operational
Current packet
Last Diag
Time since
Interface
Failure state
State
Result
Last Diag
------------------------------------------------------------------------------Gi1/1/1
No failure
Hello bidir
Never ran
7M:51S
Gi1/1/2
No failure
No failure
Never ran
7M:51S
Hello Tx (T4) ms
Hello Rx (T5*) ms
Interface State
Cfg
Cur
Rem
Cfg
Cur
Rem
---------------------------------------------------------------------Te1/1/1
operational 500
500
404
5000
5000
4916
Te1/1/2
link_down
500
500000 Te1/3/3
link_down
500
500000 Te1/3/4
operational 500
500
404
500000 500000 499916
*T5 = min_rx * multiplier
Router#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-939
Chapter 2
The following example shows how to display redundancy status information for each switch in the
virtual switch:
Router# show switch virtual redundancy
My Switch Id = 1
Peer Switch Id = 2
Last switchover reason = user forced
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Switch 1 Slot 5 Processor Information :
----------------------------------------------Current Software state = ACTIVE
Uptime in current state = 9 hours, 32 minutes
Image Version = Cisco IOS Software, s72033_rp Software
(s72033_rp-ADVENTERPRISEK9_WAN_DBG-VM), Version 12.2(SIERRA_INTEG_090405) INTERIM SOFTWARE
Synced to V122_32_8_11, 12.2(32.8.11)SR on rainier, Weekly 12.2(32.8.11)SX261
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 06-Apr-09 02:54 by kchristi
BOOT = disk0:mz_good_image,12;
CONFIG_FILE =
BOOTLDR =
Configuration register = 0x2
Fabric State = ACTIVE
Control Plane State = ACTIVE
Switch 1 Slot 6 Processor Information :
----------------------------------------------Current Software state = RPR-Warm
Uptime in current state = 4 days, 17 hours, 36 minutes
Image Version =
BOOT = disk0:mz-rbh,12;
CONFIG_FILE =
BOOTLDR =
Configuration register = 0x2
Fabric State = RPR-Warm
Control Plane State = RPR-Warm
Switch 2 Slot 5 Processor Information :
----------------------------------------------Current Software state = STANDBY HOT (switchover target)
Uptime in current state = 9 hours, 24 minutes
Image Version = Cisco IOS Software, s72033_rp Software
(s72033_rp-ADVENTERPRISEK9_WAN_DBG-VM), Version 12.2(SIERRA_INTEG_090405) INTERIM SOFTWARE
Synced to V122_32_8_11, 12.2(32.8.11)SR on rainier, Weekly 12.2(32.8.11)SX261
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 06-Apr-09 02:54 by kchristi
BOOT = disk0:mz_good_image,12;
CONFIG_FILE =
BOOTLDR =
Configuration register = 0x2
Fabric State = ACTIVE
Control Plane State = STANDBY
Switch 2 Slot 6 Processor Information :
----------------------------------------------Current Software state = RPR-Warm
Uptime in current state = 4 days, 17 hours, 36 minutes
Image Version =
BOOT = disk0:mz-rbh,12;
CONFIG_FILE =
BOOTLDR =
Configuration register = 0x2
Fabric State = RPR-Warm
Control Plane State = RPR-Warm
Router#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-940
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The following example shows how to display role and configuration and status information for each
switch in the virtual switch:
Router# show switch virtual role
Switch
Switch
Status Preempt Priority Role
Session ID
Number
Local Remote
-------------------------------------------------------------------Local
1
UP
TRUE
200
ACTIVE
0
0
Remote
2
UP
FALSE
100
STANDBY
9272 271
In dual-active recovery mode: No
Valid flag can be moved to detail
SID
Router#
The following example shows how to display the virtual switch slot map table:
Router# show switch virtual slot-map
Virtual Slot to Remote Switch/Physical Slot Mapping Table:
Virtual
Remote /
Physical
Module
Slot No
Switch No
Slot No
Uptime
---------+-----------+----------+---------17
1
1
03:04:51
18
1
2
03:04:50
19
1
3
03:00:25
20
1
4
03:04:53
21
1
5
03:04:59
22
1
0
23
1
0
24
1
0
25
1
0
26
1
0
27
1
0
28
1
0
29
1
0
30
1
0
31
1
0
32
1
0
33
2
1
02:59:25
34
2
2
02:59:23
35
2
3
02:59:23
36
2
4
02:59:27
37
2
5
03:03:17
38
1
0
39
1
0
40
1
0
41
1
0
42
1
0
43
1
0
44
1
0
45
1
0
46
1
0
47
1
0
48
1
0
49
1
0
Router#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-941
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
system mtu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-942
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show tech-support
To display troubleshooting information for TAC, use the show tech-support command.
show tech-support [bridging | cef | ipmulticast | isis | password [page] | page]
Syntax Description
Defaults
bridging
cef
ipmulticast
isis
password
page
Passwords and other security information are removed from the output.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Output from the show tech-support command may be terminated in midstream with the key
combination Ctrl+Alt+6. The command output is buffered so that the command terminates when output
of the current subcommand running under this command completes.
Press the Return key to display the next line of output, or press the Space bar to display the next page
of information. If you do not enter the page keyword, the output scrolls. It does not stop for page breaks.
If you enter the password keyword, password encryption is enabled, but only the encrypted form appears
in the output.
If you do not enter the password keyword, the passwords and other security-sensitive information in the
output are replaced in the output with the word removed.
The show tech-support commands are a compilation of several show commands and the output can be
quite lengthy. For a sample display of the output of the show tech-support command, see the individual
show command listed.
If you enter the show tech-support command without arguments, the output displays the equivalent of
these show commands:
show version
show running-config
show stacks
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-943
Chapter 2
show tech-support
show interfaces
show controllers
show buffers
show logging
show module
show power
show environment
show vlan
If you enter the ipmulticast keyword, the output displays the equivalent of these show commands:
show ip pim rp
show ip mroute
show ip mcache
Examples
For a sample display of the show tech-support command output, see the commands listed in the Usage
Guidelines section for more information.
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-944
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show udld
To display the administrative and operational UDLD status, use the show udld priviledged EXEC
command.
show udld interface-id | neighbors | fast-hello {interface id}
Syntax Description
interface id
Specifies the administrative and operational UDLD status for a specific interface.
neighbors
fast-hello
interface-id
Defaults
None
Command Modes
Privileged EXEC
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(25)EW
12.2(54)SG
Added support for show udld fast-hello and show udld fast-hello interface id.
Usage Guidelines
If you do not enter an interface_id value, the administrative and operational UDLD status for all
interfaces is displayed.
Examples
To verify status for a particular link as reported by UDLD, enter the following command:
Switch# show udld g1/34
Interface Gi1/34
--Port enable administrative configuration setting: Enabled / in aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15000 ms
Time out interval: 5000 ms
Port fast-hello configuration setting: Disabled
Port fast-hello interval: 0 ms
Port fast-hello operational state: Disabled
Neighbor fast-hello configuration setting: Disabled
Neighbor fast-hello interval: Unknown
Entry 1
---
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-945
Chapter 2
show udld
Device Name
----------FOX10430380
FOX10430380
Device ID
--------1
1
Port ID
------Gi1/33
Gi1/34
Neighbor State
-------------Bidirectional
Bidirectional
Hello
----200
200
200
Neighbor-Hello
-------------200
200
200
Neighbor-Device
--------------FOX104303NL
FOX104303NL
FOX104303NL
Neighbor-Port
------------Gi1/45
Gi1/46
Gi1/47
Status
-----Operational
Operational
Operational
To verify status for a particular link as reported by Fast UDLD, enter the following command:
Switch# show udld fast-hello g1/33
Interface Gi1/33
--Port enable administrative configuration setting: Enabled / in aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 200 ms
Time out interval: 5000 ms
Port fast-hello configuration setting: Enabled
Port fast-hello interval: 200 ms
Port fast-hello operational state: Enabled
Neighbor fast-hello configuration setting: Enabled
Neighbor fast-hello interval: 200 ms
Entry 1
--Expiration time: 500 ms
Cache Device index: 1
Current neighbor state: Bidirectional
Device ID: FOX10430380
Port ID: Gi1/33
Neighbor echo 1 device: FOX104303NL
Neighbor echo 1 port: Gi1/33
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-946
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
TLV
TLV
TLV
TLV
Related Commands
Message interval: 15
fast-hello interval: 200 ms
Time out interval: 5
CDP Device name: Switch
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-947
Chapter 2
show vlan
show vlan
To display VLAN information, use the show vlan command.
show vlan [brief | id vlan_id | name name]
show vlan private-vlan [type]
Syntax Description
brief
(Optional) Displays only a single line for each VLAN, naming the VLAN, status, and
ports.
id vlan_id
name name
private-vlan
type
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Examples
This example shows how to display the VLAN parameters for all VLANs within the administrative
domain:
Switch# show vlan
VLAN Name
---- -------------------------------1
default
2
VLAN0002
3
VLAN0003
4
VLAN0004
5
VLAN0005
6
VLAN0006
10
VLAN0010
20
VLAN0020
Status
--------active
active
active
active
active
active
active
active
Ports
------------------------------Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
<...Output truncated...>
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-948
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
850
917
999
1002
1003
1004
1005
VLAN0850
VLAN0917
VLAN0999
fddi-default
trcrf-default
fddinet-default
trbrf-default
VLAN
---1
2
3
4
5
6
10
20
50
Type
----enet
enet
enet
enet
enet
enet
enet
enet
enet
SAID
---------100001
100002
100003
100004
100005
100006
100010
100020
100050
active
active
active
active
active
active
active
MTU
----1500
1500
1500
1500
1500
1500
1500
1500
1500
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Parent
------
RingNo
------
BridgeNo
--------
Stp
----
BrdgMode
--------
Trans1
-----0
0
303
304
305
0
0
0
0
Trans2
-----0
0
0
0
0
0
0
0
0
1005
-
0
3276
-
15
ieee
ibm
srb
-
0
0
0
0
0
0
0
0
0
0
0
0
0
0
<...Output truncated...>
850
917
999
1002
1003
1004
1005
enet
enet
enet
fddi
trcrf
fdnet
trbrf
100850
100917
100999
101002
101003
101004
101005
VLAN AREHops
---- ------802 0
1003 7
Switch#
STEHops
------0
7
1500
1500
1500
1500
4472
1500
4472
Backup CRF
---------off
off
This example shows how to display the VLAN name, status, and associated ports only:
Switch# show vlan brief
VLAN Name
---- -------------------------------1
default
2
VLAN0002
3
VLAN0003
4
VLAN0004
5
VLAN0005
10
VLAN0010
.
.
.
999 VLAN0999
1002 fddi-default
1003 trcrf-default
1004 fddinet-default
1005 trbrf-default
Switch#
Status
--------active
active
active
active
active
active
Ports
------------------------------Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
active
active
active
active
active
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Fa5/9
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-949
Chapter 2
show vlan
This example shows how to display the VLAN parameters for VLAN 3 only:
Switch# show vlan id 3
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------3
VLAN0003
active
Fa5/9
VLAN Type SAID
MTU
Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----3
enet 100003
1500 303
0
Switch#
Table 2-41 describes the fields in the show vlan command output.
Table 2-41
Field
Description
VLAN
VLAN number.
Name
Status
Ports
Type
SAID
MTU
Parent
RingNo
BrdgNo
Stp
The following example shows how to verify that the primary VLAN and secondary VLANs are correctly
associated with each other and the same association also exists on the PVLAN port:
Switch# show vlan private-vlan
Primary Secondary Type
Ports
-----------------------------------------------------------------------10
100
community
Fa3/1, Fa3/2
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-950
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Vlan
Duplex
pvlan seco a-full
Speed Type
a-100 10/100BaseTX
Vlan
Duplex
pvlan prom a-full
Speed Type
a-100 10/100BaseTX
Command
Description
vlan database
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-951
Chapter 2
Syntax Description
map-name
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This command shows how to display the contents of a VLAN access map:
Switch# show vlan access-map mordred
Vlan access-map "mordred" 1
match: ip address 13
action: forward capture
Switch#
Related Commands
Command
Description
vlan access-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-952
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
id vlanid
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 Series Switches.
Usage Guidelines
If you enter the show vlan counters command without specifying the VLAN ID, the software-cached
counter values for all VLANs are displayed.
Examples
This example shows how to display the software-cached counter values for a specific VLAN:
Switch# show vlan counters
* Multicast counters include broadcast packets
Vlan Id
L2 Unicast Packets
L2 Unicast Octets
L3 Input Unicast Packets
L3 Input Unicast Octets
L3 Output Unicast Packets
L3 Output Unicast Octets
L3 Output Multicast Packets
L3 Output Multicast Octets
L3 Input Multicast Packets
L3 Input Multicast Octets
L2 Multicast Packets
L2 Multicast Octets
Switch>
Related Commands
:
:
:
:
:
:
:
:
:
:
:
:
:
1
0
0
0
0
0
0
0
0
0
0
1
94
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-953
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(18)EW
Examples
This is an example of output from the show vlan dot1q tag native command:
Switch# show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
Per Port Native Vlan Tagging State
----------------------------------
Port
Operational
Native VLAN
Mode
Tagging State
-----------------------------------f3/2
f3/16
f3/16
Related Commands
trunk
PVLAN trunk
trunk
enabled
disabled
enabled
Command
Description
switchport mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-954
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
group-name
group-name
Defaults
None
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(54)SG
This command was modified to support user distribution on the Catalyst 4500 series
switch.
Usage Guidelines
The show vlan group command displays the existing VLAN groups and lists the VLANs and VLAN
ranges that are members of each VLAN group. If you use the group-name keyword, you display only
the members of the VLAN group specified by the group-name argument.
Examples
This example shows how to display the members of a specified VLAN group:
Switch# show vlan group group-name ganymede
Group Name Vlans Mapped
---------------- ------------------ganymede
7-9
Related Commands
Command
Description
vlan group
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-955
Chapter 2
Syntax Description
id vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
(Optional) Displays internal VLAN allocation information for the specified VLAN;
valid values are from 1 to 4094.
This example shows how to display information about the current internal VLAN allocation:
Switch# show vlan internal usage
VLAN
---1025
1026
1027
1028
1029
1030
1032
1033
1129
Usage
-------------------Port-channel6
GigabitEthernet1/2
FastEthernet3/20
FastEthernet3/21
-
This example shows how to display information about the internal VLAN allocation for a specific
VLAN:
Switch# show vlan id 1030 internal usage
VLAN Usage
---- -------------------1030 GigabitEthernet1/2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-956
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interface interface-id
| begin
(Optional) Displays begins with the line that matches the expression.
| exclude
| include
expression
Defaults
None
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output are displayed.
Examples
Operation
-------------selective QinQ
Operation
-------------1-to-1 mapping
This is a sample output from the show vlan mapping command for an interface:
Switch# show vlan mapping interface fa0/6
Interface fa0/6:
VLAN on wire
Translated VLAN
1
11
12,16-18
100
*
101
Operation
1-to-1 mapping
selective QinQ
default QinQ
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-957
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-958
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The MTU_Mismatch column in the command output indicates whether all the ports in the VLAN have
the same MTU. When yes is displayed in the MTU_Mismatch column, it means that the VLAN has a
port with different MTUs, and packets might be dropped that are switched from a port with a larger MTU
to a port with a smaller MTU. If the VLAN does not have an SVI, the hyphen (-) symbol is displayed in
the SVI_MTU column.
For a VLAN, if the MTU-Mismatch column displays yes, the names of the port with the MinMTU and
the port with the MaxMTU are displayed. For a VLAN, if the SVI_MTU is bigger than the MinMTU,
TooBig is displayed after the SVI_MTU.
Examples
Related Commands
MaxMTU(port)
-----------1500
MTU_Mismatch
-----------No
Command
Description
mtu
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-959
Chapter 2
Syntax Description
type
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(20)EW
15.1.0 SG
Support for PVLAN modes over EtherChannel. Modes include: private-vlan host,
private-vlan promiscuous, private-vlan trunk secondary, and private-vlan trunk
promiscuous.
(Optional) Displays the private VLAN type; valid types are isolated, primary,
community, twoway-community nonoperational, and normal.
Usage Guidelines
When the show vlan private-vlan type command displays a VLAN type as normal, it indicates that a
regular VLAN has been used in the private VLAN configuration. When normal is displayed, this
indicates that two VLANs have been associated before the type was set, and the private VLAN is not
operational. This information is useful for debugging purposes.
Examples
This example shows how to display information about all currently configured private VLANs:
Switch# show vlan private-vlan
Primary
------2
2
2
100
150
401
Switch#
Note
Secondary
--------301
302
303
10
101
151
202
303
402
Type
----------------community
community
community
community
isolated
non-operational
community
twoway-community
non-operational
Ports
-----------------------------------------Fa5/3, Fa5/25
Fa5/3, Po63
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-960
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to display information about all currently configured private VLAN types:
Switch# show vlan private-vlan type
Vlan Type
---- ----------------202 primary
303 community
304 community
305 community
306 community
307 community
308 normal
309 community
440 isolated
Switch#
Table 2-42 describes the fields in the show vlan private-vlan command output.
Table 2-42
Related Commands
Field
Description
Primary
Secondary
Secondary-Type
Ports
Type
Command
Description
private-vlan
private-vlan mapping
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-961
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12)EW
Examples
Related Commands
Command
Description
remote-span
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-962
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
show vmps
To display the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN
Membership Policy Server (VMPS) IP addresses, current servers, and primary servers, use the show
vmps command.
show vmps [statistics]
Syntax Description
statistics
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-963
Chapter 2
show vmps
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-964
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
lmp
rrp
type
Specifies the type of information; see the "Usage Guidelines" section for valid values.
instances
packet
counters
Defaults
Command Modes
Command History
Release
Modification
Support for this command was introduced on the Catalyst 4500 series
switch.
Usage Guidelines
The timers already displayed in the show vslp lmp timers output are shown in the output of the show vslp
lmp summary command.
The output of the show vslp rrp detail command includes the information from the following
commands:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-965
Chapter 2
Examples
The following example shows how to display a summary of LMP information for a specific VSLP
instance.
Router# show vslp 2 lmp summary
LMP summary
Link info:
Configured: 2
Operational: 0
Peer Peer
Peer Peer
Timer(s) running
Port
Flag State
Flag MAC
Swtch Port
(Time remaining)
-------------------------------------------------------------------------------4/1
v
link_down
4/2
v
link_down
Router#
The following example shows how to displays the VSLP instance mappings.
Router# show vslp instances
VSLP instance mappings:
Instance Num Name
Switch Num
Flag
---------------------------------------------------------------------2
VSL
2
0x00000001
Router#
Operational: 1
Peer Peer
Peer
Peer
Timer(s) running
Interface Flag State
Flag MAC
Switch Interface
(Time remaining)
-------------------------------------------------------------------------------Gi1/3/1
v
link_down
Gi1/5/4
vf
operational
vf
0013.5fcb.1480 2
Gi1/6/4
T4(240ms) T5(2.22s)
Gi1/5/5
v
link_down
Flags: V - valid
f -> B - bidirectional
The following examples shows how to display the LMP Tx and Rx hello timer values:
Router# show vslp lmp timer
Instance #1:
LMP hello timer
Hello Tx (T4) ms
Hello Rx (T5*) ms
Interface
State
Cfg
Cur
Rem
Cfg
Cur
Rem
------------------------------------------------------------------------Gi1/9/1
link_down
1000
500000 Gi1/9/3
link_down
1000
500000 Gi1/9/5
link_down
1000
500000 Router#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-966
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
ibc
eobc[LMP]
eobc[RRP]
eobc[PING]
Received:
total
error
err_cksum
eobc
ibc
total[LMP]
total[RRP]
total[PING]
eobc[LMP]
eobc[RRP]
eobc[PING]
Router#
=
=
=
=
0
0
0
0
=
=
=
=
=
=
=
=
=
=
=
1564
0
0
1564
0
0
0
0
1559
5
0
The following example shows how to display VSLP packet counter information:
Router# show vslp packet counters
VSLP packet counters
Transmitted:
total
= 28738
error
= 0
err_cksum
= 0
eobc
= 28738
eobc[LMP]
= 28701
eobc[RRP]
= 17
eobc[PING] = 20
ibc
= 0
ibc[LMP]
= 0
ibc[RRP]
= 0
ibc[PING]
= 0
Received:
total
= 28590
error
= 0
err_cksum
= 0
eobc
= 28590
eobc[LMP]
= 28552
eobc[RRP]
= 18
eobc[PING] = 20
ibc
= 0
ibc[LMP]
= 0
ibc[RRP]
= 0
ibc[PING]
= 0
Router#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-967
Chapter 2
show vtp
show vtp
To display VTP statistics and domain information, use the show vtp command.
show vtp {counters | status}
Syntax Description
counters
status
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
:
:
:
:
:
:
:
:
:
1
1
0
31
1
0
0
0
0
:
:
:
:
:
:
:
:
:
2
250
1005
33
Server
Lab_Network
Enabled
Enabled
Disabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-968
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
MD5 digest
: 0xE6 0xF8 0x3E 0xDD 0xA4 0xF5 0xC2 0x0E
Configuration last modified by 172.20.52.18 at 9-22-99 11:18:20
Local updater ID is 172.20.52.18 on interface Vl1 (lowest numbered VLAN interfac
e found)
Switch#
This example shows how to display only those lines in the show vtp output that contain the word
Summary:
Switch# show vtp counters | include Summary
Summary advertisements received
: 1
Summary advertisements transmitted : 32
Trunk
Join Transmitted Join Received
Switch#
Table 2-43 describes the fields in the show vtp command output.
Table 2-43
Field
Description
Trunk
Join Transmitted
Join Received
Configuration Revision
VTP V2 Mode
MD5 digest
Checksum values.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-969
Chapter 2
show vtp
Related Commands
Command
Description
vtp client
vtp domain
vtp password
vtp pruning
vtp server
vtp transparent
vtp v2-mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-970
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
2 . 2
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the interface MIB (IF-MIB) persist across
reboots and allow for consistent identification of specific interfaces using SNMP.
Use the snmp ifindex clear command on a specific interface when you want that interface to use the
global configuration setting for ifIndex persistence. This command clears any ifIndex configuration
commands previously entered for that specific interface.
Examples
This example shows how to enable ifIndex persistence for all interfaces:
Router(config)# snmp-server ifindex persist
This example shows how to disable IfIndex persistence for FastEthernet 1/1 only:
Router(config)# interface fastethernet 1/1
Router(config-if)# no snmp ifindex persist
Router(config-if)# exit
This example shows how to clear the ifIndex configuration from the FastEthernet 1/1 configuration:
Router(config)# interface fastethernet 1/1
Router(config-if)# snmp ifindex clear
Router(config-if)# exit
As a result of this sequence of commands, ifIndex persistence is enabled for all interfaces that are
specified by the snmp-server ifindex persist global configuration command.
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-971
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-972
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Disabled.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow
for consistent identification of specific interfaces using SNMP.
The snmp ifindex persist interface configuration command enables and disables ifIndex persistence for
individual entries (that correspond to individual interfaces) in the ifIndex table of the IF-MIB.
The snmp-server ifindex persist global configuration command enables and disables ifIndex
persistence for all interfaces on the routing device. This action applies only to interfaces that have
ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.
Examples
This example shows how to enable ifIndex persistence for interface FastEthernet 1/1 only:
Router(config)# interface fastethernet 1/1
Router(config-if)# snmp ifindex persist
Router(config-if)# exit
This example shows how to enable ifIndex persistence for all interfaces, and then disable ifIndex
persistence for interface FastEthernet 1/1 only:
Router(config)# snmp-server ifindex persist
Router(config)# interface fastethernet 1/1
Router(config-if)# no snmp ifindex persist
Router(config-if)# exit
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-973
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-974
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
flash
insertion
removal
fru-ctrl
port-security
trap-rate trap-rate
stpx
vlancreate
vlandelete
vtp
mac-notification
change
move
threshold
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(31)SG
Usage Guidelines
If you enter this command without an option, all notification types controlled by this command are
enabled.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-975
Chapter 2
SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform
requests for the specified notification types. To specify whether the notifications should be sent as traps
or informs, use the snmp-server host [traps | informs] command.
The snmp-server enable traps command is used in conjunction with the snmp-server host command.
Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send
notifications, you must configure at least one snmp-server host command.
This list of the MIBs is used for the traps:
Examples
This example shows how to send all traps to the host is specified by the name myhost.cisco.com using
the community string defined as public:
Switch(config)# snmp-server enable traps
Switch(config)# snmp-server host myhost.cisco.com public
Switch(config)#
This example shows how to enable the MAC address change MIB notification:
Switch(config)# snmp-server enable traps mac-notification change
Switch(config)#
SNMP traps can be enabled with a rate-limit to detect port-security violations due to restrict mode. The
following example shows how to enable traps for port-security with a rate of 5 traps per second:
Switch(config)# snmp-server enable traps port-security trap-rate 5
Switch(config)#
Related Commands
Command
Description
mac-address-table notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-976
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Disabled.
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow
for consistent identification of specific interfaces using SNMP.
The snmp-server ifindex persist global configuration command does not override the interface-specific
configuration. To override the interface-specific configuration of ifIndex persistence, enter the no snmp
ifindex persist and snmp ifindex clear interface configuration commands.
Entering the no snmp-server ifindex persist global configuration command enables and disables
ifIndex persistence for all interfaces on the routing device using ifDescr and ifIndex entries in the ifIndex
table of the IF-MIB.
Examples
This example shows how to enable ifIndex persistence for all interfaces:
Router(config)# snmp-server ifindex persist
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-977
Chapter 2
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
Cisco IOS XE
3.4.0SG and
15.1(2)SG
Support for this command was introduced on the Catalyst 4500 series switches.
Usage Guidelines
This command is hidden on Supervisor Engine V and later supervisor engines because the ifIndex table
is always in a compressed format on those supervisor engines.
At bootup, if the nvram:ifIndex-table.gz file (the ifIndex table ina compressed format) is present on a
Supervisor Engine II+, Supervisor Engine III, or Supervisor Engine IV, the snmp-server ifindex persist
compress command is automatically run even if the startup-config file does not have this configuration.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-978
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
added
removed
Defaults
Command Modes
Command History
Release
Modification
12.2(31)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Even though you enable the change notification trap for a specific interface by using the snmp trap
mac-notification change command, the trap is generated only when you enable the snmp-server enable
traps mac-notification change and the mac address-table notification change global configuration
commands.
Examples
This example shows how to enable the MAC notification trap when a MAC address is added to a port:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# snmp trap mac-notification change added
You can verify your settings by entering the show mac address-table notification change interface
privileged EXEC command.
Related Commands
Command
Description
clear mac-address-table
mac-address-table notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-979
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a source Layer 3 interface of the NetFlow-lite collector, use the source command. To delete
a source address, use the no form of this command.
source source-address
no source source-address
Syntax Description
source-address
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
One of the mandatory parameters for a minimally configured exporter along with the destination address
and the UDP destination port of the collector.
Examples
This example shows how to specify a source Layer 3 interface of the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-980
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Source IP Address:
5.5.5.5
VRF label:
DSCP:
0x20
TTL:
128
COS:
7
Transport Protocol Configuration:
Transport Protocol:
UDP
Destination Port:
8188
Source Port:
61670
Export Protocol Configuration:
Export Protocol:
Template data timeout:
Options sampler-table timeout:
Options interface-table timeout:
Exporter Statistics:
Packets Exported:
0
netflow-v9
60
1800
1800
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-981
Chapter 2
source-interface
source-interface
To send out call home email messages with specific source interface, use the source-interface
command.
source-interface interface name
Syntax Description
interface name
Defaults
None
Command Modes
cfg-call-home
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You should configure no shut on an interface and provide a valid IP address before specifying it as a
source interface for Call Home. Doing this avoids a connection failure when sending Call Home email
messages. You should only specify a source interface name under Call Home if source-ip-address is not
specified. You can only specify either a source interface or source-ip-address in call-home mode, not
simultaneously.
Examples
This example shows how to configure source interface for Call Home. Generally, the interface should
already be configured with a valid IP address as usually configured for an interface.
Switch# config terminal
Switch(config)# call-home
Switch(cfg-call-home)# source-interface fastEthernet 1/1
Switch(cfg-call-home)# source-ip
Switch(cfg-call-home)# source-ip-address 10.2.4.1
Error:a source-interface has already been configured,please remove source-interface config
first if you want to configure source-ip-address
Switch(cfg-call-home)# no source-interface
Switch(cfg-call-home)# source-ip-address 10.2.4.1
Note
Related Commands
If Call Home is configured to use http or https as the transport method, you must use ip http client
source-interface to configure the source interface for all http clients. You cannot specify a source
interface for Call Home http messages only.
Command
Description
source-ip-address
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-982
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
source-ip-address
To send out Call Home email messages with specific source IP address, use the source-ip-address
command.
source-ip-address ip address
Syntax Description
ip address
Defaults
None
Command Modes
cfg-call-home
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
It is best to configure no shut an interface with this valid IP address before specifying it as
source-ip-address for Call Home. Doing this avoids a connection failure when sending Call Home email
messages. You should only specify source-ip-address under Call Home if source-interface is not
specified. You can only specify either source interface or source-ip-address in Call Home mode, not both
simultaneously.
Examples
Related Commands
Command
Description
source-interface
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-983
Chapter 2
spanning-tree backbonefast
spanning-tree backbonefast
To enable BackboneFast on a spanning-tree VLAN, use the spanning-tree backbonefast command. To
disable BackboneFast, use the no form of this command.
spanning-tree backbonefast
no spanning-tree backbonefast
Syntax Description
Defaults
BackboneFast is disabled.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
BackboneFast should be enabled on all Catalyst 4506 series switches to allow the detection of indirect
link failures. Enabling BackboneFast starts the spanning-tree reconfiguration more quickly.
Examples
Related Commands
Command
Description
spanning-tree cost
spanning-tree port-priority
spanning-tree uplinkfast
spanning-tree vlan
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-984
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree bpdufilter
To enable BPDU filtering on an interface, use the spanning-tree bpdufilter command. To return to the
default settings, use the no form of this command.
spanning-tree bpdufilter {enable | disable}
no spanning-tree bpdufilter
Syntax Description
enable
disable
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
Caution
Use care when entering the spanning-tree bpdufilter enable command. Enabling BPDU filtering on an
interface is approximately equivalent to disabling the spanning tree for this interface. It is possible to
create bridging loops if this command is not correctly used.
When configuring Layer 2 protocol tunneling on all the service provider edge switches, you must enable
spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter
enable command.
BPDU filtering allows you to prevent a port from sending and receiving BPDUs. The configuration is
applicable to the whole interface, whether it is trunking or not. This command has three states:
spanning-tree bpdufilter enableThis state unconditionally enables the BPDU filter feature on
the interface.
spanning-tree bpdufilter disableThis state unconditionally disables the BPDU filter feature on
the interface.
no spanning-tree bpdufilterThis state enables the BPDU filter feature on the interface if the
interface is in operational PortFast state and if the spanning-tree portfast bpdufilter default
command is configured.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-985
Chapter 2
spanning-tree bpdufilter
Examples
This example shows how to enable the BPDU filter feature on this interface:
Switch(config-if)# spanning-tree bpdufilter enable
Switch(config-if)#
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-986
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree bpduguard
To enable BPDU guard on an interface, use the spanning-tree bpduguard command. To return to the
default settings, use the no form of this command.
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard
Syntax Description
enable
disable
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
BPDU guard is a feature that prevents a port from receiving BPDUs. This feature is typically used in a
service provider environment where the administrator wants to prevent an access port from participating
in the spanning tree. If the port still receives a BPDU, it is put in the ErrDisable state as a protective
measure. This command has three states:
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-987
Chapter 2
spanning-tree cost
spanning-tree cost
To calculate the path cost of STP on an interface, use the spanning-tree cost command. To revert to the
default, use the no form of this command.
spanning-tree cost cost
no spanning-tree cost cost
Syntax Description
cost
Defaults
FastEthernet19
GigabitEthernet1
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When you configure the cost, the higher values indicate higher costs. The range applies regardless of the
protocol type that is specified. The path cost is calculated, based on the interface bandwidth.
Examples
This example shows how to access an interface and set a path cost value of 250 for the spanning-tree
VLAN that is associated with that interface:
Switch(config)# interface fastethernet 2/1
Switch(config-if)# spanning-tree cost 250
Switch(config-if)#
Related Commands
Command
Description
spanning-tree port-priority
spanning-tree uplinkfast
spanning-tree vlan
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-988
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
To determine which local ports are involved in the misconfiguration, enter the show interfaces status
err-disabled command. To verify the EtherChannel configuration on the remote device, enter the show
etherchannel summary command on the remote device.
After you correct the configuration, enter the shutdown and the no shutdown commands on the
associated port-channel interface.
Examples
This example shows how to enable the EtherChannel guard misconfiguration feature:
Switch(config)# spanning-tree etherchannel guard misconfig
Switch(config)#
Related Commands
Command
Description
show etherchannel
Disables a port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-989
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Releases 12.1(13)E and later support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC
addresses, STP uses the extended system ID plus a MAC address to make the bridge ID unique for each
VLAN.
You cannot disable the extended system ID on chassis that support 64 MAC addresses.
Enabling or disabling the extended system ID updates the bridge IDs of all active STP instances, which
might change the spanning-tree topology.
Examples
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-990
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree guard
To enable root guard, use the spanning-tree guard command. To disable root guard, use the no form of
this command.
spanning-tree guard {loop | root | none}
no spanning-tree guard
Syntax Description
loop
root
none
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Examples
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-991
Chapter 2
spanning-tree link-type
spanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. To return to the default
settings, use the no form of this command.
spanning-tree link-type {point-to-point | shared}
no spanning-tree link-type
Syntax Description
point-to-point
shared
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
RSTP+ fast transition works only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is
considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.
Examples
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-992
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
Loop guard provides an additional security in the bridge network. Loop guard prevents alternate or root ports
from becoming the designated port because of a failure leading to a unidirectional link.
Loop guard operates only on ports that are considered point-to-point by the spanning tree.
Individual loop-guard port configuration overrides this global default.
Examples
Related Commands
Command
Description
spanning-tree guard
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-993
Chapter 2
spanning-tree mode
spanning-tree mode
To switch between PVST+ and MST modes, use the spanning-tree mode command. To return to the
default settings, use the no form of this command.
spanning-tree mode {pvst | mst | rapid-pvst}
no spanning-tree mode {pvst | mst | rapid-pvst}
Syntax Description
pvst
mst
rapid-pvst
Defaults
PVST+ mode
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch..
12.1(19)EW
Usage Guidelines
Caution
Examples
Be careful when using the spanning-tree mode command to switch between PVST+ and MST modes.
When you enter the command, all spanning-tree instances are stopped for the previous mode and
restarted in the new mode. Using this command may cause disruption of user traffic.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-994
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree mst
To set the path cost and port-priority parameters for any MST instance (including the CIST with instance
ID 0), use the spanning-tree mst command. To return to the default settings, use the no form of this
command.
spanning-tree mst instance-id [cost cost] | [port-priority prio]
no spanning-tree mst instance-id {cost | port-priority}
Syntax Description
instance-id
cost cost
(Optional) Specifies the path cost for an instance; valid values are from
1 to 200000000.
port-priority prio
(Optional) Specifies the port priority for an instance; valid values are from 0
to 240 in increments of 16.
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The higher cost cost values indicate higher costs. When entering the cost value, do not include a comma
in the entry; for example, enter 1000, not 1,000.
The higher port-priority prio values indicate smaller priorities.
By default, the cost depends on the port speed; faster interface speeds indicate smaller costs. MST
always uses long path costs.
Examples
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-995
Chapter 2
spanning-tree mst
Command
Description
spanning-tree port-priority
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-996
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
By default, the value for the MST configuration is the default value for all its parameters.
The abort and exit commands allow you to exit the MST configuration submode. The difference
between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving MST configuration submode. If you do not
map the secondary VLANs to the same instance as the associated primary VLAN, when you exit the MST
configuration submode, a message displays and lists the secondary VLANs that are not mapped to the
same instance as the associated primary VLAN. The message is as follows:
These secondary vlans are not mapped to the same instance as their primary:
->3
The abort command leaves the MST configuration submode without committing any changes.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-997
Chapter 2
Whenever you change an MST configuration submode parameter, it can cause a loss of connectivity. To
reduce the number of service disruptions, when you enter the MST configuration submode, you are
changing a copy of the current MST configuration. When you are done editing the configuration, you
can apply all the changes at once by using the exit keyword, or you can exit the submode without
committing any change to the configuration by using the abort keyword.
In the unlikely event that two users enter a new configuration at exactly at the same time, this message
is displayed:
Switch(config-mst)# exit
% MST CFG:Configuration change lost because of concurrent access
Switch(config-mst)#
Examples
This example shows how to reset the MST configuration to the default settings:
Switch(config)# no spanning-tree mst configuration
Switch(config)#
Related Commands
Command
Description
instance
name
revision
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-998
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
seconds
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Number of seconds to set the forward delay timer for all the instances on the
Catalyst 4500 series switch; valid values are from 4 to 30 seconds.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-999
Chapter 2
Syntax Description
seconds
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Number of seconds to set the hello-time delay timer for all the instances on the
Catalyst 4500 series switch; valid values are from 1 to 10 seconds.
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
Examples
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1000
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
seconds
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Number of seconds to set the max-age timer for all the instances on the Catalyst 4500
series switch; valid values are from 6 to 40 seconds.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1001
Chapter 2
Syntax Description
hopnumber
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Examples
Number of possible hops in the region before a BPDU is discarded; valid values are from
1 to 40 hops.
This example shows how to set the number of possible hops in the region before a BPDU is discarded to 25:
Switch(config)# spanning-tree mst max-hops 25
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1002
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
instance-id
root
primary
Sets a high enough priority (low value) to make the bridge root of the spanning-tree
instance.
secondary
priority prio
Sets the bridge priority; see the Usage Guidelines section for valid values and
additional information.
diameter dia
(Optional) Sets the timer values for the bridge based on the network diameter; valid
values are from 2 to 7.
hello-time hello
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
The bridge priority can be set in increments of 4096 only. When you set the priority, valid values are 0,
4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344,
and 61440.
You can set the priority to 0 to make the switch root.
The spanning-tree root secondary bridge priority value is 16384.
The diameter dia and hello-time hello options are available for instance 0 only.
If you do not specify the hello_time value, the value is calculated from the network diameter.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1003
Chapter 2
Examples
This example shows how to set the priority and timer values for the bridge:
Switch(config)# spanning-tree mst 0 root primary diameter 7 hello-time 2
Switch(config)# spanning-tree mst 5 root primary
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1004
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
long
short
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
Examples
This example shows how to set the path cost calculation method to long:
Switch(config) spanning-tree pathcost method long
Switch(config)
This example shows how to set the path cost calculation method to short:
Switch(config) spanning-tree pathcost method short
Switch(config)
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1005
Chapter 2
Syntax Description
disable
trunk
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch..
12.1(12c)EW
Usage Guidelines
You should use this feature only with interfaces that connect to end stations; otherwise, an accidental
topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network
operation.
An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when
linkup occurs without waiting for the standard forward-time delay.
Be careful when using the no spanning-tree portfast command. This command does not disable
PortFast if the spanning-tree portfast default command is enabled.
This command has four states:
spanning-tree portfast disableThis command explicitly disables PortFast for the given port. The
configuration line shows up in the running-configuration as it is not the default.
spanning-tree portfast trunkThis command allows you to configure PortFast on trunk ports.
Note
If you enter the spanning-tree portfast trunk command, the port is configured for PortFast
even when in the access mode.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1006
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
Related Commands
Command
Description
spanning-tree cost
spanning-tree port-priority
spanning-tree uplinkfast
spanning-tree vlan
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1007
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The spanning-tree portfast bpdufilter default command enables BPDU filtering globally on the
Catalyst 4500 series switch. BPDU filtering prevents a port from sending or receiving any BPDUs.
You can override the effects of the spanning-tree portfast bpdufilter default command by configuring
BPDU filtering at the interface level.
Note
Be careful when enabling BPDU filtering. Functionality is different when enabling on a per-port basis
or globally. When enabled globally, BPDU filtering is applied only on ports that are in an operational
PortFast state. Ports still send a few BPDUs at linkup before they effectively filter outbound BPDUs. If
a BPDU is received on an edge port, it immediately loses its operational PortFast status and BPDU
filtering is disabled.
When enabled locally on a port, BPDU filtering prevents the Catalyst 4500 series switch from receiving
or sending BPDUs on this port.
Caution
Examples
Be careful when using this command. This command can cause bridging loops if not used correctly.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1008
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
spanning-tree bpdufilter
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1009
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Caution
Use this command only with the interfaces that connect to the end stations; otherwise, an accidental
topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network
operation.
BPDU guard disables a port if it receives a BPDU. BPDU guard is applied only on ports that are PortFast
enabled and are in an operational PortFast state.
Examples
Related Commands
Command
Description
spanning-tree bpduguard
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1010
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
PortFast is disabled.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Caution
Use this command only with the interfaces that connect to end stations; otherwise, an accidental
topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network
operation.
An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when
linkup occurs without waiting for the standard forward-time delay.
You can enable PortFast mode on individual interfaces using the spanning-tree portfast (interface
configuration mode) command.
Examples
This example shows how to globally enable PortFast by default on all access ports:
Switch(config)# spanning-tree portfast default
Switch(config)#
Related Commands
Command
Description
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1011
Chapter 2
spanning-tree port-priority
spanning-tree port-priority
To prioritize an interface when two bridges compete for position as the root bridge, use the
spanning-tree port-priority command. The priority you set resolves the conflict. To revert to the
default setting, use the no form of this command.
spanning-tree port-priority port_priority
no spanning-tree port-priority
Syntax Description
port_priority
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to increase the possibility that the spanning-tree instance 20 will be chosen as
the root-bridge on interface FastEthernet 2/1:
Switch(config-if)# spanning-tree port-priority 0
Switch(config-if)#
Related Commands
Command
Description
spanning-tree cost
spanning-tree uplinkfast
spanning-tree vlan
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1012
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree uplinkfast
To enable the UplinkFast feature, use the spanning-tree uplinkfast command. To disable UplinkFast,
use the no form of this command.
spanning-tree uplinkfast [max-update-rate packets-per-second]
no spanning-tree uplinkfast [max-update-rate]
Syntax Description
max-update-rate
packets_per_second
Defaults
(Optional) Specifies the maximum rate (in packets per second) at which update
packets are sent; valid values are from 0 to 65535.
Disabled.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
This example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:
Switch(config)# spanning-tree uplinkfast
Switch(config)# spanning-tree uplinkfast max-update-rate 200
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1013
Chapter 2
spanning-tree uplinkfast
Related Commands
Command
Description
spanning-tree cost
spanning-tree port-priority
spanning-tree vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1014
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
spanning-tree vlan
To configure STP on a per-VLAN basis, use the spanning-tree vlan command. To return to the default
value, use the no form of this command.
spanning-tree vlan vlan_id [forward-time seconds | hello-time seconds | max-age seconds |
priority priority | protocol protocol | root {primary | secondary} [diameter net-diameter
[hello-time seconds]]]
no spanning-tree vlan vlan_id [forward-time | hello-time | max-age | priority | root]
Syntax Description
Defaults
vlan_id
forward-time seconds
(Optional) Sets the STP forward delay time; valid values are from 4 to
30 seconds.
hello-time seconds
max-age seconds
priority priority
(Optional) Sets the STP bridge priority; valid values are from 0 to 65535.
protocol protocol
root primary
root secondary
(Optional) Specifies this switch act as the root switch should the primary
root fail.
diameter net-diameter
Forward-time15 seconds
Hello-time2 seconds
Max-age20 seconds
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1015
Chapter 2
spanning-tree vlan
Usage Guidelines
When you are setting the max-age seconds value, if a bridge does not hear BPDUs from the root bridge
within the specified interval, it assumes that the network has changed and recomputes the spanning-tree
topology.
The spanning-tree root primary command alters the switch bridge priority to 8192. If you enter the
spanning-tree root primary command and the switch does not become root, then the bridge priority is
changed to 100 less than the bridge priority of the current bridge. If the switch does not become root, an
error will result.
The spanning-tree root secondary command alters the switch bridge priority to 16384. If the root
switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on backbone switches only.
Examples
This example shows how to configure the switch as the root switch for VLAN 10 with a network
diameter of 4:
Switch(config)# spanning-tree vlan 10 root primary diameter 4
Switch(config)#
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a
network diameter of 4:
Switch(config)# spanning-tree vlan 10 root secondary diameter 4
Switch(config)#
Related Commands
Command
Description
spanning-tree cost
spanning-tree port-priority
spanning-tree vlan
show spanning-tree
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1016
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
speed
To configure the interface speed, use the speed command. To disable a speed setting, use the no form of
this command.
speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}
no speed
Syntax Description
Defaults
10
100
1000
Enables the interface to autonegotiate the speed and specify the exact values to
advertise when autonegotiating.
nonegotiate
Supported Syntax
Default Setting
10/100-Mbps module
Auto
Not applicable
Not applicable
speed nonegotiate
Nonegotiate
10/100/1000
1000
Not applicable
Not applicable
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(20)EWA
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1017
Chapter 2
speed
Usage Guidelines
Interface Type
Supported Syntax
Default Setting
Guidelines
10/100-Mbps
module
auto
100-Mbps fiber
modules
Not applicable.
Not applicable.
Not applicable.
Gigabit Ethernet
Interface
speed nonegotiate
nonegotiate is
enabled.
10/100/1000
auto
1000
Not applicable.
Not applicable.
If you configure the interface speed and duplex commands manually and enter a value other than
speed auto (for example, 10 or 100 Mbps), make sure that you configure the connecting interface speed
command to a matching speed but do not use the auto parameter.
When manually configuring the interface speed to either 10 or 100 Mbps, the switch prompts you to also
configure duplex mode on the interface.
Note
Caution
Catalyst 4506 switches cannot automatically negotiate the interface speed and the duplex mode if either
connecting interface is configured to a value other than auto.
Changing the interface speed and the duplex mode configuration might shut down and reenable the
interface during the reconfiguration.
Table 2-45 describes the systems performance for different combinations of the duplex and speed
modes. The specified duplex command that is configured with the specified speed command produces
the resulting system action.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1018
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Table 2-45
Examples
duplex Command
speed Command
duplex auto
speed auto
duplex half
speed 10
duplex full
speed 10
duplex half
speed 100
duplex full
speed 100
duplex full
speed 1000
This example shows how to set the interface speed to 100 Mbps on the Fast Ethernet interface 5/4:
Switch(config)# interface fastethernet 5/4
Switch(config-if)# speed 100
This example shows how to allow Fast Ethernet interface 5/4 to autonegotiate the speed and duplex
mode:
Switch(config)# interface fastethernet 5/4
Switch(config-if)# speed auto
Note
The speed auto 10 100 command is similar to the speed auto command on a Fast Ethernet interface.
This example shows how to limit the interface speed to 10 and 100 Mbps on the Gigabit Ethernet
interface 1/1 in auto-negotiation mode:
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# speed auto 10 100
This example shows how to limit the speed negotiation to 100 Mbps on the Gigabit Ethernet
interface 1/1:
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# speed auto 100
Related Commands
Command
Description
duplex
show interfaces
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1019
Chapter 2
storm-control
storm-control
To enable broadcast storm control on a port and to specify what to do when a storm occurs on a port, use
the storm-control interface configuration command. To disable storm control for the broadcast traffic
and to disable a specified storm-control action, use the no form of this command.
storm-control {broadcast level high level [lower level]} | action {shutdown | trap}}
no storm-control {broadcast level level [lower level]} | action {shutdown | trap}}
Syntax Description
broadcast
action
shutdown
trap
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Usage Guidelines
Enter the storm-control broadcast level command to enable traffic storm control on the interface,
configure the traffic storm control level, and apply the traffic storm control level to the broadcast traffic
on the interface.
The Catalyst 4500 series switch supports broadcast traffic storm control on all LAN ports.
The period is required when you enter the fractional suppression level.
The suppression level is entered as a percentage of the total bandwidth. A threshold value of 100 percent
indicates that no limit is placed on traffic. A value of 0.0 means that all specified traffic on that port is
blocked.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1020
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Enter the show interfaces counters storm-control command to display the discard count.
Enter the show running-config command to display the enabled suppression mode and level setting.
To turn off suppression for the specified traffic type, you can do one of the following:
Set the high-level value to 100 percent for the specified traffic type.
The lower level is ignored for the interfaces that perform storm control in the hardware.
Note
Examples
The lower level keyword does not apply to the Supervisor Engine 6-E and Catalyst 4900M chassis
implementations.
This example shows how to enable broadcast storm control on a port with a 75.67 percent rising
suppression level:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 3/1
Switch(config-if)# storm-control broadcast level 75.67
Switch(config-if)# end
This example shows how to disable storm control by setting the high level to 100 percent:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 3/1
Switch(config-if)# storm-control broadcast level 100
Switch(config-if)# end
Related Commands
Command
Description
show running-config
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1021
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(40)SG
Support introduccd for for Catalyst 4900M and Supervisor Engine 6-E.
Usage Guidelines
This command prompts the hardware to filter multicast packets if it is already filtering broadcast packets.
The Catalyst 4500 series switch support per-interface multicast suppression. When you enable multicast
suppression on an interface you subject incoming multicast and broadcast traffic on that interface to
suppression.
Examples
This example shows how to enable per-port Multicast storm control on a Supervisor Engine 6-E:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet2/4
Switch(config-if)# storm-control broadcast include multicast
Switch(config)# end
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1022
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
storm-control
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1023
Chapter 2
subscribe-to-alert-group all
subscribe-to-alert-group all
To subscribe to all available alert groups, use the subscribe-to-alert-group all command.
subscribe-to-alert-group all
Syntax Description
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
Examples
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group environment
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1024
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1025
Chapter 2
subscribe-to-alert-group configuration
subscribe-to-alert-group configuration
To subscribe a destination profile to the Configuration alert group, use the
subscribe-to-alert-group configuration command.
subscribe-to-alert-group configuration [periodic {daily hh:mm | monthly date hh:mm | weekly
day hh:mm}]
Syntax Description
periodic
daily hh:mm
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
The Configuration alert group can be configured for periodic notification.
Examples
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1026
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1027
Chapter 2
subscribe-to-alert-group diagnostic
subscribe-to-alert-group diagnostic
To subscribe a destination profile to the Diagnostic alert group, use the subscribe-to-alert-group
diagnostic command.
subscribe-to-alert-group diagnostic [severity catastrophic | disaster | fatal | critical | major |
minor | warning | notification | normal | debugging]
Syntax Description
severity catastrophic
disaster
fatal
(Optional) Specifies that the system is unusable (system log level 0).
critical
(Optional) Specifies that immediate attention is needed (system log level 1).
major
minor
warning
notification
normal
debugging
Defaults
normal
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
Examples
This example shows how to configure the "diagnostic" alert-group with "normal" severity:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# subscribe-to-alert-group diagnostic severity normal
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1028
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1029
Chapter 2
subscribe-to-alert-group environment
subscribe-to-alert-group environment
To subscribe a destination profile to the Environment alert group, use the
subscribe-to-alert-group environment command.
subscribe-to-alert-group environment [severity catastrophic | disaster | fatal | critical | major |
minor | warning | notification | normal | debugging]
Syntax Description
severity catastrophic
disaster
fatal
(Optional) Specifies that the system is unusable (system log level 0).
critical
(Optional) Specifies that immediate attention is needed (system log level 1).
major
minor
warning
notification
normal
debugging
Defaults
normal
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
The Environment alert group can be configured to filter messages based on severity.
Examples
This example shows how to configure the "environmental" alert-group with "severity notification":
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# subscribe-to-alert-group environment severity notification
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1030
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
profile
destination address
destination preferred-msg-format
destination transport-method
subscribe-to-alert-group all
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1031
Chapter 2
subscribe-to-alert-group inventory
subscribe-to-alert-group inventory
To subscribe a destination profile to the Inventory alert group, use the
subscribe-to-alert-group inventory command.
subscribe-to-alert-group inventory [periodic {daily hh:mm | monthly date hh:mm |
weekly day hh:mm}]
Syntax Description
periodic
daily hh:mm
Defaults
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
The Inventory alert group can be configured for periodic notification.
Examples
This example shows how to configure the Inventory alert group with periodic daily alert at 21:12":
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# subscribe-to-alert-group inventory periodic daily 21:12
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1032
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
subscribe-to-alert-group environment
subscribe-to-alert-group syslog
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1033
Chapter 2
subscribe-to-alert-group syslog
subscribe-to-alert-group syslog
To subscribe this destination profile to the Syslog alert group, use the
subscribe-to-alert-group syslog command.
subscribe-to-alert-group syslog [severity catastrophic | disaster | fatal | critical | major | minor
| warning | notification | normal | debugging | pattern string]
Syntax Description
severity catastrophic
disaster
fatal
(Optional) Specifies that the system is unusable (system log level 0).
critical
(Optional) Specifies that immediate attention is needed (system log level 1).
major
minor
warning
notification
normal
debugging
Defaults
normal
Command Modes
cfg-call-home-profile
Command History
Release
Modification
12.2(52)SG
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration
mode.
You can configure the Syslog alert group can be configured to filter messages based on severity by
specifying a pattern to be matched in the syslog message. If the pattern contains spaces, you must enclose
it in quotes ().
Examples
This example shows how to configure the syslog alert group with severity notification:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# subscribe-to-alert-group syslog severity notification
pattern "UPDOWN"
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1034
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
destination address
destination preferred-msg-format
destination transport-method
profile
subscribe-to-alert-group all
subscribe-to-alert-group environment
subscribe-to-alert-group inventory
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1035
Chapter 2
Syntax Description
num
preempt delay
priority priority-value (Optional) Specifies a priority number to determine the standby chassis that
will become the new active chassis if the active chassis fails. Range: 1
(lowest priority) to 255 (highest priority)
Defaults
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
You must set the virtual domain name and the switch number prior to converting the chassis into a virtual
switch. You cannot configure the switch number after the chassis is in virtual switch mode.
When you boot the virtual switch, the role resolution logic validates that the chassis numbers in the two
chassis diffe.
When you configure preempt, the switch with the highest priority assumes the active role during role
negotiation.
Examples
The following example shows how to assign a switch number and to configure the virtual switch domain:
Router1(config)# switch virtual domain 100
Router1(config-vs-domain)# switch 1 priority 20
Router1(config-vs-domain)# switch 1 preempt 12
Router1(config-vs-domain)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1036
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
stand-alone
priority
Defaults
standalone
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
You must reboot both switches when you convert a switch to virtual switch mode.
In a VSS, the interface naming convention includes the switch number. For example, you must use
switch/module/port to specify a port on a switching module. The switch convert mode virtual
command converts the configuration file to use the VSS naming convention, and saves a backup copy of
the file in the RP bootflash.
Note
After you confirm the command (by entering yes at the prompt), the switch converts the configuration
file and restarts both chassis. After the restart, the chassis is in virtual switch mode. Henceforward, you
must specify interfaces with three identifiers (switch/module/port).
A no form of this command does not exist. You must specify either stand-alone or virtual mode.
You can enter the switch convert mode virtual command only after the standby switch is fully
operational (in hot standby mode). If you enter the command before the standby switch is fully
operational, a message is displayed telling you to try again later.
Note
If you have configured your config-register with a value that would skip file parsing during the bootup
process, your change to either a standalone or virtual switch will not take place until you reconfigure
your config-register. The config-register must be allowed to parse files to ensure a conversion from either
a standalone or virtual switch.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1037
Chapter 2
Examples
The following example shows how to configure a device in the distribution layer as a standalone switch
that has a switch number of 1:
Router1# switch convert mode virtual
This command will convert all interface names to naming convention "interface-type
chassis-number/slot/port", save the running config to startup-config and reload the
switch.
Do you want proceed? [yes/no]: yes
Converting interface names
Building Configuration...
[OK]
Saving converted configuration to bootflash: ...
Destination filename [startup-config.converted_vs-20070723-235834]?
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1038
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
number
Defaults
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
When you enter the switch virtual domain command, you enter the virtual switch domain configuration
submode, and the prompt changes to Router1(config-vs-domain)#. Within the virtual switch domain
configuration submode, the following commands are available:
switch numAssigns the switch number. See the switch (virtual switch) command for additional
information.
You must configure the same virtual switch domain number on both chassis of the virtual switch. The
virtual switch domain is a number between 1 and 255, and must be unique for each virtual switch in your
network.
Examples
Note
The domain identification takes effect only after you enter the switch convert mode virtual command.
Note
The switch number is not stored in the startup or running configuration, because both chassis use the
same configuration file (but must not have the same switch number).
The following example shows how to configure the virtual switch number and virtual switch domain on
two switches:
Router1(config)# switch virtual domain 100
Router1(config-vs-domain)# switch 1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1039
Chapter 2
Router1(config-vs-domain)# exit
Router2(config)# switch virtual domain 100
Router2(config-vs-domain)# switch 2
Router2(config-vs-domain)# exit
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1040
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
switch-umber
Defaults
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
The virtual switch link (VSL) is configured with a unique port channel on each chassis. You must add
the VSL physical ports to the port channel. The VSL channel group must contain a minimum of two
ports.
Examples
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1041
Chapter 2
switchport
switchport
To modify the switching characteristics of a Layer 2 switch interface, use the switchport command. To
return the interface to the routed-interface status and cause all further Layer 2 configuration to be erased,
use the no form of this command without parameters.
switchport [access vlan vlan_num] | [nonegotiate] | [voice vlan {vlan_id | dot1p | none |
untagged}]
no switchport [access | nonegotiate | voice vlan]
Syntax Description
Defaults
(Optional) Sets the VLAN when the interface is in access mode; valid values
are from 1 to 1005.
nonegotiate
(Optional) Specifies that the DISL/DTP negotiation packets will not be sent
on the interface.
(Optional) Specifies the number of the VLAN; valid values are from 1 to
1005.
dot1p
none
untagged
Access VLANs and trunk interface native VLANs are a default VLAN corresponding to the platform
or interface hardware.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(11)EW
Usage Guidelines
The no switchport command shuts the port down and then reenables it, which may generate messages
on the device to which the port is connected.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1042
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The no form of the switchport access command resets the access mode VLAN to the appropriate default
VLAN for the device. The no form of the switchport nonegotiate command removes the nonegotiate
status.
When you are using the nonegotiate keyword, DISL/DTP negotiation packets will not be sent on the
interface. The device will trunk or not trunk according to the mode parameter given: access or trunk.
This command will return an error if you attempt to execute it in dynamic (auto or desirable) mode.
The voice VLAN is automatically set to VLAN 1 unless you use one of the optional keywords.
If you use the switch port voice vlan command for an interface, the interface cannot join a port channel.
When you use the switchport voice vlan command, the output for the show running-config command
changes to show the voice VLAN set.
Examples
This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert
to a Layer 2-switched interface:
Switch(config-if)# switchport
Switch(config-if)#
This example shows how to cause a port interface in access mode, which is configured as a switched
interface, to operate in VLAN 2:
Switch(config-if)# switchport access vlan 2
Switch(config-if)#
This example shows how to cause a port interface, which is configured as a switched interface, to refrain
from negotiating in trunking mode and act as a trunk or access port (depending on the mode set):
Switch(config-if)# switchport nonegotiate
Switch(config-if)#
This example shows how to set the voice VLAN for the interface to VLAN 2:
Switch(config-if)# switchport voice vlan 2
switchport voice vlan 2
Switch(config-if)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1043
Chapter 2
Syntax Description
Defaults
vlan-id
(Optional) Number of the VLAN on the interface in access mode; valid values are from
1 to 4094.
dynamic
The access VLAN and trunk interface native VLAN are default VLANs that correspond to the
platform or the interface hardware.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(13)EW
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a
Layer 2 interface before you can enter the switchport access vlan command. This action is required only
if you have not already entered the switchport command for the interface.
Entering the no switchport command shuts the port down and then reenables it, which could generate
messages on the device to which the port is connected.
The no form of the switchport access vlan command resets the access mode VLAN to the appropriate
default VLAN for the device.
Valid values for vlan-id are from 1 to 4094.
Examples
This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert
to a Layer 2-switched interface:
Switch(config-if)# switchport
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1044
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
This command is not used on platforms that do not support Cisco-routed ports. All physical ports on such
platforms are assumed to be Layer 2-switched interfaces.
This example shows how to cause a port interface that has already been configured as a switched
interface to operate in VLAN 2 instead of the platforms default VLAN when in access mode:
Switch(config-if)# switchport access vlan 2
Switch(config-if)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1045
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(37)SG
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Note
You must enter the switchport command without any keywords to configure the LAN interface as a
Layer 2 interface before you can enter the switchport autostate exclude command. This action is
required only if you have not entered the switchport command for the interface.
The switchport command is not used on platforms that do not support Cisco-routed ports. All physical
ports on such platforms are assumed to be Layer 2-switched interfaces.
The switchport autostate exclude command marks the port to be excluded from the interface VLAN
up calculation when there are multiple ports in the VLAN.
The show interface interface switchport command displays the autostate mode if the mode has been
set. If the mode has not been set, the autostate mode is not displayed.
Examples
This example shows how to exclude a port from the VLAN interface link-up calculation:
Switch(config-if)# switchport autostate exclude
Switch(config-if)#
This example shows how to include a port in the VLAN interface link-up calculation:
Switch(config-if)# no switchport autostate exclude
Switch(config-if)#
You can verify your settings by entering the show interfaces switchport privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1046
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1047
Chapter 2
switchport block
switchport block
To prevent the unknown multicast or unicast packets from being forwarded, use the switchport block
interface configuration command. To allow the unknown multicast or unicast packets to be forwarded,
use the no form of this command.
switchport block {multicast | unicast}
no switchport block {multicast | unicast}
Syntax Description
Defaults
multicast
unicast
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can block the unknown multicast or unicast traffic on the switch ports.
Blocking the unknown multicast or unicast traffic is not automatically enabled on the switch ports; you
must explicitly configure it.
Note
Examples
For more information about blocking the packets, refer to the software configuration guide for this
release.
This example shows how to block the unknown multicast traffic on an interface:
Switch(config-if)# switchport block multicast
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1048
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
switchport mode
To set the interface type, use the switchport mode command. To reset the mode to the appropriate
default mode for the device, use the no form of this command.
switchport mode {access | dot1q-tunnel | trunk | dynamic {auto | desirable}}
switchport mode private-vlan {host | promiscuous | trunk promiscuous | trunk [secondary]}
no switchport mode dot1q-tunnel
no switchport mode private-vlan
Syntax Description
Defaults
access
dot1q-tunnel
trunk
dynamic auto
dynamic desirable
Specifies that the interface actively attempt to convert the link to a trunk link.
private-vlan host
Specifies that the ports with a valid PVLAN trunk association become active host
private VLAN trunk ports.
private-vlan
promiscuous
Specifies that the ports with a valid PVLAN mapping become active promiscuous
ports.
private-vlan trunk
promiscuous
Specifies that the ports with valid PVLAN trunk mapping become active
promiscuous trunk ports.
private-vlan trunk
secondary
Specifies that the ports with a valid PVLAN trunk association become active host
private VLAN trunk ports.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch..
12.2(18)EW
12.2(31)SG
Usage Guidelines
If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert
the link into a nontrunk link even if the neighboring interface does not approve the change.
If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the
link into a trunk link even if the neighboring interface does not approve the change.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1049
Chapter 2
switchport mode
If you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring
interface is set to trunk or desirable mode.
If you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring
interface is set to trunk, desirable, or auto mode.
If you specify the dot1q-tunnel keyword, the port is set unconditionally as an 802.1Q tunnel port.
The port becomes inactive if you configure it as a private VLAN trunk port and one of the following
applies:
If a private port PVLAN association or mapping is deleted, or if a private port is configured as a SPAN
destination, it becomes inactive.
Examples
This example shows how to set the interface to dynamic desirable mode:
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)#
This example shows how to configure a port for an 802.1Q tunnel port:
Switch(config-if)# switchport mode dot1q-tunnel
Switch(config-if)#
You can verify your settings by entering the show interfaces switchport command and examining
information in the Administrative Mode and Operational Mode rows.
This example shows how to configure interface FastEthernet 5/2 as a PVLAN promiscuous port, map it
to a PVLAN, and verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 200 2
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1050
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Name:Fa5/2
Switchport:Enabled
Administrative Mode:private-vlan promiscuous
Operational Mode:private-vlan promiscuous
Administrative Trunking Encapsulation:negotiate
Operational Trunking Encapsulation:native
Negotiation of Trunking:Off
Access Mode VLAN:1 (default)
Trunking Native Mode VLAN:1 (default)
Voice VLAN:none
Administrative Private VLAN Host Association:none
Administrative Private VLAN Promiscuous Mapping:200 (VLAN0200) 2 (VLAN0002)
Private VLAN Trunk Native VLAN:none
Administrative Private VLAN Trunk Encapsulation:dot1q
Administrative Private VLAN Trunk Normal VLANs:none
Administrative Private VLAN Trunk Private VLANs:none
Operational Private VLANs:
200 (VLAN0200) 2 (VLAN0002)
Trunking VLANs Enabled:ALL
Pruning VLANs Enabled:2-1001
Capture Mode Disabled
Capture VLANs Allowed:ALL
This example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the
configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 202 440
Switch(config-if)# end
Switch# show interfaces fastethernet 5/1 switchport
Name: Fa5/1
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Appliance trust: none
Administrative Private Vlan
Host Association: 202 (VLAN0202) 440 (VLAN0440)
Promiscuous Mapping: none
Trunk encapsulation : dot1q
Trunk vlans:
Operational private-vlan(s):
202 (VLAN0202) 440 (VLAN0440)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
This example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify
the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk secondary
Switch(config-if)# switchport private-vlan trunk native vlan 10
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1051
Chapter 2
switchport mode
This example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to
verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk promiscuous
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3-4
Switch(config-if)# switchport private-vlan mapping trunk 3 301, 302
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Name: Fa5/2
Switchport: Enabled
Administrative Mode: private-vlan trunk promiscuous
Operational Mode: private-vlan trunk promiscuous
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: 10
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1052
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
switchport
switchport private-vlan
host-association
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1053
Chapter 2
switchport port-security
switchport port-security
To enable port security on an interface, use the switchport port-security command. To disable port
security and set parameters to their default states, use the no form of this command.
switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none] | mac-address mac-address [vlan {access | voice} |
mac-address sticky [mac-address] [vlan access | voice] | maximum value [vlan {access |
voice} | violation {restrict | shutdown | shutdown vlan}]
no switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none] | mac-address mac-address [vlan {access | voice} |
mac-address sticky [mac-address] [vlan access | voice] | maximum value [vlan {access |
voice} | violation {restrict | shutdown | shutdown vlan}]
Syntax Description
aging
static
time time
(Optional) Specifies the aging time for this port. The valid values are
from 0 to 1440 minutes. If the time is 0, aging is disabled for this port.
type absolute
(Optional) Sets the aging type as absolute aging. All the secure
addresses on this port age out exactly after the time (minutes) specified
and are removed from the secure address list.
type inactivity
(Optional) Sets the aging type as inactivity aging. The secure addresses
on this port age out only if there is no data traffic from the secure source
address for the specified time period.
limit rate
invalid-source-mac
(Optional) Sets the rate limit for bad packets. This rate limit also applies
to the port where DHCP snooping security mode is enabled as filtering
the IP and MAC address.
N none
mac-address mac-address
sticky
vlan access
vlan voice
maximum value
(Optional) Sets the maximum number of secure MAC addresses for the
interface. Valid values are from 1 to 3072. The default setting is 1.
violation
(Optional) Sets the security violation mode and action to be taken if port
security is violated.
restrict
(Optional) Sets the security violation restrict mode. In this mode, a port
security violation restricts data and causes the security violation counter
to increment.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1054
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Defaults
shutdown
shutdown vlan
When port security is enabled and no keywords are entered, the default maximum number of secure
MAC addresses is 1.
Aging is disabled.
All secure addresses on this port age out immediately after they are removed from the secure address
list.
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(19)EW
12.2(18)EW
12.2(31)SG
12.2(52)SG
Usage Guidelines
After you set the maximum number of secure MAC addresses that are allowed on a port, you can add
secure addresses to the address table by manually configuring them, by allowing the port to dynamically
configure them, or by configuring some MAC addresses and allowing the rest to be dynamically
configured.
The packets are dropped into the hardware when the maximum number of secure MAC addresses are in
the address table and a station that does not have a MAC address in the address table attempts to access
the interface.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you set
the maximum allowed secure addresses on the port to more than 1.
You cannot configure static secure MAC addresses in the voice VLAN.
A secure port has the following limitations:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1055
Chapter 2
switchport port-security
A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
When a secure port is in the error-disabled state, you can remove it from this state by entering the
errdisable recovery cause psecure-violation global configuration command, or you can manually
re-enable it by entering the shutdown and no shut down interface configuration commands. If a port is
is disabled, you can also use the clear errdisable command to re-enable the offending VLAN on the
port.
To enable secure address aging for a particular port, set the aging time to a value other than 0 for that
port.
To allow limited time access to particular secure addresses, set the aging type as absolute. When the
aging time lapses, the secure addresses are deleted.
To allow continuous access to a limited number of secure addresses, set the aging type as inactivity. This
action removes the secure address when it becomes inactive, and other addresses can become secure.
To allow unlimited access to a secure address, configure it as a secure address, and disable aging for the
statically configured secure address by using the no switchport port-security aging static interface
configuration command.
If the sticky command is executed without a MAC address specified, all MAC addresses that are learned
on that port will be made sticky. You can also specify a specific MAC address to be a sticky address by
entering the sticky keyword next to it.
You can configure the sticky feature even when port security is not enabled on the interface. The feature
becomes operational when you enable port security on the interface.
You can use the no form of the sticky command only if the sticky feature is already enabled on the
interface.
Examples
This example shows how to set the aging time to 2 hours (120 minutes) for the secure addresses on the
Fast Ethernet port 12:
Switch(config)# interface fastethernet 0/12
Switch(config-if)# switchport port-security aging time 120
Switch(config-if)#
This example shows how to set the aging timer type to Inactivity for the secure addresses on the Fast
Ethernet port 12:
Switch(config)# interface fastethernet 0/12
Switch(config-if)# switch port-security aging type inactivity
Switch(config-if)#
The following example shows how to configure rate limit for invalid source packets on Fast Ethernet
port 12:
Switch(config)# interface fastethernet 0/12
Switch(config-if)# switchport port-security limit rate invalid-source-mac 100
Switch(config-if)#
The following example shows how to configure rate limit for invalid source packets on Fast Ethernet
port 12:
Switch(config)# interface fastethernet 0/12
Switch(config-if)# switchport port-security limit rate invalid-source-mac none
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1056
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify the settings for all secure ports or the specified port by using the show port-security
privileged EXEC command.
This example shows how to remove all sticky and static addresses that are configured on the interface:
Switch(config)# interface fastethernet 2/12
Switch(config-if)# no switchport port-security mac-address
Switch(config-if)
This example shows how to configure a secure MAC address on Fast Ethernet port 12:
Switch(config)# interface fastethernet 0/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 1000.2000.3000
Switch(config-if)
This example shows how to make all MAC addresses learned on Fast Ethernet port 12 sticky:
Switch(config)# interface fastethernet 2/12
SSwitch(config-if)# switchport port-security mac-address sticky
Switch(config-if)
This example shows how to make MAC address 1000.2000.3000 sticky on Fast Ethernet port 12:
Switch(config)# interface fastethernet 2/12
Switch(config-if)# switchport port-security mac-address sticky 1000.2000.3000
Switch(config-if)
This example shows how to disable the sticky feature on Fast Ethernet port 12:
Switch(config)# interface fastethernet 2/12
Switch(config-if)# no switchport port-security mac-address sticky
Switch(config-if)
Note
This command makes all sticky addresses on this interface normal learned entries. It does not delete the
entries from the secure MAC address table.
Note
The following examples show how to configure sticky secure MAC addresses in access and voice
VLANs on interfaces with voice VLAN configured. If you do not have voice VLAN configured the
vlan [access | voice] keywords are not supported.
This example shows how to configure sticky MAC addresses for voice and data VLANs on Fast Ethernet
interface 5/1 and to verify the configuration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fa5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.obob vlan voice
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0005 vlan access
Switch(config-if)# end
This example shows how to designate a maximum of one MAC address for a voice VLAN (for a Cisco
IP Phone, lets say) and one MAC address for the data VLAN (for a PC, lets say) on Fast Ethernet
interface 5/1 and to verify the configuration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1057
Chapter 2
switchport port-security
This example shows how to configure a port to shut down only the VLAN if a violation occurs:
Switch(config)# interface gigabitethernet 5/1
Switch(config)# switchport port-security violation shutdown vlan
Note
Sending traffic to the ports causes the system to configure the port with sticky secure addresses.
You can verify your settings by using the show port-security address privileged EXEC command.
Related Commands
Command
Description
show port-security
switchport block
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1058
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
primary-vlan-id
secondary-vlan-id
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(20)EW
Usage Guidelines
Multiple private VLAN pairs can be specified so that a private VLAN trunk port can carry multiple
secondary VLANs. If an association is specified for the existing primary VLAN, the existing association
is replaced.
Only isolated secondary VLANs can be carried over a private VLAN trunk.
Note
Community secondary VLANs on a private VLAN trunk are not supported in this release.
If there is no trunk association, any packets received on the secondary VLANs are dropped.
Examples
This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN
(VLAN 20):
Switch(config-if)# switchport private-vlan association trunk 18 20
Switch(config-if)#
This example shows how to remove the private VLAN association from the port:
Switch(config-if)# no switchport private-vlan association trunk 18
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1059
Chapter 2
This example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify
the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk secondary
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10. 3-4
Switch(config-if)# switchport private-vlan association trunk 3 301
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Name: Fa5/2
Switchport: Enabled
Administrative Mode: private-vlan trunk secondary
Operational Mode: private-vlan trunk secondary
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none A
dministrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: 10
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations:
3 (VLAN0003) 301 (VLAN0301)
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Operational Normal VLANs: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch(config-if)#
Related Commands
Command
Description
switchport mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1060
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
primary-vlan-id
Number of the primary VLAN of the PVLAN relationship; valid values are from
1 to 4094.
secondary-vlan-list
Number of the secondary VLAN of the private VLAN relationship; valid values
are from 1 to 4094.
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
Usage Guidelines
There is no runtime effect on the port unless it is in PVLAN host mode. If the port is in PVLAN host
mode but all VLANs do not exist, the command is allowed, but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
Examples
This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN
(VLAN 20):
Switch(config-if)# switchport private-vlan host-association 18 20
Switch(config-if)#
This example shows how to remove the PVLAN association from the port:
Switch(config-if)# no switchport private-vlan host-association
Switch(config-if)#
This example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the
configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 202 440
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1061
Chapter 2
Switch(config-if)# end
Switch# show interfaces fastethernet 5/1 switchport
Name: Fa5/1
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Appliance trust: none
Administrative Private Vlan
Host Association: 202 (VLAN0202) 440 (VLAN0440)
Promiscuous Mapping: none
Trunk encapsulation : dot1q
Trunk vlans:
Operational private-vlan(s):
202 (VLAN0202) 440 (VLAN0440)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Related Commands
Command
Description
switchport mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1062
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
primary-vlan-id
Number of the primary VLAN of the private VLAN relationship; valid values
are from 2 to 4094 (excluding 1002 to 1005).
secondary-vlan-list
Number of the secondary VLANs to map to the primary VLAN; valid values
are from 2 to 4094.
add
remove
Clears mapping between the secondary VLANs and the primary VLAN.
trunk
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW
12.2(20)EW
12.2(31)SG
Usage Guidelines
There is no run-time effect on the port unless it is in private VLAN promiscuous mode. If the port is in
private VLAN promiscuous mode but the VLANs do not exist, the command is allowed, but the port is
made inactive.
The secondary VLAN may be an isolated or community VLAN.
Note
The maximum number of unique private VLAN pairs supported by the switchport private-vlan
mapping trunk command above is 500. For example, one thousand secondary VLANs could map to one
primary VLAN, or one thousand secondary VLANs could map one to one to one thousand primary
VLANs.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1063
Chapter 2
Examples
This example shows how to configure the mapping of primary VLAN 18 to the secondary isolated
VLAN 20 on a port:
Switch(config-if)# switchport private-vlan mapping 18 20
Switch(config-if)#
This example shows how to add a range of secondary VLANs to the mapping:
Switch(config-if)# switchport private-vlan mapping 18 add 22-24
Switch(config-if)#
This example shows how to add a range of secondary VLANs to the trunk mapping:
Switch(config-if)# switchport private-vlan mapping trunk 18 add 22-24
Switch(config-if)#
This example shows how to configure interface FastEthernet 5/2 as a PVLAN promiscuous port, map it
to a PVLAN, and verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 200 2
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Name:Fa5/2
Switchport:Enabled
Administrative Mode:private-vlan promiscuous
Operational Mode:private-vlan promiscuous
Administrative Trunking Encapsulation:negotiate
Operational Trunking Encapsulation:native
Negotiation of Trunking:Off
Access Mode VLAN:1 (default)
Trunking Native Mode VLAN:1 (default)
Voice VLAN:none
Administrative Private VLAN Host Association:none
Administrative Private VLAN Promiscuous Mapping:200 (VLAN0200) 2 (VLAN0002)
Private VLAN Trunk Native VLAN:none
Administrative Private VLAN Trunk Encapsulation:dot1q
Administrative Private VLAN Trunk Normal VLANs:none
Administrative Private VLAN Trunk Private VLANs:none
Operational Private VLANs:
200 (VLAN0200) 2 (VLAN0002)
Trunking VLANs Enabled:ALL
Pruning VLANs Enabled:2-1001
Capture Mode Disabled
Capture VLANs Allowed:ALL
This example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to
verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk promiscuous
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3-4
Switch(config-if)# switchport private-vlan mapping trunk 3 301, 302
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1064
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Name: Fa5/2
Switchport: Enabled
Administrative Mode: private-vlan trunk promiscuous
Operational Mode: private-vlan trunk promiscuous
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: 10
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: 3-4,10
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings:
3 (VLAN0003) 301 (VLAN0301) 302 (VLAN0302)
Operational private-vlan:
3 (VLAN0003) 301 (VLAN0301) 302 (VLAN0302)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch(config-if)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1065
Chapter 2
Syntax Description
vlan_list
Sets the list of allowed VLANs; see the Usage Guidelines section for formatting
guidelines for vlan_list.
all
Specifies all VLANs from 1 to 4094. This keyword is not supported on commands
that do not permit all VLANs in the list to be set at the same time.
none
Indicates an empty list. This keyword is not supported on commands that require
certain VLANs to be set or at least one VLAN to be set.
add
(Optional) Adds the defined list of VLANs to those currently set instead of
replacing the list.
remove
(Optional) Removes the defined list of VLANs from those currently set instead of
replacing the list.
except
(Optional) Lists the VLANs that should be calculated by inverting the defined list
of VLANs.
vlan_atom
Defaults
All allowed normal VLANs are removed from a private VLAN trunk port.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
By default, no normal VLANs are allowed unless you explicitly configure the VLANs to be allowed.
Use this command only for normal VLANs on a private VLAN trunk port.
Use the switchport private-vlan association trunk command to configure a port that can carry private
VLANs on a private VLAN trunk port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1066
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to configure the private VLAN trunk port that carries normal VLANs 1 to10:
Switch(config-if)# switchport private-vlan trunk allowed vlan 1-10
Switch(config-if)#
This example shows how to remove all the allowed normal VLANs from a private VLAN trunk port:
Switch(config-if)# no switchport private-vlan trunk allowed vlan
Switch(config-if)#
This example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify
the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk secondary
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10. 3-4
Switch(config-if)# switchport private-vlan association trunk 3 301
Switch(config-if)# end
Switch# show interfaces fastethernet 5/2 switchport
Name: Fa5/2
Switchport: Enabled
Administrative Mode: private-vlan trunk secondary
Operational Mode: private-vlan trunk secondary
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none A
dministrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: 10
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations:
3 (VLAN0003) 301 (VLAN0301)
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Operational Normal VLANs: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch(config-if)#
This example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to
verify the configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk promiscuous
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3-4
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1067
Chapter 2
Related Commands
Command
Description
switchport mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1068
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
The default setting is global; the settings on the port are determined by the global setting.
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(18)EW
Usage Guidelines
The configuration created with this command only applies to ports that are configured as private VLAN
trunks.
Examples
This example shows how to enable 802.1Q native VLAN tagging on a PVLAN trunk:
Switch(config-if)# switchport private-vlan trunk native vlan tag
Switch(config-if)#
Related Commands
Command
Description
switchport mode
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1069
Chapter 2
switchport trunk
switchport trunk
To set the trunk characteristics when an interface is in trunking mode, use the switchport trunk
command. To reset all of the trunking characteristics back to the original defaults, use the no form of
this command.
switchport trunk native vlan {tag | vlan_id}
no switchport trunk native vlan {tag | vlan_id}
switchport trunk allowed vlan vlan_list
no switchport trunk allowed vlan vlan_list
switchport trunk pruning vlan vlan_list
no switchport trunk pruning vlan vlan_list
Syntax Description
Defaults
Sets the native VLAN for the trunk in 802.1Q trunking mode.
Sets the list of allowed VLANs that transmit this interface in tagged
format when in trunking mode. See the Usage Guidelines section for
formatting guidelines for vlan_list.
Sets the list of VLANs that are enabled for VTP pruning when the switch
is in trunking mode. See the Usage Guidelines section for formatting
guidelines for vlan_list.
The access VLANs and trunk interface native VLANs are a default VLAN that corresponds to the
platform or the interface hardware.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch..
12.1(12c)EW
12.2(18)EW
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1070
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Usage Guidelines
The vlan_list format is all | none | [add | remove | except] vlan_atom[,vlan_atom...], where:
all specifies all VLANs from 1 to 4094. This keyword is not supported on commands that do not
permit all VLANs in the list to be set at the same time.
none indicates an empty list. This keyword is not supported on commands that require certain
VLANs to be set or at least one VLAN to be set.
add adds the defined list of VLANs to those currently set, instead of replacing the list.
remove removes the defined list of VLANs from those currently set, instead of replacing the list.
except lists the VLANs that should be calculated by inverting the defined list of VLANs.
vlan_atom is either a single VLAN number from 1 to 4094 or a continuous range of VLANs
described by two VLAN numbers (the lesser one first, separated by a hyphen).
The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN
for the device.
The no form of the allowed vlan command resets the list to the default list, which allows all VLANs.
The no form of the pruning vlan command resets the list to the default list, which enables all VLANs
for VTP pruning.
These configuration guidelines and restrictions apply when using 802.1Q trunks and impose some
limitations on the trunking strategy for a network:
When connecting Cisco switches through an 802.1Q trunk, make sure that the native VLAN for an
802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk
is different from the native VLAN on the other end, spanning-tree loops might result.
Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on
every VLAN in the network can cause spanning-tree loops. We recommend that you leave spanning
tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree
on every VLAN in the network. Make sure that your network is free of physical loops before
disabling spanning tree.
When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree
BPDUs on each VLAN that is allowed on the trunks. The BPDUs on the native VLAN of the trunk
are sent untagged to the reserved 802.1d spanning-tree multicast MAC address
(01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved
SSTP multicast MAC address (01-00-0c-cc-cc-cd).
Non-Cisco 802.1Q switches maintain only a single instance of spanning tree (MST) that defines the
spanning-tree topology for all VLANs. When you connect a Cisco switch to a non-Cisco switch
through an 802.1Q trunk, the MST of the non-Cisco switch and the native VLAN spanning tree of
the Cisco switch combine to form a single spanning-tree topology known as the CST.
Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on the VLANs other
than the native VLAN of the trunk, non-Cisco switches do not recognize these frames as BPDUs and
flood them on all ports in the corresponding VLAN. Cisco switches connected to the non-Cisco
802.1Q network receive these flooded BPDUs. Because Cisco switches receive the flooded BPDUs,
the switches can maintain a per-VLAN spanning-tree topology across a network of non-Cisco
802.1Q switches. The non-Cisco 802.1Q network separating the Cisco switches is treated as a single
broadcast segment between all switches that are connected to the non-Cisco 802.1Q network
through the 802.1Q trunks.
Ensure that the native VLAN is the same on all of the 802.1Q trunks connecting the Cisco switches
to the non-Cisco 802.1Q network.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1071
Chapter 2
switchport trunk
If you are connecting multiple Cisco switches to a non-Cisco 802.1Q network, all of the connections
must be through the 802.1Q trunks. You cannot connect Cisco switches to a non-Cisco 802.1Q
network through the ISL trunks or through the access ports. This action causes the switch to place
the ISL trunk port or access port into the spanning-tree port inconsistent state and no traffic will
pass through the port.
Examples
The no switchport trunk native vlan tag command disables the native VLAN tagging operation on
a port. This overrides the global tagging configuration.
The switchport trunk native vlan tag command can be used to reenable tagging on a disabled port.
The no option is saved to NVRAM so that the user does not have to manually select the ports to
disable the tagging operation each time that the switch reboots.
When the switchport trunk native vlan tag command is enabled and active, all packets on the
native VLAN are tagged, and incoming untagged data packets are dropped. Untagged control
packets are accepted.
This example shows how to cause a port interface that is configured as a switched interface to
encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)#
This example shows how to configure a secure MAC-address and a maximum limit of secure MAC
addresses on Gigabit Ethernet port 1 for all VLANs:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 3
This example shows how to configure a secure MAC-address on Gigabit Ethernet port 1 in a specific
VLAN or range of VLANs:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport port-security
Switch(config-if)# vlan-range 2-6
Switch(config-if-vlan-range)# port-security maximum 3
This example shows how to configure a secure MAC-address in a VLAN on Gigabit Ethernet port 1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address
Switch(config-if)# vlan-range 2-6
Switch(config-if-vlan-range)# port-security mac-address
Switch(config-if-vlan-range)# port-security mac-address
Switch(config-if-vlan-range)# port-security mac-address
sticky
1.1.1
sticky 1.1.2
sticky 1.1.3
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1072
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings by using the show port-security interface vlan privileged EXEC
command.
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1073
Chapter 2
Syntax Description
vlan-id
translated-id
dot1q-tunnel
translated-id
all
Defaults
Command Modes
Interface configuration
Command History
Release
Modification
12.2(54)SG
Usage Guidelines
Before configuring VLAN mapping on an interface, enter the switchport mode trunk interface
configuration command to configure the interface as a trunk port.
You can configure VLAN mapping on a physical interface or on a port channel of multiple interfaces
with the same configuration.
To configure one-to-one VLAN mapping, use the switchport vlan mapping vlan-id translated-id
command.
Note
To avoid mixing customer traffic, when you configure traditional QinQ on a trunk port,you should use
the switchport trunk allowed vlan vlan-id interface configuration command to configure the outer
VLAN ID (S-VLAN) as an allowed VLAN on the trunk port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1074
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Note
You cannot configure one-to-one mapping and selective QinQ on the same interface.
The no form of the switchport vlan mapping commands clears the specified mapping configuration.
The no switchport vlan mapping all command clears all mapping configurations on the interface.
You cannot configure encapsulation replicate on a SPAN destination port if the source port is configured
as a tunnel port or has a 1-to-2 mapping configured. Encapsulation replicate is supported with 1-to-1
VLAN mapping.
Examples
This example shows how to use one-to-one mapping to map VLAN IDs 1 and 2 in the customer network
to VLANs 1001 and 1002 in the service-provider network and to drop traffic from any other VLAN IDs.
Switch(config)# interface gigabiethernet0/1
Switch(config-if)# switchport vlan mapping 1 1001
Switch(config-if)# switchport vlan mapping 2 1002
Switch(config-if)# exit
This example shows how to configure selective QinQ mapping on the port so that traffic with a C-VLAN
ID of 5, 7, or 8 would enter the switch with an S-VLAN ID of 100. The traffic of any other VLAN IDs
is dropped.
Switch(config)# interface gigabiethernet0/1
Switch(config-if)# switchport vlan mapping 5, 7-8 dot1q-tunnel 100
Switch(config-if)# exit
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1075
Chapter 2
system mtu
system mtu
To set the maximum Layer 2 or Layer 3 payload size, use the system mtu command. To revert to the
default MTU setting, use the no form of this command.
system mtu datagram-size
no system mtu
Syntax Description
datagram-size
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The datagram-size parameter specifies the Ethernet payload size, not the total Ethernet frame size, and
the Layer 3 MTU is changed as a result of changing the system mtu command.
For ports from 3 to18 on model WS-X4418-GB and ports from 1 to 12 on model WS-X4412-2GB-TX,
only the standard IEEE Ethernet payload size of 1500 bytes is supported.
For other modules, an Ethernet payload size of up to 1552 bytes is supported with a total Ethernet frame
size of up to 1600 bytes.
Examples
This example shows how to set the MTU size to 1550 bytes:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# system mtu 1550
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1076
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
show interfaces
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1077
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a template data timeout for the NetFlow-lite collector, use the template data timeout
command. To delete the value, use the no form of this command.
template data timeout seconds
no dscp dscp-value
Syntax Description
seconds
Defaults
1800 seconds
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
Default timeout value is 1800 seconds or 30 minutes. The timeout value configured really depends on
the collector and how often it needs the templates to be refreshed.
Examples
This example shows how to specify a template data timeout for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1078
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1079
Chapter 2
Note
Syntax Description
This command will be deprecated in future Cisco IOS releases. Use the diagnostic start command
instead.
interface interface
interface-number
Defaults
Command Modes
Command History
Release
Modification
12.2(25)SG
Usage Guidelines
The TDR test is supported on Catalyst 4500 series switches running Cisco IOS Release 12.2(25)SG for
the following line cards only:
WS-X4548-GB-RJ45
WS-X4548-GB-RJ45V
WS-X4524-GB-RJ45V
WS-X4013+TS
WS-C4948
WS-C4948-10GE
The valid values for interface interface are fastethernet and gigabitethernet.
Do not start the test at the same time on both ends of the cable. Starting the test at both ends of the cable
at the same time can lead to false test results.
Do not change the port configuration during any cable diagnostics test. This action may result in
incorrect test results.
The interface must be operating before starting the TDR test. If the port is down, the results of the test
will be invalid. Issue the no shutdown command on the port.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1080
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to start the TDR test on port 1 on module 2:
Switch# test cable-diagnostics tdr int gi2/1
Switch#
This example shows the message that displays when the TDR test is not supported on a module:
Switch# test cable-diagnostics tdr int gi2/1
00:03:15:%C4K_IOSDIAGMAN-4-TESTNOTSUPPORTEDONMODULE: Online cable
diag tdr test is not supported on this module
Switch#
Note
Related Commands
The show cable-diagnostic tdr command is used to display the results of a TDR test. The test results
will not be available until approximately 1 minute after the test starts. If you enter the show
cable-diagnostic tdr command within 1 minute of the test starting, you may see a TDR test is in
progress on interface... message.
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1081
Chapter 2
traceroute mac
traceroute mac
To display the Layer 2 path taken by the packets from the specified source MAC address to the specified
destination MAC address, use the traceroute mac command.
traceroute mac [interface interface-id] {source-mac-address} [interface interface-id]
{destination-mac-address} [vlan vlan-id] [detail]
Syntax Description
interface interface-id
source-mac-address
destination-mac-address
vlan vlan-id
(Optional) Specifies the VLAN on which to trace the Layer 2 path that the
packets take from the source switch to the destination switch; valid VLAN
IDs are from 1 to 4094. Do not enter leading zeros.
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(15)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Catalyst 4500 series switches running Catalyst operating system Release 6.2 or later for the
supervisor engine
Catalyst 5000 family switches running Catalyst operating system Release 6.1 or later for the
supervisor engine
Catalyst 6500 series switches running Catalyst operating system Release 6.1 or later for the
supervisor engine
For Layer 2 traceroute to functional properly, Cisco Discovery Protocol (CDP) must be enabled on all
of the switches in the network. Do not disable CDP.
When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch
continues to send Layer 2 trace queries and lets them time out.
The maximum number of hops identified in the path is ten.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1082
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Layer 2 traceroute supports only unicast traffic. If you specify a multicast source or destination MAC
address, the physical path is not identified, and a message appears.
The traceroute mac command output shows the Layer 2 path when the specified source and destination
addresses belong to the same VLAN. If you specify source and destination addresses that belong to
different VLANs, the Layer 2 path is not identified, and a message appears.
If the source or destination MAC address belongs to multiple VLANs, you must specify the VLAN to
which both the source and destination MAC addresses belong. If the VLAN is not specified, the path is
not identified, and a message appears.
Layer 2 traceroute is not supported when multiple devices are attached to one port through hubs (for
example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected
on a port, the Layer 2 path is not identified, and a message appears.
This feature is not supported in Token Ring VLANs.
Examples
This example shows how to display the Layer 2 path by specifying the source and destination MAC
addresses:
Switch# traceroute mac 0000.0201.0601 0000.0201.0201
Source 0000.0201.0601 found on con6[WS-C2950G-24-EI] (2.2.6.6)
con6 (2.2.6.6) :Fa0/1 =>Fa0/3
con5
(2.2.5.5
) :
Fa0/3 =>Gi0/1
con1
(2.2.1.1
) :
Gi0/1 =>Gi0/2
con2
(2.2.2.2
) :
Gi0/2 =>Fa0/1
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed
Switch#
This example shows the Layer 2 path when the switch is not connected to the source switch:
Switch# traceroute mac 0000.0201.0501 0000.0201.0201 detail
Source not directly connected, tracing source .....
Source 0000.0201.0501 found on con5[WS-C2950G-24-EI] (2.2.5.5)
con5 / WS-C2950G-24-EI / 2.2.5.5 :
Fa0/1 [auto, auto] =>Gi0/1 [auto, auto]
con1 / WS-C3550-12G / 2.2.1.1 :
Gi0/1 [auto, auto] =>Gi0/2 [auto, auto]
con2 / WS-C3550-24 / 2.2.2.2 :
Gi0/2 [auto, auto] =>Fa0/1 [auto, auto]
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1083
Chapter 2
traceroute mac
This example shows the Layer 2 path when the switch cannot find the destination port for the source
MAC address:
Switch# traceroute mac 0000.0011.1111 0000.0201.0201
Error:Source Mac address not found.
Layer2 trace aborted.
Switch#
This example shows the Layer 2 path when the source and destination devices are in different VLANs:
Switch# traceroute mac 0000.0201.0601 0000.0301.0201
Error:Source and destination macs are on different vlans.
Layer2 trace aborted.
Switch#
This example shows the Layer 2 path when the destination MAC address is a multicast address:
Switch# traceroute mac 0000.0201.0601 0100.0201.0201
Invalid destination mac address
Switch#
This example shows the Layer 2 path when the source and destination switches belong to multiple
VLANs:
Switch# traceroute mac 0000.0201.0601 0000.0201.0201
Error:Mac found on multiple vlans.
Layer2 trace aborted.
Switch#
This example shows how to display the Layer 2 path by specifying the interfaces on the source and
destination switches:
Switch# traceroute mac interface fastethernet0/1 0000.0201.0601 interface fastethernet0/3 0000.0201.0201
Source 0000.0201.0601 found on con6[WS-C2950G-24-EI] (2.2.6.6)
con6 (2.2.6.6) :Fa0/1 =>Fa0/3
con5
(2.2.5.5
) :
Fa0/3 =>Gi0/1
con1
(2.2.1.1
) :
Gi0/1 =>Gi0/2
con2
(2.2.2.2
) :
Gi0/2 =>Fa0/1
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed
Switch#
Related Commands
Command
Description
traceroute mac ip
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1084
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
traceroute mac ip
To display the Layer 2 path that is taken by the packets from the specified source IP address or hostname
to the specified destination IP address or hostname, use the traceroute mac command.
traceroute mac ip {source-ip-address | source-hostname} {destination-ip-address |
destination-hostname} [detail]
Syntax Description
source-ip-address
destination-ip-address
source-hostname
destination-hostname
detail
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Catalyst 4500 series switches running Catalyst operating system Release 6.2 or later for the
supervisor engine
Catalyst 5000 family switches running Catalyst operating system Release 6.1 or later for the
supervisor engine
Catalyst 6500 series switches running Catalyst operating system Release 6.1 or later for the
supervisor engine
For Layer 2 traceroute to functional properly, Cisco Discovery Protocol (CDP) must be enabled on all
the switches in the network. Do not disable CDP.
When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch
continues to send Layer 2 trace queries and lets them time out.
The maximum number of hops identified in the path is ten.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1085
Chapter 2
traceroute mac ip
The traceroute mac ip command output shows the Layer 2 path when the specified source and
destination IP addresses are in the same subnet. When you specify the IP addresses, the switch uses
Address Resolution Protocol (ARP) to associate the IP addresses with the corresponding MAC addresses
and the VLAN IDs.
If an ARP entry exists for the specified IP address, the switch uses the associated MAC address and
identifies the physical path.
If an ARP entry does not exist, the switch sends an ARP query and tries to resolve the IP address.
The IP addresses must be in the same subnet. If the IP address is not resolved, the path is not
identified, and a message appears.
Layer 2 traceroute is not supported when multiple devices are attached to one port through hubs (for
example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected
on a port, the Layer 2 path is not identified, and an error message appears.
This feature is not supported in Token Ring VLANs.
Examples
This example shows how to display the Layer 2 path by specifying the source and destination IP
addresses and by using the detail keyword:
Switch# traceroute mac ip 2.2.66.66 2.2.22.22 detail
Translating IP to mac.....
2.2.66.66 =>0000.0201.0601
2.2.22.22 =>0000.0201.0201
Source 0000.0201.0601 found on con6[WS-C2950G-24-EI] (2.2.6.6)
con6 / WS-C2950G-24-EI / 2.2.6.6 :
Fa0/1 [auto, auto] =>Fa0/3 [auto, auto]
con5 / WS-C2950G-24-EI / 2.2.5.5 :
Fa0/3 [auto, auto] =>Gi0/1 [auto, auto]
con1 / WS-C3550-12G / 2.2.1.1 :
Gi0/1 [auto, auto] =>Gi0/2 [auto, auto]
con2 / WS-C3550-24 / 2.2.2.2 :
Gi0/2 [auto, auto] =>Fa0/1 [auto, auto]
Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2)
Layer 2 trace completed.
Switch#
This example shows how to display the Layer 2 path by specifying the source and destination hostnames:
Switch# traceroute mac ip con6 con2
Translating IP to mac .....
2.2.66.66 =>0000.0201.0601
2.2.22.22 =>0000.0201.0201
Source 0000.0201.0601 found on con6
con6 (2.2.6.6) :Fa0/1 =>Fa0/3
con5
(2.2.5.5
) :
con1
(2.2.1.1
) :
con2
(2.2.2.2
) :
Destination 0000.0201.0201 found on con2
Layer 2 trace completed
Switch#
Fa0/3 =>Gi0/1
Gi0/1 =>Gi0/2
Gi0/2 =>Fa0/1
This example shows the Layer 2 path when Address Resolution Protocol (ARP) cannot associate the
source IP address with the corresponding MAC address:
Switch# traceroute mac ip 2.2.66.66 2.2.77.77
Arp failed for destination 2.2.77.77.
Layer2 trace aborted.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1086
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
traceroute mac
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1087
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a UDP transport destination port for a NetFlow-lite collector, use the transport udp
command. To delete a transport UDP, use the no form of this command.
transport udp destination-port
no transport udp destination-port
Syntax Description
destination-port
Defaults
None
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
One of the mandatory parameters for a minimally configured exporter along with the destination address
and UDP destination port of the NetFlow-lite collector.
Examples
This example shows how to specify a UDP transport destination port for a NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1088
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1089
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify the number of destination ports to load balance on for a NetFlow-lite collector, use the
transport udp load-share command. To delete a transport UDP, use the no form of this command.
transport udp load-share destination-port
no transport udp load-share destination-port
Syntax Description
destination-port
Defaults
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
The CLI for UDP destination port load sharing allows you leverage multiple receive packet queues in
current server NICs, where the collector is running. This is an optional parameter. When number >= 2
is configured, a switch exports datagrams with a UDP destination port number that round robins
between a set of consecutive destination UDP port numbers starting with the base udp port number and
ending with base udp port number + num ports-1. Typically, netflow templates are sent on the base UDP
port number and the packet sample netflow records are sent on the remaining UDP ports. So, the
collector provides optimized processing for templates or metadata and packet sample records on a
socket.
Examples
This example shows how to specify a UDP transport destination port for a NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
transport udp load-share
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1090
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1091
Chapter 2
trust
trust
To define a trust state for traffic classified through the class policy-map configuration command, use the
trust policy-map class configuration command. To return to the default setting, use the no form of this
command.
trust [cos | dscp]
no trust [cos | dscp]
Syntax Description
cos
(Optional) Classifies an ingress packet by using the packet class of service (CoS)
value. For an untagged packet, the port default CoS value is used.
dscp
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
Use this command to distinguish the quality of service (QoS) trust behavior for certain traffic from other
traffic. For example, inbound traffic with certain DSCP values can be trusted. You can configure a class
map to match and trust the DSCP values in the inbound traffic.
Trust values set with this command supersede trust values set with the qos trust interface configuration
command.
If you specify trust cos, QoS uses the received or default port CoS value and the CoS-to-DSCP map to
generate a DSCP value for the packet.
If you specify trust dscp, QoS uses the DSCP value from the ingress packet. For non-IP packets that are
tagged, QoS uses the received CoS value; for non-IP packets that are untagged, QoS uses the default port
CoS value. In either case, the DSCP value for the packet is derived from the CoS-to-DSCP map.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1092
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to define a port trust state to trust inbound DSCP values for traffic classified
with class1:
Switch# configure terminal
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 1000000 20000 exceed-action policed-dscp-transmit
Switch(config-pmap-c)# exit
Switch#
You can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
Command
Description
class
Specifies the name of the class whose traffic policy you want to
create or change.
police
policy-map
set
show policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1093
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a ttl value for the NetFlow-lite collector, use the ttl command. To delete the value, use the no
form of this command.
ttl ttl-value
no ttl ttl-value
Syntax Description
ttl-value
Defaults
254
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
The ttl limit takes effect only when the export packets are based on IPv4. It has no effect on IPv6.
Examples
This example shows how to specify a ttl value for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1094
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Destination IP address:
5.5.5.6
Source IP Address:
5.5.5.5
VRF label:
DSCP:
0x20
TTL:
128
COS:
7
Transport Protocol Configuration:
Transport Protocol:
UDP
Destination Port:
8188
Source Port:
61670
Export Protocol Configuration:
Export Protocol:
Template data timeout:
Options sampler-table timeout:
Options interface-table timeout:
Exporter Statistics:
Packets Exported:
0
netflow-v9
60
1800
1800
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1095
Chapter 2
tx-queue
tx-queue
To configure the transmit queue parameters for an interface, use the tx-queue command. To return to the
default value, use the no form of this command.
tx-queue [queue-id] {bandwidth bandwidth-rate | priority high | shape shape-rate}
no tx-queue
Syntax Description
Defaults
queue-id
bandwidth bandwidth-rate
priority high
shape shape-rate
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E and Catalyst 4900M chassis.
The bandwidth and shape rates cannot exceed the maximum speed of the interface.
The bandwidth can be configured only on the following:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1096
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Examples
This example shows how to configure transmit queue 3 to the high priority:
Switch(config-if)# tx-queue 3
Switch(config-if-tx-queue)# priority high
Switch(config-if-tx-queue)#
This example shows how to configure the traffic shaping rate of 64 kbps to transmit queue 1:
Switch(config-if)# tx-queue 1
Switch(config-if-tx-queue)# shape 64000
Switch(config-if-tx-queue)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1097
Chapter 2
Syntax Description
Defaults
enable
aggressive
fast-hello error-reporting
All fiber-optic interfaces are disabled and the message timer for UDLD is set to 15 seconds.
Fast UDLD is disabled on all interfaces.
Command Modes
Global configuration
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1098
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command History
Usage Guidelines
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(54)SG
If you enable aggressive mode, once all the switch ports neighbors have aged out either in the
advertisement or in the detection phase, UDLD and Fast UDLD restart the linkup sequence. They can
resynchronize with any potentially out-of-sync neighbor and shut down the port if the UDLD messages
from the neighbor indicate that the link state is still undetermined.
This command affects fiber interfaces only. Use the udld (interface configuration mode) command to
enable UDLD on other interface types.
Examples
This example shows how to enable UDLD on all the fiber interfaces:
Switch (config)# udld enable
Switch (config)#
Related Commands
Command
Description
show udld
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1099
Chapter 2
Syntax Description
Defaults
aggressive
disable
Disables UDLD.
fast-hello
interval
The fiber-optic interfaces are enabled with the state of the global udld (enable or aggressive) command.
The nonfiber interfaces are enabled with UDLD disabled.
Fast UDLD is disabled.
Command Modes
Interface configuration
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
12.2(54)SG
Usage Guidelines
If you enable aggressive mode, once all the switch ports neighbors have aged out either in the
advertisement or in the detection phase, UDLD and Fast UDLD restart the linkup sequence. They can
resynchronize with any potentially out-of-sync neighbor and shut down the port if the UDLD messages
from the neighbor indicate that the link state is still undetermined
Use the udld port aggressive command on fiber-optic ports to override the setting of the global udld (enable
or aggressive) command. Use the no form of the command on fiber-optic ports to restore the UDLD state as
configured by the global udld command.
If udld enable is configured globally, UDLD is enabled on all fiber-optic interfaces in
nonaggressive mode. You can configure udld port aggressive on a fiber-optic interface to override
the udld enable command setting and to enter aggressive mode. If you enter the
no udld port aggresive command, the settings of the previous global state are reestablished and the
aggressive mode is removed.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1100
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
The disable keyword is supported on fiber-optic ports only. Use the no form of the udld command to
reset UDLD to the value specified by the udld (global configuration mode) command.
If the port changes from fiber-optic to nonfiber-optic or vice versa, all configurations are maintained.
Examples
This example shows how to enable UDLD on any port interface for any global udld (global configuration
mode) setting:
Switch (config-if)# udld port
Switch (config-if)#
This example shows how to enable UDLD in aggressive mode on any port interface for any global udld
(enable or aggressive) setting:
Switch (config-if)# udld port aggressive
Switch (config-if)#
This example shows how to disable UDLD on a fiber port interface for any global udld (global
configuration mode) setting:
Switch (config-if)# udld disable
Switch (config-if)#
This example shows how to enable Fast UDLD on a port interface with a timer value of 200 ms. To
enable Fast UDLD on a port, you must first enable UDLD in normal or aggressive mode:
Switch (config-if)# udld port
Switch (config-if)# udld fast-hello 200
Switch (config-if)#
Related Commands
Command
Description
show udld
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1101
Chapter 2
udld reset
udld reset
To reset all the UDLD ports in the shutdown state (that is, errdisabled by UDLD), use the udld reset
priviledged EXEC command.
udld reset
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the interface configuration is still enabled for UDLD, those ports will begin to run UDLD again and
may shut down if the reason for the shutdown has not been resolved.
The udld reset command permits the traffic to flow on the ports again. Other features, operate normally
if enabled, such as STP, PAgP, and DTP.
Examples
This example shows how to reset all the ports that are shut down by UDLD:
Switch# udld reset
Switch#
Related Commands
Command
Description
show udld
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1102
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
unidirectional
To configure the nonblocking Gigabit Ethernet ports to unidirectionally send or receive traffic on an
interface, use the unidirectional command. To disable unidirectional communication, use the no form
of this command.
unidirectional {receive-only | send-only}
no unidirectional {receive-only | send-only}
Syntax Description
receive-only
send-only
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Enabling port unidirectional mode automatically disables port UDLD. You must manually ensure that
the unidirectional link does not create a spanning-tree loop in the network.
Examples
This example shows how to set Gigabit Ethernet interface 1/1 to receive traffic unidirectionally:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# unidirectional receive-only
Switch(config-if)# end
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1103
Chapter 2
username
username
To establish a username-based authentication system, use the username command.
username name secret {0 | 5} password
Syntax Description
name
secret 0 | 5
Specifies the authentication system for the user; valid values are 0 (text
immediately following is not encrypted) and 5 (text immediately following is
encrypted using an MD5-type encryption method).
password
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Use this command to enable enhanced password security for the specified username. This command
enables MD5 encryption on the password. MD5 encryption is a strong encryption method that is not
retrievable. You cannot use MD5 encryption with protocols that require clear-text passwords, such as
CHAP.
You can use this command for defining usernames that get special treatment. For example, you can
define an info username that does not require a password but that connects the user to a
general-purpose information service.
The username command provides both username and secret authentication for login purposes only.
The name argument can be only one word. White spaces and quotation marks are not allowed.
You can use multiple username commands to specify options for a single user.
For information about additional username commands, refer to the Cisco IOS Command Reference.
Examples
This example shows how to specify an MD5 encryption on a password (warrior) for a username (xena):
Switch(config)# username xena secret 5 warrior
Switch(config)#
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1104
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1105
Chapter 2
verify
verify
To verify the checksum of a file on a flash memory file system, use the verify command.
verify [/md5] [flash-filesystem:] [filename] [expected-md5-signature]
Syntax Description
/md5
flash-filesystem:
(Optional) Device where the fash resides; valid values are bootflash:,
slot0:, flash:, or sup-bootflash:.
filename
expected-md5-signature
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Each software image that is distributed on the disk uses a single checksum for the entire image. This
checksum is displayed only when the image is copied into the flash memory.
The Readme file, which is included with the image on the disk, lists the name, file size, and checksum
of the image. Review the contents of the Readme file before loading or duplicating the new image so that
you can verify the checksum when you copy it into the flash memory or on to a server.
Use the verify /md5 command to verify the MD5 signature of a file before using it. This command
validates the integrity of a copied file by comparing a precomputed MD5 signature with the signature
that is computed by this command. If the two MD5 signatures match, the copied file is identical to the
original file.
You can find the MD5 signature posted on the Cisco.com page with the image.
You can use the verify /md5 command in one of the following ways:
Verify the MD5 signatures manually by entering the verify /md5 filename command.
Check the displayed signature against the MD5 signature posted on the Cisco.com page.
Allow the system to compare the MD5 signatures by entering the verify /md5
{flash-filesystem:filename} {expected-md5-signature} command.
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1106
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
After completing the comparison, the system returns with a verified message. If an error is detected,
the output is similar to the following:
Switch# verify /md5 slot0:c4-jsv-mz 0f
..................................
..................................
..................................
..................................
..................................
...............................Done!
%Error verifying slot0:c4-jsv-mz
Computed signature = 0f369ed9e98756f179d4f29d6e7755d3
Submitted signature = 0f
To display the contents of the flash memory, enter the show flash command. The flash contents listing
does not include the checksum of the individual files. To recompute and verify the image checksum after
the image has been copied into the flash memory, enter the verify command.
A colon (:) is required after the specified device.
Examples
This example shows how to allow the system to compare the MD5 signatures:
Switch# verify /md5 slot0:c4-jsv-mz 0f369ed9e98756f179d4f29d6e7755d3
.................................................
.................................................
.................................................
.................................................
.................................................
............................................Done!
verified /md5 (slot0:c6sup12-jsv-mz) = 0f369ed9e98756f179d4f29d6e7755d3
Switch#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1107
Chapter 2
Syntax Description
vlan_id
are hops
(Optional) Specifies the maximum number of All Route Explorer hops for
this VLAN; valid values are from 0 to 13. Zero is assumed if no value is
specified.
backupcrf mode
(Optional) Enables or disables the backup CRF mode of the VLAN; valid
values are enable and disable.
bridge type
bridge_num
media type
(Optional) Specifies the media type of the VLAN; valid values are fast
ethernet, fd-net, fddi, trcrf, and trbrf.
mtu mtu-size
name vlan-name
parent parent-vlan-id
ring ring-number
said said-value
(Optional) Specifies the security association identifier; valid values are from
1 to 4294967294.
state
suspend
Specifies that the state of the VLAN is suspended. VLANs in the suspended
state do not pass packets.
active
(Optional) Specifies the STP type; valid values are ieee, ibm, and auto.
tb-vlan1 tb-vlan1-id
(Optional) Specifies the ID number of the first translational VLAN for this
VLAN; valid values are from 2 to 1001. Zero is assumed if no value is
specified.
tb-vlan2 tb-vlan2-id
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1108
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Defaults
The vlan-name is VLANxxxx where xxxx represents four numeric digits (including leading
zeroes) equal to the VLAN ID number.
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1109
Chapter 2
Examples
This example shows how to add a new VLAN with all the default parameters to the new VLAN database:
Switch(vlan)# vlan 2
Note
This example shows how to return the MTU to the default for its type and the translational bridging
VLANs to the default:
Switch(vlan)# no vlan 2 mtu tb-vlan1 tb-vlan2
Switch(vlan)#
Related Commands
Command
Description
show vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1110
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vlan access-map
To enter VLAN access-map command mode to create a VLAN access map, use the vlan access-map
command. To remove a mapping sequence or the entire map, use the no form of this command.
vlan access-map name [seq# ]
no vlan access-map name [seq# ]
Syntax Description
name
seq#
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
If you enter the sequence number of an existing map sequence, you enter VLAN access-map mode. If
you do not specify a sequence number, a number is automatically assigned. You can enter one match
clause and one action clause per map sequence. If you enter the no vlan access-map name [seq# ]
command without entering a sequence number, the whole map is removed. Once you enter VLAN
access-map mode, the following commands are available:
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1111
Chapter 2
vlan access-map
Related Commands
Command
Description
match
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1112
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vlan configuration
To configure a service-policy on a VLAN, use the vlan configuration command to enter the VLAN
feature configuration mode.
vlan configuration {vlan}
Syntax Description
vlan
Defaults
Command Modes
Command History
Release
Modification
12.2(40)SG
This command was introduced on Catalyst 4900M and Supervisor Engine 6E.
Usage Guidelines
Even though an SVI is not needed in all cases, such as when you use your Catalyst 4500 series switch
as a pure Layer 2 switch, you are required to create an SVI.
VLAN configuration mode has been inroduced to remove the requirement of creating an SVI. With this
command you can specify lists of VLANs and the input and output policies that are applied. To configure
your system in this mode there is no requirement for you to create SVIs, or create VLAN or VTP mode
interactions. Once the VLAN becomes active the configuration becomes active on that VLAN. You can
use - or , extensions to specifying VLAN list.
Examples
This example shows how to configure a service policy while in VLAN configuration mode and display
the new service policy:
Switch# configure terminal
Switch(config)# vlan configuration 30-40
Switch(config-vlan-config)# service-policy input p1
Switch(config-vlan-config)# end
Switch# show running configuration | begin vlan configuration
!
vlan configuration 30-40
service-policy input p1
!
vlan internal allocation policy ascending !
vlan 2-1000
!
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1113
Chapter 2
vlan configuration
Related Commands
Command
Description
policy-map
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1114
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vlan database
To enter VLAN configuration mode, use the vlan database command.
vlan database
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
Examples
From VLAN configuration mode, you can access the VLAN database editing buffer manipulation
commands, including:
exitApplies the changes, bumps the revision number, and exits VLAN configuration mode.
noNegates a command or sets its defaults; valid values are vlan and vtp.
vlanAccesses the subcommands to add, delete, or modify values that are associated with a single
VLAN. For information about the vlan subcommands, see the vlan (VLAN Database mode)
command.
vtpAccesses the subcommands to perform VTP administrative functions. For information about
the vtp subcommands, see the vtp client command.
This example shows how to exit VLAN configuration mode without applying changes after you are in
VLAN configuration mode:
Switch(vlan)# abort
Aborting....
Switch#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1115
Chapter 2
vlan database
This example shows how to delete a VLAN after you are in VLAN configuration mode:
Switch(vlan)# no vlan 100
Deleting VLAN 100...
Switch(vlan)#
This example shows how to turn off pruning after you are in VLAN configuration mode:
Switch(vlan)# no vtp pruning
Pruning switched OFF
Switch(vlan)#
Related Commands
Command
Description
show vlan
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1116
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.2(18)EW
This command was first introduced on the Catalyst 4500 series switch.
Usage Guidelines
When enabled, the native VLAN packets exiting all 802.1Q trunk ports are tagged unless the port is
explicitly configured to disable native VLAN tagging.
When disabled, the native VLAN packets exiting all 802.1Q trunk ports are not tagged.
You can use this command with 802.1Q tunneling. This feature operates on an edge switch of a
service-provider network and expands VLAN space by using a VLAN-in-VLAN hierarchy and by
tagging the tagged packets. You must use the 802.1Q trunk ports for sending out the packets to the
service-provider network. However, the packets going through the core of the service-provider network
might also be carried on the 802.1Q trunks. If the native VLANs of an 802.1Q trunk match the native
VLAN of a tunneling port on the same switch, the traffic on the native VLAN is not tagged on the
sending trunk port. This command ensures that the native VLAN packets on all 802.1Q trunk ports are
tagged.
Examples
This example shows how to enable 802.1Q tagging on the native VLAN frames and verify the
configuration:
Switch# config terminal
Switch (config)# vlan dot1q tag native
Switch (config)# end
Switch# show vlan dot1q tag native
dot1q native vlan tagging is enabled
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1117
Chapter 2
Related Commands
Command
Description
switchport private-vlan trunk Configures the tagging of the native VLAN traffic on 802.1Q
native vlan tag
private VLAN trunks.
switchport trunk
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1118
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vlan filter
To apply a VLAN access map, use the vlan filter command. To clear the VLAN access maps from
VLANs or interfaces, use the no form of this command.
vlan filter map-name {vlan-list vlan-list}
no vlan filter map-name {vlan-list [vlan-list]}
Syntax Description
map-name
vlan-list vlan-list
Specifies the VLAN list; see the Usage Guidelines section for valid values.
Defaults
Command Modes
Command History
Release
Modification
12.1(12c)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When configuring an action clause in a VLAN access map, note the following:
You can apply the VLAN access map to one or more VLANs.
The vlan-list parameter can be a single VLAN ID, a list of VLAN IDs, or VLAN ID ranges
(vlan-id-vlan-id). Multiple entries are separated by (-), (hyphen), or (,) (comma).
You can apply only one VLAN access map to each VLAN.
When entering the no form of this command, the vlan-list parameter is optional (but the keyword
vlan-list is required). If you do not enter the vlan-list parameter, the VACL is removed from all the
VLANs where the map-name is applied.
Examples
This example shows how to apply a VLAN access map on VLANs 7 through 9:
Switch(config)# vlan filter ganymede vlan-list 7-9
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1119
Chapter 2
vlan group
vlan group
To create or modify a VLAN group, use the vlan group command in global configuration mode. Use the
no form of this command to remove a VLAN list from the VLAN group.
vlan group group-name vlan-list vlan-list
no vlan group group-name vlan-list vlan-list
Syntax Description
group-name
vlan-list
Specifies a VLAN list name. See the Usage Guidelines section below for
additional information about this argument.
Defaults
Command Modes
Global configuration
Command History
Release
Modification
12.2(54)SG
This command was modified to support user distribution on the Catalyst 4500 series
switch.
Usage Guidelines
The VLAN group name can contain up to 31 characters and must begin with a letter.
The vlan-list argument can be a single VLAN ID, a list of VLAN IDs, or VLAN ID ranges
(vlan-id-vlan-id). Multiple entries are separated by a hyphen (-) or a comma (,).
If the named VLAN group does not exist, the vlan group command creates the group and maps the
specified VLAN list to the group. If the named VLAN group exists, the specified VLAN list is mapped
to the group.
The no form of the vlan group command removes the specified VLAN list from the VLAN group. When
you remove the last VLAN from the VLAN group, you delete the VLAN group.
You can configure a maximum of 100 VLAN groups, and map a maximum of 4094 VLANs to a VLAN
group.
Examples
This example shows how to map VLANs 7 through 9 and 11 to a VLAN group:
Switch(config)# vlan group ganymede vlan-list 7-9,11
This example shows how to remove VLAN 7 from the VLAN group:
Switch(config)# no vlan group ganymede vlan-list 7
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1120
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1121
Chapter 2
Syntax Description
ascending
descending
Defaults
Command Modes
Command History
Release
Modification
12.1(19)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You can configure internal VLAN allocation to be from 1006 and up or from 4094 and down.
The internal VLANs and user-configured VLANs share the 1006 to 4094 VLAN spaces. A first come,
first served policy is used in allocating these spaces.
The vlan internal allocation policy command allows you to configure the allocation direction of the
internal VLAN.
During system bootup, the internal VLANs that are required for features in the startup-config file are
allocated first. The user-configured VLANs in the startup-config file are configured next. If you
configure a VLAN that conflicts with an existing internal VLAN, the VLAN that you configured is put
into a nonoperational status until the internal VLAN is freed and becomes available.
After you enter the write mem command and the system reloads, the reconfigured allocation scheme is
used by the port manager.
Examples
This example shows how to configure the VLANs in a descending order as the internal VLAN allocation
policy:
Switch(config)# vlan internal allocation policy descending
Switch(config)#
Related Commands
Command
Description
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1122
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
interval
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
This example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:
Switch(config)# vmps reconfirm 20
Switch(config)#
You can verify your setting by entering the show vmps command and examining information in the
Reconfirm Interval row.
Related Commands
Command
Description
show vmps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1123
Chapter 2
Syntax Description
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch..
Usage Guidelines
You can verify your setting by entering the show vmps command and examining the VMPS Action row
of the Reconfirmation Status section. The show vmps command shows the result of the last time that the
assignments were reconfirmed either because the reconfirmation timer expired or because the vmps
reconfirm command was entered.
Examples
This example shows how to immediately send VQP queries to the VMPS:
Switch# vmps reconfirm
Switch#
Related Commands
Command
Description
show vmps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1124
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vmps retry
To configure the per-server retry count for the VLAN Query Protocol (VQP) client, use the vmps retry
command. To return to the default setting, use the no form of this command.
vmps retry count
no vmps retry
Syntax Description
count
Defaults
Command Modes
Command History
Release
Modification
12.1(13)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Number of attempts to contact the VLAN Membership Policy Server (VMPS) by the
client before querying the next server in the list; valid values are from 1 to 10.
Usage Guidelines
You can verify your setting by entering the show vmps command and examining information in the
Server Retry Count row.
Examples
Related Commands
Command
Description
show vmps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1125
Chapter 2
vmps server
vmps server
To configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers,
use the vmps server command. To remove a VMPS server, use the no form of this command.
vmps server ipaddress [primary]
no vmps server ipaddress
Syntax Description
ipaddress
IP address or host name of the primary or secondary VMPS servers. If you specify
a hostname, the Domain Name System (DNS) server must be configured.
primary
Defaults
Command Modes
Command History
Release
Modification
12.1(4)EA1
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The first server that you entered is automatically selected as the primary server whether or not primary
is entered. You can override the first server address by using primary in a subsequent command.
If a member switch in a cluster configuration does not have an IP address, the cluster does not use the
VMPS server that is configured for that member switch. Instead, the cluster uses the VMPS server on
the command switch, and the command switch proxies the VMPS requests. The VMPS server treats the
cluster as a single switch and uses the IP address of the command switch to respond to requests.
When using the no form without specifying the ipaddress, all configured servers are deleted. If you
delete all servers when dynamic-access ports are present, the switch cannot forward the packets from the
new sources on these ports because it cannot query the VMPS.
You can verify your setting by entering the show vmps command and examining information in the
VMPS Domain Server row.
Examples
This example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS
server. The servers with IP addresses 191.10.49.21 and 191.10.49.22 are configured as secondary
servers:
Switch(config)# vmps server 191.10.49.20 primary
Switch(config)# vmps server 191.10.49.21
Switch(config)# vmps server 191.10.49.22
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1126
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
This example shows how to delete the server with IP address 191.10.49.21:
Switch(config)# no vmps server 191.10.49.21
Switch(config)#
Related Commands
Command
Description
show vmps
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1127
Chapter 2
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a VRF label for the NetFlow-lite collector, use the vrf command. To delete a VRF label, use
the no form of this command.
vrf source-address
no vrf source-address
Syntax Description
vrf-label
Defaults
global vrf
Command Modes
Command History
Release
Modification
15.0(2)SG
Support for this command was introduced on the Catalyst 4948E and
Catalyst 4948E-F Ethernet switches.
Usage Guidelines
Note
Examples
By default when no vrf label is specified the global vrf is used for routing. The vrf label is ignored if the
collector's address is IPv6. Default global routing table is used to route the IPv6 export packets to the
collector.
This example shows how to specify a VRF label for the NetFlow-lite collector:
Switch# config terminal
Switch(config)# netflow-lite exporter
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config-netflow-lite-exporter)#
Switch(config)#
exporter1
destination 5.5.5.6
source 5.5.5.5
transport udp 8188
ttl 128
cos 7
dscp 32
template data timeout 1
options sampler-table timeout 1
options interface-table timeout 1
export-protocol netflow-v9
exit
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1128
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
Command
Description
destination (netflow-lite
exporter submode)
export-protocol (netflow-lite
exporter submode)
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1129
Chapter 2
Syntax Description
interval
min_rx min-interval
multiplier factor
Defaults
Command Modes
Command History
Release
Modification
Cisco IOS XE 3.4.0SG and Support for this command was introduced on the Catalyst 4500 series
15.1(2)SG
switch.
Usage Guidelines
When you specify a factor, the formula is if no hello packets are received in (min_rx * multiplier)
milliseconds, the link is flagged as non-operational.
Examples
The following example shows how to configure the virtual switch link protocol (VSLP) hello packet
interval:
Router-2(config-if)# vslp interval 400 min_rx 500
Router-2(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1130
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
Syntax Description
file filename
if-id name
Specifies the name of the interface providing the VTP updater ID for this device,
where the if-id name is an ASCII string limited to 255 characters.
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
You cannot use the vtp file command to load a new database. You can use it only to rename the file in
which the existing database is stored.
You can use the vtp if-id command to specify the name of the interface providing the VTP updater ID
for this device. The VTP updater is the device that adds, deletes, or modifies VLANs to a network, and
triggers a VTP updater to inform the rest of the system of the changes.
Examples
This example shows how to specify the IFS file system file where VTP configuration is stored:
Switch(config)# vtp file vtpconfig
Setting device to store VLAN database at filename vtpconfig.
Switch(config)#
This example shows how to specify the name of the interface providing the VTP updater ID:
Switch(config)# vtp if-id fastethernet
Switch(config)#
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1131
Chapter 2
vtp client
vtp client
To place a device in VTP client mode, use the vtp client command. To return to VTP server mode, use
the no form of this command.
vtp client
no vtp client
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the
configuration of the server. If you have switches in client mode, make sure to make all VTP or VLAN
configuration changes on a switch in server mode.
The vtp server command is the functional equivalent of no vtp client except that it does not return an
error if the device is not in client mode.
Examples
This example shows how to place the device in VTP client mode:
Switch(vlan-config)# vtp client
Switch(vlan-config)#
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1132
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vtp domain
To configure the administrative domain name for a device, use the vtp domain command.
vtp domain domain-name
Syntax Description
domain-name
Defaults
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
When you define the domain-name, the domain name is case sensitive and can be from 1 to 32 characters.
You must set a domain name before you can transmit any VTP advertisements.
Even if you do not set a domain name, the device will leave the no-management-domain state upon
receiving the first VTP summary packet on any port that is currently trunking.
If the device receives its domain from a summary packet, it resets its configuration revision number to
zero. Once the device leaves the no-management-domain state, it can never be configured to reenter the
number except by cleaning NVRAM and reloading.
Examples
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1133
Chapter 2
vtp password
vtp password
To create a VTP domain password, use the vtp password command. To delete the password, use the no
form of this command.
vtp password password-value
no vtp password
Syntax Description
password-value
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Examples
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1134
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vtp pruning
To enable pruning in the VLAN database, use the vtp pruning command. To disable pruning in the
VLAN database, use the no form of this command.
vtp pruning
no vtp pruning
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates
if there are no stations belonging to that VLAN.
Examples
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1135
Chapter 2
vtp server
vtp server
To place the device in VTP server mode, use the vtp server command.
vtp server
Syntax Description
Defaults
Enabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
If you make a change to the VTP or VLAN configuration on a switch in server mode, that change is
propagated to all the switches in the same VTP domain.
You can set VTP to either server or client mode only when you disable dynamic VLAN creation.
If the receiving switch is in server mode, the configuration is not changed.
The vtp server command is the functional equivalent of no vtp client, except that it does not return an
error if the device is not in client mode.
Examples
This example shows how to place the device in VTP server mode:
Switch(vlan-config)# vtp server
Switch(vlan-config)#
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1136
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Chapter 2
vtp transparent
To place a device in VTP transparent mode, use the vtp transparent command. To return to VTP server
mode, use the no form of this command.
vtp transparent
no vtp transparent
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
The vtp transparent command disables VTP from the domain but does not remove the domain from the
switch.
If the receiving switch is in transparent mode, the configuration is not changed. The switches in
transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on a
switch in transparent mode, the changes are not propagated to the other switches in the network.
The vtp server command is similar to the no vtp transparent command, except that it does not return
an error if the device is not in transparent mode.
Examples
This example shows how to place the device in VTP transparent mode:
Switch(vlan-config)# vtp transparent
Switch(vlan-config)#
This example shows how to return the device to VTP server mode:
Switch(vlan-config)# no vtp transparent
Switch(vlan-config)#
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
2-1137
Chapter 2
vtp v2-mode
vtp v2-mode
To enable version 2 mode, use the vtp v2-mode command. To disable version 2 mode, use the no form
of this command.
vtp v2-mode
no vtp v2-mode
Syntax Description
Defaults
Disabled
Command Modes
Command History
Release
Modification
12.1(8a)EW
Support for this command was introduced on the Catalyst 4500 series switch.
Usage Guidelines
All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2 do
not operate on switches in the same VTP domain.
If all switches in a domain are VTP version 2-capable, you only need to enable VTP version 2 on one
switch; the version number is then propagated to the other version 2-capable switches in the VTP
domain.
If you toggle the version 2 mode, the parameters of certain default VLANs will be modified.
Examples
This example shows how to enable version 2 mode in the VLAN database:
Switch(vlan-config)# vtp v2-mode
Switch(vlan-config)#
This example shows how to disable version 2 mode in the VLAN database:
Switch(vlan-config)# no vtp v2-mode
Switch(vlan-config)#
Related Commands
Command
Description
show vtp
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
2-1138
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
A P P E N D I X
Abbreviations
A
ACE
ACL
AFI
Agport
aggregation port
AMP
APaRT
ARP
B
BEM
BGP
BPDU
BRF
BSC
Bisync
BSTUN
BUS
BVI
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-1
Appendix A
Abbreviations
C
CAM
content-addressable memory
CAR
CCA
CDP
CEF
CHAP
CIR
CLI
command-line interface
CLNS
CMNS
COPS
COPS-DS
CoS
class of service
CPLD
CRC
CRF
CST
D
DAI
DBL
DCC
dCEF
DDR
dial-on-demand routing
DE
discard eligibility
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-2
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Appendix A
Abbreviations
DEC
DFI
DFP
DISL
DLC
DLSw
DMP
DNS
DoD
Department of Defense
DOS
denial of service
DRAM
dynamic RAM
DRiP
DSAP
DSCP
DSPU
DTP
DTR
DVMRP
DXI
E
EAP
EARL
EEPROM
EHSA
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-3
Appendix A
EIA
ELAN
EOBC
ESI
end-system identifier
Abbreviations
F
FECN
FM
feature manager
FRU
FSM
G
GARP
GMRP
GVRP
I
ICC
Inter-card Communication
ICD
ICMP
IDB
IDP
IDPROM
IFS
IGMP
IGRP
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-4
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Appendix A
Abbreviations
ILMI
IP
Internet Protocol
IPC
interprocessor communication
IPX
IS-IS
ISL
Inter-Switch Link
ISO
ISR
ISSU
L
L2
Layer 2
L3
Layer 3
L4
Layer 4
LAN
LANE
LAN Emulation
LAPB
LDA
LCP
LEC
LECS
LEM
LER
LES
LLC
LTL
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-5
Appendix A
Abbreviations
M
MAC
MCL
MD5
Message Digest 5
MET
MFIB
MIB
MII
media-independent interface
MLS
Multilayer Switching
MLSE
MOP
MOTD
message-of-the-day
MRM
MRQ
MSDP
MST
MTU
MVAP
N
NBP
NCIA
NDE
NET
NetBIOS
NFFC
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-6
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Appendix A
Abbreviations
NMP
NSAP
NTP
NVRAM
nonvolatile RAM
O
OAM
OSI
OSPF
P
PAE
PAgP
PBD
PC
PCM
PCR
PDP
PDU
PEM
PEP
PGM
PHY
physical sublayer
PIB
PIM
PM
Port manager
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-7
Appendix A
PPP
Point-to-Point Protocol
PRC
PRID
PVLAN
Private VLAN
PVST+
Abbreviations
Q
QM
QoS manager
QoS
Quality of Service
R
RACL
RADIUS
RAM
random-access memory
RCP
RGMP
RIF
RMON
ROM
read-only memory
RP
RPC
RPF
RPR
RSPAN
remote SPAN
RST
reset
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-8
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Appendix A
Abbreviations
RSVP
ReSerVation Protocol
Rx
Receive
S
SAID
SAP
SCM
SCP
SDLC
SGBP
SIMM
SLB
SLCP
SLIP
SMDS
SMF
SMP
SMRP
SMT
Station Management
SNAP
SNMP
SPAN
SRB
source-route bridging
SRT
SSTP
STP
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-9
Appendix A
SVC
SVI
Abbreviations
T
TACACS+
TARP
TCAM
TCL
TCP/IP
TFTP
TIA
TLV
type-length-value
TopN
TOS
type of service
TrBRF
TrCRF
TTL
Time To Live
TVX
valid transmission
Tx
Transmit
U
UDLD
UDP
UNI
User-Network Interface
UTC
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-10
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Appendix A
Abbreviations
V
VACL
VCC
VCD
VCI
VCR
VINES
VLAN
virtual LAN
VMPS
VTP
VVID
voice VLAN ID
W
WFQ
WRED
WRR
weighted round-robin
X
XNS
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
A-11
Appendix A
Abbreviations
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
A-12
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
INDEX
Symbols
$ matches the end of a string
( ) in commands
1-7
2-213
2-213
enabling on a port
1-11
2-212
enabling on a VLAN
2-215
1-7
1-7
1-7
configure parameters
1-7
2-25
1-7
2-25
2-214
1-1
2-214
1-7
1-10
2-149
2-679
Numerics
selecting
2-225
2-699, 2-700
2-1117
2-209, 2-217
2-278
2-229
2-216
2-4
2-228
2-227
2-220
2-1049
see MST
2-5
2-223
2-230
802.1X
configuring for multiple hosts
configuring for single host
2-218
2-218
2-210
2-210
2-218
2-212
disabling on a VLAN
A
aaa authorization network command
abbreviating commands
context-sensitive help
EAPOL
1-1
2-215
2-211
2-22
2-589
2-618
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-1
Index
access-group
alternation
2-821
description
access groups
IP
1-10
anchoring
description
2-6, 2-205
access lists
1-10
2-687
ANCP client
2-104
2-21
2-642
2-643
port identifier
2-16
remote server
2-17
access maps
2-18
ARP
2-1119
defining access-lists
2-556
2-21
ARP inspection
2-30
ACLs
access-group mode
2-301
ARP packet
2-6
2-12
authentication
2-10
2-267
configuring port-control
2-26
2-36
enabling reauthentication
action clause
2-35
2-530
2-140
2-140
host-mode configuration
2-29
2-30
2-40
setting username
2-1104
2-38
2-13
adjacency
2-23
2-821
2-508
2-25, 2-32
2-267
2-184
2-8
2-33
2-140
2-1104
2-1106
aggregate policer
displaying information
2-903
2-1106
2-23
aging time
displaying MAC address aging time
MAC address table
2-643
2-413, 2-415
2-824
2-26
alarms
2-25
2-29
2-30
2-38
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-2
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
2-32
2-33
2-35
enabling debugging
2-36
2-38
bandwidth command
2-926
2-171
2-75
2-40
2-171
bindings
2-40
2-1076
BackboneFast
displaying debugging messages
2-313
displaying information
2-652
bootflash
enable on a port
2-209
displaying information
2-208
2-650
BPDUs
Auth Manager
configuring
2-169
authentication timer
2-40
See BPDUs
authorization state
2-225
configuring
2-225
enabling
2-1020, 2-1022
2-1020, 2-1022
automatic installation
displaying status
2-648
cable diagnostics
Auto-MDIX
TDR
disabling
2-461
enabling
2-461
displaying information
auto-QoS
e-mailing output
2-64
displaying configuration
auto qos srnd4 command
2-1080
call home
2-1019
2-653
2-655
2-83
2-649
executing
2-52
2-83
receiving information
2-86
2-81
2-78
2-84
2-81
baby giants
displaying the system MTU setting
2-942
Catalyst 4507R
2-657
2-528
CDP
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-3
Index
2-395
displaying
neighbor information
set drop threshold for
2-660
2-390
2-115
2-737
2-737
chassis
displaying
2-124
2-128
2-103
2-99
2-116
2-818
2-818
2-818
2-818
2-121
2-123
2-211
circuit-id
setting for an interface
2-559
anchoring
1-10
expressions
cisco-desktop
filtering
2-424
1-7
1-6
multiple-character patterns
multipliers
See CEF
searching outputs
2-426
1-11
1-6
single-character patterns
cisco-router
macro apply
using
2-428
command
cisco-switch
macro apply
1-8
1-9
cisco-phone
macro apply
1-7
1-6
2-467
command modes
2-430
CISP
See Client Information Signalling Protocol
cisp enable command
2-91
2-558
2-110
2-114
2-393
CEF
exiting
1-5
1-5
2-91
class maps
creating
2-106
condition interface
2-95
2-454
condition vlan
2-467
clear commands
configuration, saving
2-97
2-142
2-102
2-111
2-145
1-11
configuring
root as secondary
2-1003
2-104, 2-105
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-4
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
2-480
2-25
2-999
2-174
2-168
2-1003
CoPP
attaching
policy map to control plane
2-616
displaying
policy-map class information
2-140
2-149
2-877
2-132
removing
service policy from control plane
2-175
2-158
2-171
2-179
2-180
2-616
2-172
CoS
assigning to Layer 2 protocol packets
2-392
2-134
2-145
2-142
2-136
counters
2-97
2-25
2-25
activity monitoring
2-158
2-154
2-155
2-153
NVRAM activities
2-106
PAgP activities
DBL
displaying qos dbl
PAgP shim
2-904
2-161
2-164
2-154
2-155
2-150
2-153
2-172
2-171
2-174
2-175
2-166
2-160
2-156
2-150
PM activities
debug commands
debugging backup events
2-152
debugging
clear statistics
2-176
2-160
2-164
2-169
2-179
2-159
2-161
2-176
2-172
2-179
1-6
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-5
Index
GBIC
2-201
2-110
document conventions
1-xxiv
document organization
1-xxiii
2-942, 2-1022
DoS
DHCP bindings
CoPP
configuring bindings
2-311
2-184
2-616
2-508
DHCP snooping
2-877
2-132
2-107
2-743
2-310
2-352
2-690
enabling option-82
2-322
2-318
selecting a connector
2-311
2-234
2-236
dual-capable port
2-319
2-463
duplex mode
2-591
2-579
2-232
2-211
2-393
2-315, 2-317
2-296
2-320
enabling option 82
2-132
DOS attack
enabling on a VLAN
2-616
entering
2-109
2-313
2-205
diagnostic test
2-238
2-238
2-238
2-673
preventing
2-667
2-296
2-701
DHCP
clearing database
2-899
2-203
2-158
2-196
2-669
See DHCP
2-207
2-653
2-1080
2-691
2-891
E
EAP
restarting authentication process
2-223
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-6
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
EDCS-587028
2-644, 2-818
debugging EtherChannel
filters
2-150
2-150
2-505
enabling
2-169
2-32
2-247
enabling per-VLAN
2-683
on an entity
on an entity, enable and configure
2-245
2-334
2-240
multiple-character patterns
1-11
1-7
2-245
single-character patterns
2-240, 2-242
1-9
1-8
2-242
2-262
expressions
on a PoE port
See EAP
2-99
2-247
environmental
2-687
displaying information
2-687
2-687
2-29
temperature
2-687
EIGRP
2-100
2-505
2-100, 2-255
2-255
verifying checksum
error-disabled state
2-650
2-1106
flow control
2-721
2-687
filters
2-252
displaying
2-113
erase a file
2-989
status
2-87
EtherChannel guard
EnergyWise
alarms
2-693
2-180
2-87
2-257
2-264
2-257
2-691
2-257
GBIC
EtherChannel
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-7
Index
fan trays
2-701
module
2-556
2-701
power supplies
2-102
2-701
supervisor engine
2-701
ifIndex persistence
2-278
2-699, 2-700
2-701
mux buffer
2-701
disabling globally
2-977
disabling on an interface
1-5
enabling globally
2-978
2-973
2-977
IGMP
hardware module
resetting a module by toggling the power
2-267
enabling
2-267
2-326
hardware uplink
selecting the mode
2-278
displaying profiles
2-699, 2-700
helper addresses, IP
displaying
2-325
2-747
IGMP snooping
2-143
disabling debugging
limiting output
2-747
IGMP profiles
2-758
2-111
hardware statistics
disabling
2-274
2-143
2-143
2-113
2-268
2-269
2-271
2-276
2-754
2-748, 2-752, 2-755
2-329
2-556
2-16
IDPROMs
2-340
enabling on a VLAN
2-336
2-333
2-334
informs
2-701
clock module
enabling
2-975
inline power
2-701
2-891
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-8
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
See IGMP
See ISSU
inspection log
IP ARP
2-105
interface
displaying suppressed multicast bytes
interface (virtual switch) command
2-712, 2-714
2-105
2-305
2-303
2-710
2-300
2-142
2-717
2-721
IP header validation
disabling
2-351
enabling
2-351
IP interfaces
displaying usability status
2-717
2-707
2-285, 2-287
2-392
2-393
2-579
interface speed
2-426
2-352
IP source binding
2-1017
adding or deleting
interface transceiver
2-348
displaying bindingstagging
2-725
2-768
IP source guard
debugging messages
2-1122
default setting
2-344
IP Port Security
2-1049
2-763
IP packets
2-285, 2-287
2-757
IP multicast
2-153
2-183
2-735
IP DHCP Snooping
2-1049
2-732
IPC
2-718
interfaces
displaying status
2-296
1-5
interface link
configuring
2-106
2-294
2-287
interface capabilities
displaying
2-17
2-156
2-1122
2-956
2-769
2-352
2-136
IPv6 MLD
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-9
Index
configuring queries
2-369, 2-371
configuring snooping
last-listener-query-intervals
starting process
2-371
configuring snooping
listener-message-suppression
2-374
2-369
2-376
Jumbo frames
enabling jumbo frames
2-782
2-377
LACP
2-136
2-367
2-359
2-356
2-89
2-89
2-397
2-398
Layer 2
2-361
2-356, 2-358
2-821
2-363
2-356
2-89
2-356
2-365
2-356
ISSU
2-1049
canceling process
2-379
displaying
2-389
2-791
2-796
displaying messages
displaying negotiated
2-1042
2-1036, 2-1037,
2-797
2-395
Layer 2 switching
2-789
2-806
2-787
Layer 2 traceroute
2-798
IP addresses
2-799
2-136
Layer 3 switching
2-802
2-1085
2-801
displaying rollback-timer
displaying state
2-485
2-784
2-785
ip wccp command
2-381
2-373
enabling snooping
2-385
displaying information
2-383
2-803
2-804
2-804
2-723
2-723
2-399
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-10
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
2-400
disabling
2-118, 2-120
2-413, 2-415
globally
2-402, 2-405
on an interface
2-403, 2-406
enabling
2-826
displaying information
2-822
globally
2-402, 2-405
on an interface
LLDP
2-830
2-833
2-403, 2-406
2-835
2-401
2-401
log buffer
2-839
2-824
2-735
logging
enabling notifications
2-842
2-221
2-421
2-305
2-837
show status
2-416
2-451
2-828
2-419
2-818
2-408
mac-address-table static
MAC ACLs
defining extended MAC access list
2-410
2-952
2-423
2-413
MAC addresses
disabling MAC address learning per VLAN
2-419
displaying
macro
displaying descriptions
enabling
2-423
2-444
macro keywords
help strings
2-419
2-2
macros
adding a global description
2-423
2-423
2-450
2-423
configuring
2-423
2-410
notification settings
2-125
2-408
naming an ACL
2-423
2-451
cisco global
2-450
2-448
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-11
Index
system-cpp
2-449
2-572
2-282
2-14, 2-188,
2-190, 2-192, 2-194, 2-454, 2-575, 2-1024, 2-1026, 2-1028, 2-1030,
2-1034
2-473
2-475
--More-- prompt
filter
search
1-6
1-7
MST
2-942
2-1076
MD5
verifying MD5 signature
2-931
message digest 5
See MD5
MFIB
2-114
2-115
2-762
2-343
2-931
2-997
2-608
2-995
2-999
MLD
2-1001
2-486
configuring snooping
last-listener-query-intervals
2-374
2-376
enabling snooping
2-369
2-486
MTU
displaying global MTU settings
2-942
2-30
2-377
See MLD
MLD snooping
displaying
multi-auth, setting
2-367
2-994
2-373
2-1002
2-371
configuring snooping
listener-message-suppression
2-931
2-760
2-1003
2-1106
2-466
multicast
2-785
modes
access-group
show ancp
2-6
2-642
multicast/unicast packets
prevent forwarding
2-1048
multi-domain, setting
2-101
2-30
multiple-character patterns
module reset
resetting a module by toggling the power
2-1022
2-274
1-8
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-12
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
See MST
2-1048
2-206
native VLAN
controlling tagging of traffic
2-1069
2-954
2-954
2-1117
2-1070
2-489
2-491
2-346
access-group mode
2-6
paging prompt
see --More-- prompt
PAgP
next-hop
PACL
2-346
2-677
NetFlow
enabling NetFlow statistics
2-673, 2-675
2-737
2-494
2-124
2-161
2-89
2-493
1-6
NVRAM
returning to defaults
2-872, 2-874
selecting ports
2-160
2-504
2-504
2-503
returning to defaults
2-32
2-503
parentheses
2-89
1-11
password
clearing on an intelligent line module
1-7
2-101
2-1104
2-1104
PBR
1-xxiv
2-127
1-xxiv
PM activities
debugging
2-164
disabling debugging
2-164
PoE policing
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-13
Index
configure on an interface
2-541
2-899
2-515
executing
2-165
2-899
2-125
enabling
See PBR
2-352
creating
2-523
marking
2-620
2-1054
2-1054
2-1054
traffic classification
displaying
2-1092
port, dual-capable
selecting the connector
2-885
2-1054
policy maps
2-905
2-533
2-538
2-463
2-540
2-401
power status
See PAgP
port-based authentication
displaying debug messages
2-149
2-227
2-528
2-701
2-532
PPPoE Discovery
2-223
2-534
2-289
resetting to defaults
2-891
2-228
displaying information
periodic re-authentication
accessing
2-891
2-225
2-218
enabling
2-679
creating
2-290
port security
2-541
2-36
port range
2-517, 2-519
2-510
2-527
2-525
2-525
2-127
2-166
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-14
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
pppoe intermediate-agent
2-1049
PVST+
2-552
2-555
2-994
QoS
2-556
2-560
2-558
2-560, 2-561
priority-queue command
class maps
creating
2-95
2-454
2-128
2-64
2-579
1-5
1-5
protocol tunneling
configuring encapsulation rate
2-880
2-876, 2-883
2-902
2-392
2-393
2-907
2-1069
2-1049
2-633
2-75, 2-94
2-614
2-620
2-563
policy maps
2-349
2-1049
2-720
marking
2-960
2-56, 2-576
hierarchical policies
2-349
2-138
PVLANs
egress queue-sets
enabling sticky-ARP
2-649
2-806
2-390
disabling sticky-ARP
2-390
2-663
2-395
2-903
2-649
prompts
enabling
2-611
2-67
See PVLANs
disabling
automatic configuration
configuring auto
2-138
Private VLAN
system
2-563
2-577
2-569
creating
2-523
marking
2-620
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-15
Index
traffic classifications
trust states
2-1092
displaying RF states
2-579
2-909
2-625
2-628
2-585
2-464
2-631
QoS CoS
related documentation
1-xxiii
2-558
quality of service
2-559
remote SPAN
See QoS
question command
See RSPAN
1-1
renew commands
queueing information
displaying
2-905
queue limiting
configuring packet limits
2-581
2-593
2-597
2-591
2-592
2-599
Rapid PVST
switching between PVST and MST
2-994
2-227
2-602
2-605
2-26
2-230
reauthentication, enabling
2-1049
2-228
2-601
re-authentication
periodic
2-72
2-622
setting DSCP
2-909
2-457
2-909
2-35
summary
reboots
restoring bindings across
2-463
1-6
2-311
See redundancy
redundancy
accessing the main CPU
2-583
RPF
2-909
2-354
2-354
RPR
2-18
2-464
RSPAN
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-16
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
2-590
2-962
S
sampler (netflow-lite monitor submode) command
saving configuration changes
2-609
2-864
2-866
2-868
2-869
2-528
2-1055
2-26
2-26
special characters
2-463
single-host, setting
1-7
2-30
slaveslot0
displaying information on the standby
supervisor 2-922
2-642
2-644
slot0
2-644
2-644
filtering parameters
1-6
enabling globally
2-665
2-714
2-781
disabling
2-975
enabling
2-975
traps
2-772
2-973
informs
2-710
2-978
2-977
enabling on an interface
2-683
2-971
1-11
2-169
ifIndex persistence
1-7
2-924
SNMP
2-856
show commands
2-772
2-772
2-965
single-character patterns
2-464
2-637, 2-919
2-957
See SNMP
2-633
2-937
2-614
2-30
2-874
2-955
2-860
1-11
2-858, 2-860
2-812
disabling
2-975
enabling
2-975
2-1020
mac-notification
2-818
2-251, 2-832
2-847, 2-849,
adding 2-979
removing 2-979
source (netflow-lite exporter submode) command
2-980
2-851
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-17
Index
SPAN commands
STP
2-480
2-942, 2-1022
SPAN enhancements
displaying status
2-169
See STP
SPAN session
detecting misconfiguration
2-926
2-926
2-985
2-424
2-529
2-987
2-990
sticky-ARP
disabling on PVLANs
2-349
enabling on PVLANs
2-349
sticky port
2-125
2-390
2-991
storm control
2-993
2-1006
enabling security
2-926
1-10
standard desktop
2-984
2-169
2-464
deleting
2-926
2-480
special characters
anchoring, table
2-174
2-480
2-1020
2-690
2-934
2-1020
setting pathcost
enabling broadcast
2-1020, 2-1022
enabling multicast
2-1020, 2-1022
2-1020, 2-1022
multicast, enabling
2-1022
2-1013
2-1012
2-393
2-988
2-690
2-1005
1-6
SVI
2-257
2-292
2-1036
2-1015
2-690
2-171
2-989
2-856
2-480
2-395
2-169
2-856
SSO
2-992
2-1037
switching characteristics
excluding from link-up calculation
2-1046
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-18
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
modifying
2-1046
returning to interfaces
capture function
switchport
2-1046
2-1070
special characters
switchport interfaces
displaying status of Layer 3 port
2-723
2-457, 2-1018
2-285, 2-287
2-172
2-943
TCAM
2-172
2-169
TDR
2-428
2-430
2-1039
2-653
2-1080
temperature readings
displaying information
2-687
See SVI
switch virtual link (virtual switch) command
2-1041
2-175
system prompts
1-10
TAC
disabling debugging
sw-vlan
1-9
2-1074
switch shim
debugging
2-969
2-723
2-961
timer information
2-691
traffic monitor
1-5
display status
2-818
traffic shaping
enable on an interface
Tab key
command completion
1-1
tables
characters with special meaning
traps, enabling
1-7
2-635
2-975
trunk encapsulation
2-410
setting format
1-9
2-1070
trunk interfaces
2-758
2-1074
2-661
2-730
2-645, 2-818
2-957
2-560, 2-561
trust state
setting
2-300
2-1094
tunnel ports
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-19
Index
2-806
TX queues
allocating bandwidth
setting priority to high
specifying burst size
2-1113
2-1096
2-1096
2-590
2-737
2-1096
2-1108
2-1096
2-294
2-737
2-1096
2-748,
2-752
UDLD
2-1100
2-950
2-1098
2-303
2-334
2-216
See UDLD
2-209, 2-217
2-1113, 2-1115
native frames
enabling tagging on all 802.1Q trunk ports
2-1048
2-1048
1-5
2-1117
2-1070
2-1070
username
setting password and privilege level
2-948
2-854
2-1102
2-748,
2-752
2-1120
2-1104
See VACLs
VLAN access map
See VACLs
VLAN database
VACLs
access-group mode
resetting
2-6
VLAN debugging
2-1119
2-952
2-13
2-1119
VLAN
2-607
limiting output
vlan group command
2-145
2-1120
2-955
2-1046
2-1046
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-20
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01
Index
VLAN manager
debugging
disabling debugging
2-175
displaying
2-1132
2-1136
2-176
VLAN mapping
configuring
2-176
disabling debugging
2-1133
2-1074
2-1134
2-968
2-957
2-1074
2-395
2-968
2-390
2-957
2-1135
2-1138
See VQP
VLAN query protocol (VQPC)
debugging
2-182
2-393
VLANs
clearing
2-179
counters
2-179
2-130
2-103
configuring
internal allocation scheme
2-1122
displaying
internal VLAN allocation information
RSPAN VLANs
2-29
2-956
2-962
2-1115
VMPS
configuring servers
2-1126
2-182,
2-1124
voice VLANs
enabling
2-1042
VoIP
configuring auto-QoS
2-64
VQP
per-server retry count
2-1125
2-182,
2-1124
2-1128
VTP
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
IN-21
Index
Catalyst 4500 Series Switch Cisco IOS Command ReferenceRelease IOS XE 3.4.0SG and IOS 15.1(2)SG)
IN-22
Downloaded from www.Manualslib.com manuals search engine
OL-27596 -01