Table Of Contents
ip igmp snooping vlan immediate-leave
show mac-address-table multicast
snmp-server enable traps vlan-membership
tacacs-server directed-request
tacacs-server dns-alias-lookup
tacacs-server optional-passwords
Cisco IOS Commands
abort
Use the abort VLAN database command to abandon the proposed new VLAN database, exit VLAN database mode, and return to privileged EXEC mode.
abort
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
VLAN database
Command History
Usage Guidelines
If you have added, deleted, or modified VLAN parameters in VLAN database mode but you do not want to keep the changes, the abort command causes all the changes to be abandoned. The VLAN configuration that was running before you entered VLAN database mode continues to be used.
Examples
The following example shows how to abandon the proposed new VLAN database and exit to the privileged EXEC mode:
Switch(vlan)# abortSwitch#You can verify that no VLAN database changes occurred by entering the show vlan brief command in privileged EXEC mode.
Related Commands
apply
Use the apply VLAN database command to implement the proposed new VLAN database, increment the database configuration revision number, propagate it throughout the administrative domain, and remain in VLAN database mode.
apply
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
VLAN database
Command History
Usage Guidelines
The apply command implements the configuration changes you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.
You cannot use this command when the switch is in the VLAN Trunk Protocol (VTP) client mode.
Examples
The following example shows how to implement the proposed new VLAN database and recognize it as the current database:
Switch(vlan)# applyYou can verify that VLAN database changes occurred by entering the show vlan command in privileged EXEC mode.
Related Commands
clear ip address
Use the clear ip address privileged EXEC command to delete an IP address for a switch without disabling the IP processing.
clear ip address [vlan vlan-id]
Syntax Description
vlan vlan-id
(Optional) Delete an IP address only within the specified VLAN.
Valid IDs are from 1 to 1001; do not enter leading zeroes.
Defaults
No IP address is defined for the switch.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
A switch can have one IP address.
The IP address of the switch can be accessed only by nodes connected to ports that belong to the management VLAN. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
If your switch receives its IP address from a Bootstrap Protocol (BOOTP) or a Dynamic Host Configured Protocol (DHCP) server and you clear the switch IP address by using the clear ip address command, the BOOTP or DHCP server reassigns the IP address.
Examples
The following example shows how to clear the IP address for the switch on VLAN 1:
Switch# clear ip address vlan 1You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
show running-config
Displays the configuration information currently running on the switch.
clear mac-address-table
Use the clear mac-address-table privileged EXEC command to delete entries from the MAC address table.
clear mac-address-table [static |secure] [address hw-addr] [interface interface]
[vlan vlan-id]Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.
Examples
The following example shows how to delete static addresses on port fa0/7:
Switch# clear mac-address-table static interface fa0/7The following example shows how to delete all secure addresses in VLAN 3:
Switch# clear mac-address-table secure vlan 3The following example shows how to delete address 0099.7766.5544 from all ports in all VLANs. If the address exists in multiple VLANs or multiple ports, all the instances are deleted.
Switch# clear mac-address-table address 0099.7766.5544The following example shows how to delete address 0099.7766.5544 only in VLAN 2:
Switch# clear mac-address-table address 0099.7766.5544 vlan 2You can verify the previous commands by entering the show mac-address-table command in privileged EXEC mode.
Related Commands
clear vtp counters
Use the clear vtp counters privileged EXEC command to clear the VLAN Trunk Protocol (VTP) and pruning counters.
clear vtp counters
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to clear the VTP counters:
Switch# clear vtp countersYou can verify the previous command by entering the show vtp counters command in privileged EXEC mode.
Related Commands
show vtp counters
Display general information about the VTP management domain, status, and counters.
cluster commander-address
The command switch automatically provides its MAC address to member switches when these switches join the cluster. The member switch adds this information and other cluster information to its running configuration file. You do not need to enter this command. Enter the no form of this global configuration command on a member switch to remove it from a cluster only during debugging or recovery procedures.
cluster commander-address mac-address member number name name
no cluster commander-address
default cluster commander-address
Syntax Description
Defaults
The switch is not a member of any cluster.
Command Modes
Global configuration
Command History
Usage Guidelines
A cluster member can have only one command switch.
The member switch retains the identity of the command switch during a system reload by using the mac-address parameter.
You can enter the no form on a member switch to remove it from the cluster only during debugging or recovery procedures. However, with normal switch configuration, we recommend that you remove member switches only by entering the no cluster member n command on the command switch.
When a standby command switch becomes active, it removes the cluster commander-address line from its configuration.
Examples
The following is sample text from the running configuration of a cluster member.
Switch(config)# cluster commander-address 00e0.9bc0.a500 member 4 name my_clusterThe following example shows how to remove a member from the cluster by using the cluster member console.
Switch-es3# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch-es3(config)# no cluster commander-addressYou can verify the previous command by entering the show cluster command in user EXEC mode.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
cluster discovery hop-count
Use the cluster discovery hop-count global configuration command on the command switch to set the hop-count limit for extended discovery of candidate switches. Use the no form of this command to set the hop count to the default value.
cluster discovery hop-count number
no cluster discovery hop-count
default cluster discovery hop-count
Syntax Description
Defaults
The hop count is set to 3.
Command Modes
Global configuration
Command History
Usage Guidelines
Enter this command only on the command switch. This command does not operate on member switches.
If the hop count is set to 1, it disables extended discovery. The command switch discovers only candidates that are one hop from the edge of the cluster. The edge of the cluster is the point between the last discovered member switch and the first discovered candidate switch.
Examples
The following example shows how to set hop count limit to 4. This command is executed on the command switch.
Switch(config)# cluster discovery hop-count 4You can verify the previous command by entering the show cluster command in user EXEC mode.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
show cluster candidates
Displays a list of candidate switches.
cluster enable
Use the cluster enable global configuration command on a command-capable switch to enable it as the cluster command switch, assign a cluster name, and optionally assign a member number to it. Use the no form of the command to remove all members and make the command switch a candidate switch.
cluster enable name [command-switch-member-number]
no cluster enable
default cluster enable
Syntax Description
Defaults
The switch is not a command switch.
No cluster name is defined.
The member number is 0 when this is the command switch.
Command Modes
Global configuration
Command History
Usage Guidelines
This command runs on any command-capable switch that is not part of any cluster. This command fails if a device is already configured as a member of the cluster.
You must name the cluster when you enable the command switch. If the switch is already configured as the command switch, this command changes the cluster name if it is different from the previous name.
Examples
The following example shows how to enable the command switch, name the cluster, and set the command switch member number to 4.
Switch(config)# cluster enable Engineering-IDF4 4You can verify the previous command by entering the show cluster command in user EXEC mode on the command switch.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
cluster holdtime
Use the cluster holdtime global configuration command on the command switch to set the duration in seconds before a switch (either the command or member switch) declares the other switch down after not receiving heartbeat messages. Use the no form of this command to set the duration to the default value.
cluster holdtime holdtime-in-secs
no cluster holdtime
default cluster holdtime
Syntax Description
Defaults
The holdtime is 80 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command with the cluster timer global configuration command only on the command switch. The command switch propagates the values to all its cluster members.
The holdtime is typically set as a multiple of the interval timer (cluster timer). For example, it takes (holdtime-in-secs divided by interval-in-secs) number of heartbeat messages to be missed in a row to declare a switch down.
Examples
The following example shows how to change the interval timer and the duration on the command switch.
Switch(config)# cluster timer 3Switch(config)# cluster holdtime 30You can verify the previous commands by entering the show cluster command in user EXEC mode.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
cluster management-vlan
Use the cluster management-vlan global configuration command on the command switch to change the management VLAN for the entire cluster. Use the no form of this command to change the management VLAN to VLAN 1.
cluster management-vlan n
no cluster management-vlan
default cluster management-vlan
Syntax Description
n
VLAN ID of the new management VLAN. Valid VLAN IDs are from 1 to 1001.
no
Set the management VLAN to VLAN 1.
default
Set the management VLAN to VLAN 1.
Defaults
The default management VLAN is VLAN 1.
Command Modes
Global configuration
Command History
Usage Guidelines
Enter this command only on the command switch.
This command is not written to the configuration file.
Examples
The following example shows how to change the management VLAN to VLAN 5 on the entire cluster.
Switch(config)# cluster management-vlan 5You can verify the previous command by entering the show interface vlan number command in privileged EXEC mode.
Related Commands
management
Shuts down the current management VLAN interface and enables the new management VLAN interface on an individual switch.
cluster member
Use the cluster member global configuration command on the command switch to add members to a cluster. Use the no form of the command to remove members from the cluster.
cluster member [n] mac-address H.H.H [password enable-password]
no cluster member n
default cluster member n
Syntax Description
Defaults
A newly enabled command switch has no associated cluster members.
Command Modes
Global configuration
Command History
Usage Guidelines
Enter this command only on the command switch to add a member to or remove a member from the cluster. If a switch is not commanding a cluster, this command displays an error message.
You do not need to enter a member number. The command switch selects the next available member number and assigns it to the switch joining the cluster.
You must enter the enable password of the candidate switch for authentication when it joins the cluster. The password is not saved in the running or startup configuration. After a candidate switch becomes a member of the cluster, its password becomes the same as the command-switch password.
If a switch does not have a configured host name, the command switch appends a member number to the command-switch host name and assigns it to the member switch.
Examples
The following example shows how to add a switch as member 2 with MAC address 00E0.1E00.2222 and the password grandkey to a cluster.
Switch(config)# cluster member 2 mac-address 00E0.1E00.2222 password grandkeyThe following example shows how to add a switch with MAC address 00E0.1E00.3333 to the cluster. The command switch selects the next available member number and assigns it to the switch joining the cluster.
Switch(config)# cluster member mac-address 00E0.1E00.3333You can verify the previous command by entering the show cluster members command in user EXEC mode on the command switch.
Related Commands
cluster run
Use the cluster run global configuration command to enable clustering on a switch. Use the no form of this command to disable clustering on a switch.
cluster run
no cluster run
default cluster run
Syntax Description
Defaults
Clustering is enabled on all switches.
Command Modes
Global configuration
Command History
Usage Guidelines
When you enter the no cluster run command on a command switch, the command switch is disabled.
When you enter the no cluster run command on a member switch, it is removed from the cluster.
When you enter the no cluster run command on a switch, it disables clustering on that switch. This switch is then incapable of becoming a candidate switch.
Examples
The following example shows how to disable clustering on the command switch:
Switch(config)# no cluster runYou can verify the previous command by entering the show cluster command in user EXEC mode.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
cluster setup
Use the cluster setup privileged EXEC command on the command switch to automatically build a cluster.
cluster setup
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
You can use the cluster setup command to add new switches to an existing cluster. The cluster setup command provides a high-level view of the configuration and guides you through the configuration change process. You can only see candidate switches that are one hop away from the command switch and have no IP address. To see devices farther away, use the show cluster members or show cluster candidates command.
If a candidate switch has a password, this information will not be passed to the cluster.
Examples
The following is an example of the cluster setup command output:
Switch# cluster setup--- Cluster Configuration Dialog ---At any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.This switch is already configured as cluster command switch:Command Switch Name:clus1, contains 1 membersContinue with cluster configuration dialog? [yes/no]:yesThe suggested Cluster configuration is as follows:|---Upstream---|SN MAC Address Name PortIf FEC Hops SN PortIf FEC State0 0030.0002.0240 c2950-1 0 Up (Cmdr)1* 0001.96e4.e580 c2950-2 Fa0/1 1 0 Fa0/9 Up2* 0001.96e4.e580 c2950-2 Fa0/3 1 0 Fa0/3 Up3* 0001.96e4.e580 c2950-2 Fa0/5 1 0 Fa0/5 Up4* 0050.2ae6.2e00 2900-1 Fa0/1 1 0 Fa0/1 UpThe following configuration command script was created:cluster member 1 mac-address 0001.96e4.e580cluster member 2 mac-address 0001.96e4.e580cluster member 3 mac-address 0001.96e4.e580cluster member 4 mac-address 0050.2ae6.2e00!endUse this configuration? [yes/no]:yesBuilding configuration...[OK]Use the enabled mode 'configure' command to modify this configuration.Switch#Related Commands
cluster standby-group
Use the cluster standby-group global configuration command to enable command switch redundancy by binding the Hot Standby Router Protocol (HSRP) standby group to the cluster. Use the no form of this command to unbind the cluster from the HSRP standby group.
cluster standby-group HSRP-group-name
no cluster standby-group
default cluster standby-group
Syntax Description
Defaults
The cluster is not bound to any HSRP group.
Command Modes
Global configuration
Command History
Usage Guidelines
You must enter this command only on the command switch. If you enter it on a member switch, an error message appears.
The command switch propagates the cluster-HSRP binding information to all members. Each member switch stores the binding information in its nonvolatile RAM (NVRAM).
The HSRP group name must be a valid standby group; otherwise, the command exits with an error.
Examples
The following example shows how to bind the HSRP group named my_hsrp to the cluster. This command is executed on the command switch.
Switch(config)# cluster standby-group my_hsrpThe following example shows the error message when this command is executed on a command switch and the specified HSRP standby group does not exist:
Switch(config)# cluster standby-group my_hsrp%ERROR: Standby group `my_hsrp' doesn't existThe following example shows the error message when this command is executed on a member switch.
Switch(config)# cluster standby-group my_hsrp%ERROR: This command runs only on the command switchYou can verify the previous commands by entering the show cluster command in user EXEC mode.
Related Commands
cluster timer
Use the cluster timer global configuration command on the command switch to set the interval in seconds between heartbeat messages. Use the no form of this command to set the interval to the default value.
cluster timer interval-in-secs
no cluster timer
default cluster timer
Syntax Description
Defaults
The interval is 8 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command with the cluster holdtime global configuration command only on the command switch. The command switch propagates the values to all its cluster members.
The holdtime is typically set as a multiple of the heartbeat interval timer (cluster timer). For example, it takes (holdtime-in-secs divided by the interval-in-secs) number of heartbeat messages to be missed in a row to declare a switch down.
Examples
The following example shows how to change the heartbeat interval timer and the duration on the command switch.
Switch(config)# cluster timer 3Switch(config)# cluster holdtime 30You can verify the previous commands by entering the show cluster command in user EXEC mode.
Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
delete
Use the delete privileged EXEC command to delete a file from the file system.
delete {device:}filename
Syntax Description
device:
Device containing the file to be deleted. Valid devices include the switch Flash memory.
filename
Name of file.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
A colon (:) follows the device variable. Do not enter spaces after the colon.
Examples
The following example shows how to delete a file from the switch Flash memory:
Switch# delete flash:filenameRelated Commands
duplex
Use the duplex interface configuration command to specify the duplex mode of operation for Fast Ethernet or Gigabit Ethernet ports. Use the no form of this command to return the port to its default value.
duplex {full | half | auto}
no duplex
Syntax Description
full
Port is in full-duplex mode.
half
Port is in half-duplex mode.
auto
Port automatically detects whether it should run in full- or half-duplex mode.
Defaults
The default is auto.
Command Modes
Interface configuration
Command History
Usage Guidelines
Certain ports can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached.
For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.
If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
Note
The Gigabit Ethernet ports can operate in either half- or full-duplex mode when they are set to 10 or 100 Mbps, but when they are set to1000 Mbps, they can only operate in the full-duplex mode.
If both the speed and duplex are set to specific values, autonegotiation is disabled.
Note
Examples
The following example shows how to set port 1 (Fast Ethernet port) to full duplex:
Switch(config)# interface fastethernet2/1Switch(config-if)# duplex fullThe following example shows how to set port 1 (Gigabit Ethernet port) to full duplex:
Switch(config)# interface gigabitethernet2/1Switch(config-if)# duplex fullYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
show running-config
Displays the running configuration on the switch.
speed
Specifies the speed of a Fast Ethernet port.
enable last-resort
Use the enable last-resort global configuration command to specify what happens if the Terminal Access Controller Access Control System (TACACS) and Extended TACACS servers used by the enable command do not respond. Use the no form of this command to restore the default.
enable last-resort {password | succeed}
no enable last-resort
Syntax Description
Defaults
Authentication is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This secondary authentication is used only if the first attempt fails.
Note
Examples
In the following example, if the TACACS servers do not respond to the enable command, you can enable access by entering the privileged-level password:
Switch(config)# enable last-resort <password>You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
enable
Accesses privileged EXEC mode.
show running-config
Displays the running configuration on the switch.
enable use-tacacs
Use the enable use-tacacs global configuration command to enable the use of Terminal Access Controller Access Control System (TACACS) to determine whether a user can access the privileged command level. Use the no form of this command to disable TACACS verification.
enable use-tacacs
no enable use-tacacs
Tips
Syntax Description
This command has no arguments or keywords.
Defaults
TACACS verification is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
When you add this command to the configuration file, the enable privilege EXEC command prompts for a new username and password. This pair is then passed to the TACACS server for authentication. If you are using Extended TACACS, it also sends any existing UNIX user identification code to the server.
Note
Examples
The following example sets TACACS verification on the privileged EXEC login sequence:
Switch(config)# enable use-tacacsSwitch(config)# tacacs-server authenticate enableYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
exit
Use the exit VLAN database command to implement the proposed new VLAN database, increment the database configuration number, propagate it throughout the administrative domain, and return to privileged EXEC mode.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
VLAN database
Command History
Usage Guidelines
The exit command implements all the configuration changes you made since you entered VLAN database mode and uses them for the running configuration. This command returns you to privileged EXEC mode.
Examples
The following example shows how to implement the proposed new VLAN database and exit to privileged EXEC mode:
Switch(vlan)# exitSwitch#You can verify the previous command by entering the show vlan brief command in privileged EXEC mode.
Related Commands
flowcontrol
Use the flowcontrol interface configuration command on Gigabit Ethernet ports to control traffic rates during congestion. Use the no form of this command to disable flow control on the port.
flowcontrol {asymmetric | symmetric}
no flowcontrol
Syntax Description
Defaults
The default is asymmetric.
Command Modes
Interface configuration
Command History
Examples
The following example shows how to configure the local port to support any level of flow control by the remote port:
Switch(config-if)# flowcontrolThe following example shows how to configure the local port to control the traffic flow from the remote port:
Switch(config-if)# flowcontrol asymmetricYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
show interface [interface-id] flow-control
Displays flow-control information for the specified port.
interface
Use the interface global configuration command to configure an interface type, create a switch virtual interface to be used as the management VLAN interface, and to enter interface configuration mode.
interface type port | vlan number
no interface type port | vlan number
Syntax Description
type
Type of interface to be configured. Can be Fast Ethernet or Gigabit Ethernet.
port
Port ID.
vlan number
VLAN number from 1 to 1001 to be used as the management VLAN. Do not enter leading zeroes.
Defaults
The default management VLAN interface is VLAN 1.
Command Modes
Global configuration
Command History
Usage Guidelines
When creating a management VLAN interface, a space between vlan and number is accepted.
Only one management VLAN interface can be active.
You cannot delete the management VLAN 1 interface.
Before bringing up a new management VLAN interface with the no shutdown command, you must issue the shutdown command to disable the old one.
You can use the management command to shut down the active management VLAN interface and to enable the newly created management VLAN interface.
You can configure the management VLAN interface on static-access and trunk ports.
Examples
The following example shows how to enable the switch to configure interface 2:
Switch(config)# interface fa0/2Switch(config-if)#The following example shows how to change the management VLAN from VLAN 1 to VLAN 3. This series of commands should only be executed from the console. If these commands are executed through a Telnet session, the shutdown command disconnects the session, and there is no way to use IP to access the system.
Switch# configure terminalSwitch(config)# interface vlan 3Switch(config-subif)# ip address 172.20.128.176 255.255.255.0Switch(config-subif)# exitSwitch(config-if)# exitSwitch(config)# interface vlan 1Switch(config-subif)# shutdownSwitch(config-subif)# exitSwitch(config-if)# exitSwitch(config)# interface vlan 3Switch(config-subif)# no shutdownSwitch(config-subif)# exitSwitch(config-if)# exitThe following example shows how to change the management VLAN from VLAN 1 to VLAN 3 through a Telnet session. In this situation, the management command shuts down VLAN 1 and brings up VLAN 3. The Telnet session must be re-established through the new management VLAN.
Switch# configure terminalSwitch(config)# interface vlan 3Switch(config-subif)# ip address 172.20.128.176 255.255.255.0Switch(config-subif)# managementThe following example shows how to copy the IP address and network mask information from the current management VLAN to VLAN 3 and make VLAN 3 the new management VLAN:
Switch# configure terminalSwitch(config)# interface vlan 3Switch(config-subif)# managementYou can verify the previous commands by entering the show interface and show interface vlan number command in privilege EXEC mode.
Related Commands
ip address
Use the ip address interface configuration command to set an IP address for a switch. Use the no form of this command to remove an IP address or to disable IP processing.
ip address ip-address subnet-mask
no ip address ip-address subnet-mask
Syntax Description
Defaults
No IP address is defined for the switch.
Command Modes
Interface configuration
Command History
Usage Guidelines
A switch can have one IP address.
The IP address of the switch can be accessed only by nodes connected to ports that belong to the management VLAN. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
If you remove the IP address through a Telnet session, your connection to the switch will be lost.
If your switch receives its IP address from a Bootstrap Protocol (BOOTP) or a Dynamic Host Configured Protocol (DHCP) server and you remove the switch IP address by using the no ip address command, IP processing is disabled, and the BOOTP or DHCP server cannot reassign the address.
Examples
The following example shows how to configure the IP address for the switch on a subnetted network:
Switch(config)# interface vlan 1Switch(config-if)# ip address 172.20.128.2 255.255.255.0You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
show running-config
Displays the running configuration on the switch.
clear ip address
Deletes an IP address for a switch without disabling the IP processing.
ip igmp snooping
Use the ip igmp snooping global configuration command to globally enable Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping.
ip igmp snooping
no ip igmp snooping
Syntax Description
This command has no arguments or keywords.
Defaults
By default, IGMP snooping is globally enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
When IGMP snooping is globally enabled, it enables IGMP snooping on all the existing VLAN interfaces. When IGMP snooping is globally disabled, it disables IGMP snooping on all the existing VLAN interfaces.
The configuration is saved in nonvolatile RAM (NVRAM).
Examples
The following example shows how to globally enable IGMP snooping:
Switch(config)# ip igmp snoopingThe following example shows how to globally disable IGMP snooping:
Switch(config)# no ip igmp snoopingYou can verify the previous commands by entering the show ip igmp snooping command in the privileged EXEC mode.
Related Commands
ip igmp snooping vlan
Use the ip igmp snooping vlan global configuration command to enable Internet Group Management Protocol (IGMP) snooping on a specific VLAN. Use the no form of this command to disable IGMP snooping on a VLAN interface.
ip igmp snooping vlan vlan-id
no ip igmp snooping vlan vlan-id
Syntax Description
Defaults
By default, IGMP snooping is enabled when each VLAN is created.
Command Modes
Global configuration
Command History
Usage Guidelines
This command automatically configures the VLAN if it is not already configured. This information is saved in nonvolatile RAM (NVRAM).
Examples
The following example shows how to enable IGMP snooping on VLAN 2:
Switch(config)# ip igmp snooping vlan 2The following example shows how to disable IGMP snooping on VLAN 2:
Switch(config)# no ip igmp snooping vlan 2You can verify the previous commands by entering the show ip igmp snooping vlan command in the privileged EXEC mode.
Related Commands
ip igmp snooping vlan immediate-leave
Use the ip igmp snooping immediate-leave global configuration command to enable Internet Group Management Protocol (IGMP) Immediate-Leave processing on a VLAN interface. Use the no form of this command to disable Immediate-Leave processing on the VLAN interface.
ip igmp snooping vlan vlan-id immediate-leave
no ip igmp snooping vlan vlan-id immediate-leave
Syntax Description
Defaults
By default, IGMP Immediate-Leave processing is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the Immediate-Leave feature only when there is a only one IP multicast receiver present on every port in the VLAN. The Immediate Leave configuration is saved in nonvolatile RAM (NVRAM).
Immediate Leave is supported only with IGMP version 2 hosts.
Examples
The following example shows how to enable IGMP Immediate-Leave processing on VLAN 1:
Switch(config)# ip igmp snooping vlan 1 immediate-leaveThe following example shows how to disable IGMP Immediate-Leave processing on VLAN 1:
Switch(config)# no ip igmp snooping vlan 1 immediate-leaveYou can verify the previous commands by entering the show ip igmp snooping vlan command in the privileged EXEC mode.
Related Commands
ip igmp snooping vlan mrouter
Use the ip igmp snooping vlan mrouter global configuration command to add a multicast router port and to configure the multicast router learning method. Use the no form of this command to remove the configuration.
ip igmp snooping vlan vlan-id mrouter interface | { learn {cgmp | pim-dvmrp}}
no ip igmp snooping vlan vlan-id mrouter interface | { learn {cgmp | pim-dvmrp}}
Syntax Description
Defaults
The default is pim-dvmrp.
Command Modes
Global configuration
Command History
Usage Guidelines
The CGMP learning method is useful for controlling traffic in Cisco router environments.
The configured learning method is saved in nonvolatile RAM (NVRAM).
Static connections to multicast routers are supported only on switch ports.
Examples
The following example shows how to configure Fast Ethernet interface 0/6 as a multicast router port:
Switch(config)# ip igmp snooping vlan 1 mrouter fa0/6The following example shows how to specify the multicast router learning method as CGMP:
Switch(config)# no ip igmp snooping vlan 1 mrouter learn cgmpYou can verify the previous commands by entering the show ip igmp snooping mrouter command in the privileged EXEC mode.
Related Commands
ip igmp snooping vlan static
Use the ip igmp snooping vlan vlan-id static global configuration command to add a Layer 2 port as a member of a multicast group. Use the no form of this command to remove the configuration.
ip igmp snooping vlan vlan-id static mac-address interface
no ip igmp snooping vlan vlan-id static mac-address interface
Syntax Description
Defaults
None configured.
Command Modes
Global configuration
Command History
Usage Guidelines
The command is used to statically configure the IP multicast group member ports.
The static ports and groups are saved in nonvolatile RAM (NVRAM).
Static connections to multicast routers are supported only on switch ports.
Examples
The following example shows how to statically configure a host on an interface:
Switch(config)# ip igmp snooping vlan 1 static 0100.5e02.0203 fa0/6Configuring port FastEthernet 0/6 on group 0100.5e02.0203You can verify the previous commands by entering the show mac-address-table multicast command in the privileged EXEC mode.
Related Commands
login
Use the login line configuration command to enable password checking at login. Use the no form of this command to disable password checking and to allow connections without a password.
login [local | tacacs]
no login
Syntax Description
Defaults
No password is assigned, and you cannot access the switch through Telnet. Virtual terminals require a password. If you do not set a password for a virtual terminal, it responds to attempted connections by displaying an error message and closing the connection.
Command Modes
Line configuration
Command History
Usage Guidelines
If you specify the login command without the local or tacacs option, authentication is based on the password specified with the line configuration password command.
Note
Examples
The following example shows how to set the password letmein on virtual terminal line 4:
Switch(config-line)# line vty 4Switch(config-line)# password letmeinSwitch(config-line)# loginThe following example shows how to enable the TACACS-style user ID and password-checking mechanism:
Switch(config-line)# line 0Switch(config-line)# password <mypassword>Switch(config-line)# login tacacsYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
login authentication
Use the login authentication line configuration command to enable authentication, authorization, and accounting (AAA) for logins. Use the no form of this command to either disable Terminal Access Controller Access Control System Plus (TACACS+) authentication for logins or to return to the default.
login authentication {default | list-name}
no login {default | list-name}
Syntax Description
default
Use the default list created with the AAA authentication login command.
list-name
Use the indicated list created with the AAA authentication login command.
Defaults
Login authentication is disabled.
Command Modes
Line configuration
Command History
Usage Guidelines
To create a default list that is used if no list is specified in the login authentication command, use the default keyword followed by the methods you want used in default situations. The default method list is automatically applied to all interfaces.
Examples
The following example shows how to specify TACACS+ as the default method for user authentication during login:
Switch(config)# aaa new-modelSwitch(config)# aaa authentication login default tacacsSwitch(config)# line vty 0 4Switch(config-line)# login authentication default tacacsYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
mac-address-table aging-time
Use the mac-address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. Use the no form of this command to use the default aging-time interval. The aging time applies to all VLANs.
mac-address-table aging-time age
no mac-address-table aging-time
Syntax Description
Defaults
The default is 300 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time. This can reduce the possibility of flooding when the hosts transmit again.
Examples
The following example shows how to set the aging time to 200 seconds:
Switch(config)# mac-address-table aging-time 200You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
Related Commands
mac-address-table secure
Use the mac-address-table secure global configuration command to add secure addresses to the MAC address table. Use the no form of this command to remove secure entries from the MAC address table.
mac-address-table secure hw-addr interface [vlan vlan-id]
no mac-address-table secure hw-addr [vlan vlan-id]
Syntax Description
Command Modes
Global configuration
Command History
Usage Guidelines
Secure addresses can be assigned only to one port at a time. Therefore, if a secure address table entry for the specified MAC address and VLAN already exists on another port, it is removed from that port and assigned to the specified one.
Examples
The following example shows how to add a secure MAC address to VLAN 6 of port fa1/1:
Switch(config)# mac-address-table secure 00c0.00a0.03fa fa1/1 vlan 6You can verify this command by entering the show mac-address-table command in privileged EXEC mode.
Related Commands
mac-address-table static
Use the mac-address-table static global configuration command to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.
mac-address-table static mac_addr interface out-ports-lists vlan vlan-id
no mac-address-table static mac_addr interface out-ports-lists vlan vlan-id
Syntax Description
Command Modes
Global configuration
Command History
Usage Guidelines
When a packet is received on any port in the VLAN, it is forwarded to all the ports specified by the out-ports-lists in the same VLAN.
Examples
The following example shows how to statically configure a host on an interface:
Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8 vlan 4You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
Related Commands
management
Use the management interface configuration command to shut down the current management VLAN interface and to enable the new management VLAN interface. The management VLAN is used to manage a cluster of switches. To use it for cluster management, apply it to a switched virtual interface or the management interface. The default management VLAN is VLAN 1; however, the management VLAN can be changed to a new management interface by using a different VLAN (one with IDs from
1 to 1001). This command also copies the current management VLAN IP information to the new management VLAN interface if no new IP address or network mask is provided. It also copies the cluster standby group configuration to the new management VLAN.management
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
Interface configuration
Command History
Usage Guidelines
No default management or no management command exists to return the management VLAN to its default state.
The management command is not written to the configuration file, and it is not displayed in the output of the show running-config command.
Before entering the management command, make sure the following conditions exist:
•
•
•
Use the management command to change the management VLAN on a single switch. Use the global configuration command cluster management-vlan n on the command switch to change the management VLAN on the entire cluster.
Examples
The following example shows how to shut down the current management VLAN interface and start VLAN 2 as the management VLAN:
Switch# configure terminalSwitch(config)# interface vlan 2Switch(config-subif)# ip address 172.20.128.176 255.255.255.0Switch(config-subif)# managementSwitch(config-subif)# exitSwitch(config)#The following example shows how to copy the IP address and network mask from the current management VLAN to VLAN 2 and make VLAN 2 the management VLAN:
Switch# configure terminalSwitch(config)# interface vlan 2Switch(config-subif)# managementSwitch(config-subif)# exitSwitch(config)#You can verify the previous command by entering the show interface vlan number command in privileged EXEC mode.
Related Commands
ntp access-group
Use the ntp access-group global configuration command to control access to the system Network Time Protocol (NTP) services. Use the no form of the command to remove access control to the system NTP services.
ntp access-group {query-only | serve-only | serve | peer} access-list-number
no ntp access-group {query-only | serve | peer}
Syntax Description
Defaults
NTP is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The access group options are scanned in the following order from least restrictive to most restrictive:
1.
2.
3.
4.
Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. If tighter security is desired, use the NTP authentication facility.
Examples
The following example shows how to configure the system to be synchronized by a peer from access
list 99.However, the system restricts access to allow time requests only from access list 42:
Switch(config)# ntp access-group peer 99Switch(config)# ntp access-group serve-only 42You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
access-list
Differentiates one packet from another so that different treatment can be applied.
show running-config
Displays the running configuration on the switch.
ntp authenticate
Use the ntp authenticate global configuration command to enable Network Time Protocol (NTP) authentication. Use the no form of this command to disable the feature.
ntp authenticate
no ntp authenticate
Syntax Description
This command has no keywords or arguments.
Defaults
NTP authentication is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key command.
Examples
The following example shows how to enable NTP authentication:
Switch(config)# ntp authenticateYou can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp authentication-key
Use the ntp authentication-key global configuration command to define an authentication key for Network Time Protocol (NTP). Use the no form of this command to remove the authentication key for NTP.
ntp authentication-key number md5 value
no ntp authentication-key number
Syntax Description
number
Key number (1 to 4294967295).
md5
Use MD5 authentication.
value
Key value (an arbitrary string of up to eight characters, with the exception of control or escape characters).
Defaults
No authentication key is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to define authentication keys for use with other NTP commands for greater security.
Examples
The following example shows how to set authentication key 10 to aNiceKey:
Switch(config)# ntp authentication-key 10 md5 aNiceKeyYou can verify the previous command by entering the show running-config command in privileged EXEC mode.
Note
Related Commands
ntp broadcast client
Use the ntp broadcast client interface configuration command to allow the system to receive Network Time Protocol (NTP) broadcast packets on an interface. Use the no form of the command to disable this capability.
ntp broadcast client
no ntp broadcast [client]
Syntax Description
This command has no arguments or keywords.
Defaults
Broadcast client mode is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis. You must configure this command on the management VLAN interface. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
Examples
The following example shows how to synchronize the router to NTP packets that are broadcast on interface VLAN 1:
Switch(config-if)# interface vlan1Switch(config-if)# ntp broadcast clientYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp broadcastdelay
Sets the estimated round-trip delay between the IOS software and an NTP broadcast server.
show running-config
Displays the running configuration on the switch.
ntp broadcastdelay
Use the ntp broadcastdelay global configuration command to set the estimated round-trip delay between the IOS software and a Network Time Protocol (NTP) broadcast server. Use the no form of this command to revert to the default value.
ntp broadcastdelay microseconds
no ntp broadcastdelay
Syntax Description
microseconds
Estimated round-trip time (in microseconds) for NTP broadcasts. The range is from 1 to 999999.
Defaults
The default is 3000 microseconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command when the switch is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds.
Examples
The following example shows how to configure the estimated round-trip delay between the switch and the broadcast client to 5000 microseconds:
Switch(config)# ntp broadcastdelay 5000You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp broadcast client
Allows the system to receive NTP broadcast packets on an interface.
show running-config
Displays the running configuration on the switch.
ntp broadcast destination
Use the ntp broadcast destination interface configuration command to configure a Network Time Protocol (NTP) server or peer to restrict the broadcast of NTP frames to the IP address of a designated client or a peer. Use the no form of the command to return the setting to its default.
ntp broadcast destination IP-address
no ntp broadcast destination
Syntax Description
Defaults
No IP address or host name is assigned.
Command Modes
Interface configuration
Command History
Usage Guidelines
You must configure this command on the management VLAN interface. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
Related Commands
ntp broadcast key
Use the ntp broadcast key interface configuration command to configure a Network Time Protocol (NTP) server or peer to broadcast NTP frames with the authentication key embedded into the NTP packet. Use the no form of the command to return the setting to its default.
ntp broadcast key number
no ntp broadcast key
Syntax Description
number
The NTP authentication key that is embedded in the NTP packet.
The range is from 0 to 4294967295.
Defaults
No NTP broadcast key is defined.
Command Modes
Interface configuration
Command History
Usage Guidelines
You must configure this command on the management VLAN interface. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
Related Commands
ntp broadcast version
Use the ntp broadcast interface configuration command to specify that a specific interface should send Network Time Protocol (NTP) broadcast packets. Use the no form of the command to disable this capability.
ntp broadcast version number
no ntp broadcast
Syntax Description
Defaults
Version 3 is the default.
Command Modes
Interface configuration
Command History
Usage Guidelines
If you are using version 2 and the NTP synchronization does not occur, use NTP version 2.
You must configure this command on the management VLAN interface. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
Examples
The following example shows how to configure interface VLAN 1 to send NTP version 2 packets:
Switch(config-if)# interface vlan1Switch(config-if)# ntp broadcast version 2You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp clock-period
Do not enter this command; it is documented for informational purposes only. The system automatically generates this command as the Network Time Protocol (NTP) determines the clock error and compensates.
As the NTP compensates for the error in the system clock, it keeps track of the correction factor for this error. The system automatically saves this value into the system configuration using the ntp clock-period global configuration command. The system uses the no form of this command to revert to the default.
ntp clock-period value
no ntp clock-period
Syntax Description
Command Modes
Global configuration
Command History
Usage Guidelines
If a write memory command is entered to save the configuration to nonvolatile RAM (NVRAM), this command is automatically added to the configuration. It is a good idea to perform this task after NTP has been running for a week or so; NTP synchronizes more quickly if the system is restarted.
ntp disable
Use the ntp disable interface configuration command to prevent an interface from receiving Network Time Protocol (NTP) packets. To enable receipt of NTP packets on an interface, use the no form of the command.
ntp disable
no ntp disable
Syntax Description
This command has no arguments or keywords.
Command Modes
Interface configuration
Command History
Usage Guidelines
You must configure this command on the management VLAN interface. By default, the management VLAN is VLAN 1, but you can configure a different VLAN as the management VLAN.
The preferred command to disable NTP is no ntp.
Examples
The following example shows how to prevent interface VLAN 1 from receiving NTP packets:
Switch(config-if)# interface vlan1Switch(config-if)# ntp disableYou can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp max-associations
Use the ntp max-associations global configuration command to set the maximum number of Network Time Protocol (NTP) associations that are allowed on a server. Use the no form of this command to disable this feature.
ntp max-associations [number]
no ntp max-associations
Syntax Description
Command Modes
Global configuration
Command History
Usage Guidelines
This command provides a simple method to control the number of peers that can use the switch to synchronize to it through NTP.
After you enable a switch as an NTP server, use this command to set the maximum number of associations that are allowed on a server.
Examples
The following example shows how to set the maximum number of NTP associations to 44:
Switch(config)# ntp max-associations 44You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp peer
Use the ntp peer global configuration command to configure the switch system clock to synchronize a peer or to be synchronized by a peer. Use the no form of the command to disable this capability.
ntp peer ip-address [version number] [key keyid] [source interface] [prefer]
no ntp peer ip-address
Syntax Description
Defaults
No IP address is defined.
NTP version 3 is the default.
No NTP authentication key is defined.
No source interface is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
Using the prefer keyword will reduce switching between peers.
If you are using the default NTP version of 3 and NTP synchronization does not occur, try using NTP version 2. Many NTP servers on the Internet run version 2.
Examples
The following example shows how to configure the router to allow its system clock to be synchronized with the clock of the peer (or vice versa) at IP address 131.108.22.33 using NTP version 2. The source IP address will be the address of Ethernet 0.
Switch(config)# ntp peer 131.108.22.33 version 2 source Ethernet 0You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp server
Use the ntp server global configuration command to allow the switch system clock to be synchronized by a time server. Use the no form of the command to disable this capability.
ntp server ip-address [version number] [key keyid] [source interface] [prefer]
no ntp server ip-address
Syntax Description
Defaults
No IP address is defined.
NTP version 3 is the default.
No NTP authentication key is defined.
No source interface is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command if you want to allow this machine to synchronize with the specified server. The server will not synchronize to this machine.
Using the prefer keyword will reduce switching between servers.
If you are using the default NTP version of 3 and NTP synchronization does not occur, try using NTP version 2. Many NTP servers on the Internet run version 2.
Examples
The following example shows how to configure the router to allow its system clock to be synchronized with the clock of the peer at IP address 128.108.22.44 using NTP version 2:
Switch(config)# ntp server 128.108.22.44 version 2You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp source
Use the ntp source global configuration command to use a particular source address in Network Time Protocol (NTP) packets. Use the no form of this command to remove the specified source address.
ntp source interface
no ntp source
Syntax Description
Defaults
No source address is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command when you want to use a particular source IP address for all NTP packets. The address is taken from the specified interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer command, that value overrides the global value.
Examples
The following example shows how to configure the router to use the IP address of VLAN 1 as the source address of all outgoing NTP packets:
Switch(config)# ntp source vlan1You can verify the previous command by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp trusted-key
Use the ntp trusted-key global configuration command if you want to authenticate the identity of a system to which the Network Time Protocol (NTP) will synchronize. Use the no form of this command to disable authentication of the identity of the system.
ntp trusted-key key-number
no ntp trusted-key key-number
Syntax Description
key-number
Authentication key to be used for time authentication. The range is from
1 to 4294967295.
Defaults
No key number is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
If authentication is enabled, use this command to define one or more key numbers that a peer NTP system must provide in its NTP packets in order for this system to synchronize to it. The key numbers must correspond to the keys defined with the ntp authentication-key command. This provides protection against accidentally synchronizing the system to a system that is not allowed because the other system must know the correct authentication key.
Examples
The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in its NTP packets:
Switch(config)# ntp authenticateSwitch(config)# ntp authentication-key 42 md5 aNiceKeySwitch(config)# ntp trusted-key 42You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
Related Commands
ntp authenticate
Enables NTP authentication.
ntp authentication-key
Defines an authentication key for NTP.
show running-config
Displays the running configuration on the switch.
port group
Use the port group interface configuration command to assign a port to a Fast EtherChannel or Gigabit EtherChannel port group. Up to six port groups can be created on a switch. Up to eight ports can belong to a source-based or destination-based port group. Use the no form of this command to remove a port from a port group.
port group group-number [distribution {source | destination}]
no port group
Syntax Description
Defaults
Port does not belong to a port group.
The default forwarding method is source.
Command Modes
Interface configuration
Command History
Usage Guidelines
The following restrictions apply for all ports:
•
•
•
•
•
When a group is first formed, the switch automatically sets the following parameters to be the same on all ports:
•
•
•
•
•
•
•
•
•
Configuration of the first port added to the group is used when setting the above parameters for other ports in the group. After a group is formed, changing any parameter in the above list changes the parameter on all other ports.
Use the distribution keyword to customize the port group to your particular environment. The forwarding method you choose depends on how your network is configured. However, source-based forwarding works best for most network configurations.
Examples
The following example shows how to add a port to a port group by using the default source-based forwarding:
Switch(config-if)# port group 1The following example shows how to add a port to a group by using destination-based forwarding:
Switch(config-if)# port group 2 distribution destinationYou can verify the previous commands by entering the show port group command in privileged EXEC mode.
Related Commands
port monitor
Use the port monitor interface configuration command to enable Switch Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the port to its default value.
port monitor [interface | vlan vlan-id]
no port monitor [interface | vlan vlan-id]
Syntax Description
Defaults
Port does not monitor any other ports.
Command Modes
Interface configuration
Command History
Usage Guidelines
Enabling port monitoring without specifying a port causes all other ports in the same VLAN to be monitored.
Entering the port monitor vlan 1 command causes monitoring of all traffic to and from the IP address configured on VLAN 1.
The following restrictions apply for ports that have port-monitoring capability:
•
•
•
•
•
Examples
The following example shows how to enable port monitoring on port fa0/2:
Switch(config-if)# port monitor fa0/2You can verify the previous command by entering the show port monitor command in privileged EXEC mode.
Related Commands
port protected
Use the port protected interface configuration command to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch. Use the no form of the command to disable the protected port.
port protected
no port protected
Syntax Description
This command has no keywords or arguments.
Defaults
No protected port is defined.
A monitor port can not be configured as a protected port. However, it is possible to monitor or a protected port.
A protected port continues to forward unicast, multicast, and broadcast traffic to unprotected ports and vice versa.
Command Modes
Interface configuration
Command History
Usage Guidelines
The port protection feature is local to the switch; communication between protected ports on the same switch is possible only through a Layer 3 device. To prevent communication between protected ports on different switches, you must configure the protected ports for unique VLANs on each switch and configure a trunk link between the switches.
Port monitoring does not work if both the monitor and the monitored ports are protected ports. A monitor port cannot be configured as a protected port. However, you can monitor a protected port by a non protected port.
A protected port is different from a secure port.
Examples
The following example shows how to enable a protected port on interface fa0/3:
Switch(config)# interface fa0/3Switch(config-if)# port protectedYou can verify the previous command by entering the show port protected command in privileged EXEC mode.
Related Commands
port security
Use the port security interface configuration command to enable port security on a port and restrict the use of the port to a user-defined group of stations. Use the no form of this command to return the port to its default value.
port security [action {shutdown | trap} | max-mac-count addresses]
no port security
Syntax Description
Defaults
Port security is disabled.
When enabled, the default action is to generate an SNMP trap.
Command Modes
Interface configuration
Command History
Usage Guidelines
If you specify trap, use the snmp-server host command to configure the SNMP trap host to receive traps.
The following restrictions apply to secure ports:
•
•
•
Examples
The following example shows how to enable port security and what action the port takes in case of an address violation (shutdown).
Switch(config-if)# port security action shutdownThe following example shows how to set the maximum number of addresses that the port can learn to 8.
Switch(config-if)# port security max-mac-count 8You can verify the previous commands by entering the show port security command in privileged EXEC mode.
Related Commands
port storm-control
Use the port storm-control interface configuration command to enable broadcast, multicast, or unicast storm control on a port. Use the no form of this command to disable storm control or one of the storm-control parameters on the port.
port storm-control {broadcast | multicast | unicast} {{action {filter | shutdown} | threshold {rising rising-number falling falling-number} | trap}}
no port storm-control {broadcast | multicast | unicast}
Syntax Description
Defaults
Broadcast, multicast, and unicast storm control are disabled.
The rising thresholds are 500 broadcast packets per second, 2500 multicast packets per second, and 5000 unicast packets per second.
The falling thresholds are 250 broadcast packets per second, 1200 multicast packets per second, and 2500 unicast packets per second.
Command Modes
Interface configuration
Command History
Usage Guidelines
Do not set the rising and falling thresholds to the same value.
Examples
The following example shows how to enable broadcast storm control on a port. In this example, transmission is inhibited when the number of broadcast packets arriving on the port reaches 1000 and is restarted when the number drops to 200.
Switch(config-if)# port storm-control broadcast threshold rising 1000 falling 200You can verify the previous command by entering the show port storm-control command in privileged EXEC mode.
Related Commands
rcommand
Use the rcommand user EXEC command to start a Telnet session and to execute commands on a member switch from the command switch. To end the session, enter the exit command.
rcommand {n | commander | mac-address hw-addr}
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
If the switch is the command switch but the member switch n does not exist, an error message appears. To obtain the switch number, enter the EXEC mode show cluster members command on the command switch.
You can use this command to access a member switch from the command-switch prompt or to access a command switch from the member-switch prompt.
For 2950 switches, the Telnet session accesses the member-switch command-line interface (CLI) at the same privilege level as on the command switch. For example, if you execute this command at user level on the cluster command switch, the member switch is accessed at user level. If you use this command on the command switch at privileged level, the command accesses the remote device at privileged level. If you use an intermediate enable-level lower than privileged, access to the member switch is at user level.
Examples
The following example shows how to start a session with member 3. All subsequent commands are directed to member 3 until you enter the exit command or close the session.
Switch# rcommand 3Switch-3# show versionCisco Internet Operating System Software ......Switch-3# exitSwitch#Related Commands
reset
Use the reset VLAN database command to abandon the proposed VLAN database and remain in VLAN database mode. This command resets the proposed database to the currently implemented VLAN database on the switch.
reset
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
VLAN database
Command History
Examples
The following example shows how to abandon the proposed VLAN database and reset to the current VLAN database:
Switch(vlan)# resetSwitch(vlan)#You can verify the previous command by entering the show changes and show proposed commands in VLAN database mode.
Related Commands
rmon collection stats
Use the rmon collection stats interface configuration command to collect Ethernet group statistics. The Ethernet group statistics include utilization statistics about broadcast and multicast packets, and error statistics about Cyclic Redundancy Check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
rmon collection stats index [owner name]
no rmon collection stats index [owner name]
Syntax Description
index
Remote Network Monitoring (RMON) collection control index. The range is 1 to 65535.
owner name
(Optional) Owner of the RMON collection.
Defaults
The RMON statistics collection is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
The RMON statistics collection command is based on hardware counters.
Examples
The following example shows how to collect rmon statistics for the owner root on interface fa0/1:
Switch(config)# interface fa0/1Switch(config-if)# rmon collection stats 2 owner rootYou can verify this command by entering the show rmon statistics command in user EXEC mode.
Related Commands
show rmon statistics
Displays RMON statistics.
For more information on this command, refer to the complete IOS Release 12.0 documentation set available on Cisco.com.
show changes
Use the show changes VLAN database command to display the differences between the VLAN database currently on the switch and the proposed VLAN database. You can also display the differences between the two for a selected VLAN.
show changes [vlan-id] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
VLAN database
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show changes command. It displays the differences between the current and proposed databases.
Switch(vlan)# show changesADDED:Name:VLAN0003Media Type:EthernetVLAN 802.10 Id:100003State:OperationalMTU:1500ADDED:Name:VLAN0004Media Type:EthernetVLAN 802.10 Id:100004State:OperationalMTU:1500The following is sample output from the show changes 4 command. It displays the differences between VLAN 4 in the current database and the proposed database.
Switch(vlan)# show changes 4ADDED:Name:VLAN0004Media Type:EthernetVLAN 802.10 Id:100004State:OperationalRelated Commands MTU:1500
show current
Displays the current VLAN database on the switch or a selected VLAN.
show proposed
Displays the proposed VLAN database or a selected VLAN.
show cluster
Use the show cluster user EXEC command to display the cluster status and a summary of the cluster to which the switch belongs. This command can be entered on command and member switches.
show cluster | [{begin | exclude | include} expression]
Syntax Descriptionshow cluster
Command Modes
User EXEC
Command History
Usage Guidelines
If the switch is not a command switch or a member switch, the command displays an empty line at the prompt.
On a member switch, this command displays the identity of the command switch, the switch member number, and the state of its connectivity with the command switch.
On a command switch, this command displays the cluster name, and the total number of members. It also shows the cluster status and time since the status changed. If redundancy is enabled, it displays the primary and secondary command-switch information.
If you enter this command on a switch that is not a cluster member, the error message Not a management cluster member is displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output when this command is executed on the active command switch:
Switch# show clusterCommand switch for cluster "Ajang"Total number of members: 7Status: 1 members are unreachableTime since last status change: 0 days, 0 hours, 2 minutesRedundancy: EnabledStandby command switch: Member 1Standby Group: Ajang_standbyStandby Group Number: 110Heartbeat interval: 8Heartbeat hold-time: 80Extended discovery hop count: 3The following is sample output when this command is executed on a member switch:
Switch1# show clusterMember switch for cluster "commander"Member number: 3Management IP address: 192.192.192.192Command switch mac address: 0000.0c07.ac14Heartbeat interval: 8Heartbeat hold-time: 80The following is sample output when this command is executed on a member switch that is configured as the standby command switch:
Switch# show clusterMember switch for cluster "commander"Member number: 3 (Standby command switch)Management IP address: 192.192.192.192Command switch mac address: 0000.0c07.ac14Heartbeat interval: 8Heartbeat hold-time: 80The following is sample output when this command is executed on the command switch that is separated from member 1:
Switch> show clusterCommand switch for cluster "Ajang"Total number of members: 7Status: 1 members are unreachableTime since last status change: 0 days, 0 hours, 5 minutesRedundancy: DisabledHeartbeat interval: 8Heartbeat hold-time: 80Extended discovery hop count: 3The following is sample output when this command is executed on a member switch that is separated from the command switch:
Switch> show clusterMember switch for cluster "commander"Member number: <UNKNOWN>Management IP address: 192.192.192.192Command switch mac address: 0000.0c07.ac14Heartbeat interval: 8Heartbeat hold-time: 80Related Commands
show cluster candidates
Use the show cluster candidates user EXEC command on the command switch to display a list of candidate switches.
show cluster candidates [mac-address H.H.H. | detail] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
You should enter this command only on a command switch.
If the switch is not a command switch, the command displays an empty line at the prompt.
The SN in the display means "switch member number." If E is displayed in the SN column, it means that the switch is discovered through extended discovery. The hop count is the number of devices the candidate is from the command switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show cluster candidates command.
Switch# show cluster candidates|---Upstream---|MAC Address Name Device Type PortIf FEC Hops SN PortIf FEC00d0.7961.c4c0 c2950-012 WS-C2950-12 Fa0/5 1 0 Fa0/300d0.bbf5.e900 ldf-dist-128 WS-C3524-XL Fa0/7 1 0 Fa0/2400e0.1e7e.be80 1900_Switch 1900 3 0 1 0 Fa0/1100e0.1e9f.7a00 c2924XL-24 WS-C2924-XL Fa0/5 1 0 Fa0/300e0.1e9f.8c00 c2912XL-12-2 WS-C2912-XL Fa0/4 1 0 Fa0/700e0.1e9f.8c40 c2912XL-12-1 WS-C2912-XL Fa0/1 1 0 Fa0/90050.2e4a.9fb0 C3508XL-0032 WS-C3508-XL E0050.354e.7cd0 C2924XL-0034 WS-C2924-XL EThe following is sample output from the show cluster candidates command that uses the MAC address of a member switch directly connected to the command switch:
Switch# show cluster candidates mac-address 00d0.7961.c4c0Device 'c2950-12' with mac address number 00d0.7961.c4c0Device type: cisco WS-C2950-12Upstream MAC address: 00d0.796d.2f00 (Cluster Member 0)Local port: Fa0/3 FEC number:Upstream port: Fa0/13 FEC Number:Hops from cluster edge: 1Hops from command device: 1The following is sample output from the show cluster candidates command that uses the MAC address of a member switch three hops from the cluster edge:
Switch# show cluster candidates mac-address 0010.7bb6.1cc0Device 'c2950-24' with mac address number 0010.7bb6.1cc0Device type: cisco WS-C2950-24Upstream MAC address: 0010.7bb6.1cd4Local port: Fa2/1 FEC number:Upstream port: Fa0/24 FEC Number:Hops from cluster edge: 3Hops from command device: -The following is sample output from the show cluster candidates detail command:
Switch# show cluster candidates detailDevice 'c2950-12' with mac address number 00d0.7961.c4c0Device type: cisco WS-C2950-12Upstream MAC address: 00d0.796d.2f00 (Cluster Member 1)Local port: Fa0/3 FEC number:Upstream port: Fa0/13 FEC Number:Hops from cluster edge: 1Hops from command device: 2Device '1900_Switch' with mac address number 00e0.1e7e.be80Device type: cisco 1900Upstream MAC address: 00d0.796d.2f00 (Cluster Member 2)Local port: 3 FEC number: 0Upstream port: Fa0/11 FEC Number:Hops from cluster edge: 1Hops from command device: 2Device 'c2924-XL' with mac address number 00e0.1e9f.7a00Device type: cisco WS-C2924-XLUpstream MAC address: 00d0.796d.2f00 (Cluster Member 3)Local port: Fa0/5 FEC number:Upstream port: Fa0/3 FEC Number:Hops from cluster edge: 1Hops from command device: 2Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
show cluster members
Displays information about the cluster members.
show cluster members
Use the show cluster members user EXEC command on the command switch to display information about the cluster members.
show cluster members [n | detail] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
You should enter this command only on a command switch.
If the cluster has no members, this command displays an empty line at the prompt.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show cluster members command. The SN in the display means switch number.
Switch# show cluster members|---Upstream---|SN MAC Address Name PortIf FEC Hops SN PortIf FEC State0 0030.0002.0240 c2950-001 0 Up (Cmdr)4 0050.2ae6.2e00 2900XL-1 Fa0/1 1 0 Fa0/1 UpThe following is sample output from the show cluster members for cluster member 4:
Switch# show cluster members 4Device '2900XL-1' with member number 4Device type: cisco WS-C2924M-XLMAC address: 0050.2ae6.2e00Upstream MAC address: 0030.0002.0240 (Cluster member 0)Local port: Fa0/1 FEC number:Upstream port: Fa0/1 FEC Number:Hops from command device:1The following is sample output from the show cluster members detail command:
Switch# show cluster members detailDevice 'c2950-001' with member number 0 (Command Switch)Device type: cisco WS-C2950-24MAC address: 0030.0002.0240Upstream MAC address:Local port: FEC number:Upstream port: FEC Number:Hops from command device:0Device '2900XL-1' with member number 4Device type: cisco WS-C2924M-XLMAC address: 0050.2ae6.2e00Upstream MAC address: 0030.0002.0240 (Cluster member 0)Local port: Fa0/1 FEC number:Upstream port: Fa0/1 FEC Number:Hops from command device:1Related Commands
show cluster
Displays the cluster status and a summary of the cluster to which the switch belongs.
show cluster candidates
Displays a list of candidate switches.
show current
Use the show current VLAN database command to display the current VLAN database on the switch or a selected VLAN from it.
show current [vlan-id] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
VLAN database
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show current command. It displays the current VLAN database.
Switch(vlan)# show currentName: defaultMedia Type: EthernetVLAN 802.10 Id: 100001State: OperationalMTU: 1500Translational Bridged VLAN: 1002Translational Bridged VLAN: 1003Name: fddi-defaultMedia Type: FDDIVLAN 802.10 Id: 101002State: OperationalMTU: 1500Bridge Type: SRBTranslational Bridged VLAN: 1Translational Bridged VLAN: 1003Name: token-ring-defaultMedia Type: Token RingVLAN 802.10 Id: 101003State: OperationalMTU: 1500Bridge Type: SRBRing Number: 0Bridge Number: 1Parent VLAN: 1005Maximum ARE Hop Count: 7Maximum STE Hop Count: 7Backup CRF Mode: DisabledTranslational Bridged VLAN: 1Translational Bridged VLAN: 1002Name: fddinet-defaultMedia Type: FDDI NetVLAN 802.10 Id: 101004State: OperationalMTU: 1500Bridge Type: SRBBridge Number: 1STP Type: IBMName: trnet-defaultMedia Type: Token Ring NetVLAN 802.10 Id: 101005State: OperationalMTU: 1500Bridge Type: SRBBridge Type: SRBBridge Number: 1STP Type: IBMRelated Commands STP Type: IBM
show env
Use the show env privileged EXEC command to display fan information for the Catalyst 2950 switch.
show env {all | fan} | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show env all command:
Switch# show env allFAN 1 is OKThe following is sample output from the show env fans command:
FAN 1 is OKor
FAN 1 is FAULTYshow file systems
Use the show file systems privileged EXEC command to display file system information.
show file systems | [{begin | exclude | include} expression]
Syntax Description
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show file systems command:
Switch# show file systemsFile Systems:Size(b) Free(b) Type Flags Prefixes* 3612672 1234432 flash rw flash:3612672 1234432 unknown rw zflash:- - opaque ro bs:32768 30917 nvram rw nvram:- - network rw tftp:- - opaque rw null:- - opaque rw system:- - network rw rcp:show interface
Use the show interface privileged EXEC command to display the administrative and operational status of a switching (nonrouting) port.
show interface [interface-id | vlan number] [flow-control | status | switchport [allowed-vlan | native-vlan]] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show interface gi0/1 flow-control command.
Switch# show interface gi0/1 flow-controlAny,Input onlyThe display shows two values separated by a comma. The first value is the value you configured by using the flowcontrol command or through the Cluster Management Suite (or the default value if you did not configure it). The first value displayed can be one of the following settings:
•
•
•
•
The second value in the display represents the flow control value that is autonegotiated with the link partner and can be one of the following settings:
•
•
•
•
The following is sample output from the show interface status command:
Switch# show interface status
Port Name Status Vlan Duplex Speed Type------- ------------------ ------------ -------- ------ ------- ----Fa0/1 connected 1 A-Full A-100 100BaseTX/FXFa0/2 connected 1 A-Full A-100 100BaseTX/FXFa0/3 connected 1 A-Full A-100 100BaseTX/FXFa0/4 connected 1 A-Full A-100 100BaseTX/FXFa0/5 connected 1 A-Full A-100 100BaseTX/FXFa0/6 connected 1 A-Full A-100 100BaseTX/FXFa0/7 connected 1 A-Full A-100 100BaseTX/FXFa0/8 connected 1 A-Full A-100 100BaseTX/FXFa0/9 connected 1 A-Full A-100 100BaseTX/FXFa0/10 connected 1 A-Full A-100 100BaseTX/FXFa0/11 connected 1 A-Full A-100 100BaseTX/FXFa0/12 connected 1 A-Full A-100 100BaseTX/FXFa0/13 connected 1 A-Full A-100 100BaseTX/FXFa0/14 connected 1 A-Full A-100 100BaseTX/FXFa0/15 connected 1 A-Full A-100 100BaseTX/FXFa0/16 connected 1 A-Full A-100 100BaseTX/FXFa0/17 connected 1 A-Full A-100 100BaseTX/FXFa0/18 connected 1 A-Full A-100 100BaseTX/FXFa0/19 connected 1 A-Full A-100 100BaseTX/FXFa0/20 connected 1 A-Full A-100 100BaseTX/FXPort Name Status Vlan Duplex Speed Type------- ------------------ ------------ -------- ------ ------- ----Fa0/21 connected 1 A-Full A-100 100BaseTX/FXFa0/22 connected 1 A-Full A-100 100BaseTX/FXFa0/23 connected 1 A-Full A-100 100BaseTX/FXFa0/24 connected 1 A-Full A-100 100BaseTX/FXGi0/1 connected 1 Full 1000 1000BaseTGi0/2 connected 1 Full 1000 1000BaseTThe following is sample output from the show interface fa0/2 switchport command. Table 2-1 describes each field in the display.
Switch# show interface fa0/2 switchportName: Fa0/2Switchport: EnabledAdministrative mode: static accessOperational Mode: static accessAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: DisabledAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: NONEPruning VLANs Enabled: NONEPriority for untagged frames: 0Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: none
Related Commands
show ip igmp snooping
Use the show ip igmp snooping privileged EXEC command to display the Internet Group Management Protocol (IGMP) snooping configuration of the switch or the VLAN.
show ip igmp snooping | [{begin | exclude | include} expression]
show ip igmp snooping vlan vlan-id | [{begin | exclude | include} expression]
Syntax Description
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to display snooping characteristics for the switch or for a specific VLAN.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following example shows how to display snooping information for the switch:
Switch# show ip igmp snoopingvlan 1----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is enabled on this VlanIGMP snooping mrouter learn mode is pim-dvmrp on this Vlanvlan 2----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is enabled on this VlanIGMP snooping mrouter learn mode is cgmp on this Vlanvlan 3----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is disabled on this VlanIGMP snooping mrouter learn mode is cgmp on this Vlanvlan 4----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is disabled on this VlanIGMP snooping mrouter learn mode is cgmp on this Vlanvlan 5----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is disabled on this VlanIGMP snooping mrouter learn mode is pim-dvmrp on this Vlanvlan 33----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is disabled on this VlanIGMP snooping mrouter learn mode is pim-dvmrp on this VlanThe following example shows how to display snooping information for a specific VLAN:
Switch# show ip igmp snooping vlan 1vlan 1----------IGMP snooping is globally enabledIGMP snooping is enabled on this VlanIGMP snooping immediate-leave is enabled on this VlanIGMP snooping mrouter learn mode is pim-dvmrp on this VlanRelated Commands
show ip igmp snooping mrouter
Use the show ip igmp snooping mrouter privileged EXEC command to display information on dynamically learned and manually configured multicast router ports.
show ip igmp snooping mrouter vlan vlan-id | [{begin | exclude | include} expression]
Syntax Description
Defaults
This command has no default setting.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
You can also use the show mac-address-table multicast command to display entries in the MAC address table for a VLAN that has Internet Group Management Protocol (IGMP) snooping enabled.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following example shows how to display snooping information for VLAN 1.
Note
Switch# show ip igmp snooping mrouter vlan 1Vlan ports---- -----1 Fa0/2(static), Fa0/3(dynamic)Related Commands
show mac-address-table
Use the show mac-address-table privileged EXEC command to display the MAC address table.
show mac-address-table [static | dynamic | secure | self | aging-time | count]
[address hw-addr] [interface interface] [vlan vlan-id] | [{begin | exclude | include} expression]Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, all of the conditions must be true in order for that entry to be displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show mac-address-table command:
Switch# show mac-address-tableDynamic Addresses Count: 9Secure Addresses (User-defined) Count: 0Static Addresses (User-defined) Count: 0System Self Addresses Count: 41Total MAC addresses: 50Non-static Address Table:Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------0010.0de0.e289 Dynamic 1 FastEthernet0/10010.7b00.1540 Dynamic 2 FastEthernet0/50010.7b00.1545 Dynamic 2 FastEthernet0/50060.5cf4.0076 Dynamic 1 FastEthernet0/10060.5cf4.0077 Dynamic 1 FastEthernet0/10060.5cf4.1315 Dynamic 1 FastEthernet0/10060.70cb.f301 Dynamic 1 FastEthernet0/100e0.1e42.9978 Dynamic 1 FastEthernet0/100e0.1e9f.3900 Dynamic 1 FastEthernet0/1Related Commands
show mac-address-table multicast
Use the show mac-address-table multicast privileged EXEC command to display the Layer 2 multicast entries for the switch or for the VLAN.
show mac-address-table multicast vlan vlan-id [user|igmp-snooping] [count] | [{begin | exclude | include} expression]
Syntax Description
Defaults
This command has no default setting.
Command Modes
Privileged EXEC mode
Command History
Usage Guidelines
Displays the multicast MAC address for the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following example shows how to display the multicast MAC address for the switch:
Switch#show mac-address-table multicastVlan Mac Address Type Ports---- ----------- ---- -----1 0100.5e00.0128 IGMP Fa0/111 0100.5e01.1111 USER Fa0/5, Fa0/6, Fa0/7, Fa0/11show ntp associations
Use the show ntp associations privileged EXEC command to display the status of Network Time Protocol (NTP) associations.
show ntp associations [detail] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
Detailed descriptions of the information displayed by this command can be found in the NTP specification RFC 1305.
The following is sample output from the show ntp associations command:
Switch# show ntp associationsaddress ref clock st when poll reach delay offset disp~160.89.32.2 160.89.32.1 5 29 1024 377 4.2 -8.59 1.6+~131.108.13.33 131.108.1.111 3 69 128 377 4.1 3.48 2.3*~131.108.13.57 131.108.1.111 3 32 128 377 7.9 11.18 3.6* master (synced), # master (unsynced), + selected, - candidate, ~ configuredshow ntp status
Use the show ntp status privileged EXEC command to display the status of the Network Time Protocol (NTP).
show ntp status | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show ntp status command:
Switch# show ntp statusClock is synchronized, stratum 4, reference is 131.108.13.57nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)clock offset is 7.33 msec, root delay is 133.36 msecroot dispersion is 126.28 msec, peer dispersion is 5.98 msecshow port group
Use the show port group privileged EXEC command to display the ports that belong to a port group.
show port group [group-number] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the variable group-number is omitted, the show port group command displays all port groups on the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show port group command:
Switch# show port group 1Group Interface----- ---------------1 FastEthernet0/11 FastEthernet0/4Related Commands
port group
Assigns a port to a Fast EtherChannel or Gigabit EtherChannel port group.
show port monitor
Use the show port monitor privileged EXEC command to display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled.
show port monitor [interface-id | vlan number] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the variable interface is omitted, the show port monitor command displays all monitor ports on the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show port monitor command:
Switch# show port monitor fa0/8Monitor Port Port Being Monitored------------------ --------------------FastEthernet0/8 FastEthernet0/1FastEthernet0/8 FastEthernet0/2FastEthernet0/8 FastEthernet0/3FastEthernet0/8 FastEthernet0/4Related Commands
show port protected
Use the show port protected privileged EXEC command to display the port protected mode for all ports.
show port protected | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show port protected command:
Switch# show port protectedFastEthernet0/3 is in protected modeGigabitEthernet1/1 is in protected modeRelated Commands
port protected
Isolates unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch.
show port security
Use the show port security privileged EXEC command to display the port security settings defined for the port.
show port security [interface-id | vlan number] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the variable interface is omitted, the show port security command displays all secure ports on the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show port security command for fixed port 07:
Switch# show port security fa0/7Secure Port Secure Addr Secure Addr Security Security ActionCnt (Current) Cnt (Max) Reject Cnt--------------- ------------- ----------- ---------- ----------------FastEthernet0/7 0 132 0 Send TrapRelated Commands
show port storm-control
Use the show port storm-control privileged EXEC command to display the packet-storm control information. This command also displays the action that the switch takes when the thresholds are reached.
show port storm-control [interface] [{broadcast | multicast | unicast | history}] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the variable interface is omitted, the show port storm-control command displays storm control settings on all ports on the switch.
You can display broadcast, multicast, or unicast packet-storm information by using the corresponding keyword.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show port storm-control command:
Switch# show port storm-controlInterface Filter State Trap State Rising Falling Current Traps Sent--------- ------------- ------------- ------ ------- ------- ----------Fa0/1 <inactive> <inactive> 1000 200 0 0Fa0/2 <inactive> <inactive> 500 250 0 0Fa0/3 <inactive> <inactive> 500 250 0 0Fa0/4 <inactive> <inactive> 500 250 0 0Related Commands
port storm-control
Enables broadcast, multicast, or unicast storm control on a port.
show proposed
Use the show proposed VLAN database command to display the proposed VLAN database or a selected VLAN from it.
show proposed [vlan-id] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
VLAN database
Command History
Usage Guidelines
If the variable vlan-id is omitted, the show proposed command displays the entire proposed VLAN database.
The proposed VLAN database is not the running configuration until you use the exit or apply command.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show proposed command:
Switch(vlan)# show proposedName: defaultMedia Type: EthernetVLAN 802.10 Id: 100001State: OperationalMTU: 1500Translational Bridged VLAN: 1002Translational Bridged VLAN: 1003Name: fddi-defaultMedia Type: FDDIVLAN 802.10 Id: 101002State: OperationalMTU: 1500Bridge Type: SRBTranslational Bridged VLAN: 1Translational Bridged VLAN: 1003Name: token-ring-defaultMedia Type: Token RingVLAN 802.10 Id: 101003State: OperationalMTU: 1500Bridge Type: SRBRing Number: 0Bridge Number: 1Parent VLAN: 1005Maximum ARE Hop Count: 7Maximum STE Hop Count: 7Backup CRF Mode: DisabledTranslational Bridged VLAN: 1Translational Bridged VLAN: 1002Name: fddinet-defaultMedia Type: FDDI NetVLAN 802.10 Id: 101004State: OperationalMTU: 1500Bridge Type: SRBBridge Number: 1STP Type: IBMName: trnet-defaultMedia Type: Token Ring NetVLAN 802.10 Id: 101005State: OperationalMTU: 1500Maximum ARE Hop Count: 7Maximum STE Hop Count: 7Backup CRF Mode: DisabledTranslational Bridged VLAN: 1Translational Bridged VLAN: 1002Name: fddinet-defaultMedia Type: FDDI NetVLAN 802.10 Id: 101004State: OperationalMTU: 1500Bridge Type: SRBBridge Number: 1STP Type: IBMName: trnet-defaultMedia Type: Token Ring NetVLAN 802.10 Id: 101005State: OperationalMTU: 1500Bridge Type: SRBBridge Number: 1STP Type: IBM
show rps
Use the show rps privileged EXEC command to display the status of the Cisco Redundant Power System (RPS).
show rps | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show rps command. Table 2-2 describes the possible display output.
Switch# show rpsACTIVATED
show spanning-tree
Use the show spanning-tree privileged EXEC command to display spanning-tree information for the specified spanning-tree instances.
show spanning-tree [brief] | [summary] | [vlan stp-list] [interface interface-list] | [{begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the variable stp-list is omitted, the command applies to the Spanning Tree Protocol (STP) instance associated with VLAN 1.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
The following is sample output from the show spanning-tree summary command:
Switch# show spanning-tree summaryUplinkFast is disabledName Blocking Listening Learning Forwarding STP Active-------------------- -------- --------- -------- ---------- ----------VLAN1 23 0 0 1 24-------------------- -------- --------- -------- ---------- ----------1 VLAN 23 0 0 1 24Switch# show spanning-tree briefVLAN1Spanning tree enabled protocol IEEEROOT ID Priority 32768Address 0030.7172.66c4Hello Time 2 sec Max Age 20 sec Forward Delay 15 secVLAN1Spanning tree enabled protocol IEEEROOT ID Priority 32768Address 0030.7172.66c4Port DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID------- ------- ---- ---- --- ---- -------------- -------
