Table Of Contents
Using the Command-Line Interface
Type of Memory
Platforms
CLI Command Modes
User EXEC Mode
Privileged EXEC Mode
VLAN Database Mode
Global Configuration Mode
Interface Configuration Mode
Line Configuration Mode
Searching and Filtering Output of show and more Commands
Command Summary
Using the Command-Line Interface
The Catalyst 2950 switches are supported by Cisco IOS software. These switches support Cisco IOS Release 12.0(5)WC(1). This chapter describes how to use the switch command-line interface (CLI) to configure the software. For a complete description of the commands that support these features, see "Cisco IOS Commands." For more information on Cisco IOS Release 12.0, refer to the Cisco IOS Release 12.0 Command Summary.
The switches are preconfigured and begin forwarding packets as soon as they are attached to compatible devices.
By default, all ports belong to virtual LAN (VLAN) 1. Access to the switch itself is also through VLAN 1, which is the default management VLAN. The management VLAN is configurable. You manage the switch by using Telnet, web-based management, and SNMP through devices connected to ports assigned to the management VLAN.
Type of Memory
The switch Flash memory stores the Cisco IOS software image, the startup configuration file, and helper files.
Platforms
Cisco IOS Release 12.(5)WC(1) runs on a variety of 2950 switches. For a complete list, see the Release Notes for Catalyst 2950 Series, Cisco IOS Release 12.0(5)WC(1).
CLI Command Modes
This section describes the CLI command mode structure. Command modes support specific Cisco IOS commands. For example, the interface type_number command works only when entered in global configuration mode. The Cisco IOS command modes are as follows:
•
User EXEC mode
•Privileged EXEC mode
•VLAN database mode
•Global configuration mode
•Interface configuration mode
•Line configuration mode
Table 1-1 lists the command modes, how to access each mode, the prompt you will see in that mode, and how to exit that mode. The prompts listed assume the default name Switch.
Table 1-1 Command Modes Summary
Command Mode
|
Access Method
|
Prompt
|
Exit or Access Next Mode
|
User EXEC
|
This is the first level of access.
(For the switch) Change terminal settings, perform basic tasks, and list system information.
|
|
Enter the logout command.
|
Privileged EXEC
|
From user EXEC mode, enter the enable user EXEC command.
|
|
To exit to user EXEC mode, enter the disable command.
To enter global configuration mode, enter the configure command.
|
VLAN database
|
From user EXEC mode, enter the vlan database command.
|
|
To exit to user EXEC mode, enter the exit command.
|
Global configuration
|
From privileged EXEC mode, enter the configure privileged EXEC command.
|
|
To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z.
To enter interface configuration mode, enter the interface configuration command.
|
Interface configuration
|
From global configuration mode, specify an interface by entering the interface command.
|
|
To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z.
To exit to global configuration mode, enter the exit command.
To enter subinterface configuration mode, specify a subinterface with the interface command.
|
Line configuration
|
From global configuration mode, specify a line by entering the line command.
|
|
To exit to global configuration mode, enter the exit command.
To return to privileged EXEC mode, enter the end command, or press Ctrl-Z.
|
User EXEC Mode
After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, the user EXEC commands allow you to change terminal settings temporarily, perform basic tests, and list system information.
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
Privileged EXEC Mode
Because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which you access the remaining command modes.
If your system administrator has set a password, you are prompted to enter it before being granted access to privileged EXEC mode. The password is not displayed on the screen and is case sensitive.
The privileged EXEC mode prompt consists of the device name followed by the pound sign (#).
Enter the enable command to access privileged EXEC mode:
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
To return to user EXEC mode, enter the disable command.
VLAN Database Mode
The VLAN database commands allow you to modify VLAN parameters. Enter the vlan database command to access VLAN database mode:
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
To return to privileged EXEC mode, enter the abort command to abandon the proposed database. Otherwise, enter exit to implement the proposed new VLAN database and return to privileged EXEC mode.
Global Configuration Mode
Global configuration commands apply to features that affect the device as a whole. Use the configure privileged EXEC command to enter global configuration mode. The default is to enter commands from the management console.
When you enter the configure command, the console prompts you for the source of the configuration commands:
Configuring from terminal, memory, or network [terminal]?
You can specify either the terminal or nonvolatile RAM (NVRAM) as the source of configuration commands.
The following example shows you how to access global configuration mode:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
To exit global configuration command mode and return to privileged EXEC mode, enter the end or exit command, or press Ctrl-Z.
Interface Configuration Mode
Interface configuration commands modify the operation of the interface. Interface configuration commands always follow a global configuration command, which defines the interface type.
Use the interface type_number.subif command to access interface configuration mode. The new prompt indicates interface configuration mode.
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
To exit interface configuration mode and return to global configuration mode, enter the exit command. To exit interface configuration mode and return to privileged EXEC mode, enter the end command, or press Ctrl-Z.
Line Configuration Mode
Line configuration commands modify the operation of a terminal line. Line configuration commands always follow a line command, which defines a line number. These commands are used to change terminal parameter settings line-by-line or for a range of lines.
Use the line vty line_number [ending_line_number] command to enter line configuration mode. The new prompt indicates line configuration mode.
The following examples shows how to enter line configuration mode for virtual terminal line 7:
Switch(config)# line vty 0 7
The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.
To exit line configuration mode and return to global configuration mode, use the exit command. To exit line configuration mode and return to privileged EXEC mode, enter the end command, or press Ctrl-Z.
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This functionality is useful when you need to sort through large amounts of output or if you want to exclude output that you do not need to see.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the keywords begin, include, or exclude, and an expression that you want to search for or filter out:
command | {begin | include | exclude} regular-expression
The following is an example of the show igmp snooping command where the display begins with the lines that match the expression vlan 2.
switch# show ip igmp snooping | begin vlan 2
IGMP snooping is globally enabled
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP_ONLY mode on this Vlan
IGMP snooping is globally enabled
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
The following is an example of the show igmp snooping command where the display excludes the lines that match the expression globally.
switch# show ip igmp snooping | exclude globally
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is cgmp on this Vlan
IGMP snooping is running in IGMP_CGMP mode on this Vlan
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP_ONLY mode on this Vlan
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
The following is an example of the show igmp snooping command where the display includes the lines that match the expression disabled.
switch# show ip igmp snooping | include disabled
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
Command Summary
Table 1-2 lists and describes the Cisco IOS commands for the 2950 switches. The commands are sorted by the command modes from which they are entered.
Table 1-2 Command Summary
Commands
|
Description
|
User EXEC mode
|
|
| |
rcommand
|
Executes commands on a cluster member from the command switch.
|
| |
show cluster
|
Displays the cluster status and a summary of the cluster to which the switch belongs.
|
| |
show cluster candidates
|
Displays switches that are not currently members of the cluster but could be.
|
| |
show cluster members
|
Displays information about all members in a cluster.
|
| |
show ntp associations
|
Displays the status of NTP associations.
|
| |
show ntp status
|
Displays the status of NTP.
|
| |
show spanning-tree
|
Displays Spanning Tree Protocol (STP) information.
|
| |
show udld
|
Displays UniDirectional Link Detection (UDLD) status information for all or the specified port.
|
| |
show vlan
|
Displays information about a VLAN.
|
| |
show version
|
Displays the firmware version for the switch or module.
|
| |
show vtp counters
show vtp status
|
Displays general information about the VTP management domain, status, and counters.
|
| |
show wrr-queue bandwidth
|
Displays the weighted round-robin (WRR) bandwidth allocation for the four class of service (CoS) priority queues.
|
| |
show wrr-queue cos-map
|
Displays the mapping of the CoS values to the CoS priority queues.
|
Privileged EXEC mode
|
|
| |
clear ip address
|
Deletes the IP address without disabling the IP processing.
|
| |
clear mac-address-table
|
Deletes all addresses in the MAC address table.
|
| |
clear vtp counters
|
Clears the VLAN Trunk Protocol (VTP) counters.
|
| |
cluster setup
|
Automatically builds a cluster.
|
| |
delete
|
Deletes a file from the file system.
|
| |
show env
|
Displays the status of the switch fans.
|
| |
show file systems
|
Displays information about local and remote file systems.
|
| |
show interface
|
Displays the administrative and operational status of a switching port.
|
| |
show ip igmp snooping
|
Displays the IGMP snooping for all VLANs.
|
| |
show ip igmp snooping vlan
|
Displays the IGMP snooping configuration of the VLAN.
|
| |
show ip igmp snooping mrouter
|
Displays the statically and dynamically learned multicast router ports.
|
| |
show mac-address-table
|
Displays the MAC address table.
|
| |
show mac-address-table multicast
|
Displays the Layer 2 multicast entries for a VLAN.
|
| |
show port group
|
Displays the ports that are assigned to groups.
|
| |
show port monitor
|
Displays the ports that have port monitoring enabled.
|
| |
show port protected
|
Displays the ports that are port protected mode.
|
| |
show port security
|
Displays the ports that have port security enabled.
|
| |
show port storm-control
|
Displays the setting of broadcast-storm control.
|
| |
show rps
|
Displays the status of the Cisco Redundant Power System (RPS).
|
| |
show tacacs
|
Displays various Terminal Access Controller Access Control System Plus (TACACS+) server statistics.
|
| |
udld reset
|
Resets any port that has been shut down by UDLD.
|
| |
vlan database
|
Enters VLAN database mode.
|
Global configuration mode
|
|
| |
cluster commander-address
|
Automatically provides the command switch MAC address to member switches. This command is automatically issued.
|
| |
cluster discovery hop-count
|
Sets the hop-count limit for extended discovery of cluster candidates.
|
| |
cluster enable
|
Enables the cluster command switch and names the cluster.
|
| |
cluster holdtime
|
Sets the timer that determines when a command switch declares the other switch down after not receiving a heartbeat message. Used with the cluster timer command.
|
| |
cluster management-vlan
|
Changes the management VLAN for the entire cluster.
|
| |
cluster member
|
Adds members to the cluster.
|
| |
cluster run
|
Enables clustering on a switch.
|
| |
cluster standby-group
|
Enables command switch redundancy by binding an Hot Standby Router Protocol (HSPR) standby group to the cluster.
|
| |
cluster timer
|
Sets the interval between heartbeat messages between the command and member switches. Used with the cluster holdtime command.
|
| |
enable last-resort
|
Specifies what happens if the Terminal Access Controller Access Control System (TACACS) and Extended TACACS servers used by the enable command do not respond.
|
| |
enable use-tacacs
|
Enables the use of TACACS to determine whether a user can access the privileged command level.
|
| |
interface
|
Selects an interface to configure. Creates a new management VLAN interface.
|
| |
ip igmp snooping
|
Enables IGMP snooping.
|
| |
ip igmp snooping vlan
|
Enables IGMP snooping on the VLAN interface.
|
| |
ip igmp snooping vlan immediate-leave
|
Configures IGMP Immediate-Leave processing.
|
| |
ip igmp snooping vlan mrouter
|
Configures a Layer 2 port as a multicast router port.
|
| |
ip igmp snooping vlan static
|
Configures a Layer 2 port as a member of a group.
|
| |
mac-address-table aging-time
|
Sets the length of time that a dynamic entry remains in the address table.
|
| |
mac-address-table secure
|
Adds a secure address entry to the address table.
|
| |
mac-address-table static
|
Adds a static address entry to the address table.
|
| |
ntp access-group
|
Controls access to the system's NTP services.
|
| |
ntp authenticate
|
Enables NTP authentication.
|
| |
ntp authentication-key
|
Defines an authentication key for NTP.
|
| |
ntp broadcastdelay
|
Sets the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server.
|
| |
ntp clock-period
|
Determines the clock error.
|
| |
ntp max-associations
|
Sets the maximum number of NTP associations that are allowed on a server.
|
| |
ntp peer
|
Configures the router system clock to synchronize a peer or to be synchronized by a peer.
|
| |
ntp server
|
Allows the router system clock to be synchronized by a time server.
|
| |
ntp source
|
Uses a particular source address in NTP packets.
|
| |
ntp trusted-key
|
Authenticates the identity of a system to which NTP will synchronize.
|
| |
shutdown vlan
|
Shuts down local traffic on the specified VLAN.
|
| |
snmp-server enable traps vlan-membership
|
Enables SNMP notification for VMPS changes.
|
| |
snmp-server enable traps vtp
|
Enables SNMP notification for VTP changes.
|
| |
snmp-server host
|
Specifies the host that receives SNMP traps.
|
| |
spanning-tree
|
Enables an instance of STP.
|
| |
spanning-tree forward-time
|
Specifies the forward delay interval for the switch.
|
| |
spanning-tree hello-time
|
Specifies the interval between hello Bridge Protocol Data Units (BPDUs).
|
| |
spanning-tree max-age
|
Changes the interval the switch waits to receive BPDUs from the root switch.
|
| |
spanning-tree priority
|
Configures the bridge priority for the specified spanning-tree instance.
|
| |
spanning-tree protocol
|
Defines the type of STP.
|
| |
spanning-tree uplinkfast
|
Accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself.
|
| |
tacacs-server attempts
|
Controls the number of login attempts that can be made on a line set up for TACACS, Extended TACACS, or TACACS+ verification.
|
| |
tacacs-server directed-request
|
Sends only a username to a specified server when a direct request is issued in association with TACACS, Extended TACACS, and TACACS+.
|
| |
tacacs-server dns-alias-lookup
|
Enables IP Domain Name System alias lookup for TACACS+.
|
| |
tacacs-server extended
|
Enables an extended TACACS mode.
|
| |
tacacs-server host
|
Specifies a TACACS, Extended TACACS, or TACACS+ host.
|
| |
tacacs-server key
|
Sets the authentication encryption key used for all TACACS+ communications between the access server and the TACACS+ daemon.
|
| |
tacacs-server last-resort
|
Causes the network access server to request the privileged password as verification for TACACS or Extended TACACS or to allow successful login without further input from the user.
|
| |
tacacs-server login-timeout
|
Specifies the maximum amount of time in seconds to wait for a TACACs login.
|
| |
tacacs-server optional-passwords
|
Specifies that the first TACACS request to a TACACS or Extended TACACS server be made without password verification.
|
| |
tacacs-server retransmit
|
Specifies the number of times the Cisco IOS software searches the list of TACACS or Extended TACACS server hosts before giving up.
|
| |
tacacs-server timeout
|
Sets the interval that the server waits for a TACACS, Extended TACACS, or TACACS+ server to reply.
|
| |
udld enable
|
Enables UDLD on all switch ports.
|
| |
vtp file
|
Modify the VTP configuration storage filename.
|
| |
wrr-queue bandwidth
|
Assigns WRR weights to the four CoS priority queues.
|
| |
wrr-queue cos-map
|
Assigns CoS values to the CoS priority queues.
|
VLAN database mode
|
|
| |
abort
|
Abandons the proposed new VLAN database, and return to privileged EXEC mode.
|
| |
apply
|
Implements the proposed new VLAN database, propagate it throughout the administrative domain, and remain in VLAN database mode.
|
| |
exit
|
Implements the proposed new VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.
|
| |
reset
|
Abandons the proposed new VLAN database, and remain in VLAN database mode.
|
| |
show changes
|
Displays the differences between the currently implemented VLAN database on the switch and the proposed new VLAN database.
|
| |
show current
|
Displays the currently implemented VLAN database on the switch or a single selected VLAN from it.
|
| |
show proposed
|
Displays the proposed new VLAN database or a single selected VLAN from it.
|
| |
vlan
|
Configures a VLAN by its VLAN ID.
|
| |
vtp
|
Configures the VTP mode.
|
| |
vtp domain
|
Configures the VTP administrative domain.
|
| |
vtp password
|
Configures the VTP password.
|
| |
vtp v2-mode
|
Enables VTP version 2 mode in the administrative domain.
|
Interface configuration mode
|
|
| |
duplex
|
Specifies the duplex mode of operation for a port.
|
| |
flowcontrol
|
Controls traffic rates during congestion.
|
| |
management
|
Shuts down the current management VLAN interface.
|
| |
ntp broadcast client
|
Allows the system to receive NTP broadcast packets on a port.
|
| |
ntp broadcast destination
|
Configures an NTP server or peer to restrict broadcast of NTP frames to the IP address of a designated client or a peer.
|
| |
ntp broadcast key
|
Configures an NTP server or peer to broadcast NTP frames with the authentication key embedded into the NTP packet.
|
| |
ntp broadcast version
|
Specifies a port to send NTP broadcast packets.
|
| |
ntp disable
|
Prevents a port from receiving NTP packets.
|
| |
ip address
|
Sets a primary or secondary IP address of a VLAN interface.
|
| |
port group
|
Places a port into a port aggregation group.
|
| |
port monitor
|
Implements port monitoring on this port.
|
| |
port protected
|
Isolates unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch.
|
| |
port security
|
Enables port security on a port.
|
| |
port storm-control
|
Disables broadcast, multicast, or unicast traffic if too many packets are seen on this port.
|
| |
rmon collection stats
|
Collect Ethernet group statistics.
|
| |
shutdown
|
Disables a port.
|
| |
spanning-tree cost
|
Sets a different path cost.
|
| |
spanning-tree portfast
|
Enables the Port Fast option on the switch.
|
| |
spanning-tree port-priority
|
Configures the STP priority of a port.
|
| |
spanning-tree rootguard
|
Enables the root guard feature for all the VLANs associated with the specified port. Controls which ports are allowed to be STP root ports.
|
| |
speed
|
Specifies the speed of a port.
|
| |
switchport access
|
Configures a port as an access or dynamic VLAN port.
|
| |
switchport mode
|
Configures the VLAN membership mode of a port.
|
| |
switchport priority
|
Configures a port priority for untagged (native Ethernet) frames to provide quality of service (QoS). Also sets the priority of frames received by the appliance connected to the specified port.
|
| |
switchport trunk allowed vlan
|
Controls which VLANs can receive and transmit traffic on the trunk.
|
| |
switchport trunk native
|
Sets the native VLAN for untagged traffic when in IEEE 802.1Q trunking mode.
|
| |
udld
|
Enables or disables UDLD on a port.
|
Line configuration mode
|
|
| |
login authentication
|
Applies the authentication list to a line or set of lines.
|
| |
login local
|
Changes a login username.
|
| |
login tacacs
|
Configures your switch to use TACACS user authentication.
|
For detailed command syntax and descriptions, see "Cisco IOS Commands." For task-oriented configuration steps, see the Catalyst 2950 Desktop Switch Software Configuration Guide, Cisco IOS Release 12.0(5)WC(1).
