Catalyst 3750 Switch Command Reference, 12.2(25)SEE
Catalyst 3750 Switch Cisco IOS Commands - rmon collection through show vtp

Table Of Contents

rmon collection stats

sdm prefer

service password-recovery

service-policy

session

set

setup

setup express

show access-lists

show archive status

show arp access-list

show auto qos

show boot

show cable-diagnostics tdr

show class-map

show cluster

show cluster candidates

show cluster members

show controllers cpu-interface

show controllers ethernet-controller

show controllers power inline

show controllers tcam

show controllers utilization

show diagnostic

show dot1q-tunnel

show dot1x

show dtp

show eap

show env

show errdisable detect

show errdisable flap-values

show errdisable recovery

show etherchannel

show flowcontrol

show idprom

show interfaces

show interfaces counters

show inventory

show ip arp inspection

show ip dhcp snooping

show ip dhcp snooping binding

show ip dhcp snooping database

show ip igmp profile

show ip igmp snooping

show ip igmp snooping groups

show ip igmp snooping mrouter

show ip igmp snooping querier

show ip source binding

show ip verify source

show ipc

show ipv6 access-list

show ipv6 mld snooping

show ipv6 mld snooping address

show ipv6 mld snooping mrouter

show ipv6 mld snooping querier

show l2protocol-tunnel

show lacp

show link state group

show mac access-group

show mac address-table

show mac address-table address

show mac address-table aging-time

show mac address-table count

show mac address-table dynamic

show mac address-table interface

show mac address-table move update

show mac address-table notification

show mac address-table static

show mac address-table vlan

show mls qos

show mls qos aggregate-policer

show mls qos input-queue

show mls qos interface

show mls qos maps

show mls qos queue-set

show mls qos vlan

show monitor

show mvr

show mvr interface

show mvr members

show pagp

show parser macro

show policy-map

show port-security

show power inline

show sdm prefer

show setup express

show spanning-tree

show storm-control

show switch

show system mtu

show udld

show version

show vlan

show vlan access-map

show vlan filter

show vmps

show vtp


2]

rmon collection stats

Use the rmon collection stats interface configuration command on the switch stack or on a standalone switch to collect Ethernet group statistics, which include usage statistics about broadcast and multicast packets, and error statistics about cyclic redundancy check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.

rmon collection stats index [owner name]

no rmon collection stats index [owner name]

Syntax Description

index

Remote Network Monitoring (RMON) collection control index. The range is 1 to 65535.

owner name

(Optional) Owner of the RMON collection.


Defaults

The RMON statistics collection is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(11)AX

This command was introduced.


Usage Guidelines

The RMON statistics collection command is based on hardware counters.

Examples

This example shows how to collect RMON statistics for the owner root:

Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# rmon collection stats 2 owner root

You can verify your setting by entering the show rmon statistics privileged EXEC command.

Related Commands

Command
Description

show rmon statistics

Displays RMON statistics.

For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > System Management Commands > RMON Commands.


sdm prefer

Use the sdm prefer global configuration command on the switch stack or on a standalone switch to configure the template used in Switch Database Management (SDM) resource allocation. You can use a template to allocate system resources to best support the features being used in your application. Use a template to provide maximum system usage for unicast routing or for VLAN configuration, to change an aggregator template (Catalyst 3750-12S only) to a desktop template, or to select the dual IPv4 and IPv6 template to support IPv6 forwarding (supported only when the switch stack is running the advanced IP services image). Use the no form of this command to return to the default template.

sdm prefer {access | default | dual-ipv4-and-ipv6 {default | routing | vlan} | routing | vlan} [desktop]

no sdm prefer

Syntax Description

access

Provide maximum system usage for access control lists (ACLs). Use this template if you have a large number of ACLs.

default

Sets the switch to use the default template. On Catalyst 3750-12S switches, use with the desktop keyword to set the switch to the default desktop template. (Use the no sdm prefer command to set a desktop switch to the default desktop template or to set an aggregator switch to the default aggregator template.)

dual-ipv4-and-ipv6 {default | routing | vlan}

Select a template that supports both IPv4 and IPv6 routing.

default—Provide balance to IPv4 and IPv6 Layer 2 and Layer 3 functionality.

routing—Provide maximum system usage for IPv4 and IPv6 routing, including IPv4 policy-based routing.

vlan—Provide maximum system usage for IPv4 and IPv6 VLANs.

Note Though visible on all switches, this option is supported only if the switch stack or switch is running the advanced IP services image.

routing

Provide maximum system usage for unicast routing. You would typically use this template for a router or aggregator in the middle of a network.

vlan

Provide maximum system usage for VLANs. This template maximizes system resources for use as a Layer 2 switch with no routing.

desktop

Use only on a Catalyst 3750-12S switch (where aggregator templates are the default) to select the desktop default, routing, or vlan template.


Defaults

The default template provides a balance to all features.

Command Modes

Global configuration

Command History

Release
Modification

12.1(11)AX

This command was introduced.

12.1(14)EA1

The aggregator templates were added.

12.2(25)SEA

The dual-ipv4-and-ipv6 templates were added.

12.2(25)SED

The access templates were added.

12.2(25)SEE

The dual-ipv4-and-ipv6 routing template was added.


Usage Guidelines

You must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.

Desktop switches support only desktop templates; an aggregator switch (Catalyst 3750-12S) supports both desktop and aggregator templates. On an aggregator switch, if you do not enter the desktop keyword, the aggregator templates are selected.

All stack members use the same SDM desktop or aggregator template, stored on the stack master. When a new switch member is added to a stack, as with the switch configuration file and VLAN database file, the SDM configuration that is stored on the stack master overrides the template configured on an individual switch.

To route IPv6 packets in a stack of switches, all switches in the stack should be running the advanced IP services image. The IPv6 packets are routed in hardware across the stack, as long as the packet does not have exceptions (IPv6Options) and the switches have not run out of hardware resources.

If a stack member cannot support the template that is running on the master switch, the switch goes into SDM mismatch mode, the master switch does not attempt to change the SDM template, and the switch cannot be a functioning member of the stack.

If the master switch is a Catalyst 3750-12S, and you change the template from an aggregator template to a desktop template and reload the switch, the entire stack operates with the selected desktop template. This could cause configuration losses if the number of ternary content addressable memory (TCAM) entries exceeds the desktop template sizes.

If you change the template on a Catalyst 3750-12S master from a desktop template to an aggregator template and reload the switch, any desktop switches that were part of the stack go into SDM mismatch mode.

If you add a Catalyst 3750-12S switch that is running the aggregator template to a stack that has a desktop switch as the stack master, the stack operates with the desktop template selected on the stack master. This could cause configuration losses on the Catalyst 3750-12S stack member if the number of TCAM entries on it exceeds desktop template sizes.

For more information about stacking, see the "Managing Switch Stacks" chapter in the software configuration guide.

The access template maximizes system resources for access control lists (ACLs) as required to accommodate a large number of ACLs.

The default templates balance the use of system resources.

Use the sdm prefer vlan [desktop] global configuration command only on switches intended for Layer 2 switching with no routing. When you use the VLAN template, no system resources are reserved for routing entries, and any routing is done through software. This overloads the CPU and severely degrades routing performance.

Do not use the routing template if you do not have routing enabled on your switch. Entering the sdm prefer routing [desktop] global configuration command prevents other features from using the memory allocated to unicast routing in the routing template.

Do not use the ipv4-and-ipv6 templates if you do not plan to enable IPv6 routing on the switch. Entering the sdm prefer ipv4-and-ipv6 {default | routing | vlan} [desktop] global configuration command divides resources between IPv4 and IPv6, limiting those allocated to IPv4 forwarding.

Table 2-15 lists the approximate number of each resource supported in each of the IPv4-only templates for a desktop or aggregator switch. The values in the template are based on eight routed interfaces and approximately one thousand VLANs and represent the approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.

Table 2-15 Approximate Number of Feature Resources Allowed by IPv4Templates 

Resource
Desktop Templates
Aggregator Templates
Access
Default
Routing
VLAN
Access
Default
Routing
VLAN

Unicast MAC addresses

4 K

6 K

3 K

12 K

6 K

6 K

6 K

12 K

Internet Group Management Protocol (IGMP) groups and multicast routes

1 K

1 K

1 K

1 K

1 K

1 K

1 K

1 K

Unicast routes

6 K

8 K

11 K

0

12 K

12 K

20 K

0

Directly connected hosts

4 K

6 K

3 K

0

6 K

6 K

6 K

0

Indirect routes

2 K

2 K

8 K

0

6 K

6 K

14 K

0

Policy-based routing access control entries (ACEs)

512

0

512

0

512

0

512

0

Quality of service (QoS) classification ACEs

512

512

512

512

896

896

512

896

Security ACEs

2 K

1 K

1 K

1 K

4 K

1 K

1 K

1 K

Layer 2 VLANs

1 K

1 K

1 K

1 K

1 K

1 K

1 K

1 K


Table 2-16lists the approximate number of each resource supported in each of the dual IPv4-and IPv6 templates for a desktop or aggregator switch.

Table 2-16 Approximate Feature Resources Allowed by Dual IPv4-IPv6 Templates 

Resource
Desktop IPv4-and-IPv6 Templates
Aggregator IPv4-and-IPv6 Templates
Default
Routing
VLAN
Default
Routing
VLAN

Unicast MAC addresses

2 K

1536

8 K

2 K

2K

8 K

IPv4 IGMP groups and multicast routes

1 K

1K

1 K

1 K

1 K

0

Total IPv4 unicast routes:

3 K

2816

0

3 K

8K

0

Directly connected IPv4 hosts

2 K

1536

0

2 K

2K

0

Indirect IPv4 routes

1 K

1280

0

1 K

6K

1 K

IPv6 multicast groups

1 K

1152

1 K

1 K

2176

1 K

Total IPv6 unicast routes:

3 K

2816

0

3 K

8K

0

Directly connected IPv6 addresses

2 K

1536

0

2 K

2K

0

Indirect IPv6 unicast routes

1 K

1280

0

1 K

6K

0

IPv4 policy-based routing ACEs

0

256

0

0

512

0

IPv4 or MAC QoS ACEs (total)

512

512

512

876

896

876

IPv4 or MAC security ACEs (total)

1 K

512

1 K

512

1K

1 K

IPv6 policy-based routing ACEs1

0

255

0

0

510

0

IPv6 QoS ACEs

510

510

510

876

510

876

IPv6 security ACEs

510

510

510

876

510

876

1 IPv6 policy-based routing is not supported in this release.


Examples

This example shows how to configure the access template on a desktop switch:

Switch(config)# sdm prefer access
Switch(config)# exit
Switch# reload

This example shows how to configure the routing template on a desktop switch:

Switch(config)# sdm prefer routing
Switch(config)# exit
Switch# reload

This example shows how to configure the desktop routing template on an aggregator switch:

Switch(config)# sdm prefer routing desktop
Switch(config)# exit
Switch# reload

This example shows how to configure the dual IPv4-and-IPv6 default template on a desktop switch:

Switch(config)# sdm prefer dual-ipv4-and-ipv6 default
Switch(config)# exit
Switch# reload

This example shows how to change a switch template to the default template. On an aggregator switch, this is the default aggregator template; on a desktop switch, this is the default desktop template.

Switch(config)# no sdm prefer
Switch(config)# exit
Switch# reload

This example shows how to configure the desktop default template on an aggregator switch:

Switch(config)# sdm prefer default desktop
Switch(config)# exit
Switch# reload

You can verify your settings by entering the show sdm prefer privileged EXEC command.

Related Commands

Command
Description

show sdm prefer

Displays the current SDM template in use or displays the templates that can be used, with approximate resource allocation per feature.


service password-recovery

Use the service password-recovery global configuration command on the switch stack or on a standalone switch to enable the password-recovery mechanism (the default). This mechanism allows an end user with physical access to the switch to hold down the Mode button and interrupt the boot process while the switch is powering up and to assign a new password. Use the no form of this command to disable part of the password-recovery functionality. When the password-recovery mechanism is disabled, interrupting the boot process is allowed only if the user agrees to set the system back to the default configuration.

service password-recovery

no service password-recovery

Syntax Description

This command has no arguments or keywords.

Defaults

The password-recovery mechanism is enabled.

Command Modes

Global configuration

Command History

Release
Modification

12.1(11)AX

This command was introduced.


Usage Guidelines

As a system administrator, you can use the no service password-recovery command to disable some of the functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration.

The password-recovery mechanism has been triggered, but
is currently disabled.  Access to the boot loader prompt
through the password-recovery mechanism is disallowed at
this point.  However, if you agree to let the system be
reset back to the default system configuration, access
to the boot loader prompt can still be allowed.

Would you like to reset the system back to the default configuration (y/n)?

If the user chooses not to reset the system to the default configuration, the normal boot process continues, as if the Mode button had not been pressed. If you choose to reset the system to the default configuration, the configuration file in flash memory is deleted, and the VLAN database file, flash:vlan.dat (if present), is deleted.


Note If you use the no service password-recovery command to control end user access to passwords, we recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to default values. Do not keep a backup copy of the config file on the switch.

If the switch is operating in VTP transparent mode, we recommend that you also save a copy of the vlan.dat file in a location away from the switch.


When you enter the service password-recovery or no service password-recovery command on the stack master, it is propagated throughout the stack and applied to all switches in the stack.

You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command.

Examples

This example shows how to disable password recovery on a switch or switch stack so that a user can only reset a password by agreeing to return to the default configuration.

Switch(config)# no service-password recovery
Switch(config)# exit

Related Commands

Command
Description

show version

Displays version information for the hardware and firmware.


service-policy

Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a physical port or a switch virtual interface (SVI). Use the no form of this command to remove the policy map and port association.

service-policy input policy-map-name

no service-policy input policy-map-name

Syntax Description

input policy-map-name

Apply the specified policy map to the input of a physical port or an SVI.



Note Though visible in the command-line help strings, the history keyword is not supported, and you should ignore the statistics that it gathers. The output keyword is also not supported.


Defaults

No policy maps are attached to the port.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(11)AX

This command was introduced.

12.2(25)SE

A policy map can now be applied to a physical port or an SVI.

12.2(25)SED

Hierarchical policy-maps can now be applied to an SVI.


Usage Guidelines

Only one policy map per ingress port is supported. In software releases earlier than Cisco IOS Release 12.2(25)SE, policy maps can be configured only on physical ports.

In Cisco IOS Release 12.2(25)SE or later, policy maps can be configured on physical ports or on SVIs. When VLAN-based quality of service (QoS) is disabled by using the no mls qos vlan-based interface configuration command on a physical port, you can configure a port-based policy map on the port. If VLAN-based QoS is enabled by using the mls qos vlan-based interface configuration command on a physical port, the switch removes the previously configured port-based policy map. After a hierarchical policy map is configured and applied on an SVI, the interface-level policy map takes effect on the interface.

In software releases earlier than Cisco IOS Release 12.2(25)SE, you can apply a policy map only to the incoming traffic on a physical port. In Cisco IOS Release 12.2(25)SE or later, you can apply a policy map to incoming traffic on a physical port or on an SVI. In Cisco IOS Release 12.2(25)SED or later, you can configure different interface-level policy maps for each class defined in the VLAN-level policy map. For more information about hierarchical policy maps, see the "Configuring QoS" chapter in the software configuration guide for this release.

Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and a policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last one configured overwrites the previous configuration.

Policy maps that use the police aggregate command fail when applied to a 10-Gigabit Ethernet interface.

Examples

This example shows how to apply plcmap1 to an physical ingress port:

Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# service-policy input plcmap1

This example shows how to remove plcmap2 from a physical port:

Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# no service-policy input plcmap2

This example shows how to apply plcmap1 to an ingress SVI when VLAN-based QoS is enabled:

Switch(config)# interface vlan 10
Switch(config-if)# service-policy input plcmap1

This example shows how to create a hierarchical policy map and attach it to an SVI:

Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#access-list 101 permit ip any any 
Switch(config)#class-map cm-1 
Switch(config-cmap)#match access 101 
Switch(config-cmap)#exit 
Switch(config)#exit 
Switch#
Switch# 
Switch#config t 
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#class-map cm-interface-1
Switch(config-cmap)#match input g3/0/1 - g3/0/2 
Switch(config-cmap)#exit
Switch(config)#policy-map port-plcmap 
Switch(config-pmap)#class-map cm-interface-1 
Switch(config-pmap-c)#police 900000 9000 exc policed-dscp-transmit 
Switch(config-pmap-c)#exit 
Switch(config-pmap)#exit
Switch(config)#policy-map vlan-plcmap 
Switch(config-pmap)#class-map cm-1 
Switch(config-pmap-c)#set dscp 7 
Switch(config-pmap-c)#service-policy port-plcmap-1 
Switch(config-pmap-c)#exit 
Switch(config-pmap)#class-map cm-2
Switch(config-pmap-c)#match ip dscp 2
Switch(config-pmap-c)#service-policy port-plcmap-1
Switch(config-pmap)#exit
Switch(config-pmap)#class-map cm-3
Switch(config-pmap-c)#match ip dscp 3
Switch(config-pmap-c)#service-policy port-plcmap-2
Switch(config-pmap)#exit
Switch(config-pmap)#class-map cm-4
Switch(config-pmap-c)#trust dscp 
Switch(config-pmap)#exit
Switch(config)#int vlan 10
Switch(config-if)# 
Switch(config-if)#ser input vlan-plcmap 
Switch(config-if)#exit 
Switch(config)#exit 
Switch#

You can verify your settings by entering the show running-config privileged EXEC command.

Related Commands

Command
Description

policy-map

Creates or modifies a policy map that can be attached to multiple ports to specify a service policy.

show policy-map

Displays QoS policy maps.

show running-config

Displays the running configuration on the switch. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.


session

Use the session privileged EXEC command on the stack master to access a specific stack member.

session stack-member-number

Syntax Description

stack-member-number

Specify the stack member number. The range is 1 to 9.


Defaults

No default is defined.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(11)AX

This command was introduced.


Usage Guidelines

When you access the stack member, its stack member number is appended to the system prompt.

Examples

This example shows how to access stack member 6:

Switch# session 6
Switch-6#

Related Commands

Command
Description

reload

Reloads the stack member and puts a configuration change into effect.

switch priority

Changes the stack member priority value.

switch renumber

Changes the stack member number.

show switch

Displays information about the switch stack and its stack members.


set

Use the set policy-map class configuration command on the switch stack or on a standalone switch to classify IP traffic by setting a Differentiated Services Code Point (DSCP) or an IP-precedence value in the packet. Use the no form of this command to remove traffic classification.

set {dscp new-dscp | [ip] precedence new-precedence}

no set {dscp new-dscp | [ip] precedence new-precedence}

Syntax Description

dscp new-dscp

New DSCP value assigned to the classified traffic. The range is 0 to 63. You also can enter a mnemonic name for a commonly used value.

[ip] precedence new-precedence

New IP-precedence value assigned to the classified traffic. The range is 0 to 7. You also can enter a mnemonic name for a commonly used value.


Defaults

No traffic classification is defined.

Command Modes

Policy-map class configuration

Command History

Release
Modification

12.1(11)AX

This command was introduced.

12.2(25)SE

The ip dscp new-dscp keyword was changed to dscp new-dscp.

The set dscp new-dscp command replaces the set ip dscp new-dscp command.

12.2(25)SEC

The ip keyword is optional.


Usage Guidelines

In Cisco IOS Release 12.2(25)SE or later, if you have used the set ip dscp command, the switch changes this command to set dscp in the switch configuration. If you enter the set ip dscp command, this setting appears as set dscp in the switch configuration.

In Cisco IOS Release 12.2(25)SEC or later, you can use the set ip precedence or the set precedence command. This setting appears as set ip precedence in the switch configuration.

The set command is mutually exclusive with the trust policy-map class configuration command within the same policy map.

For the set dscp new-dscp or the set ip precedence new-precedence command, you can enter a mnemonic name for a commonly used value. For example, you can enter the set dscp af11 command, which is the same as entering the set dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set dscp ? or the set ip precedence ? command to see the command-line help strings.

To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.

Examples

This example shows how to assign DSCP 10 to all FTP traffic without any policers:

Switch(config)# policy-map policy_ftp
Switch(config-pmap)# class ftp_class
Switch(config-pmap-c)# set dscp 10
Switch(config-pmap)# exit

You can verify your settings by entering the show policy-map privileged EXEC command.

Related Commands

Command
Description

class

Defines a traffic classification match criteria (through the police, set, and trust policy-map class configuration commands) for the specified class-map name.

police

Defines a policer for classified traffic.

policy-map

Creates or modifies a policy map that can be attached to multiple ports to specify a service policy.

show policy-map

Displays QoS policy maps.

trust

Defines a trust state for traffic classified through the class policy-map configuration command or the class-map global configuration command.


setup

Use the setup privileged EXEC command to configure the switch with its initial configuration.

setup

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(11)AX

This command was introduced.


Usage Guidelines

When you use the setup command, make sure that you have this information:

IP address and network mask

Password strategy for your environment

Whether the switch will be used as the cluster command switch and the cluster name

When you enter the setup command, an interactive dialog, called the System Configuration Dialog, appears. It guides you through the configuration process and prompts you for information. The values shown in brackets next to each prompt are the default values last set by using either the setup command facility or the configure privileged EXEC command.

Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt.

To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.

When you complete your changes, the setup program shows you the configuration command script that was created during the setup session. You can save the configuration in NVRAM or return to the setup program or the command-line prompt without saving it.

Examples

This is an example of output from the setup command:

Switch# setup
--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system.

Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:

Enter host name [Switch]:host-name

  The enable secret is a password used to protect access to
  privileged EXEC and configuration modes. This password, after
  entered, becomes encrypted in the configuration.
  Enter enable secret: enable-secret-password

  The enable password is used when you do not specify an
  enable secret password, with some older software versions, and
  some boot images.
  Enter enable password: enable-password

  The virtual terminal password is used to protect
  access to the router over a network interface.
  Enter virtual terminal password: terminal-password

  Configure SNMP Network Management? [no]: yes
  Community string [public]: 

Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Protocol
Vlan1                      172.20.135.202  YES NVRAM  up                    up

GigabitEthernet6/0/1         unassigned      YES unset  up                    up

GigabitEthernet6/0/2         unassigned      YES unset  up                    down

<output truncated>

Port-channel1              unassigned      YES unset  up                    down

Enter interface name used to connect to the
management network from the above interface summary: vlan1

Configuring interface vlan1:
Configure IP on this interface? [yes]: yes 
IP address for this interface: ip_address
Subnet mask for this interface [255.0.0.0]: subnet_mask

Would you like to enable as a cluster command switch? [yes/no]: yes

Enter cluster name: cluster-name

The following configuration command script was created:

hostname host-name
enable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0
enable password enable-password
line vty 0 15
password terminal-password
snmp-server community public
!
no ip routing
!
interface GigabitEthernet6/0/1
no ip address
!
interface GigabitEthernet6/0/2
no ip address
! 

cluster enable cluster-name
!
end
Use this configuration? [yes/no]: yes
!
[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.

[2] Save this configuration to nvram and exit.

Enter your selection [2]:

Related Commands

Command
Description

show running-config

Displays the running configuration on the switch. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.

show version

Displays version information for the hardware and firmware.


setup express

Use the setup express global configuration command to enable Express Setup mode on the switch stack or on a standalone switch. Use the no form of this command to disable Express Setup mode.

setup express

no setup express

Syntax Description

This command has no arguments or keywords.

Defaults

Express Setup is enabled.

Command Modes

Global configuration

Command History

Release
Modification

12.1(14)EA1

This command was introduced.


Usage Guidelines

When Express Setup is enabled on a new (unconfigured) switch, pressing the Mode button for 2 seconds activates Express Setup. You can access the switch through an Ethernet port by using the IP address 10.0.0.1 and then can configure the switch with the web-based Express Setup program or the command-line interface (CLI)-based setup program.

When you press the Mode button for 2 seconds on a configured switch, the LEDs above the Mode button start blinking. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots. The switch can then be configured like a new switch, either through the web-based Express Setup program or the CLI-based setup program.


Note As soon as you make any change to the switch configuration (including entering no at the beginning of the CLI-based setup program), configuration by Express Setup is no longer available. You can only run Express Setup again by pressing the Mode button for 10 seconds. This deletes the switch configuration and reboots the switch.


If Express Setup is active on the switch, entering the write memory or copy running-configuration startup-configuration privileged EXEC commands deactivates Express Setup. The IP address 10.0.0.1 is no longer valid on the switch, and your connection using this IP address ends.

The primary purpose of the no setup express command is to prevent someone from deleting the switch configuration by pressing the Mode button for 10 seconds.

Examples

This example shows how to enable Express Setup mode:

Switch(config)# setup express

You can verify that Express Setup mode is enabled by pressing the Mode button:

On an unconfigured switch, the LEDs above the Mode button turn solid green after 3 seconds.

On a configured switch, the mode LEDs begin blinking after 2 seconds and turn solid green after 10 seconds.


Caution If you hold the Mode button down for a total of 10 seconds, the configuration is deleted, and the switch reboots.

This example shows how to disable Express Setup mode:

Switch(config)# no setup express

You can verify that Express Setup mode is disabled by pressing the Mode button. The mode LEDs do not turn solid green or begin blinking green if Express Setup mode is not enabled on the switch.

Related Commands

Command
Description

show setup express

Displays if Express Setup mode is active.


show access-lists

Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch.

show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression]

Syntax Description

name

(Optional) Name of the ACL.

number

(Optional) ACL number. The range is 1 to 2699.

hardware counters

(Optional) Display global hardware ACL statistics for switched and routed packets.

ipc

(Optional) Display Interprocess Communication (IPC) protocol access-list configuration download information.

| begin

(Optional) Display begins with the line that matches the expression.

| exclude

(Optional) Display excludes lines that match the expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.



Note Though visible in the command-line help strings, the rate-limit keywords are not supported.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(11)AX

This command was introduced.

12.1(14)EA1

The ipc keyword was added.


Usage Guidelines

The switch supports only IP standard and extended access lists. Therefore, the allowed numbers are only 1 to 199 and 1300 to 2699.

This command also displays the MAC ACLs that are configured.

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.

Examples

This is an example of output from the show access-lists command:

Switch# show access-lists
Standard IP access list 1
    10 permit 1.1.1.1
    20 permit 2.2.2.2
    30 permit any
    40 permit 0.255.255.255, wildcard bits 12.0.0.0
Standard IP access list videowizard_1-1-1-1
    10 permit 1.1.1.1
Standard IP access list videowizard_10-10-10-10
    10 permit 10.10.10.10
Extended IP access list 121
    10 permit ahp host 10.10.10.10 host 20.20.10.10 precedence routine
Extended IP access list CMP-NAT-ACL
    Dynamic Cluster-HSRP deny   ip any any
    10 deny ip any host 19.19.11.11
    20 deny ip any host 10.11.12.13
    Dynamic Cluster-NAT permit ip any any
    10 permit ip host 10.99.100.128 any
    20 permit ip host 10.46.22.128 any
    30 permit ip host 10.45.101.64 any
    40 permit ip host 10.45.20.64 any
    50 permit ip host 10.213.43.128 any
    60 permit ip host 10.91.28.64 any
    70 permit ip host 10.99.75.128 any
    80 permit ip host 10.38.49.0 any 

This is an example of output from the show access-lists hardware counters command:

Switch# show access-lists hardware counters
L2 ACL INPUT Statistics
     Drop:                All frame count: 855
     Drop:                All bytes count: 94143
     Drop And Log:        All frame count: 0
     Drop And Log:        All bytes count: 0
     Bridge Only:         All frame count: 0
     Bridge Only:         All bytes count: 0
     Bridge Only And Log: All frame count: 0
     Bridge Only And Log: All bytes count: 0
     Forwarding To CPU:   All frame count: 0
     Forwarding To CPU:   All bytes count: 0
     Forwarded:           All frame count: 2121
     Forwarded:           All bytes count: 180762
     Forwarded And Log:   All frame count: 0
     Forwarded And Log:   All bytes count: 0

 L3 ACL INPUT Statistics
     Drop:                All frame count: 0
     Drop:                All bytes count: 0
     Drop And Log:        All frame count: 0
     Drop And Log:        All bytes count: 0
     Bridge Only:         All frame count: 0
     Bridge Only:         All bytes count: 0
     Bridge Only And Log: All frame count: 0
     Bridge Only And Log: All bytes count: 0
     Forwarding To CPU:   All frame count: 0
     Forwarding To CPU:   All bytes count: 0
     Forwarded:           All frame count: 13586
     Forwarded:           All bytes count: 1236182
     Forwarded And Log:   All frame count: 0
     Forwarded And Log:   All bytes count: 0

 L2 ACL OUTPUT Statistics
     Drop:                All frame count: 0
     Drop:                All bytes count: 0
     Drop And Log:        All frame count: 0
     Drop And Log:        All bytes count: 0
     Bridge Only:         All frame count: 0
     Bridge Only:         All bytes count: 0
     Bridge Only And Log: All frame count: 0
     Bridge Only And Log: All bytes count: 0
     Forwarding To CPU:   All frame count: 0
     Forwarding To CPU:   All bytes count: 0
     Forwarded:           All frame count: 232983
     Forwarded:           All bytes count: 16825661
     Forwarded And Log:   All frame count: 0
     Forwarded And Log:   All bytes count: 0

 L3 ACL OUTPUT Statistics
     Drop:                All frame count: 0
     Drop:                All bytes count: 0
     Drop And Log:        All frame count: 0
     Drop And Log:        All bytes count: 0
     Bridge Only:         All frame count: 0