-
Catalyst 3750 Switch Command Reference, 12.2(25)SEE
-
Index
-
Preface
-
Using the Command-Line Interface
-
Catalyst 3750 Switch Cisco IOS Commands - aaa accounting through renew ip dhcp
-
Catalyst 3750 Switch Cisco IOS Commands - rmon collection through show vtp
-
Catalyst 3750 Switch Cisco IOS Commands - shutdown through vtp
-
Catalyst 3750 Switch Boot Loader Commands
-
Catalyst 3750 Switch Debug Commands
-
Catalyst 3750 Switch Show Platform Commands
-
Table Of Contents
show controllers cpu-interface
show controllers ethernet-controller
show ip dhcp snooping database
show ipv6 mld snooping address
show ipv6 mld snooping mrouter
show ipv6 mld snooping querier
show mac address-table address
show mac address-table aging-time
show mac address-table dynamic
show mac address-table interface
show mac address-table move update
show mac address-table notification
show mls qos aggregate-policer
2]rmon collection stats
Use the rmon collection stats interface configuration command on the switch stack or on a standalone switch to collect Ethernet group statistics, which include usage statistics about broadcast and multicast packets, and error statistics about cyclic redundancy check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
rmon collection stats index [owner name]
no rmon collection stats index [owner name]
Syntax Description
index
Remote Network Monitoring (RMON) collection control index. The range is 1 to 65535.
owner name
(Optional) Owner of the RMON collection.
Defaults
The RMON statistics collection is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
The RMON statistics collection command is based on hardware counters.
Examples
This example shows how to collect RMON statistics for the owner root:
Switch(config)# interface gigabitethernet2/0/1Switch(config-if)# rmon collection stats 2 owner rootYou can verify your setting by entering the show rmon statistics privileged EXEC command.
Related Commands
sdm prefer
Use the sdm prefer global configuration command on the switch stack or on a standalone switch to configure the template used in Switch Database Management (SDM) resource allocation. You can use a template to allocate system resources to best support the features being used in your application. Use a template to provide maximum system usage for unicast routing or for VLAN configuration, to change an aggregator template (Catalyst 3750-12S only) to a desktop template, or to select the dual IPv4 and IPv6 template to support IPv6 forwarding (supported only when the switch stack is running the advanced IP services image). Use the no form of this command to return to the default template.
sdm prefer {access | default | dual-ipv4-and-ipv6 {default | routing | vlan} | routing | vlan} [desktop]
no sdm prefer
Syntax Description
Defaults
The default template provides a balance to all features.
Command Modes
Global configuration
Command History
Usage Guidelines
You must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
Desktop switches support only desktop templates; an aggregator switch (Catalyst 3750-12S) supports both desktop and aggregator templates. On an aggregator switch, if you do not enter the desktop keyword, the aggregator templates are selected.
All stack members use the same SDM desktop or aggregator template, stored on the stack master. When a new switch member is added to a stack, as with the switch configuration file and VLAN database file, the SDM configuration that is stored on the stack master overrides the template configured on an individual switch.
To route IPv6 packets in a stack of switches, all switches in the stack should be running the advanced IP services image. The IPv6 packets are routed in hardware across the stack, as long as the packet does not have exceptions (IPv6Options) and the switches have not run out of hardware resources.
If a stack member cannot support the template that is running on the master switch, the switch goes into SDM mismatch mode, the master switch does not attempt to change the SDM template, and the switch cannot be a functioning member of the stack.
•
If the master switch is a Catalyst 3750-12S, and you change the template from an aggregator template to a desktop template and reload the switch, the entire stack operates with the selected desktop template. This could cause configuration losses if the number of ternary content addressable memory (TCAM) entries exceeds the desktop template sizes.
•
•
For more information about stacking, see the "Managing Switch Stacks" chapter in the software configuration guide.
The access template maximizes system resources for access control lists (ACLs) as required to accommodate a large number of ACLs.
The default templates balance the use of system resources.
Use the sdm prefer vlan [desktop] global configuration command only on switches intended for Layer 2 switching with no routing. When you use the VLAN template, no system resources are reserved for routing entries, and any routing is done through software. This overloads the CPU and severely degrades routing performance.
Do not use the routing template if you do not have routing enabled on your switch. Entering the sdm prefer routing [desktop] global configuration command prevents other features from using the memory allocated to unicast routing in the routing template.
Do not use the ipv4-and-ipv6 templates if you do not plan to enable IPv6 routing on the switch. Entering the sdm prefer ipv4-and-ipv6 {default | routing | vlan} [desktop] global configuration command divides resources between IPv4 and IPv6, limiting those allocated to IPv4 forwarding.
Table 2-15 lists the approximate number of each resource supported in each of the IPv4-only templates for a desktop or aggregator switch. The values in the template are based on eight routed interfaces and approximately one thousand VLANs and represent the approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.
Table 2-16lists the approximate number of each resource supported in each of the dual IPv4-and IPv6 templates for a desktop or aggregator switch.
Table 2-16 Approximate Feature Resources Allowed by Dual IPv4-IPv6 Templates
Unicast MAC addresses
2 K
1536
8 K
2 K
2K
8 K
IPv4 IGMP groups and multicast routes
1 K
1K
1 K
1 K
1 K
0
Total IPv4 unicast routes:
3 K
2816
0
3 K
8K
0
•
2 K
1536
0
2 K
2K
0
•
1 K
1280
0
1 K
6K
1 K
IPv6 multicast groups
1 K
1152
1 K
1 K
2176
1 K
Total IPv6 unicast routes:
3 K
2816
0
3 K
8K
0
•
2 K
1536
0
2 K
2K
0
•
1 K
1280
0
1 K
6K
0
IPv4 policy-based routing ACEs
0
256
0
0
512
0
IPv4 or MAC QoS ACEs (total)
512
512
512
876
896
876
IPv4 or MAC security ACEs (total)
1 K
512
1 K
512
1K
1 K
IPv6 policy-based routing ACEs1
0
255
0
0
510
0
IPv6 QoS ACEs
510
510
510
876
510
876
IPv6 security ACEs
510
510
510
876
510
876
1 IPv6 policy-based routing is not supported in this release.
Examples
This example shows how to configure the access template on a desktop switch:
Switch(config)# sdm prefer accessSwitch(config)# exitSwitch# reloadThis example shows how to configure the routing template on a desktop switch:
Switch(config)# sdm prefer routingSwitch(config)# exitSwitch# reloadThis example shows how to configure the desktop routing template on an aggregator switch:
Switch(config)# sdm prefer routing desktopSwitch(config)# exitSwitch# reloadThis example shows how to configure the dual IPv4-and-IPv6 default template on a desktop switch:
Switch(config)# sdm prefer dual-ipv4-and-ipv6 defaultSwitch(config)# exitSwitch# reloadThis example shows how to change a switch template to the default template. On an aggregator switch, this is the default aggregator template; on a desktop switch, this is the default desktop template.
Switch(config)# no sdm preferSwitch(config)# exitSwitch# reloadThis example shows how to configure the desktop default template on an aggregator switch:
Switch(config)# sdm prefer default desktopSwitch(config)# exitSwitch# reloadYou can verify your settings by entering the show sdm prefer privileged EXEC command.
Related Commands
Displays the current SDM template in use or displays the templates that can be used, with approximate resource allocation per feature.
service password-recovery
Use the service password-recovery global configuration command on the switch stack or on a standalone switch to enable the password-recovery mechanism (the default). This mechanism allows an end user with physical access to the switch to hold down the Mode button and interrupt the boot process while the switch is powering up and to assign a new password. Use the no form of this command to disable part of the password-recovery functionality. When the password-recovery mechanism is disabled, interrupting the boot process is allowed only if the user agrees to set the system back to the default configuration.
service password-recovery
no service password-recovery
Syntax Description
This command has no arguments or keywords.
Defaults
The password-recovery mechanism is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
As a system administrator, you can use the no service password-recovery command to disable some of the functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration.
The password-recovery mechanism has been triggered, butis currently disabled. Access to the boot loader promptthrough the password-recovery mechanism is disallowed atthis point. However, if you agree to let the system bereset back to the default system configuration, accessto the boot loader prompt can still be allowed.Would you like to reset the system back to the default configuration (y/n)?If the user chooses not to reset the system to the default configuration, the normal boot process continues, as if the Mode button had not been pressed. If you choose to reset the system to the default configuration, the configuration file in flash memory is deleted, and the VLAN database file, flash:vlan.dat (if present), is deleted.
Note
If the switch is operating in VTP transparent mode, we recommend that you also save a copy of the vlan.dat file in a location away from the switch.When you enter the service password-recovery or no service password-recovery command on the stack master, it is propagated throughout the stack and applied to all switches in the stack.
You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command.
Examples
This example shows how to disable password recovery on a switch or switch stack so that a user can only reset a password by agreeing to return to the default configuration.
Switch(config)# no service-password recoverySwitch(config)# exitRelated Commands
service-policy
Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a physical port or a switch virtual interface (SVI). Use the no form of this command to remove the policy map and port association.
service-policy input policy-map-name
no service-policy input policy-map-name
Syntax Description
Note
Defaults
No policy maps are attached to the port.
Command Modes
Interface configuration
Command History
Usage Guidelines
Only one policy map per ingress port is supported. In software releases earlier than Cisco IOS Release 12.2(25)SE, policy maps can be configured only on physical ports.
In Cisco IOS Release 12.2(25)SE or later, policy maps can be configured on physical ports or on SVIs. When VLAN-based quality of service (QoS) is disabled by using the no mls qos vlan-based interface configuration command on a physical port, you can configure a port-based policy map on the port. If VLAN-based QoS is enabled by using the mls qos vlan-based interface configuration command on a physical port, the switch removes the previously configured port-based policy map. After a hierarchical policy map is configured and applied on an SVI, the interface-level policy map takes effect on the interface.
In software releases earlier than Cisco IOS Release 12.2(25)SE, you can apply a policy map only to the incoming traffic on a physical port. In Cisco IOS Release 12.2(25)SE or later, you can apply a policy map to incoming traffic on a physical port or on an SVI. In Cisco IOS Release 12.2(25)SED or later, you can configure different interface-level policy maps for each class defined in the VLAN-level policy map. For more information about hierarchical policy maps, see the "Configuring QoS" chapter in the software configuration guide for this release.
Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and a policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last one configured overwrites the previous configuration.
Policy maps that use the police aggregate command fail when applied to a 10-Gigabit Ethernet interface.
Examples
This example shows how to apply plcmap1 to an physical ingress port:
Switch(config)# interface gigabitethernet2/0/1Switch(config-if)# service-policy input plcmap1This example shows how to remove plcmap2 from a physical port:
Switch(config)# interface gigabitethernet2/0/2Switch(config-if)# no service-policy input plcmap2This example shows how to apply plcmap1 to an ingress SVI when VLAN-based QoS is enabled:
Switch(config)# interface vlan 10Switch(config-if)# service-policy input plcmap1This example shows how to create a hierarchical policy map and attach it to an SVI:
Switch>enableSwitch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#access-list 101 permit ip any anySwitch(config)#class-map cm-1Switch(config-cmap)#match access 101Switch(config-cmap)#exitSwitch(config)#exitSwitch#Switch#Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#class-map cm-interface-1Switch(config-cmap)#match input g3/0/1 - g3/0/2Switch(config-cmap)#exitSwitch(config)#policy-map port-plcmapSwitch(config-pmap)#class-map cm-interface-1Switch(config-pmap-c)#police 900000 9000 exc policed-dscp-transmitSwitch(config-pmap-c)#exitSwitch(config-pmap)#exitSwitch(config)#policy-map vlan-plcmapSwitch(config-pmap)#class-map cm-1Switch(config-pmap-c)#set dscp 7Switch(config-pmap-c)#service-policy port-plcmap-1Switch(config-pmap-c)#exitSwitch(config-pmap)#class-map cm-2Switch(config-pmap-c)#match ip dscp 2Switch(config-pmap-c)#service-policy port-plcmap-1Switch(config-pmap)#exitSwitch(config-pmap)#class-map cm-3Switch(config-pmap-c)#match ip dscp 3Switch(config-pmap-c)#service-policy port-plcmap-2Switch(config-pmap)#exitSwitch(config-pmap)#class-map cm-4Switch(config-pmap-c)#trust dscpSwitch(config-pmap)#exitSwitch(config)#int vlan 10Switch(config-if)#Switch(config-if)#ser input vlan-plcmapSwitch(config-if)#exitSwitch(config)#exitSwitch#You can verify your settings by entering the show running-config privileged EXEC command.
Related Commands
session
Use the session privileged EXEC command on the stack master to access a specific stack member.
session stack-member-number
Syntax Description
Defaults
No default is defined.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
When you access the stack member, its stack member number is appended to the system prompt.
Examples
This example shows how to access stack member 6:
Switch# session 6Switch-6#Related Commands
set
Use the set policy-map class configuration command on the switch stack or on a standalone switch to classify IP traffic by setting a Differentiated Services Code Point (DSCP) or an IP-precedence value in the packet. Use the no form of this command to remove traffic classification.
set {dscp new-dscp | [ip] precedence new-precedence}
no set {dscp new-dscp | [ip] precedence new-precedence}
Syntax Description
Defaults
No traffic classification is defined.
Command Modes
Policy-map class configuration
Command History
Usage Guidelines
In Cisco IOS Release 12.2(25)SE or later, if you have used the set ip dscp command, the switch changes this command to set dscp in the switch configuration. If you enter the set ip dscp command, this setting appears as set dscp in the switch configuration.
In Cisco IOS Release 12.2(25)SEC or later, you can use the set ip precedence or the set precedence command. This setting appears as set ip precedence in the switch configuration.
The set command is mutually exclusive with the trust policy-map class configuration command within the same policy map.
For the set dscp new-dscp or the set ip precedence new-precedence command, you can enter a mnemonic name for a commonly used value. For example, you can enter the set dscp af11 command, which is the same as entering the set dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set dscp ? or the set ip precedence ? command to see the command-line help strings.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
Examples
This example shows how to assign DSCP 10 to all FTP traffic without any policers:
Switch(config)# policy-map policy_ftpSwitch(config-pmap)# class ftp_classSwitch(config-pmap-c)# set dscp 10Switch(config-pmap)# exitYou can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
setup
Use the setup privileged EXEC command to configure the switch with its initial configuration.
setup
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
When you use the setup command, make sure that you have this information:
•
•
•
When you enter the setup command, an interactive dialog, called the System Configuration Dialog, appears. It guides you through the configuration process and prompts you for information. The values shown in brackets next to each prompt are the default values last set by using either the setup command facility or the configure privileged EXEC command.
Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt.
To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
When you complete your changes, the setup program shows you the configuration command script that was created during the setup session. You can save the configuration in NVRAM or return to the setup program or the command-line prompt without saving it.
Examples
This is an example of output from the setup command:
Switch# setup--- System Configuration Dialog ---Continue with configuration dialog? [yes/no]: yesAt any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Basic management setup configures only enough connectivityfor management of the system, extended setup will ask youto configure each interface on the system.Would you like to enter basic management setup? [yes/no]: yesConfiguring global parameters:Enter host name [Switch]:host-nameThe enable secret is a password used to protect access toprivileged EXEC and configuration modes. This password, afterentered, becomes encrypted in the configuration.Enter enable secret: enable-secret-passwordThe enable password is used when you do not specify anenable secret password, with some older software versions, andsome boot images.Enter enable password: enable-passwordThe virtual terminal password is used to protectaccess to the router over a network interface.Enter virtual terminal password: terminal-passwordConfigure SNMP Network Management? [no]: yesCommunity string [public]:Current interface summaryAny interface listed with OK? value "NO" does not have a valid configurationInterface IP-Address OK? Method Status ProtocolVlan1 172.20.135.202 YES NVRAM up upGigabitEthernet6/0/1 unassigned YES unset up upGigabitEthernet6/0/2 unassigned YES unset up down<output truncated>Port-channel1 unassigned YES unset up downEnter interface name used to connect to themanagement network from the above interface summary: vlan1Configuring interface vlan1:Configure IP on this interface? [yes]: yesIP address for this interface: ip_addressSubnet mask for this interface [255.0.0.0]: subnet_maskWould you like to enable as a cluster command switch? [yes/no]: yesEnter cluster name: cluster-nameThe following configuration command script was created:hostname host-nameenable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0enable password enable-passwordline vty 0 15password terminal-passwordsnmp-server community public!no ip routing!interface GigabitEthernet6/0/1no ip address!interface GigabitEthernet6/0/2no ip address!cluster enable cluster-name!endUse this configuration? [yes/no]: yes![0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]:Related Commands
setup express
Use the setup express global configuration command to enable Express Setup mode on the switch stack or on a standalone switch. Use the no form of this command to disable Express Setup mode.
setup express
no setup express
Syntax Description
This command has no arguments or keywords.
Defaults
Express Setup is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
When Express Setup is enabled on a new (unconfigured) switch, pressing the Mode button for 2 seconds activates Express Setup. You can access the switch through an Ethernet port by using the IP address 10.0.0.1 and then can configure the switch with the web-based Express Setup program or the command-line interface (CLI)-based setup program.
When you press the Mode button for 2 seconds on a configured switch, the LEDs above the Mode button start blinking. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots. The switch can then be configured like a new switch, either through the web-based Express Setup program or the CLI-based setup program.
Note
If Express Setup is active on the switch, entering the write memory or copy running-configuration startup-configuration privileged EXEC commands deactivates Express Setup. The IP address 10.0.0.1 is no longer valid on the switch, and your connection using this IP address ends.
The primary purpose of the no setup express command is to prevent someone from deleting the switch configuration by pressing the Mode button for 10 seconds.
Examples
This example shows how to enable Express Setup mode:
Switch(config)# setup expressYou can verify that Express Setup mode is enabled by pressing the Mode button:
•
•
Caution
This example shows how to disable Express Setup mode:
Switch(config)# no setup expressYou can verify that Express Setup mode is disabled by pressing the Mode button. The mode LEDs do not turn solid green or begin blinking green if Express Setup mode is not enabled on the switch.
Related Commands
show access-lists
Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch.
show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression]
Syntax Description
Note
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The switch supports only IP standard and extended access lists. Therefore, the allowed numbers are only 1 to 199 and 1300 to 2699.
This command also displays the MAC ACLs that are configured.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
This is an example of output from the show access-lists command:
Switch# show access-listsStandard IP access list 110 permit 1.1.1.120 permit 2.2.2.230 permit any40 permit 0.255.255.255, wildcard bits 12.0.0.0Standard IP access list videowizard_1-1-1-110 permit 1.1.1.1Standard IP access list videowizard_10-10-10-1010 permit 10.10.10.10Extended IP access list 12110 permit ahp host 10.10.10.10 host 20.20.10.10 precedence routineExtended IP access list CMP-NAT-ACLDynamic Cluster-HSRP deny ip any any10 deny ip any host 19.19.11.1120 deny ip any host 10.11.12.13Dynamic Cluster-NAT permit ip any any10 permit ip host 10.99.100.128 any20 permit ip host 10.46.22.128 any30 permit ip host 10.45.101.64 any40 permit ip host 10.45.20.64 any50 permit ip host 10.213.43.128 any60 permit ip host 10.91.28.64 any70 permit ip host 10.99.75.128 any80 permit ip host 10.38.49.0 anyThis is an example of output from the show access-lists hardware counters command:
Switch# show access-lists hardware countersL2 ACL INPUT StatisticsDrop: All frame count: 855Drop: All bytes count: 94143Drop And Log: All frame count: 0Drop And Log: All bytes count: 0Bridge Only: All frame count: 0Bridge Only: All bytes count: 0Bridge Only And Log: All frame count: 0Bridge Only And Log: All bytes count: 0Forwarding To CPU: All frame count: 0Forwarding To CPU: All bytes count: 0Forwarded: All frame count: 2121Forwarded: All bytes count: 180762Forwarded And Log: All frame count: 0Forwarded And Log: All bytes count: 0L3 ACL INPUT StatisticsDrop: All frame count: 0Drop: All bytes count: 0Drop And Log: All frame count: 0Drop And Log: All bytes count: 0Bridge Only: All frame count: 0Bridge Only: All bytes count: 0Bridge Only And Log: All frame count: 0Bridge Only And Log: All bytes count: 0Forwarding To CPU: All frame count: 0Forwarding To CPU: All bytes count: 0Forwarded: All frame count: 13586Forwarded: All bytes count: 1236182Forwarded And Log: All frame count: 0Forwarded And Log: All bytes count: 0L2 ACL OUTPUT StatisticsDrop: All frame count: 0Drop: All bytes count: 0Drop And Log: All frame count: 0Drop And Log: All bytes count: 0Bridge Only: All frame count: 0Bridge Only: All bytes count: 0Bridge Only And Log: All frame count: 0Bridge Only And Log: All bytes count: 0Forwarding To CPU: All frame count: 0Forwarding To CPU: All bytes count: 0Forwarded: All frame count: 232983Forwarded: All bytes count: 16825661Forwarded And Log: All frame count: 0Forwarded And Log: All bytes count: 0L3 ACL OUTPUT StatisticsDrop: All frame count: 0Drop: All bytes count: 0Drop And Log: All frame count: 0Drop And Log: All bytes count: 0Bridge Only: All frame count: 0
