-
Catalyst 4000 Family Software Configuration Guide, 6.2
-
Preface
-
Product Overview
-
Using the Command-Line Interface
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet and Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring Spanning tree
-
Configuring Spanning-Tree PortFast, UplinkFast, and BackboneFast
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Configuring GVRP
-
Configuring Quality of Service
-
Configuring Multicast Services
-
Configuring Port Security
-
Configuring the IP Permit List
-
Configuring Protocol Filtering
-
Checking Port Status and Connectivity
-
Configuring CDP
-
Using Switch TopN Reports
-
Configuring UDLD
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN
-
Administering the Switch
-
Switch Access: Using Authentication, Authorization, and Accounting
-
Modifying the Switch Boot Configuration
-
Working with System Software Images
-
Using the Flash File System
-
Working with Configuration Files
-
Configuring Switch Acceleration
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring NTP
-
Acronyms
-
Reader Response Card
-
Index
-
Table Of Contents
Setting the System Name and System Prompt
Configuring a Static System Name and Prompt
Setting a Static System Prompt
Setting the System Contact and Location
Creating and Using Command Aliases
Configuring Permanent and Static ARP Entries
Scheduling a Reset at a Specific Time
Scheduling a Reset Within a Specified Amount of Time
Generating System Status Information for Tech Support
Administering the Switch
This chapter describes how to perform various administrative tasks on the Catalyst enterprise LAN switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
This chapter consists of these sections:
•
•
•
•
•
•
Setting the System Name and System Prompt
The system name on the switch is a user-configurable string used to identify the device. The default configuration has no system name configured.
If you do not manually configure a system name, the system name is obtained through DNS if you configure the switch as follows:
•
•
•
If the DNS lookup is successful, the DNS host name of the switch is configured as the system name of the switch and is saved in NVRAM (the domain name is removed).
If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt (a greater-than symbol [>] is appended). The prompt is updated whenever the system name changes, unless the prompt is manually configured using the set prompt command.
The switch performs a DNS lookup for the system name whenever one of the following occurs:
•
•
•
•
•
If the system name is user configured, no DNS lookup is performed.
Configuring a Static System Name and Prompt
These sections describe how to statically configure the system name and prompt:
•
Setting a Static System Name
To configure the system name statically, perform this task in privileged mode:
Note
This example shows how to set the system name on the switch:
Console> (enable) set system name Catalyst 4003System name set.Catalyst 4003> (enable)Setting a Static System Prompt
To set the system prompt statically, perform this task in privileged mode:
This example shows how to set the system prompt statically on the switch:
Console> (enable) set prompt Catalyst4012>Catalyst4012> (enable)Clearing the System Name
To clear the system name, perform this task in privileged mode:
This example shows how to clear the system name:
Console> (enable) set system nameSystem name cleared.Console> (enable)Setting the System Contact and Location
You can specify the system contact and location to help you with resource management tasks.
To specify the system contact and location, perform this task in privileged mode:
This example shows how to specify the system contact and location and verify the configuration:
Console> (enable) set system contact sysadmin@corp.comSystem contact set.Console> (enable) set system location Sunnyvale CASystem location set.Console> (enable) show systemPS1-Status PS2-Status---------- ----------ok okFan-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout---------- ---------- ---------- -------------- ---------ok off ok 10,04:26:19 20 minPS1-Type PS2-Type------------ ------------WS-C4008 WS-C4008Modem Baud Traffic Peak Peak-Time------- ----- ------- ---- -------------------------disable 9600 0% 0% Mon Jun 26 2000, 08:53:49System Name System Location System Contact CC------------------------ ------------------------ ------------------------ ---Sunnyvale CA sysadmin@corp.comConsole> (enable)Setting the System Clock
Note
To set the system clock, perform this task in privileged mode:
Step 1
Set the system clock.
set time [day_of_week] [mm/dd/yy] [hh:mm:ss]
Step 2
Display the current date and time.
show time
This example shows how to set the system clock and display the current date and time:
Console> (enable) set time Mon 06/15/98 12:30:00Mon Jun 15 1998, 12:30:00Console> (enable) show timeMon Jun 15 1998, 12:30:02Console> (enable)Creating a Login Banner
You can create a single or multiline message banner that appears on the screen when someone logs in to the switch. The first character following the motd keyword is used to delimit the beginning and end of the banner text. Characters following the ending delimiter are discarded. After entering the ending delimiter, press Return. The banner must be fewer than 3070 characters.
Configuring a Login Banner
To configure a login banner, perform this task in privileged mode:
Step 1
Enter the message of the day.
set banner motd c message_of_the_day c
Step 2
Display the login banner by logging out and logging back into the switch.
This example shows how to set the login banner on the switch using the # symbol as the beginning and ending delimiter:
Console> (enable) set banner motd #Welcome to the Catalyst 4012 Switch!Unauthorized access prohibited.Contact sysadmin@corp.com for access.#MOTD banner setConsole> (enable)Clearing the Login Banner
To clear the login banner, perform this task in privileged mode:
This example shows how to clear the login banner:
Console> (enable) set banner motd ##MOTD banner clearedConsole> (enable)Creating and Using Command Aliases
You can use the set alias command to define command aliases (shorthand versions of commands) for frequently used or long and complex commands. Command aliases can save you time and can help prevent typing errors when you are configuring or monitoring the switch.
The name argument defines the command alias. The command and parameter arguments define the command to enter when the command alias is entered at the command line.
To define a command alias on the switch, perform this task in privileged mode:
Step 1
Define a command alias on the switch.
set alias name command [parameter] [parameter]
Step 2
Verify the currently defined command aliases.
show alias [name]
This example shows how to define two command aliases, sm3, which executes the show module 3/1 command, and sp3, which executes the show port 3 command. This example also shows how to verify the currently defined command aliases and what happens when you enter the command aliases at the command line:
Console> (enable) set alias sm3 show module 3Command alias added.Console> (enable) set alias sp3 show port 3/1Command alias added.Console> (enable) show aliassm8 show module 3sp8 show port 3Console> (enable) sm3Mod Slot Ports Module-Type Model Sub Status--- ---- ----- ------------------------- ------------------- --- --------3 3 6 1000BaseX Ethernet WS-X4306 no okMod Module-Name Serial-Num--- ------------------- --------------------3 JAB024000YYMod MAC-Address(es) Hw Fw Sw--- -------------------------------------- ------ ---------- -----------------3 00-10-7b-f6-b2-1a to 00-10-7b-f6-b2-1f 0.2Console> (enable) sp3Port Name Status Vlan Level Duplex Speed Type----- ------------------ ---------- ---------- ------ ------ ----- ------------3/1 notconnect 1 normal full 1000 1000BaseSXPort Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex----- -------- --------- ------------- -------- -------- -------- -------3/1 disabled shutdown 0 0 1 disabled 9Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left----- -------- ----------------- -------- ----------------- ------------------3/1 0 - - - - -Port Send FlowControl Receive FlowControl RxPause TxPause Unsupportedadmin oper admin oper opcodes----- -------- -------- -------- -------- ------- ------- -----------3/1 desired off off off 0 0 0Port Status Channel Admin ChMode Group Id----- ---------- -------------------- ----- -----3/1 notconnect auto silent 29 0Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize----- ---------- ---------- ---------- ---------- ---------3/1 - 0 0 0 0Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants----- ---------- ---------- ---------- ---------- --------- --------- ---------3/1 0 0 0 0 0 0 0Last-Time-Cleared--------------------------Mon Jun 26 2000, 08:53:49Console> (enable)Creating and Using IP Aliases
You can use the set ip alias command to define textual aliases for IP addresses. IP aliases can make it easier to refer to other network devices when using ping, telnet, and other commands, even when Domain Name System (DNS) is not enabled.
The name argument defines the IP alias. The ip_addr argument defines the IP address to which the name refers.
To define an IP alias on the switch, perform this task in privileged mode:
Step 1
Define an IP alias on the switch.
set ip alias name ip_addr
Step 2
Verify the currently defined IP aliases.
show ip alias [name]
This example shows how to define two IP aliases, sparc, that refers to IP address 172.20.52.3, and cat5509, that refers to IP address 172.20.52.71. This example also shows how to verify the currently defined IP aliases and what happens when you use the IP aliases with the ping command:
Console> (enable) set ip alias sparc 172.20.52.3IP alias added.Console> (enable) set ip alias cat4003 172.20.52.71IP alias added.Console> (enable) show ip aliasdefault 0.0.0.0sparc 172.20.52.3cat5509 172.20.52.71Console> (enable) ping sparcsparc is aliveConsole> (enable) ping cat4003cat4003 is aliveConsole> (enable)Configuring Permanent and Static ARP Entries
To enable your Catalyst LAN switch to communicate with devices that do not respond to ARP requests, you can configure a static or permanent ARP entry that maps the IP addresses of those devices to their MAC addresses. You can configure an Address Resolution Protocol (ARP) entry so that it does not age out by configuring it as either static or permanent. When you configure a static ARP entry using the set arp static command, the entry is removed from the ARP cache after a system reset. When you configure a permanent ARP by using the set arp permanent command, the ARP entry is retained even after a system reset.
Because most hosts support dynamic resolution, you usually do not need to specify static or permanent ARP cache entries. When a device does not respond to ARP requests, you can configure an ARP entry to be statically or permanently entered into the ARP cache so that those devices can still be reached.
To configure a static or permanent ARP entry, perform this task in privileged mode:
This example shows how to define a static ARP entry:
Console> (enable) set arp static 20.1.1.1 00-80-1c-93-80-40Static ARP entry added as20.1.1.1 at 00-80-1c-93-80-40 on vlan 1Console> (enable)This example shows how to define a permanent ARP entry:
Console> (enable) set arp permanent 10.1.1.1 00-80-1c-93-80-60Permanent ARP entry added as10.1.1.1 at 00-80-1c-93-80-60 on vlan 1Console> (enable)This example sets the ARP aging time:
Console> (enable) set arp agingtime 300ARP aging time set to 300 seconds.Console> (enable)This example shows how to display the ARP cache:
Console> (enable) show arpARP Aging time = 300 sec+ - Permanent Arp Entries* - Static Arp Entries* 20.1.1.1 at 00-80-1c-93-80-40 on vlan 1172.20.52.35 at 00-80-1c-93-80-40 on vlan 1172.20.52.35 at 00-80-1c-93-80-40 on vlan 1Console> (enable)To clear ARP entries, perform this task in privileged mode:
Step 1
Clear a dynamic, static or permanent ARP entry.
clear arp [dynamic | permanent | static] {ip_addr hw_addr}
Step 2
Verify the ARP configuration.
show arp
This example clears all permanent ARP entries and verifies the configuration:
Console> (enable) clear arp permanentPermanent ARP entries cleared.Console> (enable)Console> (enable) show arpARP Aging time = 300 sec+ - Permanent Arp Entries* - Static Arp Entries+ 10.1.1.1 at 00-80-1c-93-80-60 on vlan 1* 20.1.1.1 at 00-80-1c-93-80-40 on vlan 1Console> (enable)Configuring Static Routes
Note
In some situations, you might need to add a static routing table entry for one or more destination networks. Static route entries consist of the destination IP network address, the IP address of the next hop router, and the metric (hop count) for the route.
In software release 5.1 and later, you can configure Classless InterDomain Routing (CIDR) routes, such as IP supernets, in the switch IP routing table. You can specify the subnet mask (netmask) for a destination network using the number of subnet bits or using the subnet mask in dotted decimal format. If no subnet mask is specified, the default (classful) mask is used.
The switch uses the longest-match network address in the IP routing table to determine which gateway to use to forward IP traffic. In releases prior to release 5.1, the switch always uses the classful subnet mask for IP routing table entries.
The switch forwards IP traffic generated by the switch using the longest address match in the IP routing table. The switch does not use the IP routing table to forward traffic from connected devices, only to forward IP traffic generated by the switch itself (for example, Telnet, TFTP, and ping).
In software releases prior to release 5.1, the classful subnet mask is always used (you cannot specify the subnet mask for the destination network).
To configure a static route, perform this task in privileged mode:
This example shows how to configure a static route on the switch and how to verify that the route is configured properly in the routing table:
Console> (enable) set ip route 172.16.16.0/20 172.20.52.127Route added.Console> (enable) show ip routeFragmentation Redirect Unreachable------------- -------- -----------enabled enabled enabledThe primary gateway: 172.20.52.121Destination Gateway RouteMask Flags Use Interface--------------- --------------- ---------- ----- -------- ---------172.16.16.0 172.20.52.127 0xfffff000 UG 0 sc0default 172.20.52.121 0x0 UG 0 sc0172.20.52.120 172.20.52.124 0xfffffff8 U 1 sc0default default 0xff000000 UH 0 sl0Console> (enable)Scheduling a System Reset
These sections describe how to schedule a system reset:
•
•
You can use the schedule reset command to schedule a system to reset at a future time. This feature allows you to upgrade software during business hours and schedule the system upgrade after business hours to avoid a major impact on users.
You can also use the schedule reset feature when trying out new features on a switch. To avoid misconfiguration or the possibility of losing network connectivity to the device, you can set up the startup configuration feature and schedule a reset to occur in 30 minutes. You can then change the configuration, and if connectivity is lost, the system will reset in 30 minutes and return to the previous configuration.
Scheduling a Reset at a Specific Time
You can specify an absolute time and date at which the reset should take place, using the reset at command. Entering the month and day argument with this command is optional. If you do not specify the month and day, the reset will take place on the current day if the time specified is later than the current time. If the time scheduled for reset is earlier than the current time, the reset will take place on the following day.
Note
To schedule a reset at a specific time, perform this task in privileged mode:
Step 1
Schedule the reset time at a specific time.
reset [mindown] at {hh:mm} [mm/dd] [reason]
Step 2
Verify the scheduled reset.
show reset
This example shows how to schedule a reset at a specific time:
Console> (enable) reset at 20:00Reset scheduled at 20:00:00, Wed Aug 18 1999.Proceed with scheduled reset? (y/n) [n]? yReset scheduled for 20:00:00, Wed Aug 18 1999 (in 0 day 5 hours 40 minutes).Console> (enable)This example shows how to schedule a reset at a specific time and include a reason for the reset:
Console> (enable) reset at 23:00 8/18 Software upgrade to 5.3(1)Reset scheduled at 23:00:00, Wed Aug 18 1999.Reset reason: Software upgrade to 5.3(1).Proceed with scheduled reset? (y/n) [n]? yReset scheduled for 23:00:00, Wed Aug 18 1999 (in 0 day 8 hours 39 minutes).Console> (enable)This example shows how to schedule a reset with a minimum downtime:
Console> (enable) reset mindown at 23:00 8/18 Software upgrade to 5.3(1)Reset scheduled at 23:00:00, Wed Aug 18 1999.Reset reason: Software upgrade to 5.3(1).Proceed with scheduled reset? (y/n) [n]? yReset mindown scheduled for 23:00:00, Wed Aug 18 1999 (in 0 day 8 hours 39 minutes).Console> (enable)Scheduling a Reset Within a Specified Amount of Time
You can schedule a reset within a specified time with the reset in command. For instance, if the current system time is 9:00 a.m. and reset is scheduled in one hour, the scheduled reset will take place at 10:00 a.m. If you or NTP advances the system clock to 10:00 a.m., the reset will take place at 11:00 a.m. If the clock is advanced ahead of the scheduled reset time, the reset will take place 5 minutes after the current time.
To schedule a reset within a specified time, peform this task in privileged mode:
Step 1
Schedule the reset time within a specific amount of time.
reset [mindown] in [hh] {mm} [reason]
Step 2
Verify the scheduled reset.
show reset
Note
This example shows how to schedule a reset in a specified time:
Console> (enable) reset in 5:20 Configuration updateReset scheduled in 5 hours 20 minutes.Reset reason: Configuration updateProceed with scheduled reset? (y/n) [n]? yReset scheduled for 19:56:01, Wed Aug 18 1999 (in 5 hours 20 minutes).Reset reason: Configuration updateConsole> (enable)Generating System Status Information for Tech Support
You can generate a report that contains status information about your switch by using a single command. This command is a combination of several show system status commands (Refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches for these commands.) You can upload the report to a TFTP server from which you can send it to TAC.
You can use keywords to limit the report, such as for specific modules, VLANs, and ports. If you do not specify any keywords, a report for the entire system is generated.
To write and send a report for TAC, perform this task in privileged mode:
Task
Command
Generate a system status report for TAC.
write tech-support {host} {filename} [module mod_num] [port mod_num/port_num] [vlan vlan_num] [memory] [config]
The following example shows a report sent to host 172.20.32.10 and to a filename you supply. No keywords are specified, so the complete status of the switch is included in the report.
Console> (enable) write tech-support 172.20.32.10 filename.txtUpload tech-report to techsupport.txt on 172.20.32.10 (y/n) [n]? y/Finished network upload. (67784 bytes)Console> (enable)
