Table Of Contents

set enablepass

set errdisable-timeout

set errordetection

set feature mdg

set garp timer

set gmrp

set gmrp fwdall

set gmrp registration

set gmrp timer

set gvrp

set gvrp applicant

set gvrp dynamic-vlan-creation

set gvrp registration

set gvrp timer

set igmp filter

set inlinepower defaultallocation

set interface

set interface trap

set ip alias

set ip dns

set ip dns domain

set ip dns server

set ip fragmentation

set ip http port

set ip http server

set ip permit

set ip redirect

set ip route—ROM monitor

set ip route—switch

set ip unreachable

set kerberos clients mandatory

set kerberos credentials forward

set kerberos local-realm

set kerberos realm

set kerberos server

set kerberos srvtab entry

set kerberos srvtab remote

set key config-key

set lacp-channel system-priority

set length

set logging buffer

set logging console

set logging history

set enablepass

Use the set enablepass command to change the privileged (enable) mode password on the switch.

set enablepass

Syntax Description

This command has no arguments or keywords.

Defaults

By default, an enable password is not configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Passwords are case sensitive; they may be 0 to 30 characters in length, including spaces.

The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password.

Examples

This example shows how to establish a new password:

Console> (enable) set enablepass

Enter old password: <old_password>

Enter new password: <new_password>

Retype new password: <new_password>

Password changed.

Console> (enable)

Related Commands

enable
set password

set errdisable-timeout

Use the set errdisable-timeout command to configure a timeout for ports in errdisable state so as to automatically reenable them.

set errdisable-timeout {enable | disable} {reason}

set errdisable-timeout interval {interval}

Syntax Description

enable	Keyword that enables errdisable timeout.
disable	Keyword that disables errdisable timeout.
reason	Variable that specifies the reason for the port being in the errdisable state; valid values are bcast-suppression, bpdu-guard, channel-misconfig, cross-fallback, duplex-mismatch, gl2pt-ingress-loop, gl2pt-threshold-exc, udld, other, and all.
interval interval	Keyword and variable that specify the timeout interval; valid values are from 30 to 86,400 seconds (from 1/2 of a minute to 24 hours).

Defaults

By default, all the errdisable reasons are disabled globally, and whenever there are no reasons enabled, the timer itself is stopped.

By default, the timeout is set to disable, and the interval is set at 300 seconds.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

These events can set a port to errdisable state:

•Channel misconfiguration

•Duplex mismatch

•BPDU port-guard

•UDLD

•Other

Ports that are in an errdisable state due to a cause other than a channel misconfiguration, duplex mismatch, BPDU port-guard, or UDLD will have an errdisable cause of other. If you specify other for the reason variable, the ports are in an errdisable timeout state.

Examples

This example shows how to enable an errdisable timeout due to a BPDU port-guard event:

Console> (enable) set errdisable-timeout enable bpdu-guard

Successfully enabled errdisable-timeout for bpdu-guard.

Console> (enable) 

This example shows how to set an errdisable timeout interval to 450 seconds:

Console> (enable) set errdisable-timeout interval 450

Successfully set errdisable timeout to 450 seconds.

Console> (enable) 

Related Commands

show errdisable-timeout

set errordetection

Use the set errordetection command to enable or disable detection of various errors.

set errordetection inband {enable | disable}

set errordetection memory {enable | disable}

Syntax Description

inband	Keyword that specifies in-band error detection.
enable	Keyword that enables the specified error detection.
disable	Keyword that disables the specified error detection.
memory	Keyword that specifies memory error detection.

Defaults

By default, memory and inband error detection are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable memory error detection:

Console> (enable) set errordetection memory enable

Memory error detection enabled.

Console> (enable)

Related Commands

show errordetection

set feature mdg

Use the set feature mdg command to enable or disable the Multiple Default Gateway(MDG) feature.

set feature mdg {enable | disable}

Syntax Description

enable	Keyword that enables the multiple default gateway feature on the switch.
disable	Keyword that disables the multiple default gateway feature on the switch.

Defaults

By default, MDG is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If the MDG feature is enabled, the switch will ping its default gateways every ten seconds to verify that they are available.

Examples

This example shows how to enable the MDG feature:

Console> (enable) set feature mdg enable

Multiple Default Gateway feature enabled.

Console> (enable) 

This example shows how to disable the MDG feature:

Console> (enable) set feature mdg disable

Multiple Default Gateway feature disabled.

Console> (enable)

set garp timer

Use the set garp timer command to adjust the values of the join, leave, and leaveall timers.

set garp timer timer_type timer_value

Syntax Description

timer_type	Variable that specifies the type of timer; valid values are join, leave, and leaveall.
timer_value	Variable that specifies the timer value, in milliseconds; valid values are from 1 to 2147483647 milliseconds.

Defaults

By default, the join timer is 200 ms; the leave timer is 600 ms; the leaveall timer is
10000 ms.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must maintain the following initial relationships for the various timer values:

•Leave time must be greater than twice the join time

•Leaveall time must be greater than the leave time

---

Note The modified values of timers are applied to all GARP applications, ports, and VLANs on the switch.

---

Examples

This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:

Console> (enable) set garp timer join 100

GMRP/GARP Join timer value is set to 100 milliseconds.

Console> (enable)

This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:

Console> (enable) set garp timer leave 300

GMRP/GARP Leave timer value is set to 300 milliseconds.

Console> (enable)

This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:

Console> (enable) set garp timer leaveall 20000

GMRP/GARP LeaveAll timer value is set to 20000 milliseconds.

Console> (enable)

set gmrp timer
set gvrp timer
show gmrp configuration
show gvrp configuration

set gmrp

Use the set gmrp command to enable or disable GARP Multicast Registration Protocol (GMRP) on the switch in all VLANs on all ports.

set gmrp {enable | disable}

Syntax Description

enable	Keyword that enables GMRP on the switch.
disable	Keyword that disables GMRP on the switch.

Defaults

By default, GMRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You cannot enable GMRP if IGMP snooping or CGMP is already enabled.

Examples

This example shows how to enable GMRP on the switch:

Console> (enable) set gmrp enable

GMRP is enabled.

Console> (enable)

This example shows how to disable GMRP on the switch:

Console> (enable) set gmrp disable

GMRP is disabled.

Console> (enable)

This example shows the display if you try to enable GMRP on the switch with IGMP enabled:

Console> (enable) set gmrp enable

Disable IGMP to enable GMRP snooping feature.

Console> (enable)

Related Commands

show gmrp configuration

set gmrp fwdall

Use the set gmrp fwdall command to enable or disable the Forward All option on a specified port or module and port list.

set gmrp fwdall {enable | disable} mod/port...

Syntax Description

enable	Keyword that enables GARP Multicast Registration Protocol (GMRP) Forward All on a specified port.
disable	Keyword that disables GMRP Forward All on a specified port.
mod/port...	Variable that specifies the module number and port number list.

Defaults

By default, the Forward All option is disabled on all ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you enable the Forward All option on a port, that port receives all traffic for all multicast groups on the switch.

If you enable the Forward All option on a trunk port, the option is applied to all VLANs carried on that trunk port.

Examples

This example shows how to enable GMRP Forward All on module 5, port 5:

Console> (enable) set gmrp fwdall enable 5/5

GMRP Forward All groups option enabled on port(s) 5/5.

Console> (enable)

This example shows how to disable the GMRP Forward All on module 3, port 2:

Console> (enable) set gmrp service fwdall disable 3/2

GMRP Forward All groups option disabled on port(s) 3/2.

Console> (enable)

Related Commands

show gmrp configuration

set gmrp registration

Use the set gmrp registration command to specify the GARP Multicast Registration Protocol (GMRP) registration type.

set gmrp registration registration-type mod/port...

Syntax Description

registration-type	Variable that specifies the type of registration; valid values are normal, fixed, or forbidden.
mod/port...	Variable that specifies the module number and port number list.

Defaults

By default, normal registration is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter a registration-type of normal, dynamic creation, registration, and deregistration of VLANs are supported.

If you enter a registration-type of fixed, manual VLAN creation and registration, prevention of VLAN deregistration, and registration of all VLANs known to other ports when the set gvrp registration fixed command is issued are supported.

If you enter a registration-type of forbidden, deregistration of all VLANs (except VLAN 1) and prevention of any further VLAN creation or registration are supported.

GMRP supports 100 multicast addresses per VLAN and a total of 3072 for the whole switch.

Examples

This example shows how to set the registration type to fixed on module 3, port 3:

Console> (enable) set gmrp registration fixed 3/3

GMRP Registration is set to Fixed for port(s) 3/3.

Console> (enable)

This example shows how to set the registration type to forbidden on module 1, port 1:

Console> (enable) set gmrp registration forbidden 1/1

GMRP Registration is set to Forbidden for port(s) 1/1.

Console> (enable)

Related Commands

show gmrp configuration

set gmrp timer

Use the set gmrp timer command to set values for the join, leave, and leaveall timers.

set gmrp timer timer-type timer-value

Syntax Description

timer-type	Variable that specifies the type of timer; valid values are join, leave, and leaveall.
timer-value	Variable that specifies the timer value, in milliseconds; valid values are from 1 to 2147483647 milliseconds.

Defaults

By default, the join timer is 200 ms; the leave timer is 600 ms; the leaveall timer is 10000 ms.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must maintain the following relationships for the various timer values:

•Leave time must be greater than twice the join time

•Leaveall time must be greater than the leave time

---

Note The modified values of timers are applied to all the GARP applications, ports, and VLANs on the switch.

---

Examples

This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:

Console> (enable) set gmrp timer join 100

GARP Join timer value is set to 100 milliseconds.

Console> (enable)

This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:

Console> (enable) set gmrp timer leave 300

GARP Leave timer value is set to 300 milliseconds.

Console> (enable)

This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:

Console> (enable) set gmrp timer leaveall 20000

GARP LeaveAll timer value is set to 20000 milliseconds.

Console> (enable)

Related Commands

set garp timer
set gvrp timer
show gmrp timer

set gvrp

Use the set gvrp command to enable or disable GARP VLAN Registration Protocol (GVRP) globally on the switch.

set gvrp {enable | disable}

Syntax Description

enable	Keyword that enables GVRP on the switch.
disable	Keyword that disables GVRP on the switch.

Defaults

By default, GVRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

To run GVRP on a trunk, enable GVRP globally on the switch and individually on the trunk.

When VTP pruning is enabled, VTP pruning runs on all the GVRP-disabled trunks.

Examples

This example shows how to enable GVRP globally on the switch:

Console> (enable) set gvrp enable

GVRP enabled. 

Console> (enable) 

This example shows how to disable GVRP:

Console> (enable) set gvrp disable

GVRP disabled.

Console> (enable) 

This example shows how to enable GVRP on module 2, port 1:

Console> (enable) set gvrp enable 2/1

GVRP enabled on port 2/1. 

Console> (enable) 

Related Commands

set garp timer
set gvrp timer
show gvrp configuration
show gvrp statistics

set gvrp applicant

Use the set gvrp applicant command to specify if a VLAN is declared out of blocking ports.

set gvrp applicant {normal | active} mod/port...

Syntax Description

normal	Keyword that disallows the declaration of any VLAN out of blocking ports.
active	Keyword that allows the declaration of active VLANs out of blocking ports.
mod/port...	Variable that specifies the module number and port number list.

Defaults

By default, the GVRP applicant is set to normal.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.

To prevent undesirable STP topology reconfiguration on a port connected to a device that does not support the per-VLAN mode of STP, configure the GVRP applicant state to active on the port. Ports in the GVRP active applicant state send GVRP VLAN declarations when they are in the STP blocking state, which prevents the STP BPDUs from being pruned from the other port.

---

Note Configuring fixed registration on the other device's port also prevents STP topology reconfiguration.

---

Examples

This example shows how to enforce the declaration of all active VLANs out of specified blocking ports:

Console> (enable) set gvrp applicant active 4/2-3,4/9-10,4/12-24

Applicant was set to active on port(s) 4/2-3,4/9-10,4/12-24.

Console> (enable) 

This example shows how to disallow the declaration of any VLAN out of specified blocking ports:

Console> (enable) set gvrp applicant normal 4/2-3,4/9-10,4/12-24

Applicant was set to normal on port(s) 4/2-3,4/9-10,4/12-24.

Console> (enable) 

Related Commands

show gvrp configuration

set gvrp dynamic-vlan-creation

Use the set gvrp dynamic-vlan-creation command to enable or disable GARP VLAN Registration Protocol (GVRP) dynamic VLAN creation.

set gvrp dynamic-vlan-creation {enable | disable}

Syntax Description

enable	Keyword that enables dynamic VLAN creation.
disable	Keyword that disables dynamic VLAN creation.

Defaults

By default, dynamic VLAN creation is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can enable dynamic VLAN creation only when VTP is in transparent mode and no ISL trunks exist in the switch.

You cannot use this command when there are any 802.1q trunks that are not configured with GVRP.

Examples

This example shows how to enable dynamic VLAN creation:

Console> (enable) set gvrp dynamic-vlan-creation enable

Dynamic VLAN creation enabled.

Console> (enable)

This example shows what happens if you try to enable dynamic VLAN creation and VTP is not in transparent mode:

Console> (enable) set gvrp dynamic-vlan-creation enable

VTP has to be in TRANSPARENT mode to enable this feature. 

Console> (enable)

This example shows how to disable dynamic VLAN creation:

Console> (enable) set gvrp dynamic-vlan-creation disable

Dynamic VLAN creation disabled.

Console> (enable)

Related Commands

set vtp
show gvrp configuration

set gvrp registration

Use the set gvrp registration command to set the administrative control of an outbound port. GVRP registration commands are entered on a per-port basis and apply to all VLANs on the trunk.

set gvrp registration {normal | fixed | forbidden} mod/port...

Syntax Description

normal	Keyword that allows dynamic registering and deregistering each VLAN (except VLAN 1) on the port.
fixed	Keyword that supports manual VLAN creation and registration, prevents VLAN deregistration, and registers all VLANs known to other ports.
forbidden	Keyword that specifies that all the VLANs (except VLAN 1) are statically deregistered from the port.
mod/port...	Variable that specifies the module number and port number list.

Defaults

By default, administrative control is normal.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you set VLAN registration, you are indicating to the switch that the VLAN is available for users to connect to this port and that the VLAN's broadcast and multicast traffic is allowed to send to
the port.

For static VLAN configuration, you should set the mod/port... control to fixed or forbidden if the mod/port... will not receive or process any GVRP message.

For each dynamically configured VLAN on a port, you should set the mod/port... control to normal (default), except for VLAN 1; VLAN 1 should be set to fixed.

When GVRP is running, you can create a VLAN through a GVRP trunk port only if you enter the set gvrp dynamic-vlan-creation enable and the set gvrp registration normal commands.

Examples

This example shows how to set the administrative control to normal on module 3, port 7:

Console> (enable) set gvrp registration normal 3/7

Registrar Administrative Control set to normal on port 3/7.

Console> (enable) 

This example shows how to set the administrative control to fixed on module 5, port 10:

Console> (enable) set gvrp registration fixed 5/10 

Registrar Administrative Control set to fixed on port 5/10.

Console> (enable) 

This example shows how to set the administrative control to forbidden on module 5, port 2:

Console> (enable) set gvrp registration forbidden 5/2 

Registrar Administrative Control set to forbidden on port 5/2.

Console> (enable) 

Related Commands

show gvrp configuration

set gvrp timer

Use the set gvrp timer command to adjust the values of the join, leave, and leaveall timers.

set gvrp timer {timer-type} {timer-value}

Syntax Description

timer-type	Variable that specifies the type of timer; valid values are join, leave, and leaveall.
timer-value	Variable that specifies the timer value, in milliseconds; valid values are from 1 to 2147483647 milliseconds.

Defaults

By default, the join timer is 200 ms; the leave timer is 600 ms; the leaveall timer is 10000 ms.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is equivalent to the set garp timer command.

You must maintain the following relationships for the various timer values:

•Leave time must be greater than twice the join time

•Leaveall time must be greater than the leave time

---

Note The modified values of timers are applied to all the GARP applications, ports, and VLANs.

---

Examples

This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:

Console> (enable) set gvrp timer join 100

GVRP/GARP Join timer value is set to 100 milliseconds.

Console> (enable)

This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:

Console> (enable) set gvrp timer leave 300

GVRP/GARP Leave timer value is set to 300 milliseconds.

Console> (enable)

This example shows how to set the leaveall timer value to 20,000 ms for all the ports on all the VLANs:

Console> (enable) set gvrp timer leaveall 20000

GVRP/GARP LeaveAll timer value is set to 20000 milliseconds.

Console> (enable)

Related Commands

set garp timer
show gvrp configuration

set igmp filter

Use the set igmp filter command to enable IGMP multicast filtering on the switch.

set igmp filter enable

set igmp filter disable

Use the set igmp filter profile command to create an IGMP multicast filter profile by adding a multicast IP address or a range of IP addresses.

set igmp filter profile profile_id ip_addr [- ip_addr]

Use the set igmp filter profile profile_id match-action command to allow an address or a range of addresses to be accepted or denied by the an IGMP filter profile on the switch.

set igmp filter profile profile_id match-action permit

set igmp filter profile profile_id match-action deny

Use the set igmp filter map command to associate a port or list of ports to an IGMP multicast filter profile.

set igmp filter map profile_id port_list

Syntax Description

enable	Keyword that enables IGMP multicast filtering.
disable	Keyword that disables IGMP multicast filtering.
profile_id	Variable that specifies an arbitrary number assigned to a profile.
ip_addr	Variable that specifies the address of the IP; can be 1 or a range.
permit	Keyword that allows an address or range of addresses to be accepted by an IGMP filter profile.
deny	Keyword that prevents an address or range of addresses from being accepted by an IGMP filter profile.
port_list	Variable that specifies the module/port value or range of values.

Defaults

By default, the IGMP multicast filter feature:

•is disabled

•does not filter

•denies IGMP filter match-action

A profile ID value must be specified when you use the set igmp filter profile and set igmp filter map commands.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The switch administrator configures IGMP traffic filtering using CLI and SNMP interfaces.

Examples

This example shows how to enable IGMP multicast filtering on a switch.

Console> (enable) set igmp filter enable

igmp filter set to enable

Console> (enable) 

This example shows how to disable IGMP multicast filtering on a switch.

Console> (enable) set igmp filter disable

igmp filter set to disable

Console> (enable) 

This example shows how to create IGMP multicast filter profile 1 by adding a multicast IP address 226.1.1.1.

Console> (enable) set igmp filter profile 1 226.1.1.1

Successfully add ip(s) to profile

Console> (enable) 

This example shows how to accept an address, or range of addresses, by an IGMP multicast filter profile on the switch.

Console> (enable) set igmp filter profile 1 match-action permit

igmp filter match-action set to permit

Console> (enable) 

This example shows how to deny an address, or range of addresses, by an IGMP multicast filter profile on the switch.

Console> (enable) set igmp filter profile 1 match-action deny

igmp filter match-action set to deny

Console> (enable) 

This example shows how to associate module 2/port 1 to IGMP multicast filter profile 1.

Console> (enable) set igmp filter map 1 2/1

Console> (enable)

Related Commands

show igmp filter
clear igmp filter

set inlinepower defaultallocation

Use the set inlinepower defaultallocation command to set the default power allocation for a port.

set inlinepower defaultallocation value

Syntax Description

value

Variable that specifies the default power allocation; valid values are from 2000 to 12500 mW.

Defaults

By default, the power allocation is 10000 mW.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the default power allocation to 2000 mW:

Console> (enable) set inlinepower defaultallocation 2000

Default inline power allocation set to 9500 mWatt per applicable port.

Console> (enable)

Related Commands

show environment
show port inlinepower

set interface

Use the set interface command to set the network interface configuration and to enable or disable standard SNMP trap operation.

set interface {sc0 | me1 | sl0} {up | down}

set interface sc0 [vlan] [ip_addr [netmask [broadcast]]]

set interface sc0 [vlan] [ip_addr/netmask [broadcast]]

set interface me1 ip_addr [netmask [broadcast]]

set interface me1 ip_addr/netmask [broadcast]

set interface sl0 slip_addr dest_addr

set interface sc0 dhcp {renew | release}

Syntax Description

sc0	Keyword that specifies the in-band management interface.
me1	Keyword that specifies the out-of-band management Ethernet interface.
sl0	Keyword that specifies the SLIP interface.
up	Keyword that brings the interface into operation.
down	Keyword that takes the interface out of operation.
vlan	(Optional) Variable that specifies the number of the VLAN to be assigned to the interface.
ip_addr	(Optional) Variable that specifies the IP address to assign to the interface.
netmask	(Optional) Variable that specifies the subnet mask or mask bits to assign to the interface.
broadcast	(Optional) Variable that specifies the broadcast address to assign to the interface.
slip_addr	Variable that specifies the SLIP source address of the console port.
dest_addr	Variable that specifies the SLIP destination address of the host to which the console port will be connected.
dhcp	Keyword that performs DHCP operations on the sc0 interface.
renew	Keyword that renews the lease on a DHCP-learned IP address.
release	Keyword that releases a DHCP-learned IP address back to the DHCP IP address pool.

Defaults

The default configuration has the IP address, subnet mask, and broadcast address of the in-band management interface (sc0) and out-of-band management Ethernet interface (me1) set to 0.0.0.0, with the sc0 interface in VLAN 1. The default configuration for the SLIP interface (sl0) is that the SLIP source and destination addresses are set to 0.0.0.0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

---

Caution On the Catalyst 4000 family switches, when entering the set interface me1 or set interface trap {sc0 | sl0 | me1} command, sc0 and me1 cannot be configured as up when both are in the same subnet or overlapping subnets. If you specify an IP address and subnet for the sc0 or me1 interface that causes an overlap, the me1 interface is kept up or brought up, and the sc0 interface is brought down. The only exception is when both the me1 and sc0 interfaces have IP address 0.0.0.0. In this case, the me1 interface is brought down and the sc0 interface is brought up to allow the DHCP and RARP to run on the sc0 interface.

---

The Catalyst 4000 family switches support three IP management interfaces: sc0, sl0, and an out-of-band management Ethernet interface (me1). The me1 interface is not attached to the switching fabric. If both the sc0 and me1 interfaces are configured, the supervisor engine software determines which interface to use when transmitting and receiving IP packets based on the local routing table. Operations that use this functionality include TFTP, ping, Telnet, and SNMP.

You can enter the netmask value in dotted decimal format or you can specify the number of bits in the netmask (for example, 204.20.22.7/24).

Examples

This example shows how to use set interface sc0 and set interface sl0 from the console port. It also shows how to bring down interface sc0 using a terminal connected to the console port:

Console> (enable) set interface sc0 192.200.11.44 255.255.255.0

Interface sc0 IP address and netmask set.

Console> (enable) set interface sl0 192.200.10.45 192.200.10.103

Interface sl0 SLIP and destination address set.

Console> (enable) set interface sc0 down

Interface sc0 administratively down.

Console> (enable)

This example shows how to set the IP address for sc0. If you do not specify a subnet mask, the default mask for that IP address class is used (for example, 255.255.0.0 for a class B address):

Console> (enable) set interface sc0 172.20.52.123

Interface sc0 IP address and netmask set.

Console> (enable)

This example shows how to set the VLAN, IP address, and subnet mask bits for the sc0 interface:

Console> (enable) set interface sc0 5 172.20.52.123/28

Interface sc0 vlan set, IP address and netmask set.

Console> (enable) 

This example shows how to change the VLAN membership of the sc0 interface:

Console> (enable) set interface sc0 2

Interface sc0 vlan set.

Console> (enable) 

This example shows how to take the sc0 interface down:

Console> (enable) set interface sc0 down

Interface sc0 administratively down.

Console> (enable) 

This example shows how to bring the sc0 interface up:

Console> (enable) set interface sc0 up

Interface sc0 administratively up.

Console> (enable) 

This example shows how to set the IP address and netmask for me1:

Console> (enable) set interface me1 10.10.10.20/24

Interface me1 IP address and netmask set.

Console> (enable)

This example shows how to set the SLIP source and destination addresses for the console port on the sl0 interface:

Console> (enable) set interface sl0 10.1.1.1 10.1.1.2

Interface sl0 slip and destination address set.

Console> (enable)

This example shows how to release a DHCP IP address assigned to the sc0 interface:

Console> (enable) set interface sc0 dhcp release

Console> (enable)

This example shows how to renew the lease on a DHCP IP address assigned to the sc0 interface:

Console> (enable) set interface sc0 dhcp release

Console> (enable)

This example shows how to release a DHCP IP address assigned to the sc0 interface and obtain a new IP address from the DHCP server:

Console> (enable) set interface sc0 dhcp release

Console> (enable)

This example shows how to renew the lease on a DHCP-assigned IP address:

Console> (enable) set interface sc0 dhcp renew

Renewing IP address...

Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff

dhcpoffer

Sending DHCP packet with address:00:90:0c:5a:8f:ff

Timezone set to '', offset from UTC is 7 hours 58 minutes

Timezone set to '', offset from UTC is 7 hours 58 minutes

172.16.30.32 added to DNS server table as primary server.

172.16.31.32 added to DNS server table as backup server.

172.16.32.32 added to DNS server table as backup server.

NTP server 172.16.25.253 added

NTP server 172.16.25.252 added

%MGMT-5-DHCP_S:Assigned IP address 172.20.25.244 from DHCP Server 172.20.25.254

Console> (enable)

This example shows how to release the lease on a DHCP-assigned IP address:

Console> (enable) set interface sc0 dhcp release

Releasing IP address...

Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff

Done

Console> (enable)

Related Commands

set interface trap
show interface—switch
slip

set interface trap

Use the set interface trap command to enable or disable SNMP link-up or link-down traps on the switch interfaces.

set interface trap {sc0 | me1 | sl0} {enable | disable}

Syntax Description

sc0	Keyword that specifies the in-band management interface.
me1	Keyword that specifies the out-of-band management Ethernet interface.
sl0	Keyword that specifies the SLIP interface.
enable	Keyword that enables the SNMP link up/down traps on the specified interface.
disable	Keyword that disables the SNMP link up/down traps on the specified interface.

Defaults

By default, SNMP link-up or link-down traps are disabled on all interfaces.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable SNMP link-up or link-down traps on the sc0 interface:

Console> (enable) set interface trap sc0 enable

Interface sc0 up/down trap enabled.

Console> (enable) 

This example shows how to disable SNMP link-up or link-down traps on the sc0 interface:

Console> (enable) set interface trap sc0 disable

Interface sc0 up/down trap disabled.

Console> (enable) 

Related Commands

set interface
show interface—switch
slip

set ip alias

Use the set ip alias command to add aliases of IP addresses.

set ip alias name ip_addr

Syntax Description

name	Variable that specifies a name for the alias you are defining.
ip_addr	Variable that specifies the IP address of the alias you are defining.

Defaults

By default, one IP alias, "default," is mapped to the IP address 0.0.0.0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

IP aliases take precedence over DNS hostnames.

Examples

This example shows how to define an IP alias of mercury for IP address 192.168.255.255:

Console> (enable) set ip alias mercury 192.168.255.255

IP alias added.

Console> (enable) 

Related Commands

clear ip alias
show ip alias

set ip dns

Use the set ip dns command to enable or disable DNS.

set ip dns {enable | disable}

Syntax Description

enable	Keyword that enables DNS.
disable	Keyword that disables DNS.

Defaults

By default, DNS is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or manually define an alias for that address. The alias has priority over DNS.

Examples

This example shows how to enable DNS:

Console> (enable) set ip dns enable 

DNS is enabled.

Console> (enable) 

This example shows how to disable DNS:

Console> (enable) set ip dns disable

DNS is disabled.

Console> (enable) 

Related Commands

show ip dns

set ip dns domain

Use the set ip dns domain command to set the default DNS domain name.

set ip dns domain name

Syntax Description

name	Variable that specifies the default DNS domain name.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you specify a domain name on the command line, the system attempts to resolve the host name as entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name as defined with the set ip dns domain command. If you specify a domain name with a trailing period, the program considers this an absolute domain name.

Examples

This example shows how to set the default DNS domain name as yow.com:

Console> (enable) set ip dns domain yow.com

Default DNS domain name set to yow.com.

Console> (enable)

Related Commands

clear ip dns domain
show ip dns

set ip dns server

Use the set ip dns server command to set the IP address of a DNS server.

set ip dns server ip_addr [primary]

Syntax Description

ip_addr	Variable that specifies the IP address of the DNS server.
primary	(Optional) Keyword that configures a DNS server as the primary server.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure up to three DNS name servers as backup. You can also configure any DNS server as the primary server. The primary server is queried first. If the primary server fails, the backup servers are queried.

Examples

These examples show how to set the IP address of a DNS server:

Console> (enable) set ip dns server 198.92.30.32 

198.92.30.32 added to DNS server table as primary server.

Console> (enable)

Console> (enable) set ip dns server 171.69.2.132 primary 

171.69.2.132 added to DNS server table as primary server.

Console> (enable)

Console> (enable) set ip dns server 171.69.2.143 primary 

171.69.2.143 added to DNS server table as primary server.

Console> (enable)

This example shows what happens if you enter more than three DNS name servers as backup:

Console> (enable) set ip dns server 161.44.128.70

DNS server table is full. 161.44.128.70 not added to DNS server table.

Console> (enable)

Related Commands

clear ip dns server
show ip dns

set ip fragmentation

Use the set ip fragmentation command to enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks. Note that FDDI and Ethernet networks have different maximum transmission units (MTUs).

set ip fragmentation {enable | disable}

Syntax Description

enable	Keyword that enables fragmentation for IP packets bridged between FDDI and Ethernet networks.
disable	Keyword that disables fragmentation for IP packets bridged between FDDI and Ethernet networks.

Defaults

By default, IP fragmentation is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If IP fragmentation is disabled, FDDI packets that exceed the Ethernet MTU are dropped if they are being bridged to Ethernet on the switch.

Examples

This example shows how to enable IP fragmentation:

Console> (enable) set ip fragmentation enable

Bridge IP fragmentation enabled.

Console> (enable)

This example shows how to disable IP fragmentation:

Console> (enable) set ip fragmentation disable

Bridge IP fragmentation disabled.

Console> (enable)

Related Commands

show ip route—switch

set ip http port

Use the set ip http port command to configure the TCP port number for the HTTP server.

set ip http port {port_num} [default port_num]

Syntax Description

port_num	Variable that specifies the TCP port number; valid values are from 1 to 65535.
default port_num	(Optional) Keyword and variable that specify the TCP default port number; valid values are from 80 to 65535.

Defaults

By default, the TCP port number is 80.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the IP HTTP port default:

Console> (enable) set ip http port default 

HTTP TCP port number is set to 80.

Console> (enable)

This example shows how to set the IP HTTP port number:

Console> (enable) set ip http port 2398 

HTTP TCP port number is set to 2398.

Console> (enable) 

Related Commands

set ip http server
show ip http

set ip http server

Use the set ip http server command to enable or disable the HTTP server.

set ip http server {enable | disable}

Syntax Description

enable	Keyword that enables the HTTP server.
disable	Keyword that disables the HTTP server.

Defaults

By default, the HTTP server is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable the HTTP server:

Console> (enable) set ip http server enable

HTTP server is enabled.

Console> (enable)

This example shows the system response when the HTTP server enable command is not supported:

Console> (enable) set ip http server enable

Feature not supported.

Console> (enable)

This example shows how to disable the HTTP server:

Console> (enable) set ip http server disable

HTTP server disabled.

Console> (enable) 

Related Commands

set ip http port
show ip http

set ip permit

Use the set ip permit command to enable or disable the IP permit list and to specify IP addresses to be added to the IP permit list.

set ip permit {enable | disable} [telnet | ssh | snmp]

set ip permit ip_addr [mask] [telnet | ssh | snmp | all]

Syntax Description

enable	Keyword that enables the IP permit list.
disable	Keyword that disables the IP permit list.
telnet	(Optional) Keyword that specifies the Telnet IP permit list.
ssh	(Optional) Keyword that specifies the SSH permit list.
snmp	(Optional) Keyword that specifies the SNMP IP permit list.
ip_addr	Variable that specifies the IP address to be added to the IP permit list. An IP alias or host name that can be resolved through DNS can also be used.
mask	(Optional) Variable that specifies the subnet mask of the specified IP address.
all	(Optional) Keyword that specifies all entries in the IP permit list.

Defaults

By default, the IP permit list is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure up to 100 entries in the permit list. If the IP permit list is enabled, but the permit list has no entries configured, a caution is displayed on the screen.

Ensure you enter the entire disable keyword when entering the set ip permit disable command. If you abbreviate the keyword, the abbreviation is interpreted as a host name to add to the IP permit list.

If telnet, ssh, snmp, or all variables are not specified, the IP address is added to both the SNMP and Telnet permit lists.

You enter the mask in dotted decimal format, for example, 255.255.0.0.

Examples

This example shows how to add an IP address to the IP permit list:

Console> (enable) set ip permit 192.168.255.255

192.168.255.255 added to IP permit list.

Console> (enable)

This example shows how to add an IP address using an IP alias or host name to both the SNMP and Telnet permit lists:

Console> (enable) set ip permit batboy

batboy added to IP permit list.

Console> (enable)

This example shows how to add a subnet mask of the IP address to both the SNMP and Telnet permit lists:

Console> (enable) set ip permit 192.168.255.255 255.255.192.0

192.168.255.255 with mask 255.255.192.0 added to IP permit list.

Console> (enable)

This example shows how to add an IP address to the Telnet IP permit list:

Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet

172.16.0.0 with mask 255.255.0.0 added to telnet permit list.

Console> (enable)

This example shows how to add an IP address to the SNMP IP permit list:

Console> (enable) set ip permit 172.20.52.32 255.255.255.224 snmp

172.20.52.32 with mask 255.255.255.224 added to snmp permit list.

Console> (enable)

This example shows how to add an IP address to the all IP permit lists:

Console> (enable) set ip permit 172.20.52.3 all

172.20.52.3 added to IP permit list.

Console> (enable)

This example shows how to enable the IP permit list:

Console> (enable) set ip permit enable

IP permit list enabled.

Console> (enable)

This example shows how to disable the IP permit list:

Console> (enable) set ip permit disable

IP permit list disabled.

Console> (enable)

Related Commands

clear ip permit
show ip permit

set ip redirect

Use the set ip redirect command to enable or disable Internet Control Message Protocol (ICMP) redirect messages.

set ip redirect {enable | disable}

Syntax Description

enable	Keyword that permits ICMP redirect messages to be returned to the source host.
disable	Keyword that prevents ICMP redirect messages from being returned to the source host.

Defaults

By default, ICMP redirect is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to deactivate ICMP redirect messages:

Console> (enable) set ip redirect disable

ICMP redirect messages disabled.

Console> (enable) 

Related Commands

show ip route—switch
show netstat

set ip route—ROM monitor

Use the set ip route command to set the default IP address or alias to the IP routing table.

set ip route default {ip_addr}

Syntax Description

default	Keyword that specifies the entry as a default route.
ip_addr	Variable that specifies the IP address of the router.

Defaults

This command has no default settings.

Command Types

ROM monitor command.

Command Modes

Normal.

Examples

This example shows how to add the default route to the routing table:

rommon 1 > set ip route default 172.20.52.35

rommon 2 >

Related Commands

clear ip route—ROM monitor
show ip route—ROM monitor

set ip route—switch

Use the set ip route command to add IP addresses or aliases to the IP routing table.

set ip route default gateway [metric] [primary]

set ip route destination[/netmask] gateway

Syntax Description

default	Keyword that specifies the entry as a default route.
gateway	Variable that specifies the IP address or IP alias of the router.
metric	(Optional) Variable that specifies the value used to indicate the number of hops between the switch and the gateway.
primary	(Optional) Keyword that specifies the primary default route.
destination	Variable that specifies the IP address or IP alias of the network, or IP address, DNS hostname, or IP alias of a specific host to be added.
/netmask	(Optional) Variable that specifies the subnet mask or mask bits to assign to the interface.

Defaults

By default, the local network is routed through the sc0 interface with metric 0 as soon as sc0 is configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure up to three default gateways. You can specify a primary default gateway using the primary keyword. If a primary gateway is not designated, the first default gateway you configure is the primary.

The switch forwards all off-network IP traffic generated by the switch itself to the primary default gateway unless the primary is unavailable. The entries in the IP routing table are only used for IP traffic generated by the switch itself (for example, Telnet, ping, or TFTP sessions from the switch CLI), not for IP data travelling through the switch.

On the Catalyst 4000 family switches, the supervisor engine software automatically determines whether a default gateway is reached through the sc0 interface or the me1 interface.

You can enter the destination and gateway as either an IP alias or IP address in dotted format (for example, 172.20.52.7). You can enter the destination network mask in dotted decimal format or you can specify the number of bits in the netmask (for example, 204.20.22.7/24). CIDR IP address and subnet mask values are accepted for the destination network address.

Examples

This example shows how to add three default routes to the IP routing table:

Console> (enable) set ip route default 172.20.52.35

Route added.

Console> (enable) set ip route default 172.20.52.40

Route added.

Console> (enable) set ip route default 172.20.52.45

Route added.

Console> (enable)

This example shows how to add a route to network 10.10.0.0/16 through gateway 172.20.52.33:

Console> (enable) set ip route 10.10.0.0/16 172.20.52.33

Route added.

Console> (enable) 

This example shows how to add a route to a specific host:

Console> (enable) set ip route 172.20.50.2/32 172.20.52.41

Route added.

Console> (enable)

Related Commands

clear ip route—switch
show ip route—switch

set ip unreachable

Use the set ip unreachable command to enable or disable ICMP unreachable messages on the switch.

set ip unreachable {enable | disable}

Syntax Description

enable	Keyword that allows IP unreachable messages to be returned to the source host.
disable	Keyword that prevents IP unreachable messages from being returned to the source host.

Defaults

By default, ICMP unreachable messages are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you enable ICMP unreachable messages, the switch returns an ICMP unreachable message to the source host whenever it receives an IP datagram that it cannot deliver. When you disable ICMP unreachable messages, the switch does not notify the source host when it receives an IP datagram that it cannot deliver.

For example, a switch has the ICMP unreachable message function enabled and IP fragmentation disabled. If an FDDI frame is received and needs to transmit to an Ethernet port, the switch cannot fragment the packet. The switch drops the packet and returns an IP unreachable message to the Internet source host.

Examples

This example shows how to disable ICMP unreachable messages:

Console> (enable) set ip unreachable disable

ICMP Unreachable message disabled.

Console> (enable)

set kerberos clients mandatory

Use the set kerberos clients mandatory command to use Kerberos client authentication to validate other services on the network.

set kerberos clients mandatory

Syntax Description

This command has no arguments or keywords.

Defaults

By default, Kerberos clients are not set to mandatory.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

As an added layer of security, you can optionally configure the switch so that after users authenticate to it, they can authenticate to other services on the network only with Kerberos clients. If you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of authentication for that network service. For example, Telnet prompts for a password.

Examples

This example shows how to make Kerberos authentication mandatory:

Console> (enable) set kerberos clients mandatory 

Kerberos clients set to mandatory

Console> (enable)

Related Commands

clear kerberos clients mandatory
set kerberos credentials forward
show kerberos

set kerberos credentials forward

Use the set kerberos credentials forward command to configure clients to forward a user's credentials as the user connects to other hosts in the Kerberos realm.

set kerberos credentials forward

Syntax Description

This command has no arguments or keywords.

Defaults

By default, forwarding is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

A user authenticated to a switch configured for kerberos encryption has a ticket-granting ticket (TGT) and can use it to authenticate to a host on the network. However, if forwarding is not enabled and a user tries to list credentials after authenticating to a host, the output will show no Kerberos credentials present.

You can optionally configure the switch to forward users' TGTs with them as they authenticate from the switch to remote hosts configured for kerberos encrypting the network when using similarly configured Telnet sessions.

Examples

This example shows how to enable Kerberos credentials forwarding:

kerberos> (enable) set kerberos credentials forward 

Kerberos credentials forwarding enabled

kerberos> (enable)

Related Commands

clear kerberos credentials forward
set kerberos clients mandatory
show kerberos
show kerberos creds

set kerberos local-realm

Use the set kerberos local-realm command to configure a switch to authenticate users defined in the Kerberos database.

set kerberos local-realm kerberos_realm

Syntax Description

kerberos_realm

Variable that specifies the IP address or name of the Kerberos realm.

Defaults

By default, the Kerberos database contains a NULL string.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

For a switch to authenticate a user defined in the Kerberos database, the switch must know the host name or IP address of the host running the key distribution center (KDC) and the name of the Kerberos realm. Optionally, the switch should be able to map the host name or Domain Name System (DNS) domain to the Kerberos realm.

You must use uppercase characters for the kerberos_realm variable.

Examples

This example shows how to set CISCO.COM as the default Kerberos local realm for the switch:

kerberos> (enable) set kerberos local-realm CISCO.COM 

Kerberos local realm for this switch set to CISCO.COM.

aspen-kerberos> (enable)

Related Commands

clear kerberos realm
set kerberos realm
show kerberos

set kerberos realm

Use the set kerberos realm command to map the name of a Kerberos realm to a DNS domain name or a host name.

set kerberos realm {dns-domain | host} kerberos_realm

Syntax Description

dns-domain	Variable that specifies the DNS domain name to map to the Kerberos realm.
host	Variable that specifies the IP address or name to map to the Kerberos realm.
kerberos_realm	Variable that specifies the IP address or name of the Kerberos realm.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The name of the Kerberos realm can be mapped to a DNS domain name or a host name using the set kerberos realm command, which is an optional command. The information entered with this command is stored in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100.

You must use uppercase characters for the kerberos_realm variable.

Examples

This example shows how to map the Kerberos realm CISCO.COM to the CISCO domain name:

Console> (enable) set kerberos realm CISCO CISCO.COM

Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM

Console> (enable)

Related Commands

clear kerberos realm
set kerberos local-realm
show kerberos

set kerberos server

Use the set kerberos server command to specify which Key Distribution Center (KDC) to use on the switch.

set kerberos server {kerberos_realm} {hostname | ip_address} [port_number]

Syntax Description

kerberos_realm	Variable that specifies the name of the Kerberos realm.
hostname	Variable that specifies the name of host running the KDC.
ip_address	Variable that specifies the IP address of host running the KDC.
port_number	(Optional) Variable that specifies the number of the port.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can specify to the switch which KDC to use in a Kerberos realm. Optionally, you can also specify which port number the KDC monitors. The Kerberos server information you enter is maintained in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100.

You must use uppercase characters for the kerberos_realm variable.

Examples

This example shows how to specify the Kerberos server:

kerberos> (enable) set kerberos server CISCO.COM 187.0.2.1 750 

Kerberos Realm-Server-Port entry set to:CISCO.COM - 187.0.2.1 - 750

kerberos> (enable) 

Related Commands

clear kerberos server
show kerberos

set kerberos srvtab entry

Use the set kerberos srvtab entry command to enter the SRVTAB file directly into the switch from the command line.

set kerberos srvtab entry {kerberos_principal} {principal_type} {timestamp} {key_version} {key_type} {key_length} {encrypted_keytab}

Syntax Description

kerberos_principal	Variable that specifies the service on the switch.
principal_type	Variable that specifies the version of the Kerberos SRVTAB.
timestamp	Variable that specifies the number representing the date and time the SRVTAB entry was created.
key_version	Variable that specifies the version of the encrypted key format.
key_type	Variable that specifies the type of encryption used.
key_length	Variable that specifies the length, in bytes, of the encryption key.
encrypted_keytab	Variable that specifies the secret key the switch shares with the Key Distribution Center (KDC). This key is encrypted with the private DES key when you copy the configuration to a file or enter the show config command.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you enter the SRVTAB directly into the switch, create an entry for each Kerberos principal (service) on the switch. The entries are maintained in the SRVTAB table. The maximum size of the table is 20 entries.

Examples

This example shows how to enter a SRVTAB file directly into the switch:

kerberos> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1 
1 8 03;;5>00>50;0=0=0

Kerberos SRVTAB entry set to 

Principal:host/niners.cisco.com@CISCO.COM

Principal Type:0

Timestamp:932423923

Key version number:1

Key type:1

Key length:8

Encrypted key tab:03;;5>00>50;0=0=0

kerberos> (enable)

Related Commands

clear kerberos srvtab entry
set kerberos srvtab remote
show kerberos

set kerberos srvtab remote

Use the set kerberos srvtab remote command to provide the switch with a copy of the SRVTAB file from the Key Distribution Center (KDC) that contains the secret key.

set kerberos srvtab remote {hostname | ip-address} filename

Syntax Description

hostname	Variable that specifies the name of host running the KDC.
ip-address	Variable that specifies the IP address of host running the KDC
filename	Variable that specifies the name of the SRVTAB file.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored in the KDC, which contains the secret key. These files are called SRVTAB files.

The most secure method to copy SRVTAB files to the hosts in your Kerberos realm is to copy them onto physical media and go to each host in turn and manually copy the files onto the system. To copy SRVTAB files to the switch, which does not have a physical media drive, you must transfer them through the network using Trivial File Transfer Protocol (TFTP).

Examples

This example shows how to remotely copy SRVTAB files to the switch from the KDC:

kerberos> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab 
kerberos> (enable)

Related Commands

set kerberos srvtab entry
show kerberos

set key config-key

Use the set key config-key command to define a private DES key for the switch.

set key config-key string

Syntax Description

string

Variable that specifies the DES key for switch; cannot exceed eight bytes.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can define a private DES key for the switch. The private DES key can be used to encrypt the secret key that the switch shares with the KDC. If the DES key is set, the secret key is not displayed in clear text when the show kerberos command is run. The key length can be up to eight characters in length.

Examples

This example shows how to define a DES key:

kerberos> (enable) set key config-key abcd 

Kerberos config key set to abcd

kerberos> (enable)

Related Commands

clear key config-key

set lacp-channel system-priority

Use the set lacp-channel system-priority command to set the priority of the system.

set lacp-channel system-priority value

Syntax Description

value

Variable that specifies the number of the priority; valid values are from 1 to 65535.

Defaults

The default value of the system priority is 32768.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Although set lacp-channel system-priority is a global command, the priority is used only for the modules that are running LACP, but the priority is ignored on the modules that are running PAgP.

Higher values correspond to lower priority levels.

Related Commands

clear lacp-channel statistics
set channelprotocol
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel

set length

Use the set length command to configure the number of lines in the terminal display.

set length number [default]

Syntax Description

number	Variable that specifies the number of lines to display on the screen; valid values are 0 and from 5 to 512. Specifying zero (0) disables the scrolling feature.
default	(Optional) Keyword that sets the number of lines in the terminal display screen for the current administration session and all other sessions. This keyword is available only in normal mode.

Defaults

By default, the screen length is 24 lines.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Output from a single command that overflows a single display screen is followed by the --More-- prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the prompt, press the Spacebar to display an additional screen of output, or press Return to display one more line of output.

Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at once. Unless the default keyword is used, a change to the terminal length value applies only to the current session.

Examples

This example shows how to set the screen length to 60 lines:

Console> (enable) set length 60

Screen length for this session set to 60.

Console> (enable) 

This example shows how to set the default screen length to 40 lines:

Console> (enable) set length 40 default

Screen length set to 40.

Console> (enable)

set logging buffer

Use the set logging buffer command to limit the number of system logging messages that are buffered.

set logging buffer buffer_size

Syntax Description

buffer_size

Variable that specifies the number of system logging messages to store in the buffer; valid values are from 1 to 500.

Defaults

By default, the buffer limit is set to 500 messages.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to limit the syslog message buffer to 400 messages:

Console> (enable) set logging buffer 400

System logging buffer size set to <400>.

Console> (enable) 

Related Commands

clear logging buffer
set logging timestamp
show logging buffer

set logging console

Use the set logging console command to enable and disable the sending of system logging messages to the console.

set logging console {enable | disable}

Syntax Description

enable	Keyword that enables system message logging to the console.
disable	Keyword disables system message logging to the console.

Defaults

By default, system message logging to the console is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable system message logging to the console:

Console> (enable) set logging console enable

System logging messages will be sent to the console.

Console> (enable) 

This example shows how to disable system message logging to the console:

Console> (enable) set logging console disable

System logging messages will not be sent to the console.

Console> (enable)

Related Commands

set logging level
set logging session
show logging
show logging buffer

set logging history

Use the set logging history command to specify the size of the syslog history table.

set logging history syslog_history_table_size

Syntax Description

syslog_history_table_size

Variable that specifies the size of the syslog history table; valid values are from 0 to 500.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the size of the syslog history table to 400:

Console> (enable) set logging history 400

System logging history table size set to <400>.

Console> (enable) 

Related Commands

show logging

2