Catalyst 4000 Family Command Reference, 7.3 - set logging level through set pvlan [Cisco Catalyst 4000 Series Switches]

Table Of Contents

set logging level

set logging server

set logging session

set logging telnet

set logging timestamp

set logout

set module disable

set module enable

set module name

set multicast router

set ntp authentication

set ntp broadcastclient

set ntp broadcastdelay

set ntp client

set ntp key

set ntp server

set ntp summertime

set ntp timezone

set password

set port auxiliaryvlan

set port channel

set port debounce

set port disable

set port dot1x

set port duplex

set port enable

set port errdisable-timeout

set port flowcontrol

set port gmrp

set port gvrp

set port host

set port inlinepower

set port lacp-channel

set port level

set port membership

set port name

set port negotiation

set port protocol

set port security

set port speed

set port trap

set power budget

set prompt

set protocolfilter

set pvlan

set logging level

Use the set logging level command to set the facility and severity level to be used when system messages are logged.

set logging level facility severity [default]
Syntax Description

facility

Variable that specifies the value for the type of system messages to capture.
Facility types are shown in Table 2-5.

severity

Variable that specifies the value for the severity level of system messages to capture. Severity level definitions are shown in Table 2-6.

default

(Optional) Keyword that specifies the logging level to apply to all sessions. If default is not used, the specified logging level applies only to the current session.

Table 2-5 Facility Types

Facility Type

Definition

all

All facilities

cdp

Cisco Discovery Protocol

cops

Common Open Policy Service

dot1x

IEEE 802.1x

dtp

Dynamic Trunking Protocol

dvlan

Dynamic VLAN

earl

Enhanced Address Recognition Logic

filesys

File system

gvrp

GARP VLAN Registration Protocol

ip

Internet Protocol

kernel

Kernel

mcast

Multicast

mgmt

Management

mls

Multilayer Switching

pagp

Port Aggregation Protocol

protfilt

Protocol Filter

pruning

VTP pruning

qos

Quality of Service

radius

Remote Access Dial-In User Service

security

Security

snmp

Simple Network Management Protocol

spantree

Spanning Tree Protocol

sys

System

tac

Terminal Access Controller

tcp

Transmission Control Protocol

telnet

Terminal Emulation Protocol

tftp

Trivial File Transfer Protocol

udld

User Datagram Protocol

vtp

Virtual Terminal Protocol

Table 2-6 Severity Level Definitions

Severity Level

Severity Type

Description

0

Emergencies

System unusable

1

Alerts

Immediate action required

2

Critical

Critical condition

3

Errors

Error conditions

4

Warnings

Warning conditions

5

Notifications

Normal bug significant condition

6

Informational

Informational messages

7

Debugging

Debugging messages

Defaults

The Catalyst 4000 family switches ship with the following default configuration:

Configuration Parameter

Default Setting

system message logging to the console

enabled

system message logging to Telnet sessions

enabled

logging server

disabled

syslog server

unconfigured

server facility

LOCAL7

server severity

Warnings (4)

logging buffer

500

logging history size

1

timestamp option

disabled

facility/severity level for system messages

sys/5
dtp/5
pagp/5
mgmt/5
mls/5
all other facilities/2

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can also set the logging level by using the set logging server command.

If you do not use the default keyword, the specified logging level applies only to the current session.

Examples

This example shows how to set the default system message logging severity level for the SNMP facility:
Console> (enable) set logging level snmp 2 default
System logging facility <snmp> set to severity 2(critical).
Console> (enable)
Related Commands

show logging
show logging buffer

set logging server

Use the set logging server command to enable and disable system message logging to configured syslog servers and to add a syslog server to the system logging server table.

set logging server {enable | disable}
set logging server ip_addr
set logging server facility server_facility_parameter
set logging server severity server_severity_level
Syntax Description

enable

Keyword that enables system message logging to configured syslog servers.

disable

Keyword that disables system message logging to configured syslog servers.

ip_addr

Variable that specifies the IP address of the syslog server to be added to the configuration. An IP alias or a host name that can be resolved through DNS can also be used.

facility

Keyword that specifies the type of system messages to capture.

server_facility_parameter

Variable that specifies the logging facility of syslog server; valid values are local0, local1, local2, local3, local4, local5, local6, local7, and syslog.

severity

Keyword that sets the severity level of system messages to capture.

server_severity_level

Variable that specifies the severity level of system messages to capture; valid values are from 0 to 7. Severity level definitions are shown in Table 2-6.

Defaults

The default is that no syslog servers are configured to receive system messages.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable system message logging to the console:
Console> (enable) set logging server enable
System logging messages will be sent to the configured syslog servers.
Console> (enable)
This example shows how to add a syslog server to the system logging server table:
Console> (enable) set logging server 192.168.255.255
192.168.255.255 added to the System logging server table.
Console> (enable)
This example shows how to set the syslog server facility to local7:
Console> (enable) set logging server facility local7
System logging server facility set to <local7>
Console> (enable) 
This example shows how to set the syslog server severity level to 4:
Console> (enable) set logging server severity 4
System logging server severity set to <4>
Console> (enable) 
This example shows how to set the syslog history table size to 400:
Console> (enable) set logging history 400 
System logging history table size set to <400>
Console> (enable) 
Related Commands

clear logging server
show logging

set logging session

Use the set logging session command to enable or disable the sending of system logging messages to the current login session.

set logging session {enable | disable}
Syntax Description

enable

Keyword that enables the sending of system logging messages to the current login session.

disable

Keyword that disables the sending of system logging messages to the current login session.

Defaults

The default is system message logging to the current login session enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable
System logging messages will not be sent to the current login session.
Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable
System logging messages will be sent to the current login session.
Console> (enable)
Related Commands

set logging buffer
set logging level
show logging
show logging buffer

set logging telnet

Use the set logging telnet command to enable or disable logging on Telnet sessions.

set logging telnet {enable | disable}
Syntax Description

enable

Keyword that enables logging on Telnet sessions.

disable

Keyword that disables logging on Telnet sessions.

Defaults

The default is system message logging to the Telnet session is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to allow system logging messages to be sent to new Telnet sessions:
Console> (enable) set logging telnet enable 
System logging messages will be sent to the new telnet sessions.
Console> (enable) 
This example shows how to prevent system logging messages from being sent to new Telnet sessions:
Console> (enable) set logging telnet disable 
System logging messages will not be sent to the new telnet sessions.
Console> (enable)
Related Commands

set logging console
set logging history
show logging
show logging buffer

set logging timestamp

Use the set logging timestamp command to enable or disable the timestamp display on system logging messages.

set logging timestamp {enable | disable}
Syntax Description

enable

Keyword that enables the timestamp display.

disable

Keyword that disables the timestamp display.

Defaults

The default is system message logging timestamp enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable the timestamp display:
Console> (enable) set logging timestamp enable
System logging messages timestamp will be enabled.
Console> (enable)
This example shows how to disable the timestamp display:
Console> (enable) set logging timestamp disable
System logging messages timestamp will be disabled.
Console> (enable) 
Related Commands

show logging

set logout

Use the set logout command to specify the number of minutes the system waits before automatically disconnecting an idle session.

set logout timeout
Syntax Description

timeout

Variable that specifies the number of minutes until the system disconnects an idle session automatically; valid values are from 0 to 10000. Setting the value to zero (0) disables the automatic disconnection of idle sessions.

Defaults

The default value is 20 minutes.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the number of minutes until the system disconnects an idle session automatically:
Console> (enable) set logout 20
Sessions will be automatically logged out after 20 minutes of idle time.
Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0
Sessions will not be automatically logged out.
Console> (enable)
set module disable

Use the set module disable command to disable a module.

set module disable mod_num
Syntax Description

mod_num

Variable that specifies the number of the module.

Defaults

By default, all modules are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Avoid disabling a module when you are connected through a Telnet session; if you disable the module that contains the port through which your Telnet session was established, you will disconnect your Telnet session.

If there are no other network connections to the switch, you must connect to the switch through the console port to reenable the module.

You can specify a series of modules by entering a comma between each module number (for example, 2,3,5). You can specify a range of modules by entering a hyphen between module numbers
(for example, 2-5).

Examples

This example shows how to disable module 3 when connected through the console port:
Console> (enable) set module disable 3
Module 3 disabled.
Console> (enable)
This example shows how to disable module 2 when connected through a Telnet session:
Console> (enable) set module disable 2
This command may disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Module 2 disabled.
Console> (enable)
Related Commands

set module enable
show module

set module enable

Use the set module enable command to enable a module.

set module enable mod_num
Syntax Description

mod_num

Variable that specifies the number of the module to enable.

Defaults

By default, all modules are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.

Examples

This example shows how to enable module 2:
Console> (enable) set module enable 2
Module 2 enabled.
Console> (enable)
Related Commands

set module disable
show module

set module name

Use the set module name command to set the name for a module.

set module name mod_num [mod_name]
Syntax Description

mod_num

Variable that specifies the number of the module.

mod_name

(Optional) Variable that specifies a name to assign to the module.

Defaults

By default, no module names are configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a mod_name value, any previously specified name is cleared.

Module names configured using the set module name command are displayed in the output of the show module command and other commands.

Examples

This example shows how to set Supervisor as the name for module 1:
Console> (enable) set module name 1 Supervisor
Module name set.
Console> (enable)
Related Commands

show module

set multicast router

Use the set multicast router command to manually configure a port as a multicast router port.

set multicast router mod_num/port_num
Syntax Description

mod_num/port _num

Variable that specifies the number of the module and the port.

Defaults

By default, no ports are configured as multicast router ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you enable CGMP or IGMP snooping, the ports to which a multicast-capable router is attached are identified automatically. The set multicast router command allows you to configure multicast router ports statically.

Examples

This example shows how to manually configure module 3 port 1 as a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
Related Commands

clear multicast router
set cgmp
show multicast group count
show multicast router

set ntp authentication

Use the set ntp authentication command to enable or disable the Network Time Protocol (NTP) authentication feature.

set ntp authentication {enable | disable}
Syntax Description

enable

Keyword that enables NTP authentication.

disable

Keyword that disables NTP authentication.

Defaults

By default, NTP authentication is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable NTP authentication:
Console> (enable) set ntp authentication enable
NTP authentication feature enabled.
At least one trusted key must be set for NTP to work.
Console> (enable) 
This example shows how to disable NTP authentication:
Console> (enable) set ntp authentication disable
NTP authentication feature disabled.
Console> (enable) 
Related Commands

show ntp

set ntp broadcastclient

Use the set ntp broadcastclient command to enable or disable Network Time Protocol (NTP) broadcast-client mode.

set ntp broadcastclient {enable | disable}
Syntax Description

enable

Keyword that enables NTP broadcast-client mode.

disable

Keyword that disables NTP broadcast-client mode.

Defaults

By default, Network Time Protocol (NTP) broadcast-client mode is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to the switch.

Examples

This example shows how to enable NTP broadcast client:
Console> (enable) set ntp broadcastclient enable
NTP Broadcast Client mode enabled.
Console> (enable)
This example shows how to disable NTP broadcast client:
Console> (enable) set ntp broadcastclient disable
NTP Broadcast Client mode disabled.
Console> (enable)
Related Commands

show ntp

set ntp broadcastdelay

Use the set ntp broadcastdelay command to configure a time-adjustment factor so the switch can receive broadcast packets.

set ntp broadcastdelay microseconds
Syntax Description

microseconds

Variable that specifies the estimated round-trip time, in microseconds, for Network Time Protocol (NTP) broadcasts; valid values are from 1 to 999999.

Defaults

By default, the NTP broadcast delay is set to 3000.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the NTP broadcast delay to 4000 microseconds (4 seconds):
Console> (enable) set ntp broadcastdelay 4000
NTP broadcast delay set to 4000 microseconds.
Console> (enable)
Related Commands

show ntp

set ntp client

Use the set ntp client command to enable or disable the switch as a Network Time Protocol (NTP) client.

set ntp client {enable | disable}
Syntax Description

enable

Keyword that enables the NTP client.

disable

Keyword that disables the NTP client.

Defaults

By default, the NTP client mode is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure NTP in either broadcast-client mode or client mode. The client mode assumes that the client switch regularly sends time-of-day requests to the NTP server.

Examples

This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable
NTP client mode enabled.
Console> (enable)
Related Commands

show ntp

set ntp key

Use the set ntp key command to define an Network Time Protocol (NTP) authentication key pair or to specify a key to be trusted or untrusted.

set ntp key public_keynum {trusted | untrusted} [md5 secret_keystring]
Syntax Description

public_keynum

Variable that specifies the number of the key pair; valid values are from 1 to 4292945295.

trusted

Keyword that specifies the trusted key mode.

untrusted

Keyword that specifies the untrusted key mode.

md5

(Optional) Keyword that sets the keystring of the key pair.

secret_keystring

(Optional) Variable that specifies the key string; valid values are from 1 to 32 printable characters.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set ntp key command without the md5 keyword, the trusted or untrusted mode of the key will change after it is entered into the key table. Enter the set ntp key command with the md5 keyword to enter an authentication key pair into the system.

Examples

This example shows how to define an NTP authentication key:
Console> (enable) set ntp key 435 trusted md5 have_a_good_day
NTP key 435 added.
Console> (enable) 
This example shows how to trust an NTP key:
Console> (enable) set ntp key 435 trusted
NTP key 435 configured to be trusted.
Console> (enable) 
This example shows how to untrust an NTP key:
Console> (enable) set ntp key 9999 untrusted
NTP key 9999 configured not to be trusted.
Console> (enable) 
Related Commands

clear ntp key
show ntp

set ntp server

Use the set ntp server command to specify the Network Time Protocol (NTP) server address and to configure an NTP server authentication key.

set ntp server ip_addr [key public_keynum]
Syntax Description

ip_addr

Variable that specifies the IP address of the NTP server.

key

(Optional) Keyword that specifies the key number.

public_keynum

(Optional) Variable that specifies the number of the key pair; valid values are from 1 to 4292945295.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set ntp server command without specifying the key keyword, and the authentication feature is enabled, the following message is displayed:
A trusted key may be required to communicate with this server.
Examples

This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.52.3
NTP server 172.20.52.3 added
Console> (enable)
This example shows how to configure an NTP server with a key:
Console> (enable) set ntp server 111.222.111.222 key 879
NTP server 111.222.111.222 with key 879 added
Console> (enable) 
This example shows how to assign a new key to an NTP server:
Console> (enable) set ntp server 111.222.111.222 key 4323423
NTP server 111.222.111.222 has been updated with key 4323423
Console> (enable) 
Related Commands

clear ntp server
show ntp

set ntp summertime

Use the set ntp summertime command to specify whether the system should set the clock ahead one hour to accommodate daylight saving time.

set ntp summertime {enable | disable} [zone]
set ntp summertime recurring {week day month hh:mm} [offset]
set ntp summertime date {month date year hh:mm} [offset]
Syntax Description

enable

Keyword that sets the clock ahead one hour to accommodate daylight saving time.

disable

Keyword that prevents the system from setting the clock ahead one hour during daylight saving time.

zone

(Optional) Variable that specifies the time zone used by the set summertime command.

recurring

Keyword that specifies the summertime dates that recur every year.

week

Variable that specifies the week of the month; valid values are first, second, third, fourth, last, 1, 2, 3, 4, and 5.

day

Variable that specifies the day of the week; valid values are sunday, monday, tuesday, wednesday, thursday, friday, and saturday.

month

Variable that specifies the month of the year; valid values are january, february, march, and so on.

hh:mm

Variable that specifies the hours and minutes.

offset

(Optional) Variable that specifies the offset in minutes; valid values are from
1 to 1440 minutes.

date

Keyword that specifies that daylight savings begins and ends on a particular, nonrecurring date.

date

Variable that specifies the day of the month; valid values are from 1 to 31.

year

Variable that specifies the year; valid values are from 1993 to 2035.

Defaults

The default is the set ntp summertime command disabled. When enabled, the default for offset is 60 minutes, following U.S. standards.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

After you enter the clear config command, the dates and times return to default (US summertime).

Unless you configure it otherwise, this command advances the clock one hour at 2:00 a.m. on the first Sunday in April and moves the clock back one hour at 2:00 a.m. on the last Sunday in October.

Examples

This example shows how to configure the system to set the clock ahead one hour for daylight saving time to Pacific daylight time (PDT):
Console> (enable) set ntp summertime enable PDT
Summertime is enabled and set to "PDT".
Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour for daylight saving time:
Console> (enable) set ntp summertime disable
Summertime disabled.
Console> (enable)
This example shows how to set daylight saving time to repeat every year, starting from the third Monday of February at noon and ending at the second Saturday of August at 3:00 p.m., with an offset of 30 minutes:
Console> (enable) set ntp summertime recurring 3 mon feb 12:00 2 saturday aug 15:00 30
Summertime is disabled and set to ''
  Start : Mon Feb 19 2001, 12:00:00
  End   : Sat Aug 11 2001, 15:00:00
  Offset: 30 minutes
  Recurring: yes, starting at 12:00pm of third Monday of February and ending on
15:00pm of second Saturday of August. 
Console> (enable)
This example shows how to set daylight saving time to start on January 29, 1999, at 2:00 a.m. and end on August 19, 2004, at 3:00 p.m., with an offset of 30 minutes:
Console> (enable) set ntp summertime date jan 29 1999 02:00 aug 19 2004 15:00 30 
Summertime is disabled and set to ''
Start : Fri Jan 29 1999, 02:00:00
End   : Thu Aug 19 2004, 15:00:00
Offset: 30 minutes
Recurring: no
Console> (enable) 
This example shows how to set recurring to default to the standard US daylight savings:
Console> (enable) set ntp summertime recurring 3 mon feb 2:00 4 thurs oct 2:00 60
Summertime is disabled and set to ''
  Start : Mon Feb 19 2001, 02:00:00
  End   : Thu Oct 25 2001, 02:00:00
  Offset: 60 minutes
  Recurring: yes, starting at 02:00am of third Monday of February and ending on
02:00am of fourth Thursday of October. 
Console> (enable) 
Related Commands

show ntp

set ntp timezone

Use the set ntp timezone command to configure the time offset from Greenwich Mean Time.

set ntp timezone [zone_name] [hours [minutes]]
Syntax Description

zone_name

Variable that specifies the name of the timezone.

hours

(Optional) Variable that specifies the time offset (in hours) from Greenwich Mean Time; valid values are from -12 to 12 hours.

minutes

(Optional) Variable that specifies the time offset (in minutes) from Greenwich Mean Time; valid values are from 0 to 59 minutes.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set ntp timezone command is effective only when NTP is running. If you set the time explicitly and NTP is disengaged, the set ntp timezone command has no effect. If you have enabled NTP and have not entered the set timezone command, the Catalyst 4000 family switch displays UTC by default.

Examples

This example shows how to set the time zone to Pacific Standard Time, with an offset of minus 8 hours from UTC:
Console> (enable) set ntp timezone PST -8
Timezone set to "PST", offset from UTC is -8 hours.
Console> (enable)
Related Commands

clear ntp timezone
show ntp

set password

Use the set password command to change the normal (login) mode password on the switch.

set password
Syntax Description

This command has no arguments or keywords.

Defaults

By default, no password is configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Passwords are case sensitive; they can be from 0 to 30 characters in length, including spaces.

The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.

Examples

This example shows how to set the normal (login) mode password:
Console> (enable) set password
Enter old password: <old_password>
Enter new password: <new_password>
Retype new password: <new_password>
Password changed.
Console> (enable)
Related Commands

set enablepass

set port auxiliaryvlan

Use the set port auxiliaryvlan command to configure the auxiliary VLAN ports.

set port auxiliaryvlan mod [/ports] {vlan | untagged | none}
Syntax Description

mod [/ports]

Variable that specifies the number of the module and (optional) ports.

vlan

Keyword that specifies the number of the VLAN; valid values are from 1 to 1000.

untagged

Keyword that specifies that the port send untagged packets.

none

Keyword that specifies that the port not send any auxiliary VLAN information in the CDP packets from that port.

Defaults

By default, the setting for auxiliary VLAN ports is none.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a port, all ports are selected.

The vlan option specifies that the connected device send packets tagged with a specific VLAN.

Dynamic VLAN support for VVID includes these restrictions to the following configuration of MVAP on the switch port:

•You can configure any VVID on a dynamic port including dot1p and untagged, except when the VVID is equal to untagged. If this is the case, you must configure VMPS with the MAC address of the IP phone. When you configure the VVID as untagged on a dynamic port, the following warning message is displayed:
 VMPS should be configured with the IP phone mac's.
•You cannot change the VVID of the port equal to PVID assigned by the VMPS for the dynamic port.

•You cannot configure trunk ports as dynamic ports, but an MVAP can be configured as a dynamic port.

Examples

This example shows how to set the auxiliary VLAN port to untagged:
Console> (enable) set port auxiliaryvlan 3/7 untagged
Port 3/7 allows the connected device send and receive untagged packets and without 802.1p 
priority.
Console> (enable)
This example shows how to set the auxiliary VLAN port to none:
Console> (enable) set port auxiliaryvlan 3/12 none 
Port 3/12 will not allow sending CDP packets with AuxiliaryVlan information.
Console> (enable)
This example shows how to set the auxiliary VLAN port to a specific module, port, and VLAN:
Console> (enable) set port auxiliaryvlan 2/1-3 222 
Auxiliaryvlan 222 configuration successful.
AuxiliaryVlan AuxVlanStatus Mod/Ports
------------- ------------- -------------------------
222           active        1/2,2/1-3
Console> (enable)
Related CommandsConsole> (enable)

show port auxiliaryvlan

set port channel

Use the set port channel command set to configure EtherChannel on Ethernet module ports.

set port channel mod/port [admin_group]
set port channel mod/port mode {on | off | desirable | auto} [silent | non-silent]
set port channel all mode off
set port channel all distribution mac [both]
Syntax Description

mod/port

Variable that specifies the number of the module and the port on the module.

admin_group

(Optional) Variable that specifies the number of administrative group; valid values are from 1 to 1024.

mode

Keyword that specifies the EtherChannel mode.

on

Keyword that forces the specified ports to channel without PAgP.

off

Keyword that prevents ports from channeling.

desirable

Keyword that sets a PAgP mode that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets.

auto

Keyword that sets a PAgP mode that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not initiate PAgP packet negotiation.

silent

(Optional) Keyword that is used with auto or desirable when no traffic is expected from the other device to prevent the link from being reported to STP as down.

non-silent

(Optional) Keyword that is used with auto or desirable when traffic is expected from the other device.

all mode off

Keywords that turns off channeling on all ports.

all distribution

Keywords that applies frame distribution to all ports in the switch.

mac

Keyword that specifies the frame distribution method using MAC address values.

both

(Optional) Keyword that specifies the frame distribution method using source and destination address values.

Defaults

By default, EtherChannel is set to auto and silent on all module ports. The defaults for frame distribution are mac and both.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Ensure that all ports you intend to channel are configured properly. For complete information on EtherChannel configuration restrictions, refer to the Software Configuration Guide-Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.

Because of the port ID handling by the spanning tree feature, the maximum supported number of channels is 126 for a 6-slot chassis.

Administrative groups specify which ports can form an EtherChannel together. An administrative group can contain a maximum of eight ports. However, administrative group membership is restricted by hardware capabilities. Use the show port capabilities command to determine which ports can form a channel together.

On the Catalyst 4000 family switches, an EtherChannel bundle can consist of any two to eight ports. Ports in an EtherChannel do not have to be contiguous, nor do they have to be on the same module.

With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode.

If you are running QoS, make sure that bundled ports are all of the same trust types and have similar queueing and drop capabilities.

Disable the port security feature on the channeled ports (see the set port security command). If you enable port security for a channeled port, the port shuts down when it receives packets with source addresses that do not match the secure address of the port.

You can configure up to eight ports on the same switch in each administrative group.

When you assign ports to an existing admin group, the original ports associated with the admin group will move to an automatically picked new admin group. You cannot add ports to the same admin group.

If you do not enter an admin_group, it means that you want to create a new administrative group with admin_group selected automatically. The next available admin_group is automatically selected.

If you do not enter the channel mode, the channel mode of the ports addressed are not modified.

The silent | non-silent parameters only apply if desirable or auto modes are entered.

If you do not specify silent or non-silent, the current setting is not affected.

To support jumbo frames, channeling ports need to have the same jumbo frame setting on each port.

Examples

This example shows how to create an EtherChannel on ports 5 and 6 of module 4:
Console> (enable) set port channel 4/5-6 on
Port(s) 4/5-6 are assigned to admin group 56.
Port(s) 4/5-6 channel mode set to on.
Console> (enable)
This example shows how to remove an EtherChannel on ports 5 and 6 of module 4:
Console> (enable) set port channel 4/5-6 mode auto
Port(s) 4/5-6 channel mode set to auto.
Console> (enable) show port channel
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1
No more than 8 ports can be assigned to an admin group.
Console> (enable) 
This example shows how to disable EtherChannel on module 4, ports 4 to 6:
Console> (enable) set port channel 4/4-6 mode off
Port(s) 4/4-6 channel mode set to off.
Console> (enable) 
This example shows the display output when you assign ports to an existing admin group. This example moves ports in admin group 96 to another admin group and assigns module 4, ports 4 to 6 to admin group 96:
Console> (enable) set port channel 4/4-6 96
Port(s) 4/1-3 are moved to admin group 97.
Port(s) 4/4-6 are assigned to admin group 96.
Console> (enable) 
This example shows how to set the channel mode to off for module 4, ports 4 to 6 and assign those ports to an automatically selected admin group:
Console> (enable) set port channel 4/4-6 off
Port(s) 4/4-6 channel mode set to off.
Port(s) 4/4-6 are assigned to admin group 23.
Console> (enable) 
Related Commands

set channel cost
set channel vlancost
show channel
show channel group
show port channel

set port debounce

Use the set port debounce command to enable or disable the debounce timer setting on a per port basis.

set port debounce mod/port {enable | disable}
Syntax Description

mod/port

Variable that specifies the number of the module and the port on the module.

enable | disable

Keywords that enable or disable the debounce timer.

Defaults

The default is the debounce timer is disabled on all ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The debounce timer is the time the firmware waits before notifying the main processor for the supervisor engine of a link change at the physical layer.

Examples

This example shows how to enable the debounce timer for a specific port on a specific module:
Console> (enable) set port debounce 1/1 enable
Debounce is enabled on port 1/1.
Warning:Enabling port debounce causes Link Up/Down detections to be delayed.
It results in loss of data traffic during debouncing period, which might
affect the convergence/reconvergence of various Layer 2 and Layer 3
protocols.
Use with caution.
Console> (enable)
Related Commands

show port debounce

set port disable

Use the set port disable command to disable a port or a range of ports.

set port disable mod_num/port_num
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

Defaults

By default, all ports are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the Access Gateway module.

Examples

This example shows how to disable port 5/10:
Console> (enable) set port disable 5/10
Port 5/10 disabled.
Console> (enable) 
Related Commands

set port enable
show port

set port dot1x

Use the set port dot1x commands to configure dot1x on a port.

set port dot1x mod/port multiple-host {enable | disable}
set port dot1x mod/port {port-control port_control_value}
set port dot1x mod/port {initialize | re-authenticate}
set port dot1x mod/port re-authentication {enable | disable}
Syntax Description

mod/port

Variable that specifies the number of the module and port on the module.

multiple-host

Keyword that specifies multiple-user access; see "Usage Guidelines" for more information.

enable

Keyword that enables multiple-user access.

disable

Keyword that disables multiple-user access.

port-control port_control_value

Keyword and variable that specifies the port control type; valid values are force-authorized, force-unauthorized, and auto.

initialize

Keyword that initializes dot1x on the port.

re-authenticate

Keyword that manually initiates a reauthentication of the entity connected to the port.

re-authentication

Keyword that automatically initiates reauthentication of the entity connected to the port within the reauthentication time period; see "Usage Guidelines" for more information.

enable

Keyword that enables automatic reauthentication.

disable

Keyword that disables automatic reauthentication.

Defaults

The default settings are as follows:

•The default port_control_value is force-authorized.

•The multiple host feature is disabled.

•The reauthentication feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The dot1x port will not be allowed to become a trunk port, MVAP, channel port, dynamic port, or a secure port.

When setting the port control type, the following applies:

•force-authorized forces the controlled port to transition to the authorized state unconditionally and is equivalent to disabling 802.1x restriction in the port.

•force-unauthorized forces the controlled port to transit to the unauthorized state unconditionally and prevents the authorized services of the authenticator to the supplicant.

•auto enables 802.1x control on the port.

If you disable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, only that particular host (MAC address) is allowed on that port. When the system detects another host (different MAC address) on the authorized port, it shuts down the port and displays a syslog message. This is the default system behavior.

If you enable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, any host (any MAC address) is allowed to send or receive traffic on that port.

If you enable reauthentication, you can set the reauthentication time period in seconds by entering the set dot1x re-authperiod seconds command. The default for the reauthentication time period is 3600 seconds.

Examples

This example shows how to set the port control type automatically:
Console> (enable) set port dot1x 4/1 port-control auto
Port 4/1 dot1x port-control is set to auto.
Console> (enable)
This example shows how to initialize dot1x on a port:
Console> (enable) set port dot1x 4/1 initialize
dot1x port 4/1 initializing...
dot1x initialized on port 4/1.
Console> (enable)
This example shows how to manually reauthenticate a port:
Console> (enable) set port dot1x 4/1 re-authenticate
dot1x port 4/1 re-authenticating...
dot1x re-authentication successful...
dot1x port 4/1 authorized.
Console> (enable) 
This example shows how to enable multiple-user access on a specific port:
Console> (enable) set port dot1x 4/1 multiple-host enable
Multiple hosts allowed on port 4/1.
Console> (enable) 
This example shows how to enable automatic reauthentication on a port:
Console> (enable) set port dot1x 4/1 re-authentication enable
Port 4/1 re-authentication enabled.
Console> (enable)
Related Commands

clear dot1x config
set dot1x
show dot1x
show port dot1x

set port duplex

Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port or range of ports.

set port duplex mod_num/port_num {full | half}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

full

Keyword that specifies full-duplex transmission.

half

Keyword that specifies half-duplex transmission.

Defaults

By default, 10-Mbps and 100-Mbps modules have all Ethernet ports set to half duplex.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.

The set port duplex command is not supported on Token Ring ports.

You cannot configure the duplex mode on Gigabit Ethernet ports (they are always in full-duplex mode).

Examples

This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full
Port 2/1 set to full-duplex.
Console> (enable)
This example shows how to set port 1 on module 2 to half duplex:
Console> (enable) set port duplex 2/1 half
Port 2/1 set to half-duplex.
Console> (enable)
Related Commands

show port

set port enable

Use the set port enable command to enable a port or a range of ports.

set port enable mod_num/port_num
Syntax Description

mod _num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

Defaults

By default, all ports are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3
Port 2/3 enabled.
Console> (enable) 
Related Commands

set port disable
show port

set port errdisable-timeout

Use the set port errdisable-timeout command to selectively prevent an errdisabled port from being enabled.

set port errdisable-timeout {mod_num/port_num} {enable | disable}
Syntax Description

mod _num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

enable

Keyword that enables errdisable timeout.

disable

Keyword that disables errdisable timeout.

Defaults

By default, the errdisable-timeout for each port is enabled. This means that when the global timer times out the port will be re-enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set port errdisable-timeout command is helpful during troubleshooting if you intend for a port to remain in the errdisabled state until the problem is fixed.

Examples

This example shows how to prevent port 3/3 from being re-enabled at timeout after it goes into errdisabled state:
Console> (enable) set port errdisable-timeout 3/3 disable
Successfully disabled errdisable-timeout for port 3/3.
Console> (enable) 
Related Commands

set errdisable-timeout

show errdisable-timeout

set port flowcontrol

Use the set port flowcontrol command to configure a port to send or receive pause frames. Pause frames are special packets that signal a source to stop sending frames for a specific period of time because the buffers are full.

set port flowcontrol mod_num/port_num {receive | send} {off | on | desired}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port on the module.

receive

Keyword that specifies if a port processes pause frames.

send

Keyword that specifies if a port sends pause frames.

off

Keyword that prevents a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports.

on

Keyword that enables a local port to receive and process pause frames from remote ports or send pause frames to remote ports.

desired

Keyword that obtains predictable results whether a remote port is set to on, off, or desired.

Defaults

Flow control defaults vary according to port speed:

•Gigabit Ethernet ports default to off for receive and desired for transmit

–Oversubscribed Gigabit Ethernet ports (ports 3-18) on the Catalyst 4000 family 18-port Gigabit Ethernet switching module (WS-X4418-GB) default to desired for receive and on for transmit

•Fast Ethernet ports default to off for receive and on for transmit

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you install an Access Gateway module on your switch, the switch will enable the internal
Gigabit Ethernet port and force flow control off for both send and receive.

Table 2-7 describes guidelines for using different configurations of the send and receive keywords with the set port flowcontrol command.

Table 2-7 Send and Receive Keyword Configurations

Configuration

Description

send on

Enables a local port to send pause frames to remote ports. To obtain predictable results, use send on only when remote ports are set to receive on or receive desired.

send off

Prevents a local port from sending pause frames to remote ports. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.

send desired

Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired.

receive on

Enables a local port to process pause frames that a remote port sends. To obtain predictable results, use receive on only when remote ports are set to send on or send desired.

receive off

Prevents remote ports from sending pause frames to local port. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.

receive desired

Obtains predictable results whether a remote port is set to send on, send off, or send desired.

All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices. However, not all such ports can send pause frames to remote devices.

Table 2-8 identifies the Catalyst Gigabit Ethernet switches, modules, and ports that can send pause frames to remote devices.

Table 2-8 Send Capability by Switch Type, Module, and Port

Module

Ports

Send

All modules except WS-X4418-GB, WS-X4412-2GB-TX, and WS-X4416-2GB-TX)

All ports except for the oversubscibed ports listed below

No

WS-X4418-GB

Uplink ports (1-2)

No

WS-X4418-GB

Oversubscribed ports (3-18)

Yes

WS-X4412-2GB-TX

Uplink ports (13-14)

No

WS-X4412-2GB-TX

Oversubscribed ports (1-12)

Yes

WS-X4416-2GB-TX

Uplink ports (17-18)

No

Examples

This example shows how to configure port 1 of module 5 to receive and process pause frames:
Console> (enable) set port flowcontrol 5/1 receive on
Port 5/1 flow control receive administration status set to on
(port will require far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive and process pause frames if the remote port is configured to send pause frames:
Console> (enable) set port flowcontrol 5/1 receive desired
Port 5/1 flow control receive administration status set to desired
(port will allow far end to send flowcontrol if far end supports it)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive but not process pause frames on port 1 of module 5:
Console> (enable) set port flowcontrol 5/1 receive off
Port 5/1 flow control receive administration status set to off
(port will not allow far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames:
Console> (enable) set port flowcontrol 5/1 send on
Port 5/1 flow control send administration status set to on
(port will send flowcontrol to far end)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames and yield predictable results even if the remote port is set to receive off:
Console> (enable) set port flowcontrol 5/1 send desired
Port 5/1 flow control send administration status set to desired
(port will send flowcontrol to far end if far end supports it)
Console> (enable)
This example shows how to configure port 1 of module 5 to not send pause frames:
Console> (enable) set port flowcontrol 5/1 send off
Port 5/1 flow control send administration status set to off
(port will not send flowcontrol to far end)
Console> (enable)
Related Commands

show port flowcontrol

set port gmrp

Use the set port gmrp command to enable or disable GARP Multicast Registration Protocol (GMRP) on the specified ports in all VLANs.

set port gmrp mod/ports... {enable | disable}
Syntax Description

mod/ports...

Variable that specifies the module number and port number list.

enable

Keyword that enables GMRP on a specified port.

disable

Keyword that disables GMRP on a specified port.

Defaults

By default, GMRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can modify the per-port GMRP configuration, but you must enable GMRP globally using the set gmrp enable command before the per-port GMRP configuration takes effect.

This command is not supported by the Access Gateway module.

Examples

This example shows how to enable GMRP on module 3, port 1:
Console> (enable) set port gmrp 3/1 enable
GMRP enabled on port(s) 3/1.
GMRP feature is currently disabled on the switch.
Console> (enable)
This example shows how to disable GMRP on module 3, ports 1 to 5:
Console> (enable) set port gmrp 3/1-5 disable
GMRP disabled on port(s) 3/1-5.
Console> (enable)
Related Commands

show gmrp configuration

set port gvrp

Use the set port gvrp command to enable or disable GARP VLAN Registration Protocol (GVRP) on the specified ports in all VLANs.

set port gvrp mod/ports... {enable | disable}
Syntax Description

mod/ports...

Variable that specifies the module number and port number list.

enable

Keyword that enables GVRP on the specified ports.

disable

Keyword that disables GVRP on the specified ports.

Defaults

By default, GVRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

GVRP can only be enabled on IEEE 802.1Q trunks.

When VTP pruning is enabled, VTP pruning runs on all GVRP-disabled trunks.

To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.

You can configure GVRP on a port even when GVRP is globally disabled. However, the port will not become a GVRP participant until GVRP is also globally enabled.

This command is not supported by the Access Gateway module.

Examples

This example shows how to enable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 enable
GVRP enabled on 3/2.
Console> (enable) 
This example shows how to disable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 disable
GVRP disabled on 3/2.
Console> (enable) 
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable
Failed to set port 4/1 to GVRP enable. Port not allow GVRP.
Console> (enable) 
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set port gvrp command:
Console> (enable) set port gvrp 5/1 enable
GVRP enabled on 5/1.
GVRP feature is currently disabled on the switch.
Console> (enable)
Related Commands

clear gvrp statistics
set gvrp
show gvrp configuration

set port host

Use the set port host command to optimize the port configuration for a host connection.

set port host mod/ports...
Syntax Description

mod/ports...

Variable that specifies the module number and port number list.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set port host command sets channel mode to off, enables spanning-tree portfast, and sets trunk mode to off. Only an end station can accept this configuration.

Enable spanning-tree portfast start only on ports connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast start port can cause temporary spanning tree loops.

Enable the set port host command to decrease the time it takes to start up packet forwarding.

Examples

This example shows how to optimize the port configuration for end station/host connections on port 1 of modules 2 and 3:
Console> (enable) set port host 2/1,3/1
Warning: Span tree port fast start should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can 
cause temporary spanning tree loops. Use with caution.
Spantree ports 2/1,3/1 fast start enabled.
Port(s) 2/1,3/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
Console> (enable) 
Related Commands

clear port host

set port inlinepower

Use the set port inlinepower command to set the inline power mode of a port or group of ports.

set port inlinepower mod/ports {off | auto}
Syntax Description

mod/ports

Variable that specifies the number of the module and the ports on the module.

off

Keyword that specifies to not power up the port even if an unpowered phone is connected.

auto

Keyword that specifies to power up the port only if the switching module has discovered the phone.

Defaults

By default, the inline power mode is auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter this command on a port that does not support the IP phone power feature, an error message is displayed.

You can enter a single port or a range of ports, but you cannot enter only the module number.

An inline power-capable device can still be detected even if the inline power mode is set to off.

Caution Damage can occur to equipment connected to the port if you are not using a phone that can be configured for the IP phone phantom power feature.

Examples

This example shows how to set the inline power to off for module 2, port 5:
Console> (enable) set port inlinepower 2/5 off
Inline power for port 2/5 set to off.
Console> (enable) 
This example shows the output if the inline power feature is not supported for module 2, ports 3 to 9:
Console> (enable) set port inlinepower 2/3-9 auto
Feature not supported on module 2.
		Console> (enable)
Related Commands

set inlinepower defaultallocation
show environment
show port inlinepower

set port lacp-channel

Use the set port lacp-channel command to set the priority for physical ports, to assign an administrative key to a particular set of ports, or to change the channel mode for a set of ports that were previously assigned to the same administrative key.

set port lacp-channel mod/ports port-priority value
set port lacp-channel mod/ports [admin-key]
set port lacp-channel mod/ports mode {on | off | active | passive}
Syntax Description

mod/ports

Variable that specifies the number of the module and the port(s) on the module.

port-priority

Keyword that specifies the priority for physical ports.

value

Variable that specifies the number of the port priority; valid values are from 1 to 255. See the "Usage Guidelines" section for more information.

admin-key

(Optional) Variable that specifies the number of the administrative key; valid values are from 1 to 1024. See the "Usage Guidelines" section for more information.

mode

Keyword that specifies the channel mode for a set or ports.

on | off | active | passive

Keyword that specifies the status of the channel mode.

Defaults

The default port priority is 128.

The default mode for all ports that are assigned the administrative key is passive.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is allowed only for ports belonging to LACP modules and is rejected by those ports running in PAgP mode.

Higher priority values correspond to lower priority levels.

The following usage guidelines apply when you assign an administrative key to ports:

•If you do not enter a value for the administrative key, the system chooses a value automatically.

•If the value you specify for the administrative key has already been used in your system, the ports that are associated with the value are moved to a new administrative key that is automatically assigned by the system. The previously used value is now associated with new ports.

•You can assign a maximum of 8 ports to an administrative key.

•If you assign an administrative key to a channel that was previously assigned a particular mode, the channel will maintain that mode after you enter the administrative key value.

Examples

This example shows how to Set the priority of ports 1/1 to 1/4 and 2/6 to 2/8 to 10:
Console> (enable) set port lacp-channel 1/1-4,2/6-8 port-priority 10
LACP Port(s) priority set to 10 for ports 1/1-4 2/6-8 
Console> (enable)
This example shows how to assign ports 4/1-4 to an administrative key that the switch automatically chooses:
Console> (enable) set port lacp-channel 4/1-4
Ports 4/1-4 being assigned admin key 96.
Port(s) 4/1-4 channel mode set to passive.
Console> (enable)
This example shows what happens when you try to assign ports 4/4-6 to administrative key 96 when administrative key 96 has previously been used:
Console> (enable) set port lacp-channel 4/4-6 96
admin key 96 already assigned to port 4/1-3.
Port(s) 4/1-3 being assigned to admin key 97.
Port(s) 4/4-6 being assigned to admin key 96.
Port(s) 4/4-6 channel mode set to passive.
Console> (enable)
Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel

set port level

Use the set port level command to set the priority level of a port or range of ports on the
switching bus.

set port level mod_num/port_num {normal | high}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port on the module.

normal

Keyword that sets the port priority to normal.

high

Keyword that sets the port priority to high.

Defaults

By default, all ports are set to the normal priority level.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Packets traveling through a port set at normal priority are served only after packets traveling through a port set at high priority are served.

Examples

This example shows how to set the priority level for port 2 on module 1 to high:
Console> (enable) set port level 1/2 high
Port 1/2 port level set to high.
Console> (enable)
This example shows how to set the priority level for port 2 on module 1 to normal:
Console> (enable) set port level 1/2 normal
Port 1/2 level set to normal.
Console> (enable)
Related Commands

set port disable
set port enable
set port name
set port speed
show port

set port membership

Use the set port membership command to configure ports for dynamic or static VLAN membership.

set port membership mod_num/port_num {dynamic | static}
Syntax Description

mod_num

Variable that specifies the module number.

port_num

Variable that specifies the port number.

dynamic

Keyword that configures the port for dynamic VLAN membership.

static

Keyword that configures the port for static VLAN membership.

Defaults

By default, port membership is static.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Ports configured for dynamic VLAN membership obtain their VLAN assignment through VMPS. Ports configured for static VLAN membership obtain their VLAN assignment through the set vlan command.

When a port is assigned a VLAN dynamically, the show port command output identifies the VLAN as dynamic. If the dynamic port is shut down by a VMPS, its status is shown as shutdown.

This command is not supported by the Access Gateway module.

Dynamic VLAN support for VVID includes these restrictions to the following configuration of MVAP on the switch port:

•You can configure any VVID on a dynamic port including dot1p and untagged, except when the VVID is equal to dot1p or untagged. If this case, then you must configure VMPS with the MAC address of the IP phone. When you configure the VVID as dot1p or untagged on a dynamic port, this warning message is displayed:
VMPS should be configured with the IP phone mac's.
•You cannot change the VVID of the port equal to PVID assigned by the VMPS for the dynamic port.

•You cannot configure trunk ports as dynamic ports, but an MVAP can be configured as a dynamic port.

Examples

This example shows how to set the port membership VLAN assignment to dynamic on module 3, ports 1 to 3:
Console> (enable) set port membership 3/1-3 dynamic
Ports 3/1-3 vlan assignment set to dynamic.
Spantree port fast start option enabled for ports 3/1-3.
Console> (enable)
This example shows how to configure a port for static VLAN membership on module 3, ports 1 to 3:
Console> (enable) set port membership 3/1-3 static
Ports 3/1-3 vlan assignment set to static.
Console> (enable)
Related Commands

set port enable
show port

set port name

Use the set port name command to configure a name for a port.

set port name mod_num/port_num [port_name]
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

port_name

(Optional) Variable that specifies the name of the port.

Defaults

By default, no port names are configured for any ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify the name string, the port name is cleared.

Examples

This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy
Port 4/1 name set.
Console> (enable) 
Related Commands

show port

set port negotiation

Use the set port negotiation command to enable link negotiation on the port that you specify. Link negotiation autonegotiates flow control, duplex mode, and remote fault information.

set port negotiation mod_num/port_num [enable | disable]
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

enable

(Optional) Keyword that enables the link negotiation protocol.

disable

(Optional) Keyword that disables the link negotiation protocol.

Defaults

By default, link negotiation protocol is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Note Use the set port negotiation command only on 1000BASE [SX, LX, and ZX].

If the port does not support this command, the following message is displayed:
Feature not supported on Port N/N.
N/N is the module and port number.

When you enable link negotiation with the set port negotiation command, the system autonegotiates flow control, duplex mode, and remote fault information.

You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link cannot connect.

Examples

This example shows how to enable link negotiation on port 1, module 3:
Console> (enable) set port negotiation 3/1 enable
Link negotiation protocol disabled on port 3/1.
Console> (enable) 
This example shows how to disable link negotiation on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable
Link negotiation protocol disabled on port 4/1.
Console> (enable) 
Related Commands

show port negotiation

set port protocol

Use the set port protocol command to set the protocol filtering group membership of ports.

set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

ip

Keyword that specifies the IP protocol filtering group.

ipx

Keyword that specifies the IPX protocol filtering group.

group

Keyword that specifies the group protocol filtering group.

on

Keyword that indicates the port will receive all the flood traffic for that protocol.

off

Keyword that indicates the port will not receive any flood traffic for that protocol.

auto

Keyword that indicates the port will receive the flood traffic for that protocol only after transmitting packets of that specific protocol.

Defaults

By default, ports are set to on for the IP protocol group and auto for the IPX and group protocol groups.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Protocol filtering is supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups.

You must enable protocol filtering globally on the switch using the set protocolfilter command.

If the configuration for one of the protocol groups is set to auto, the port initially does not receive any flood packets for that protocol. If the connected device transmits packets of that protocol, the port is added to the protocol group and flood traffic for that protocol is transmitted on that port.

Ports configured as auto are removed from the protocol group if the connected device does not transmit the protocol packets within 60 minutes. The ports are also removed from the protocol group on detection of a link down.

On the Catalyst 4000 family switches, packets are classified into the following protocol groups:

•IP

•IPX

•AppleTalk and DECnet ("group")

•Packets not belonging to any of these protocols

Examples

This example shows how to enable IP protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ip on
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to disable IP protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ip off
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto
IP protocol set to auto mode on module 5/1.
Console> (enable)
This example shows how to enable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx on
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to enable automatic IPX membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ipx auto
IP protocol set to auto mode on module 5/1.
Console> (enable)
This example shows how to enable group IP membership of port 1 on module 1:
Console> (enable) set port protocol 1/1 group on
Group protocol enabled on port  1/1.
Console> (enable) 
This example shows how to disable group IP membership of port 1 on module 1:
Console> (enable) set port protocol 1/1 group off
Group protocol disabled on port  1/1.
Console> (enable) 
This example shows how to enable automatic group IP membership of port 1 on module 1:
Console> (enable) set port protocol 1/1 group auto
Group protocol set to auto mode on port  1/1.
Console> (enable) 
Related Commands

set protocolfilter
show port protocol

set port security

Use the set port security command set to configure port security on a port or range of ports.

set port security mod/port... [enable | disable] [mac_addr] [age {age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}] [violation
{shutdown | restrict}]
Syntax Description

mod/port...

Variable that specifies the number of the module and the port on the module.

enable

(Optional) Keyword that enables port security.

disable

(Optional) Keyword that disables port security.

mac_addr

(Optional) Variable that specifes a secure MAC address of the enabled port.

age age_time

(Optional) Keyword and variable that specify the duration for which addresses on the port will be secured; valid values are 0 (to disable) and from 1 to 1440 (minutes).

maximum num_of_mac

(Optional) Keyword and variable that specify the maximum number of MAC addresses to secure on the port; valid values are from
1 to 1025.

shutdown shutdown_time

(Optional) Keyword and variable that specify the duration for which a port will remain disabled in case of a security violation; valid values are 0 (to disable) and from 1 to 1440 (minutes).

violation

(Optional) Keyword that specifies the action to be taken in the event of a security violation.

shutdown

Keyword that shuts down the port in the event of a security violation.

restrict

Keyword that restricts packets from unsecure hosts.

Defaults

The default port security configuration is as follows:

•Port security is disabled.

•Number of secure addresses per port is one.

•Violation action is shutdown.

•Age is permanent (addresses are not aged out).

•Shutdown time is indefinite.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number is 1024.

The set port security violation command allows you to specify whether you want the port to shut down or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.

We recommend that you configure the age timer and the shutdown timer if you want to move a host from one port to another when port security is enabled on those ports. If the age_time value is less than or equal to the shutdown_time value, the moved host will function again in an amount of time equal to the shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer begins when there is a security violation.

Examples

This example shows how to set port security with a learned MAC address:
Console> (enable) set port security 3/1 enable
Port 3/1 port security enabled with the learned mac address.
Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable) set port security 3/1 enable 01-02-03-04-05-06
Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.
Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600
Secure address shutdown time set to 600 minutes for port 7/7.
Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable) 
Related Commands

clear port security
show port security

set port speed

Use the set port speed command to configure transmission speed or autonegotiation. In the default mode, autonegotiation manages the transmission speed, duplex mode, master link, and slave link.

set port speed mod_num port_num {10 | 100 | 1000 | auto}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port on the module.

10

Keyword that specifies a transmission rate of 10 Mbps on 10/100 Fast Ethernet ports.

100

Keyword that specifies a transmission rate of 100 Mbps on 10/100 Fast Ethernet ports.

1000

Keyword that specifies a transmission rate of 1000 Mbps on a 1000BASE-T port.

auto

Keyword that specifies autonegotiation for transmission speed and duplex mode on 10/100 Fast Ethernet ports. On 1000BASE-T Gigabit Ethernet ports, this keyword specifies that autonegotiation determines the master and slave links.

Defaults

By default, all module ports are set to auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

On 1000BASE-T Gigabit Ethernet ports, autonegotiation determines which side of the link is master and which side is slave.

You can configure Ethernet interfaces on the 10/100-Mbps Ethernet switching modules to either 10 Mbps or 100 Mbps, or to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing mode, they automatically configure themselves to operate at the proper speed and transmission type.

If you change the transmission speed of a port that is open to 4 or 16 Mbps, the port will close and reopen at the new transmission speed. If a port closes and reopens on an existing ring using a transmission speed different from that which the ring is operating, the ring will beacon.

If you set the port speed to auto, duplex mode is automatically set to auto.

Examples

This example shows how to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto
Port 2/1 speed set to auto-sensing mode.
Console> (enable)
This example shows how to configure port 2 on module 2 port speed to 10 Mbps:
Console> (enable) set port speed 2/2 10
Port 2/2 speed set to 10 Mbps.
Console> (enable)
This example shows how to configure port 4 on module 3 port speed to 16 Mbps:
Console> (enable) set port speed 3/4 16
Port(s) 3/4 speed set to 16Mbps.
Console> (enable)
Related Commands

set port duplex
show port

set port trap

Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.

set port trap mod_num port_num {enable | disable}
Syntax Description

mod_num

Variable that specifies the number of the module.

port_num

Variable that specifies the number of the port.

enable

Keyword that activates the SNMP link trap.

disable

Keyword that deactivates the SNMP link trap.

Defaults

By default, all port traps are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable
Port 1/2 up/down trap enabled.
Console> (enable)
Related Commands

set port disable
set port duplex
set port enable
set port name
set port speed
show port

set power budget

Use the set power budget command to configure the power settings for the chassis.

set power budget {1 | 2}
Syntax Description

1

Keyword that configures the chassis for one power supply.

2

Keyword that configures the chassis for two power supplies.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If the chassis is has two power supplies and is configured to a power budget of 2, and you try to set the power budget to 1, it is disallowed. You must pull out the extra linecards and design a valid and supported configuration in order to change the power budget to 1.

Examples

This example shows how to set the power budget to 1 for the chassis:
Console>(enable) set power budget 1
Warning: Your power supply budget will be constrained to one power supply and may cause 
one or more linecards to be disabled depending upon your chassis configuration.
Do you want to continue ? [confirm (y/n)]:y
Console>(enable)
set prompt

Use the set prompt command to change the prompt for the CLI.

set prompt prompt_string
Syntax Description

prompt_string

Variable that specifies the string to use as the command prompt.

Defaults

By default, the prompt is set to Console>.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. Use the set prompt command to change the text that is displayed in the system prompt.

Examples

This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100>
system100> (enable)
Related Commands

set system name

set protocolfilter

Use the set protocolfilter command to activate or deactivate protocol filtering.

set protocolfilter {enable | disable}
Syntax Description

enable

Keyword that activates protocol filtering.

disable

Keyword that deactivates protocol filtering.

Defaults

By default, protocol filtering is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Use the set port protocol command to configure protocol filtering group membership on switch ports.

Examples

This example shows how to activate protocol filtering:
Console> (enable) set protocolfilter enable
Protocol filtering enabled on this switch.
Console> (enable)
This example shows how to deactivate protocol filtering:
Console> (enable) set protocolfilter disable
Protocol filtering disabled on this switch.
Console> (enable)
Related Commands

set port protocol
show protocolfilter

set pvlan

Use the set pvlan command to bind the isolated or community VLAN to the primary VLAN and assign the isolated or community ports to the private VLAN.

set pvlan primary_vlan {isolated_vlan | community_vlan} [mod/port | sc0]

Caution Before using this command, we recommend that you read and understand the "Configuring VLANs" chapter in the Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G.

Syntax Description

primary_vlan

Variable that specifies the number of the primary VLAN.

isolated_vlan

Variable that specifies the number of the isolated VLAN.

community_vlan

Variable that specifies the number of the community VLAN.

mod/port

(Optional) Module and port numbers of the isolated or community ports.

sc0

(Optional) Keyword that specifies the inband port sc0.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must set the primary VLAN, isolated VLANs, and community VLANs using the set vlan pvlan-type pvlan_type command before making the association using the set pvlan command.

Each isolated or community VLAN can have only one primary VLAN associated to it. A primary VLAN can have one isolated and/or multiple community VLANs associated to it.

Although you can configure sc0 as a private VLAN port, you cannot configure sc0 as a promiscuous port.

Examples

This example shows how to map VLANs 901, 902, and 903 (isolated or community VLANs) to VLAN 7 (the primary VLAN):
Console> (enable) set pvlan 7 901 4/3
Port 4/3 is successfully assigned to vlan 7, 901 and is made an isolated port.
Console> (enable) set pvlan 7 902 4/4-5
Ports 4/4-5 are successfully assigned to vlan 7, 902 and are made community ports.
Console> (enable) set pvlan 7 903 4/6-7
Ports 4/6-7 are successfully assigned to vlan 7, 903 and are made community ports.
Console> (enable) 
This example shows how to assign the sc0 interface to private VLANs 300 (the primary VLAN) and 301 (isolated, community, or two-way community VLANs):
Console> (enable) set pvlan 300 301 sc0
Successfully set the following ports to Private Vlan 300, 301:
sc0
Console> (enable) 
Related Commands

clear config pvlan
clear pvlan mapping
clear vlan
set pvlan mapping
set vlan
show vlan
show pvlan
show pvlan capability
show pvlan mapping

2