-
Catalyst 4500 Series Software Configuration Guide, 8.2GLX
-
Product Overview
-
Using the Command-Line Interface
-
Configuring Ethernet and Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic VLAN Membership with VMPS
-
Configuring GVRP
-
Configuring Unicast Flood Blocking
-
Configuring the IP Permit List
-
Checking Status and Connectivity
-
Configuring CDP
-
Using Switch TopN Reports
-
Configuring UDLD
-
Adminstering the Switch
-
Configuring VoIP
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Working with System Software Images
-
Working With the Flash File System
-
Working with Configuration Files
-
Modifying the Switch Boot Configuration
-
Configuring System Message Logging
-
Configuring DNS
-
Acronyms
-
Index
-
Table Of Contents
Setting the System Name and System Prompt
Configuring the System Name and Prompt
Setting the System Contact and Location
Enabling or Disabling the "Cisco Systems Console" Telnet Login Banner
Defining and Using Command Aliases
Configuring Permanent and Static ARP Entries
Scheduling a Reset at a Specific Time
Scheduling a Reset Within a Specified Amount of Time
Generating System Status Reports for Tech Support
Administering the Switch
This chapter describes how to perform administrative tasks on the Catalyst enterprise LAN switches.
Note
For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Command Reference.
This chapter consists of these sections:
•
•
•
•
•
•
•
Setting the System Name and System Prompt
The system name on the switch is a user-configurable string that identifies the device. The default configuration has no system name configured.
If you do not manually configure a system name, the switch obtains the system name through a Domain Name System (DNS) lookup. To configure the switch manually, complete the following:
•
•
•
If the DNS lookup is successful, the DNS host name of the switch is configured as the system name of the switch and is saved in NVRAM (the domain name is removed).
If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt (a greater-than symbol [>] is appended). The prompt is updated whenever the system name changes, unless you have manually configured the prompt using the set prompt command.
The switch performs a DNS lookup for the system name whenever one of the following occurs:
•
•
•
•
•
If you configured the system name, no DNS lookup is performed.
Configuring the System Name and Prompt
The following sections describe how to configure the system name and prompt.
Setting the System Name
To set the system name, perform this task in privileged mode:
Note
This example shows how to set the system name on the switch:
Console> (enable) set system name Catalyst 4003System name set.Catalyst 4003> (enable)Setting the System Prompt
To set the system prompt, perform this task in privileged mode:
This example shows how to set the system prompt for the switch:
Console> (enable) set prompt Catalyst4012>Catalyst4012> (enable)Clearing the System Name
To clear the system name, perform this task in privileged mode:
This example shows how to clear the system name:
Console> (enable) set system nameSystem name cleared.Console> (enable)Setting the System Contact and Location
You can set the contact name and location to help you with resource management tasks. To set the system contact and location, perform this task in privileged mode:
This example shows how to set the system contact to sysadmin@corp.com and location to Sunnyvale, CA:
Console> (enable) set system contact sysadmin@corp.comSystem contact set.Console> (enable) set system location Sunnyvale CASystem location set.This example shows how to verify the configuration:
Console> (enable) show systemPS1-Status PS2-Status PS3-Status PEM Installed PEM Powered---------- ---------- ---------- ------------- -----------ok ok ok yes noFan-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout---------- ---------- ---------- -------------- ---------ok off ok 0,18:24:41 nonePS1-Type PS2-Type PS3-Type----------------- ----------------- -----------------WS-X4008-DC-650W WS-X4008 WS-X4008Modem Baud Traffic Peak Peak-Time------- ----- ------- ---- -------------------------disable 9600 0% 0% Wed Apr 24 2002, 15:46:01Power Capacity of the Chassis:2 suppliesWARNING:Power supplies of different values have been insertedSystem Name System Location System Contact CC------------------------ ------------------------ ------------------------ ---Sunnyvale CA sysadmin@corp.com 4006Console> (enable)Setting the System Clock
Note
To set the system clock, perform this task in privileged mode:
Step 1
Set the system clock.
set time [day_of_week] [mm/dd/yy] [hh:mm:ss]
Step 2
Display the current date and time.
show time
This example shows how to set the system clock and display the current date and time:
Console> (enable) set time Fri 06/15/01 12:30:00Fri Jun 15 2001, 12:30:00Console> (enable) show timeFri Jun 15 2001, 12:30:02Console> (enable)Creating a Login Banner
You can create a single or multiline message-of-the-day (MOTD) banner that appears on the screen when someone logs in to the switch. The first character following the motd keyword is used to delimit the beginning and end of the banner text. Characters following the ending delimiter are discarded. After entering the ending delimiter, press Return. The banner must be fewer than 3070 characters.
Configuring a Login Banner
To configure a login banner, perform this task in privileged mode:
Step 1
Set the message of the day.
set banner motd c message_of_the_day c
Step 2
Display the login banner by logging out and logging back in to the switch.
-
This example shows how to set the login banner for the switch. The # symbol indicates the beginning and ending delimiter, but you can use any character for the delimiter.
Console> (enable) set banner motd #Welcome to the Catalyst 4012 Switch!Unauthorized access prohibited.Contact sysadmin@corp.com for access.#MOTD banner setConsole> (enable)Clearing the Login Banner
To clear the login banner, perform this task in privileged mode:
This example shows how to clear the login banner:
Console> (enable) set banner motd ##MOTD banner clearedConsole> (enable)Enabling or Disabling the "Cisco Systems Console" Telnet Login Banner
By default, the Cisco Systems Console Telnet login banner is enabled.
To enable or disable the "Cisco Systems Console" Telnet login banner, perform this task in privileged mode:
This example shows how to enable the Cisco Systems Console Telnet login banner:
Console> (enable) set banner telnet enableCisco Systems Console banner will be printed at telnet.Console> (enable)This example shows how to disable the Cisco Systems Console Telnet login banner:
Console> (enable) set banner telnet disableCisco Systems Console banner will not be printed at telnet.Console> (enable)This example shows how to display the Cisco Systems Console Telnet login banner content:
Console> (enable) show bannerMOTD banner:Welcome to the Catalyst 4012 Switch!Unauthorized access prohibited.Contact sysadmin@corp.com for access.LCD config:Telnet Banner:disabledConsole> (enable)Defining and Using Command Aliases
You can use the set alias command to define up to 100 command aliases (short versions of command names) for frequently used or long and complex commands. Using command aliases can save you time and help prevent typing errors when you are configuring or monitoring the switch.
For the name argument, specify a name for the command alias. The parameter argument is the text that the user types at the command line to activate the command.
To define a command alias on the switch, perform this task in privileged mode:
Step 1
Define a command alias on the switch.
set alias name command [parameter] [parameter]
Step 2
Verify the currently defined command aliases.
show alias [name]
This example shows how to define two command aliases:
•
•
Console> (enable) set alias sm3 show module 3Command alias added.Console> (enable) set alias sp3 show port 3/1Command alias added.Console> (enable)This example shows how to verify the currently defined command aliases:
Console> (enable) show aliassm8 show module 3sp8 show port 3These examples show what happens when you enter the command aliases at the command line:
Console> (enable) sm3Mod Slot Ports Module-Type Model Sub Status--- ---- ----- ------------------------- ------------------- --- --------3 3 6 1000BaseX Ethernet WS-X4306 no okMod Module-Name Serial-Num--- ------------------- --------------------3 JAB024000YYMod MAC-Address(es) Hw Fw Sw--- -------------------------------------- ------ ---------- -----------------3 00-10-7b-f6-b2-1a to 00-10-7b-f6-b2-1f 0.2Console> (enable) sp3Port Name Status Vlan Level Duplex Speed Type----- ------------------ ---------- ---------- ------ ------ ----- ------------3/1 notconnect 1 normal full 1000 1000BaseSXPort Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex----- -------- --------- ------------- -------- -------- -------- -------3/1 disabled shutdown 0 0 1 disabled 9Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left----- -------- ----------------- -------- ----------------- ------------------3/1 0 - - - - -Port Send FlowControl Receive FlowControl RxPause TxPause Unsupportedadmin oper admin oper opcodes----- -------- -------- -------- -------- ------- ------- -----------3/1 desired off off off 0 0 0Port Status Channel Admin ChMode Group Id----- ---------- -------------------- ----- -----3/1 notconnect auto silent 29 0Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize----- ---------- ---------- ---------- ---------- ---------3/1 - 0 0 0 0Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants----- ---------- ---------- ---------- ---------- --------- --------- ---------3/1 0 0 0 0 0 0 0Last-Time-Cleared--------------------------Mon Jun 26 2000, 08:53:49Console> (enable)Defining and Using IP Aliases
You can use the set ip alias command to define aliases for IP addresses. IP aliases can make it easier to refer to other network devices when you use ping, telnet, and other commands, even when DNS is not enabled.
For the name argument, specify a name for your IP alias. For the ip_addr argument, specify the IP address to which the name refers.
To define an IP alias on the switch, perform this task in privileged mode:
Step 1
Define an IP alias on the switch.
set ip alias name ip_addr
Step 2
Verify the currently defined IP aliases.
show ip alias [name]
This example shows how to define two IP aliases, sparc, which refers to IP address 172.20.52.3, and cat4003, which refers to IP address 172.20.52.71. This example also shows how to verify the currently defined IP aliases:
Console> (enable) set ip alias sparc 172.20.52.3IP alias added.Console> (enable) set ip alias cat4003 172.20.52.71IP alias added.This example shows what happens when you use the IP aliases with the ping command:
Console> (enable) show ip aliasdefault 0.0.0.0sparc 172.20.52.3cat5509 172.20.52.71Console> (enable) ping sparcsparc is aliveConsole> (enable) ping cat4003cat4003 is aliveConsole> (enable)Configuring Permanent and Static ARP Entries
To enable your Catalyst LAN switch to communicate with devices that do not respond to Address Resolution Protocol (ARP) requests, you can configure a static or permanent ARP entry that maps the IP addresses of those devices to their MAC addresses. You can configure an ARP entry so that it does not age out by configuring it as either static or permanent. When you configure a static ARP entry using the set arp static command, the entry is removed from the ARP cache after a system reset. When you configure a permanent ARP by using the set arp permanent command, the ARP entry is retained even after a system reset.
Because most hosts support dynamic resolution, you usually do not need to specify static or permanent ARP cache entries. When a device does not respond to ARP requests, you can configure an ARP entry to be statically or permanently entered into the ARP cache so that those devices can still be reached.
To configure a static or permanent ARP entry, perform this task in privileged mode:
This example shows how to define a static ARP entry:
Console> (enable) set arp static 20.1.1.1 00-80-1c-93-80-40Static ARP entry added as 20.1.1.1 at 00-80-1c-93-80-40 on vlan 1Console> (enable)This example shows how to define a permanent ARP entry:
Console> (enable) set arp permanent 10.1.1.1 00-80-1c-93-80-60Permanent ARP entry added as10.1.1.1 at 00-80-1c-93-80-60 on vlan 1Console> (enable)This example shows how to set the ARP aging time:
Console> (enable) set arp agingtime 300ARP aging time set to 300 seconds.Console> (enable)This example shows how to display the ARP cache:
Console> (enable) show arpARP Aging time = 300 sec+ - Permanent Arp Entries* - Static Arp Entries* 20.1.1.1 at 00-80-1c-93-80-40 on vlan 1172.20.52.35 at 00-80-1c-93-80-40 on vlan 1172.20.52.35 at 00-80-1c-93-80-40 on vlan 1Console> (enable)To clear ARP entries, perform this task in privileged mode:
Step 1
Clear a dynamic, static, or permanent ARP entry.
clear arp [dynamic | permanent | static] {ip_addr hw_addr}
Step 2
Verify the ARP configuration.
show arp
This example shows how to clear all permanent ARP entries and verify the configuration:
Console> (enable) clear arp permanentPermanent ARP entries cleared.Console> (enable) show arpARP Aging time = 300 sec+ - Permanent Arp Entries* - Static Arp Entries+ 10.1.1.1 at 00-80-1c-93-80-60 on vlan 1* 20.1.1.1 at 00-80-1c-93-80-40 on vlan 1Console> (enable)Configuring Static Routes
Note
In some situations, you might need to add a static routing table entry for one or more destination networks. Static route entries consist of the destination IP network address, the IP address of the next-hop router, and the metric (hop count) for the route.
In software release 5.1 and later releases, you can configure Classless InterDomain Routing (CIDR) routes, such as IP supernets, in the switch IP routing table. You can specify the subnet mask for a destination network using the number of subnet bits or using the subnet mask in dotted decimal format. If no subnet mask is specified, the default (classful) mask is used.
The switch uses the longest-match network address in the IP routing table to determine which gateway to use to forward IP traffic. In releases prior to software release 5.1, the switch always uses the classful subnet mask for IP routing table entries.
The switch forwards IP traffic that is generated by the switch using the longest address match in the IP routing table. The switch does not use the IP routing table to forward traffic from connected devices. The IP routing table is used by the switch only to forward IP traffic that is generated by the switch (for example, Telnet, TFTP, and ping).
In software releases prior to software release 5.1, the classful subnet mask is always used (you cannot specify the subnet mask for the destination network).
To configure a static route, perform this task in privileged mode:
This example shows how to configure a static route on the switch and verify that the route is configured properly in the routing table:
Console> (enable) set ip route 172.16.16.0/20 172.20.52.127Route added.Console> (enable) show ip routeFragmentation Redirect Unreachable------------- -------- -----------enabled enabled enabledThe primary gateway: 172.20.52.121Destination Gateway RouteMask Flags Use Interface--------------- --------------- ---------- ----- -------- ---------172.16.16.0 172.20.52.127 0xfffff000 UG 0 sc0default 172.20.52.121 0x0 UG 0 sc0172.20.52.120 172.20.52.124 0xfffffff8 U 1 sc0default default 0xff000000 UH 0 sl0Console> (enable)Scheduling a System Reset
You can use the reset at command to schedule a system to reset at a future time. This feature allows you to upgrade software during business hours and schedule the system upgrade after business hours to avoid a major impact on users.
You can also use the schedule reset feature when trying out new features on a switch. To avoid misconfiguration or the possibility of losing network connectivity to the device, you can set up the startup configuration feature and schedule a reset to occur in 30 minutes. You can then change the configuration, and if connectivity is lost, the system will reset in 30 minutes and return to the previous configuration.
Scheduling a Reset at a Specific Time
You can specify an absolute time and date for the reset by using the reset at command. The month and day argument is optional. If you do not specify a month and day, the reset takes place on the current day if the time that is specified is later than the current time. If the time that is scheduled for reset is earlier than the current time, the reset takes place on the following day.
Note
To schedule a reset at a specific time, perform this task in privileged mode:
Step 1
Schedule the reset time at a specific time.
reset [mindown] at {hh:mm} [mm/dd] [reason]
Step 2
Verify the scheduled reset.
show reset
This example shows how to schedule a reset at a specific time:
Console> (enable) reset at 20:00Reset scheduled at 20:00:00, Sat Aug 18 2001.Proceed with scheduled reset? (y/n) [n]? yReset scheduled for 20:00:00, Sat Aug 18 2001 (in 0 day 5 hours 40 minutes).Console> (enable)This example shows how to schedule a reset at a specific time and include a reason for the reset:
Console> (enable) reset at 23:00 08/18 Software upgrade to 5.3(1)Reset scheduled at 23:00:00, Sat Aug 18 2001.Reset reason: Software upgrade to 6.3(1).Proceed with scheduled reset? (y/n) [n]? yReset scheduled for 23:00:00, Sat Aug 18 2001 (in 0 day 8 hours 39 minutes).Console> (enable)This example shows how to schedule a reset with a minimum of downtime:
Console> (enable) reset mindown at 23:00 08/18 Software upgrade to 6.3(1)Reset scheduled at 23:00:00, Sat Aug 18 2001.Reset reason: Software upgrade to 6.3(1).Proceed with scheduled reset? (y/n) [n]? yReset mindown scheduled for 23:00:00, Sat Aug 18 2001 (in 0 day 8 hours 39 minutes).Console> (enable)Scheduling a Reset Within a Specified Amount of Time
You can schedule a reset within a specified time by entering the reset in command. For example, if the current system time is 9:00 a.m. and the reset is scheduled to take place in one hour, the scheduled reset will take place at 10:00 a.m. If you or NTP advances the system clock to 10:00 a.m., the reset will take place at 11:00 a.m. If the clock is advanced ahead of the scheduled reset time, the reset will take place 5 minutes after the command is issued.
To schedule a reset within a specified time, perform this task in privileged mode:
Step 1
Schedule the reset time within a specific amount of time.
reset [mindown] in [hh] {mm} [reason]
Step 2
Verify that the scheduled reset time is correct.
show reset
Note
This example shows how to schedule a reset in a specified time:
Console> (enable) reset in 5:20 Configuration updateReset scheduled in 5 hours 20 minutes.Reset reason: Configuration updateProceed with scheduled reset? (y/n) [n]? yReset scheduled for 19:56:01, Wed Aug 18 1999 (in 5 hours 20 minutes).Reset reason: Configuration updateConsole> (enable)Generating System Status Reports for Tech Support
Using a single command, you can generate a report that contains status information about your switch. This command is a combination of several show system status commands. (Refer to the Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Command Reference for these commands.) You can upload the report to a TFTP server and send it to the Cisco Technical Assistance Center (TAC).
You can use keywords to limit the report, such as for specific modules, VLANs, and ports. If you do not specify any keywords, a report for the entire system is generated.
To write and send a report for TAC, perform this task in privileged mode:
Generate a system status report for TAC.
write tech-support {host} {file} [module mod_num] [port mod_num/port_num] [vlan vlan_num] [memory] [config]
This example shows a report that was sent to host 172.20.32.10 and to a filename techsuport.txt. No keywords are specified, so the complete status of the switch is included in the report.
Console> (enable) write tech-support 172.20.32.10 techsupport.txtUpload tech-report to techsupport.txt on 172.20.32.10 (y/n) [n]? y/Finished network upload. (67784 bytes)Console> (enable)
