Table Of Contents

Catalyst 4500 Series IOS Commands

action

apply

auto-sync

channel-group

class-map

clear counters

clear interface gigabitethernet

clear interface vlan

clear ip access-template

clear ip igmp group

clear ip mfib counters

clear ip mfib fastdrop

clear mac-address-table dynamic

clear pagp

clear qos

debug adjacency

debug backup

debug condition interface

debug condition standby

debug condition vlan

debug dot1x

debug etherchnl

debug interface

debug ipc

debug ip dhcp snooping event

debug ip dhcp snooping packet

debug monitor

debug nvram

debug pagp

debug pm

debug redundancy

debug smf updates

debug spanning-tree

debug spanning-tree backbonefast

debug spanning-tree switch

debug spanning-tree uplinkfast

debug sw-vlan

debug sw-vlan ifs

debug sw-vlan notification

debug sw-vlan vtp

debug udld

define interface-range

dot1x initialize

dot1x max-req

dot1x multiple-hosts

dot1x port-control

dot1x re-authenticate

dot1x re-authentication

dot1x system-auth-control

dot1x timeout

duplex

errdisable detect

errdisable recovery

flowcontrol

hw-module reset

instance

interface port-channel

interface range

interface vlan

ip dhcp snooping

ip dhcp snooping information option

ip dhcp snooping limit rate

ip dhcp snooping trust

ip dhcp snooping vlan

ip igmp filter

ip igmp max-groups

ip igmp profile

ip igmp query-interval

ip igmp snooping

ip igmp snooping report-suppression

ip igmp snooping vlan

ip igmp snooping vlan immediate-leave

ip igmp snooping vlan mrouter

ip igmp snooping vlan static

ip local-proxy-arp

ip cef load-sharing algorithm

ip mfib fastdrop

ip sticky-arp

mac access-list extended

mac-address-table aging-time

mac-address-table static

main-cpu

match

monitor session

name

pagp learn-method

pagp port-priority

policy-map

port-channel load-balance

power inline

power redundancy-mode

power supplies required

private-vlan

private-vlan mapping

private-vlan synchronize

qos (global configuration mode)

qos (interface configuration mode)

qos aggregate-policer

qos cos

qos dscp

qos map cos

qos map dscp

qos map dscp policed

qos trust

qos vlan-based

redundancy

redundancy force-switchover

redundancy reload

reset

revision

service-policy

Catalyst 4500 Series IOS Commands

---

This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco IOS commands that are not described in this documentation, refer to the following publications:

•Cisco IOS Configuration Fundamentals Configuration Guide

•Cisco IOS Command Reference

action

To specify an action to be taken when a match occurs in a VACL, use the action command. To remove an action clause, use the no form of this command.

action {drop | forward}

no action {drop | forward}

Syntax Description

drop	Sets the action to drop packets.
forward	Sets the action to forward packets to their destination.

Defaults

No action is taken.

Command Modes

VLAN access-map

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

In a VLAN access map, if at least one ACL is configured for a packet type (IP or MAC), the default action for the packet type is drop (deny).

If an ACL is not configured for a packet type, the default action for the packet type is forward (permit).

If an ACL for a packet type is configured and the ACL is empty or undefined, the configured action will be applied to the packet type.

Examples

This example shows how to define a drop action:

Switch(config-access-map)# action drop 

Switch(config-access-map)#

This example shows how to define a forward action:

Switch(config-access-map)# action forward 

Switch(config-access-map)#

Related Commands

match
show vlan access-map
vlan access-map

apply

To implement a new VLAN database, increment the configuration number, save the configuration number in NVRAM, and propagate the configuration number throughout the administrative domain, use the apply command.

apply

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

VLAN configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The apply command implements the configuration changes you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.

You cannot use this command when the switch is in the VTP client mode.

You can verify that VLAN database changes occurred by entering the show vlan command from privileged EXEC mode.

Examples

This example shows how to implement the proposed new VLAN database and to recognize it as the current database:

Switch(config-vlan)# apply

Switch(config-vlan)#

Related Commands

abort (refer to Cisco IOS documentation)
exit (refer to Cisco IOS documentation)
reset
show vlan
shutdown vlan (refer to Cisco IOS documentation)
vtp (global configuration mode)

auto-sync

To enable automatic synchronization of the configuration files in NVRAM, use the auto-sync command. To disable automatic synchronization, use the no form of this command.

auto-sync {startup-config | config-register | bootvar | standard}

no auto-sync {startup-config | config-register | bootvar | standard}

Syntax Description

startup-config	Specifies automatic synchronization of the startup configuration.
config-register	Specifies automatic synchronization of the configuration register configuration.
bootvar	Specifies automatic synchronization of the BOOTVAR configuration.
standard	Specifies automatic synchronization of the startup configuration, BOOTVAR, and configuration registers.

Defaults

The files are all automatically synchronized by default.

Command Modes

Redundancy main-cpu

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch. (Catalyst 4507R only)

Usage Guidelines

If you enter the no auto-sync standard command, no automatic synchronizations occur. If you want to enable any of the options, you have to enter the appropriate command for each option.

Examples

This example shows how (from the default configuration) to enable automatic synchronization of the configuration register in the main CPU:

Switch# configure terminal

Switch (config)# redundancy

Switch (config-r)# main-cpu

Switch (config-r-mc)# no auto-sync standard

Switch (config-r-mc)# auto-sync configure-register

Switch (config-r-mc)#

Related Commands

redundancy

channel-group

To assign and configure an EtherChannel interface to an EtherChannel group, use the channel-group command. To remove a channel group configuration from an interface, use the no form of this command.

channel-group number mode {on | auto [non-silent] | desirable [non-silent]}

no channel-group

Syntax Description

number	Specifies the channel group number; valid values are from 1 to 64.
mode	Specifies the EtherChannel mode of the interface.
on	Forces the port to channel without PAgP.
auto	Places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not initiate PAgP packet negotiation.
non-silent	(Optional) Used with the auto or desirable mode when traffic is expected from the other device.
desirable	Places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets.

Defaults

No channel groups are assigned.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You do not have to create a port channel interface before assigning a physical interface to a channel group. If a port channel interface has not been created, it is automatically created when the first physical interface for the channel group is created.

You can also create port channels by entering the interface port-channel command. This will create a Layer 3 port channel. To change the Layer 3 port channel into a Layer 2 port channel, use the switchport command before you assign physical interfaces to the channel group. A port channel cannot be changed from Layer 3 to Layer 2 or vice versa when it contains member ports.

You do not have to disable the IP address that is assigned to a physical interface that is part of a channel group, but we recommend that you do so.

Any configuration or attribute changes you make to the port-channel interface are propagated to all interfaces within the same channel group as the port channel (for example, configuration changes are also propagated to the physical interfaces that are not part of the port channel, but are part of the channel group).

With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode.

---

Caution Do not enable Layer 3 addresses on the physical EtherChannel interfaces. Assigning bridge groups on the physical EtherChannel interfaces causes loops in your network.

---

Examples

This example shows how to add Gigabit Ethernet interface 1/1 to the EtherChannel group specified by port channel 45:

Switch(config-if)# channel-group 45 mode on 

Creating a port-channel interface Port-channel45

Switch(config-if)# 

Related Commands

interface port-channel
show interfaces port-channel (refer to Cisco IOS documentation)

class-map

To access the QoS class map configuration mode to configure QoS class maps, use the class-map command. To delete a class map, use the no form of this command.

class-map [match-all | match-any] name

no class-map [match-all | match-any] name

Syntax Description

match-all	(Optional) Specifies that all match criteria in the class map must be matched.
match-any	(Optional) Specifies that one or more match criteria must match.
name	Name of the class map.

Defaults

All match criteria must be satisfied.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Use the class-map command and its subcommands on individual interfaces to define packet classification, marking, aggregate, and flow policing as part of a globally named service policy.

These commands are available in QoS class map configuration mode:

•exit—Exits you from QoS class map configuration mode.

•no—Removes a match statement from a class map.

•match—Configures classification criteria.

These optional subcommands to match command are also available:

–access-group {acl_index | name acl_name}

–ip {dscp | precedence} value1 value2... value8

–any

The following subcommands appear in the CLI help, but they are not supported on LAN interfaces:

•input-interface {interface interface_number | null number | vlan vlan_id}

•protocol linktype

•destination-address mac mac_address

•source-address mac mac_address

•qos-group

•mpls

•not

After you have configured the class map name and are in class map configuration mode, you can enter the match subcommands. The syntax for these subcommands is as follows:

match {[access-group {acl_index | name acl_name}] | [ip {dscp | precedence} value1 value2... value8]}

See Table 2-1 for a syntax description of the match subcommands.

Table 2-1 Syntax Description for the match Command

Optional Subcommand	Description
access-group acl_index | acl_name	Specifies the access list index or access list names; valid access list index values are from 1 to 2699.
access-group acl_name	Specifies the named access list.
ip dscp value1 value2 ... value8	Specifies IP DSCP values to match; valid values are from 0 to 63. Enter up to eight DSCP values separated by white spaces.
ip precedence value1 value2 ... value8	Specifies IP precedence values to match; valid values are from 0 to 7. Enter up to eight precedence values separated by white spaces.

Examples

This example shows how to access the class-map commands and subcommands and configure a class map named ipp5 and enter a match statement for ip precedence 5:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# class-map ipp5

Switch(config-cmap)# match ip precedence 5

Switch(config-cmap)# 

This example shows how to configure the class map to match an already configured access list:

Switch(config-cmap)# match access-group IPacl1

Switch(config-cmap)# 

Related Commands

policy-map
service-policy
show class-map
show policy-map
show policy-map interface

clear counters

To clear interface counters, use the clear counters command.

clear counters [{fastethernet interface_number} | {GigabitEthernet interface_number} |
{Null interface_number} | {Port-channel number} | {Vlan vlan_id}]

Syntax Description

fastethernet interface_number	(Optional) Specifies the Fast Ethernet interface; valid values are from 1 to 9.
GigabitEthernet interface_number	(Optional) Specifies the Gigabit Ethernet interface; valid values are from 1 to 9.
Null interface_number	(Optional) Specifies the null interface; the valid value is 0.
Port-channel number	(Optional) Specifies the channel interface; valid values are from 1 to 64.
Vlan vlan_id	(Optional) Specifies the VLAN; valid values are from 1 to 4096.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Usage Guidelines

This command clears all the current interface counters from the interfaces unless you specify the interface.

---

Note This command does not clear counters retrieved using SNMP, but only those that appear when you enter the show interface counters command.

---

Examples

The following example clears all interface counters:

Switch# clear counters

Clear "show interface" counters on all interfaces [confirm]y

Switch# 

This example shows how to clear counters on a specific interface:

Switch# clear counters vlan 200

Clear "show interface" counters on this interface [confirm]y

Switch# 

Related Commands

show interface counters (refer to Cisco IOS documentation)

clear interface gigabitethernet

To clear the hardware logic from a Gigabit Ethernet IEEE 802.3z interface, use the clear interface gigabitethernet command.

clear interface gigabitethernet slot/port

Syntax Description

slot/port

Number of the slot and port.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to clear the hardware logic from a Gigabit Ethernet IEEE 802.3z interface:

Switch# clear interface gigabitethernet 1/1

Switch# 

Related Commands

show interfaces status

clear interface vlan

To clear the hardware logic from a VLAN, use the clear interface vlan command.

clear interface vlan number

Syntax Description

number

Number of the VLAN interface; valid values are from 1 to 4094.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Examples

This example shows how to clear the hardware logic from a specific VLAN:

Switch# clear interface vlan 5

Switch#

Related Commands

show interfaces status

clear ip access-template

To clear statistical information in access lists, use the clear ip access-template command.

clear ip access-template access-list

Syntax Description

access-list

Number of the access list; valid values are from 100 to 199 for an IP extended access list, and from 2000 to 2699 for an expanded range IP extended access list.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to clear statistical information for an access list:

Switch# clear ip access-template 201

Switch#

clear ip igmp group

To delete IGMP group cache entries, use the clear ip igmp group command.

clear ip igmp group [{fastethernet slot/port} | {GigabitEthernet slot/port} | {host_name | group_address} {Loopback interface_number} | {Null interface_number} | {Port-channel number} | {Vlan vlan_id}]

Syntax Description

fastethernet	(Optional) Specifies the Fast Ethernet interface.
slot/port	(Optional) Number of the slot and port.
GigabitEthernet	(Optional) Specifies the Gigabit Ethernet interface.
host_name	(Optional) Host name as defined in the DNS hosts table or with the ip host command.
group_address	(Optional) Address of the multicast group in four-part, dotted notation.
Loopback interface_number	(Optional) Specifies the loopback interface; valid values are from 0 to 2,147,483,647.
Null interface_number	(Optional) Specifies the null interface; the valid value is 0.
Port-channel number	(Optional) Specifies the channel interface; valid values are from 1 to 64.
Vlan vlan_id	(Optional) Specifies the VLAN; valid values are from 1 to 4094.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The IGMP cache contains a list of the multicast groups of which hosts on the directly connected LAN are members.

To delete all entries from the IGMP cache, enter the clear ip igmp group command with no arguments.

Examples

This example shows how to clear entries for a specific group from the IGMP cache:

Switch# clear ip igmp group 224.0.255.1

Switch# 

This example shows how to clear IGMP group cache entries from a specific interface:

Switch# clear ip igmp group gigabitethernet 2/2

Switch# 

Related Commands

ip host (refer to Cisco IOS documentation)
show ip igmp groups (refer to Cisco IOS documentation)
show ip igmp interface

clear ip mfib counters

To clear global MFIB counters and counters for all active MFIB routes, use the clear ip mfib counters command.

clear ip mfib counters

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to clear all the active MFIB routes and global counters:

Switch# clear ip mfib counters

Switch#

Related Commands

show ip mfib

clear ip mfib fastdrop

To clear all MFIB fast drop entries, use the clear ip mfib fastdrop command.

clear ip mfib fastdrop

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If new fast-dropped packets arrive, new fast drop entries are created.

Examples

This example shows how to clear all fast drop entries:

Switch# clear ip mfib fastdrop

Switch#

Related Commands

ip mfib fastdrop
show ip mfib fastdrop

clear mac-address-table dynamic

To clear dynamic address entries from the Layer 2 MAC address table, use the clear mac-address-table dynamic command.

clear mac-address-table dynamic [{address mac_addr} | {interface interface}] [vlan vlan_id]

Syntax Description

address mac_addr	(Optional) Specifies the MAC address.
interface interface	(Optional) Specifies the interface and clear the entries associated with it; valid values are FastEthernet and GigabitEthernet.
vlan vlan_id	(Optional) Specifies the VLANs; valid values are from 1 to 4094.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Usage Guidelines

Enter the clear mac-address-table dynamic command with no arguments to remove all dynamic entries from the table.

Examples

This example shows how to clear all dynamic Layer 2 entries for a specific interface (gi1/1):

Switch# clear mac-address-table dynamic interface gi1/1

Switch# 

Related Commands

mac-address-table aging-time
mac-address-table static
show mac-address-table address

clear pagp

To clear port channel information, use the clear pagp command.

clear pagp {group-number | counters}

Syntax Description

group-number	Channel group number; valid values are from 1 to 64.
counters	Clears traffic filters.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to clear port channel information for a specific group:

Switch# clear pagp 32

Switch#

This example shows how to all clear port channel traffic filters:

Switch# clear pagp counters

Switch#

Related Commands

show pagp

clear qos

To clear global and per-interface aggregate QoS counters, use the clear qos command.

clear qos [aggregate-policer [name] | interface {{fastethernet | GigabitEthernet} {slot/interface}} | vlan {vlan_num} | Port-channel {number}]

Syntax Description

aggregate-policer name	(Optional) Specifies an aggregate policer.
interface	(Optional) Specifies an interface.
fastethernet	(Optional) Specifies the Fast Ethernet 802.3 interface.
GigabitEthernet	(Optional) Specifies the Gigabit Ethernet 802.3z interface.
slot/interface	(Optional) Number of the slot and interface.
vlan vlan_num	(Optional) Specifies a VLAN.
Port-channel number	(Optional) Specifies the channel interface; valid values are from 1 to 64.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

---

Note Entering the clear qos command affects the policing token bucket counters and might briefly allow traffic to be forwarded that would otherwise be policed.

---

The clear qos command resets the interface QoS policy counters. If no interface is specified, the clear qos command resets the QoS policy counters for all interfaces.

Examples

This example shows how to clear global and per-interface aggregate QoS counters for all protocols:

Switch# clear qos

Switch# 

This example shows how to clear specific protocol aggregate QoS counters for all interfaces:

Switch# clear qos aggregate-policer 

Switch# 

Related Commands

show qos

debug adjacency

To display adjacency debugging information, use the debug adjacency command. To disable debugging output, use the no form of this command.

debug adjacency [ipc]

no debug adjacency

Syntax Description

ipc	(Optional) Displays IPC entries in the adjacency database.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to display information in the adjacency database:

Switch# debug adjacency

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00

<... output truncated...>

Switch#

Related Commands

undebug adjacency (same as no debug adjacency)

debug backup

To debug backup events, use the debug backup command. To disable debugging output, use the no form of this command.

debug backup

no debug backup

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug backup events:

Switch# debug backup

Backup events debugging is on

Switch# 

Related Commands

undebug backup (same as no debug backup)

debug condition interface

To limit debugging output of interface-related activities, use the debug condition interface command. To disable debugging output, use the no form of this command.

debug condition interface {fastethernet slot/port | GigabitEthernet slot/port | Null | Port-channel interface-num | vlan vlan_id}

no debug condition interface {fastethernet slot/port | GigabitEthernet slot/port | Null | Port-channel interface-num | vlan vlan_id}

Syntax Description

fastethernet	Limits debugging to Fast Ethernet interfaces.
slot/port	Number of the slot and port.
GigabitEthernet	Limits debugging to Gigabit Ethernet interfaces.
Null interface-num	Limits debugging to null interfaces; the valid value is 0.
Port-channel interface-num	Limits debugging to port-channel interfaces; valid values are from 1 to 64.
vlan vlan_id	Specifies the VLAN interface number; valid values are from 1 to 4094.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Examples

This example shows how to limit debugging output to VLAN interface 1:

Switch# debug condition interface vlan 1

Condition 2 set

Switch#

Related Commands

debug interface
undebug condition interface (same as no debug condition interface)

debug condition standby

To limit debugging output for standby state changes, use the debug condition standby command. To disable debugging output, use the no form of this command.

debug condition standby {fastethernet slot/port | GigabitEthernet slot/port |
Port-channel interface-num | vlan vlan_id group-number}

no debug condition standby {fastethernet slot/port | GigabitEthernet slot/port |
Port-channel interface-num | vlan vlan_id group-number}

Syntax Description

fastethernet	Limits debugging to Fast Ethernet interfaces.
slot/port	Number of the slot and port.
GigabitEthernet	Limits debugging to Gigabit Ethernet interfaces.
Port-channel interface-num	Limits debugging output to port-channel interfaces; valid values are from 1 to 64.
vlan vlan_id	Limits debugging of a condition on a VLAN interface; valid values are from 1 to 4094.
group-number	VLAN group number; valid values are from 0 to 255.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Usage Guidelines

If you attempt to remove the only condition set, you will be prompted with a message asking if you want to abort the removal operation. You can press n to abort the removal or press y to proceed with the removal. If you remove the only condition set, it may cause an excessive number of debugging messages.

Examples

This example shows how to limit the debugging output to group 0 in VLAN 1:

Switch# debug condition standby vlan 1 0

Condition 3 set

Switch#

This example shows the display if you try to turn off the last standby debug condition:

Switch# no debug condition standby vlan 1 0

This condition is the last standby condition set.

Removing all conditions may cause a flood of debugging

messages to result, unless specific debugging flags

are first removed.

Proceed with removal? [yes/no]: n

% Operation aborted     

Switch#                           

Related Commands

undebug condition standby (same as no debug condition standby)

debug condition vlan

To limit VLAN debugging output for a specific VLAN, use the debug condition vlan command. To disable debugging output, use the no form of this command.

debug condition vlan {vlan_id}

no debug condition vlan {vlan_id}

Syntax Description

vlan_id

Number of the VLAN; valid values are from 1 to 4096.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Usage Guidelines

If you attempt to remove the only VLAN condition set, you will be prompted with a message asking if you want to abort the removal operation. You can press n to abort the removal or press y to proceed with the removal. If you remove the only condition set, it could result in the display of an excessive number of messages.

Examples

This example shows how to limit debugging output to VLAN 1:

Switch# debug condition vlan 1

Condition 4 set

Switch# 

This example shows the message that is displayed when you attempt to disable the last VLAN debug condition:

Switch# no debug condition vlan 1

This condition is the last vlan condition set.

Removing all conditions may cause a flood of debugging

messages to result, unless specific debugging flags

are first removed.

Proceed with removal? [yes/no]: n

% Operation aborted     

Switch# 

Related Commands

undebug condition vlan (same as no debug condition vlan)

debug dot1x

To enable debugging for the 802.1x feature, use the debug dot1x command. Use the no form of this command to disable debugging output.

debug dot1x {all | errors | events | packets | registry | state-machine}

no debug dot1x {all | errors | events | packets | registry | state-machine}

Syntax Description

all	Enables debugging of all conditions.
errors	Enables debugging of print statements guarded by the dot1x error flag.
events	Enables debugging of print statements guarded by the dot1x events flag.
packets	All incoming dot1x of packets are printed with packet and interface information.
registry	Enables debugging of print statements guarded by the dot1x registry flag.
state-machine	Enables debugging of print statements guarded by the dot1x registry flag.

Defaults

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

To disable debugging, you can use the no debug dot1x command, or the undebug dot1x command.

Related Commands

show dot1x

debug etherchnl

To debug EtherChannel/PAgP shim, use the debug etherchnl command. To disable debugging output, use the no form of this command

debug etherchnl [all | detail | error | event | idb | linecard]

no debug etherchnl

Syntax Description

all	(Optional) Displays all EtherChannel debug messages.
detail	(Optional) Displays detailed EtherChannel debug messages.
error	(Optional) Displays EtherChannel error debug messages.
event	(Optional) Debugs major EtherChannel event messages.
idb	(Optional) Debugs PAgP IDB messages.
linecard	(Optional) Debugs SCP messages to the module.

Defaults

All EtherChannel debug messages are displayed.

Command Modes

EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If you do not specify a keyword, all debug messages are displayed.

Examples

This example shows how to display all EtherChannel debug messages:

Switch> debug etherchnl

PAgP Shim/FEC debugging is on

22:46:30:FEC:returning agport Po15 for port (Fa2/1)

22:46:31:FEC:returning agport Po15 for port (Fa4/14)

22:46:33:FEC:comparing GC values of Fa2/25 Fa2/15 flag = 1 1

22:46:33:FEC:port_attrib:Fa2/25 Fa2/15 same

22:46:33:FEC:EC - attrib incompatable for Fa2/25; duplex of Fa2/25 is half, Fa2/15 is full

22:46:33:FEC:pagp_switch_choose_unique:Fa2/25, port Fa2/15 in agport Po3 is incompatable

Switch>

This example shows how to display EtherChannel IDB debug messages:

Switch> debug etherchnl idb

Agport idb related debugging is on

Switch>

This example shows how to disable debugging:

Switch> no debug etherchnl

Switch>

Related Commands

undebug etherchnl (same as no debug etherchnl)

debug interface

To abbreviate entry of the debug condition interface command, use the debug interface command. To disable debugging output, use the no form of this command.

debug interface {fastethernet slot/port | GigabitEthernet slot/port | Null |
Port-channel interface-num | vlan vlan_id}

no debug interface {fastethernet slot/port | GigabitEthernet slot/port | Null |
Port-channel interface-num | vlan vlan_id}

Syntax Description

fastethernet	Limits debugging to Fast Ethernet interfaces.
slot/port	Number of the slot and port.
GigabitEthernet	Limits debugging to Gigabit Ethernet interfaces.
Null	Limits debugging to null interfaces; the only valid value is 0.
Port-channel interface-num	Limits debugging to port channel interfaces; valid values are from 1 to 64.
vlan vlan_id	Specifies the VLAN interface number; valid values are from 1 to 4094.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Examples

This example shows how to limit debugging to interface VLAN 1:

Switch# debug interface vlan 1

Condition 1 set

Switch#

Related Commands

debug condition interface
undebug interface (same as no debug interface)

debug ipc

To debug IPC activity, use the debug ipc command. To disable debugging output, use the no form of this command.

debug ipc {all | errors | events | headers | packets | ports | seats}

no debug ipc {all | errors | events | headers | packets | ports | seats}

Syntax Description

all	Enables all IPC debugging.
errors	Enables IPC error debugging.
events	Enables IPC event debugging.
headers	Enables IPC header debugging.
packets	Enables IPC packet debugging.
ports	Enables debugging of the creation and deletion of ports.
seats	Enables debugging of the creation and deletion of nodes.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable debugging of IPC events:

Switch# debug ipc events

Special Events debugging is on

Switch#

Related Commands

undebug ipc (same as no debug ipc)

debug ip dhcp snooping event

To debug DHCP snooping events, use the debug ip dhcp snooping event command. To disable debugging output, use the no form of this command.

debug ip dhcp snooping event

no debug ip dhcp snooping event

Syntax Description

This command has no arguments or keywords.

Defaults

Debugging of snooping events is disabled.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable debugging for DHCP snooping events:

Switch# debug ip dhcp snooping event

Switch#

This example shows how to disable debugging for DHCP snooping events:

Switch# no debug ip dhcp snooping event

Switch#

Related Commands

debug ip dhcp snooping packet

debug ip dhcp snooping packet

To debug DHCP snooping messages, use the debug ip dhcp snooping packet command. To disable debugging output, use the no form of this command.

debug ip dhcp snooping packet

no debug ip dhcp snooping packet

Syntax Description

This command has no arguments or keywords.

Defaults

Debugging of snooping events is disabled.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable debugging for DHCP snooping packets:

Switch# debug ip dhcp snooping packet

Switch#

This example shows how to disable debugging for DHCP snooping packets:

Switch# no debug ip dhcp snooping packet

Switch#

Related Commands

debug ip dhcp snooping event

debug monitor

To display monitoring activity, use the debug monitor command. To disable debugging output, use the no form of this command.

debug monitor {all | errors | idb-update | list | notifications | platform | requests}

no debug monitor {all | errors | idb-update | list | notifications | platform | requests}

Syntax Description

all	Displays all SPAN debugging messages.
errors	Displays SPAN error details.
idb-update	Displays SPAN IDB update traces.
list	Displays SPAN and VLAN list tracing.
notifications	Displays SPAN notifications.
platform	Displays SPAN platform tracing.
requests	Displays SPAN requests.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug monitoring errors:

Switch# debug monitor errors

SPAN error detail debugging is on

Switch#

Related Commands

undebug monitor (same as no debug monitor)

debug nvram

To debug NVRAM activity, use the debug nvram command. To disable debugging output, use the no form of this command.

debug nvram

no debug nvram

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug NVRAM:

Switch# debug nvram

NVRAM behavior debugging is on

Switch# 

Related Commands

undebug nvram (same as no debug nvram)

debug pagp

To debug PAgP activity, use the debug pagp command. To disable debugging output, use the no form of this command.

debug pagp [all | event | fsm | misc | packet]

no debug pagp

Syntax Description

all	(Optional) Enables all PAgP debugging.
event	(Optional) Enables debugging of PAgP events.
fsm	(Optional) Enables debugging of the PAgP finite state machine.
misc	(Optional) Enables miscellaneous PAgP debugging.
packet	(Optional) Enables PAgP packet debugging.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported by the supervisor engine only and can be entered only from the switch console.

Examples

This example shows how to enable PAgP miscellaneous debugging:

Switch# debug pagp misc

Port Aggregation Protocol Miscellaneous debugging is on

Switch#

*Sep 30 10:13:03: SP: PAgP: pagp_h(Fa5/6) expired

*Sep 30 10:13:03: SP: PAgP: 135 bytes out Fa5/6

*Sep 30 10:13:03: SP: PAgP: Fa5/6 Transmitting information packet

*Sep 30 10:13:03: SP: PAgP: timer pagp_h(Fa5/6) started with interval 30000

<... output truncated...>

Switch#                                                                            

Related Commands

undebug pagp (same as no debug pagp)

debug pm

To debug port manager (PM) activity, use the debug pm command. To disable debugging output, use the no form of this command.

debug pm {all | card | cookies | etherchnl | messages | port | registry | scp | sm | span | split |
vlan | vp}

no debug pm {all | card | cookies | etherchnl | messages | port | registry | scp | sm | span | split |
vlan | vp}

Syntax Description

all	Displays all PM debugging messages.
card	Debugs module-related events.
cookies	Enables internal PM cookie validation.
etherchnl	Debugs EtherChannel-related events.
messages	Debugs PM messages.
port	Debugs port-related events.
registry	Debugs PM registry invocations.
scp	Debugs SCP module messaging.
sm	Debugs state machine-related events.
span	Debugs spanning tree-related events.
split	Debugs split-processor.
vlan	Debugs VLAN-related events.
vp	Debugs virtual port-related events.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable all PM debugging:

Switch# debug pm all

Switch#

Related Commands

undebug pm (same as no debug pm)

debug redundancy

To debug supervisor redundancy, use the debug redundancy command. To disable debugging output, use the no form of this command.

debug redundancy {errors | fsm | kpa | msg | progression | status | timer}

no debug redundancy

Syntax Description

errors	Enables redundancy facility for error debugging.
fsm	Enables redundancy facility for FSM event debugging.
kpa	Enables redundancy facility for keep alive debugging.
msg	Enables redundancy facility for messaging event debugging.
progression	Enables redundancy facility for progression event debugging.
status	Enables redundancy facility for status event debugging.
timer	Enables redundancy facility for timer event debugging.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch. (Catalyst 4507R only)

Examples

This example shows how to debug redundancy facility timer event debugging:

Switch# debug redundancy timer

Redundancy timer debugging is on

Switch#

debug smf updates

To debug software MAC filter (SMF) address insertions and deletions, use the debug smf updates command. To disable debugging output, use the no form of this command.

debug smf updates

no debug smf updates

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug SMF updates:

Switch# debug smf updates

Software MAC filter address insertions and deletions debugging is on

Switch#

Related Commands

undebug smf (same as no debug smf)

debug spanning-tree

To debug spanning tree activities, use the debug spanning-tree command. To disable debugging output, use the no form of this command.

debug spanning-tree {all | bpdu | bpdu-opt | etherchannel | config | events | exceptions | general | mst | pvst+ | root | snmp}

no debug spanning-tree {all | bpdu | bpdu-opt | etherchannel | config | events | exceptions | general | mst | pvst+ | root | snmp}

Syntax Description

all	Displays all spanning tree debugging messages.
bpdu	Debugs spanning tree BPDU.
bpdu-opt	Debugs optimized BPDU handling.
etherchannel	Debugs spanning tree EtherChannel support.
config	Debugs spanning tree configuration changes.
events	Debugs TCAM events.
exceptions	Debugs spanning tree exceptions.
general	Debugs general spanning tree activity.
mst	Debugs multiple spanning tree events.
pvst+	Debugs PVST+ events.
root	Debugs spanning tree root events.
snmp	Debugs spanning tree SNMP events.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug spanning tree PVST+:

Switch# debug spanning-tree pvst+

Spanning Tree PVST+ debugging is on

Switch#

Related Commands

undebug spanning-tree (same as no debug spanning-tree)

debug spanning-tree backbonefast

To enable debugging of spanning tree BackboneFast events, use the debug spanning-tree backbonefast command. To disable debugging output, use the no form of this command.

debug spanning-tree backbonefast [detail | exceptions]

no debug spanning-tree backbonefast

Syntax Description

detail	(Optional) Displays detailed BackboneFast debugging messages.
exceptions	(Optional) Enables debugging of spanning tree BackboneFast exceptions.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported by the supervisor engine only and can be entered only from the switch console.

Examples

This example shows how to enable debugging and to display detailed spanning tree BackboneFast debugging information:

Switch# debug spanning-tree backbonefast detail

Spanning Tree backbonefast detail debugging is on

Switch#

Related Commands

undebug spanning-tree backbonefast (same as no debug spanning-tree backbonefast)

debug spanning-tree switch

To enable switch shim debugging, use the debug spanning-tree switch command. To disable debugging output, use the no form of this command.

debug spanning-tree switch {all | errors | general | pm | rx {decode | errors | interrupt | process} | state | tx [decode]}

no debug spanning-tree switch {all | errors | general | pm | rx {decode | errors | interrupt | process} | state | tx [decode]}

Syntax Description

all	Displays all spanning tree switch shim debugging messages.
errors	Enables debugging of switch shim errors or exceptions.
general	Enables debugging of general events.
pm	Enables debugging of port manager events.
rx	Displays received BPDU-handling debugging messages.
decode	Enables debugging of the decode received packets of the spanning tree switch shim.
errors	Enables debugging of the receive errors of the spanning tree switch shim.
interrupt	Enables shim ISR receive BPDU debugging on the spanning tree switch.
process	Enables process receive BPDU debugging on the spanning tree switch.
state	Enables debugging of the state changes on the spanning tree port.
tx	Enables transmit BPDU debugging on the spanning tree switch shim.
decode	(Optional) Enables decode transmitted packets debugging on the spanning tree switch shim.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported by the supervisor engine only and can be entered only from the switch console.

Examples

This example shows how to enable transmit BPDU debugging on the spanning tree switch shim:

Switch-sp# debug spanning-tree switch tx

Spanning Tree Switch Shim transmit bpdu debugging is on

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 303

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 304

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 305

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 349

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 350

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 351

*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 801

<... output truncated...>

Switch-sp#

Related Commands

undebug spanning-tree switch (same as no debug spanning-tree switch)

debug spanning-tree uplinkfast

To enable debugging of spanning tree UplinkFast events, use the debug spanning-tree uplinkfast command. To disable debugging output, use the no form of this command.

debug spanning-tree uplinkfast [exceptions]

no debug spanning-tree uplinkfast

Syntax Description

exceptions

(Optional) Enables debugging of spanning tree UplinkFast exceptions.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported only by the supervisor engine and can be entered only from the switch console.

Examples

This example shows how to debug spanning tree UplinkFast exceptions:

Switch-sp# debug spanning-tree uplinkfast exceptions

Spanning Tree uplinkfast exceptions debugging is on

Switch-sp#

Related Commands

undebug spanning-tree uplinkfast (same as no debug spanning-tree uplinkfast)

debug sw-vlan

To debug VLAN manager activities, use the debug sw-vlan command. To disable debugging output, use the no form of this command.

debug sw-vlan {badpmcookies | events | management | packets | registries}

no debug sw-vlan {badpmcookies | events | management | packets | registries}

Syntax Description

badpmcookies	Displays VLAN manager incidents of bad port-manager cookies.
events	Debugs VLAN manager events.
management	Debugs VLAN manager management of internal VLANs.
packets	Debugs packet handling and encapsulation processes.
registries	Debugs VLAN manager registries.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug software VLAN events:

Switch# debug sw-vlan events

vlan manager events debugging is on

Switch#

Related Commands

undebug sw-vlan (same as no debug sw-vlan)

debug sw-vlan ifs

To enable VLAN manager IOS file system (IFS) error tests, use the debug sw-vlan ifs command. To disable debugging output, use the no form of this command.

debug sw-vlan ifs {open {read | write} | read {1 | 2 | 3 | 4} | write}

no debug sw-vlan ifs {open {open | read} | read {1 | 2 | 3 | 4} | write}

Syntax Description

open	Enables VLAN manager IFS debugging of errors in an IFS file-open operation.
read	Debugs errors that occurred when the IFS VLAN configuration file was open for reading.
write	Debugs errors that occurred when the IFS VLAN configuration file was open for writing.
read	Debugs errors that occurred during an IFS file-read operation.
{1 | 2 | 3 | 4}	Determines the file-read operation. See the "Usage Guidelines" section for information about operation levels.
write	Debugs errors that occurred during an IFS file-write operation.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The following are four types of file-read operations:

•Operation 1—Reads the file header, which contains the header verification word and the file version number.

•Operation 2—Reads the main body of the file, which contains most of the domain and VLAN information.

•Operation 3—Reads TLV descriptor structures.

•Operation 4—Reads TLV data.

Examples

This example shows how to debug of TLV data errors during a file-read operation:

Switch# debug sw-vlan ifs read 4

vlan manager ifs read #4 errors debugging is on

Switch#

Related Commands

undebug sw-vlan ifs (same as no debug sw-vlan ifs)

debug sw-vlan notification

To enable debugging messages that trace the activation and deactivation of ISL VLAN IDs, use the debug sw-vlan notification command. To disable debugging output, use the no form of this command.

debug sw-vlan notification {accfwdchange | allowedvlancfgchange | fwdchange | linkchange | modechange | pruningcfgchange | statechange}

no debug sw-vlan notification {accfwdchange | allowedvlancfgchange | fwdchange | linkchange | modechange | pruningcfgchange | statechange}

Syntax Description

accfwdchange	Enables VLAN manager notification of aggregated access interface STP forward changes.
allowedvlancfgchange	Enables VLAN manager notification of change to allowed VLAN configuration.
fwdchange	Enables VLAN manager notification of STP forwarding changes.
linkchange	Enables VLAN manager notification of interface link state changes.
modechange	Enables VLAN manager notification of interface mode changes.
pruningcfgchange	Enables VLAN manager notification of change to pruning configuration.
statechange	Enables VLAN manager notification of interface state changes.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to debug the software VLAN interface mode change notifications:

Switch# debug sw-vlan notification modechange

vlan manager port mode change notification debugging is on

Switch#

Related Commands

undebug sw-vlan notification (same as no debug sw-vlan notification)

debug sw-vlan vtp

To enable debugging messages to be generated by the VTP protocol code, use the debug sw-vlan vtp command. To disable debugging output, use the no form of this command.

debug sw-vlan vtp {events | packets | pruning [packets | xmit] | xmit}

no debug sw-vlan vtp {events | packets | pruning [packets | xmit] | xmit}

Syntax Description

events	Displays general-purpose logic flow and detailed VTP debugging messages generated by the VTP_LOG_RUNTIME macro in the VTP code.
packets	Displays the contents of all incoming VTP packets that have been passed into the VTP code from the IOS VTP platform-dependent layer, except for pruning packets.
pruning	Enables debugging message to be generated by the pruning segment of the VTP protocol code.
packets	(Optional) Displays the contents of all incoming VTP pruning packets that have been passed into the VTP code from the IOS VTP platform-dependent layer.
xmit	(Optional) Displays the contents of all outgoing VTP packets that the VTP code will request the IOS VTP platform-dependent layer to send.
xmit	Displays the contents of all outgoing VTP packets that the VTP code will request the IOS VTP platform-dependent layer to send; does not include pruning packets.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If you do not enter any more parameters after entering pruning, the VTP pruning debugging messages are displayed.

Examples

This example shows how to debug software VLAN outgoing VTP packets:

Switch# debug sw-vlan vtp xmit

vtp xmit debugging is on

Switch#

Related Commands

undebug sw-vlan vtp (same as no debug sw-vlan vtp)

debug udld

To enable debugging of UDLD activity, use the debug udld command. To disable debugging output, use the no form of this command.

debug udld {events | packets | registries}

no debug udld {events | packets | registries}

Syntax Description

events	Enables debugging of UDLD process events as they occur.
packets	Enables debugging of the UDLD process as it receives packets from the packet queue and attempts to transmit packets at the request of the UDLD protocol code.
registries	Enables debugging of the UDLD process as it processes registry upcalls from the UDLD process-dependent module and other feature modules.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported by the supervisor engine only and can be entered only from the Catalyst 4000 family switch console.

Examples

This example shows how to enable debugging of UDLD events:

Switch# debug udld events

UDLD events debugging is on

Switch#

This example shows how to enable debugging of UDLD packets:

Switch# debug udld packets

UDLD packets debugging is on

Switch#

This example shows how to enable debugging of UDLD registry events:

Switch# debug udld registries

UDLD registries debugging is on

Switch# 

Related Commands

undebug udld (same as no debug udld)

define interface-range

To create a macro of interfaces, use the define interface-range command.

define interface-range macro-name interface-range

Syntax Description

macro-name	Name of the interface range macro; up to 32 characters.
interface-range	List of valid values for interface values; see "Usage Guidelines."

Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The macro name is a character string of up to 32 characters.

A macro can contain up to five ranges. An interface range cannot span modules.

When entering the interface-range, use these formats:

•interface-type {mod}/{first-interface} - {last-interface}

•interface-type {mod}/{first-interface} - {last-interface}

Valid values for interface-type are as follows:

•fastethernet

•GigabitEthernet

•Vlan vlan_id

Examples

This example shows how to create a multiple-interface macro:

Switch(config)# define interface-range macro1 gigabitethernet 4/1 - 6, fastethernet 2/1 - 5

Switch(config)#

Related Commands

interface range

dot1x initialize

To unauthorize an interface before reinitializing 802.1x, use the dot1x initialize command.

dot1x initialize interface

Syntax Description

interface

The number of the interface.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Use this command to initialize state machines and to set up the environment for fresh authentication.

Examples

This example shows how to initialize the 802.1x state machines on an interface:

Switch# dot1x initialize

Switch#

Related Commands

dot1x initialize
show dot1x

dot1x max-req

To set the maximum times the switch sends an Extensible Authentication Protocol (EAP)-request/identity frame to the client before restarting the authentication process, use the dot1x max-req command. To return to the default setting, use the no form of this command.

dot1x max-req count

no dot1x max-req

Syntax Description

count

Number of times that the switch sends an EAP-request/identity frame before restarting the authentication process; valid values are from 1 to 10.

Defaults

The switch sends a frame 2 times.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.

Examples

This example shows how to set 5 as the number of times that the switch sends an EAP-request/identity frame before restarting the authentication process:

Switch(config-if)# dot1x max-req 5

Switch(config-if)#

You can verify your settings by entering the show dot1x privileged EXEC command.

Related Commands

dot1x initialize
show dot1x

dot1x multiple-hosts

To allow multiple hosts (clients) on an 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto, use the dot1x multiple-hosts command. To return to the auto-setting, use the no form of this command.

dot1x multiple-hosts

no dot1x multiple-hosts

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command allows you to attach multiple clients to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized (reauthentication fails, or an Extensible Authentication Protocol over LAN [EAPOL] logoff message is received), all attached clients are denied access to the network.

Examples

This example shows how to enable 802.1x on Gigabit Ethernet 1/1 and to allow multiple hosts:

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# dot1x port-control auto

Switch(config-if)# dot1x multiple-hosts

You can verify your settings by entering the show dot1x interface interface-id privileged EXEC command.

Related Commands

show dot1x

dot1x port-control

To enable manual control of the authorization state on a port, use the dot1x port-control command. To return to the automatic setting, use the no form of this command.

dot1x port-control {auto | force-authorized | force-unauthorized}

no dot1x port-control

Syntax Description

auto	Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client.
force-authorized	Disables 802.1x authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client.
force-unauthorized	Denies all access through this interface by forcing the port to transition to the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface.

Defaults

The 802.1x authentication is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The 802.1x protocol is supported on both Layer 2 static-access ports and Layer 3-routed ports.

You can use the auto keyword only if the port is not configured as one of these:

•Trunk port—If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x is not enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode is not changed.

•Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1x on a dynamic port, an error message appears, and 802.1x is not enabled. If you try to change the mode of an 802.1x-enabled port to dynamic, the port mode is not changed.

•EtherChannel port—Before enabling 802.1x on the port, you must first remove it from the EtherChannel. If you try to enable 802.1x on an EtherChannel or on an active port in an EtherChannel, an error message appears, and 802.1x is not enabled. If you enable 802.1x on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.

•Switch Port Analyzer (SPAN) destination port—You can enable 802.1x on a port that is a SPAN destination port; however, 802.1x is disabled until the port is removed as a SPAN destination. You can enable 802.1x on a SPAN source port.

To globally disable 802.1x on the switch, you must disable it on each port. There is no global configuration command for this task.

Examples

This example shows how to enable 802.1x on Gigabit Ethernet 1/1:

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# dot1x port-control auto

Switch#

You can verify your settings by using the show dot1x all command or the show dot1x interface int command to show the port-control status. An enabled status means the port-control value is set either to auto or to force-unauthorized.

Related Commands

show dot1x

dot1x re-authenticate

To manually initiate a reauthentication of all 802.1x-enabled ports or the specified 802.1x-enabled port, use the dot1x re-authenticate command.

dot1x re-authenticate [interface interface-id]

Syntax Description

interface interface-id

(Optional) Slot and port number of the interface to reauthenticate.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You can use this command to reauthenticate a client without waiting for the configured number of seconds between reauthentication attempts (re-authperiod) and automatic reauthentication.

Examples

This example shows how to manually reauthenticate the device connected to Gigabit Ethernet interface 0/1:

Switch# dot1x re-authenticate interface gigabitethernet1/1

Starting reauthentication on gigabitethernet1/1

Switch#

dot1x re-authentication

To enable periodic reauthentication of the client, use the dot1x re-authentication command. To return to the default setting, use the no form of this command.

dot1x re-authentication

no dot1x re-authentication

Syntax Description

This command has no arguments or keywords.

Defaults

The periodic reauthentication is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You configure the amount of time between periodic reauthentication attempts by using the dot1x timeout re-authperiod global configuration command.

Examples

This example shows how to disable periodic reauthentication of the client:

Switch(config-if)# no dot1x re-authentication

Switch(config-if)#

This example shows how to enable periodic reauthentication and set the number of seconds between reauthentication attempts to 4000 seconds:

Switch(config)# dot1x re-authentication

Switch(config)# dot1x timeout re-authperiod 4000

Switch#

You can verify your settings by entering the show dot1x privileged EXEC command.

Related Commands

dot1x timeout
show dot1x

dot1x system-auth-control

To enable 802.1x authentication on the switch, use the dot1x system-auth-control command. To disable 802.1x authentication on the system, use the no form of this command.

dot1x system-auth-control

no dot1x system-auth-control

Syntax Description

This command has no arguments or keywords.

Defaults

802.1x authentication is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

As the port-control value defaults to force-authorized, you can easily enable 802.1x on a port by setting the port-control value to auto.

When enabled, each port's authorization status is controlled according to the value of the port's port-control parameter.

When disabled, all ports function as though their port-control parameter is set to force-authorized.

Examples

This example shows how to enable 802.1x authentication:

Switch(config)# dot1x system-auth-control

Switch(config)#

Related Commands

dot1x initialize
show dot1x

dot1x timeout

To set the reauthentication timer, use the dot1x timeout command. To return to the default setting, use the no form of this command.

dot1x timeout {{reauth-period seconds} | {quiet-period seconds} | {tx-period seconds} | {supp-timeout seconds} | {server-timeout seconds}}

no dot1x timeout {reauth-period | quiet-period | tx-period | supp-timeout | server-timeout}

Syntax Description

reauth-period seconds	Number of seconds between reauthentication attempts; valid values are from 1 to 65535. See "Usage Guidelines" for additional information.
quiet-period seconds	Number of seconds the switch remains in the quiet state following a failed authentication exchange with the client; valid values are from 0 to 65535 seconds.
tx-period seconds	Number of seconds the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request; valid values are from 0 to 65535 seconds.
supp-timeout seconds	Number of seconds the switch waits for the retransmission of EAP-Request packets; valid values are from 0 to 65535 seconds.
server-timeout seconds	Number of seconds the switch waits for the retransmission of packets by the backend authenticator to the authentication server; valid values are from 1 to 65535 seconds.

Defaults

The default settings are as follows:

•reauth-period is 3600 seconds

•quiet-period is 60 seconds

•tx-period is 30 seconds

•supp-timeout is 30 seconds

•server-timeout is 30 seconds

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12)EW	Support for this command was introduced on the Catalyst 4000 family switch.

Usage Guidelines

Periodic reauthentication must be enabled before entering the dot1x timeout re-authperiod command. Enter the dot1x re-authentication command to enable periodic reauthentication.

Examples

This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request:

Switch(config-if)# dot1x timeout tx-period 60

Switch(config-if)#

You can verify your settings by entering the show dot1x privileged EXEC command.

Related Commands

dot1x initialize
show dot1x

duplex

To configure the duplex operation on an interface, use the duplex command. To return to the default setting, use the no form of this command.

duplex {auto | full | half}

no duplex

Syntax Description

auto	Specifies autonegotiation operation.
full	Specifies full-duplex operation.
half	Specifies half-duplex operation.

Defaults

Half-duplex operation

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Table 2-2 lists the supported command options by interface.

Table 2-2 Supported duplex Command Options

Interface Type	Supported Syntax	Default Setting	Guidelines
Command Types 10/100-Mbps module	duplex half | full	half	If the speed is set to auto, you will not be able to set duplex. If the speed is set to 10 or 100, and you do not configure the duplex setting, the duplex mode is set to half.
100-Mbps fiber modules	half | full	half
Gigabit Ethernet Interface	Not supported.	Not supported.	Gigabit Ethernet interfaces are set to full.
10/100/1000	half | full		If the speed is set to auto or 1000, you will not be able to set duplex. If the speed is set to 10 or 100, and you do not configure the duplex setting, the duplex mode is set to half.

If the transmission speed on a 16-port RJ-45 Gigabit Ethernet port is set to 1000, duplex mode is set to full. If the transmission speed is changed to 10 or 100, the duplex mode stays at full. You must configure the correct duplex mode on the switch when the transmission speed changes to 10 or 100 from 1000 Mbps.

---

Note Catalyst 4006 switches cannot automatically negotiate interface speed and duplex mode if either connecting interface is configured to a value other than auto.

---

---

Caution Changing the interface speed and duplex mode configuration might shut down and reenable the interface during the reconfiguration.

---

Table 2-3 describes the system's performance for different combinations of the duplex and speed modes. The specified duplex command configured with the specified speed command produces the resulting action shown in the table.

Table 2-3 Relationship Between duplex and speed Commands 

duplex Command	speed Command	Resulting System Action
duplex half or duplex full	speed auto	Autonegotiates both speed and duplex modes
duplex half	speed 10	Forces 10 Mbps and half duplex
duplex full	speed 10	Forces 10 Mbps and full duplex
duplex half	speed 100	Forces 100 Mbps and half duplex
duplex full	speed 100	Forces 100 Mbps and full duplex
duplex full	speed 1000	Forces 1000 Mbps and full duplex

Examples

This example shows how to configure the interface for full-duplex operation:

Switch(config-if)# duplex full

Switch(config-if)#

Related Commands

interface (refer to Cisco IOS documentation)
show controllers (refer to Cisco IOS documentation)
show interfaces (refer to Cisco IOS documentation)
speed

errdisable detect

To enable error disable detection, use the errdisable detect command. To disable the error disable detection feature, use the no form of this command.

errdisable detect cause {all | dtp-flap | link-flap | pagp-flap}

no errdisable detect cause {all | dtp-flap | link-flap | pagp-flap}

Syntax Description

cause	Specifies error disable detection to detect from a specific cause.
all	Specifies error disable detection for all error disable causes.
dtp-flap	Specifies detection for the DTP flap error disable cause.
link-flap	Specifies detection for the link flap error disable cause.
pagp-flap	Specifies detection for the PAgP flap error disable cause.

Defaults

All error disable causes are detected.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

A cause (dtp-flap, link-flap, pagp-flap) is defined as the reason the error-disabled state occurred. When a cause is detected on an interface, the interface is placed in error-disabled state (an operational state similar to link down state).

You must enter the shutdown command, and then the no shutdown command to recover an interface manually from error disable.

Examples

This example shows how to enable error disable detection for the link-flap error disable cause:

Switch(config)# errdisable detect cause link-flap

Switch(config)# 

Related Commands

show errdisable detect
show interfaces status

errdisable recovery

To configure the recovery mechanism variables, use the errdisable recovery command. To return to the default setting, use the no form of this command.

errdisable recovery [cause {all | bpduguard | dtp-flap | link-flap | pagp-flap | security-violation | udld}] | [interval {interval}]

no errdisable recovery [cause {all | bpduguard | dtp-flap | link-flap | pagp-flap | security-violation | udld}] | [interval {interval}]

Syntax Description

cause	(Optional) Enables error disable recovery to recover from a specific cause.
all	(Optional) Enables the recovery timers for all error disable causes.
bpduguard	(Optional) Enables the recovery timer for the BPDU guard error disable cause.
dtp-flap	(Optional) Enables the recovery timer for the DTP flap error disable cause.
link-flap	(Optional) Enables the recovery timer for the link flap error disable cause.
pagp-flap	(Optional) Enables the recovery timer for the PAgP flap error disable cause.
udld	(Optional) Enables the recovery timer for the UDLD error disable cause.
security-violation	(Optional) Enables automatic recovery of ports disabled due to 802.1x security violations.
interval interval	(Optional) Specifies the time to recover from specified error disable cause; valid values are from 30 to 86400 seconds.

Defaults

Error disable recovery is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

A cause (bpduguard, dtp-flap, link-flap, pagp-flap, udld) is defined as the reason the error-disabled state occurred. When a cause is detected on an interface, the interface is placed in error-disabled state (an operational state similar to link down state). If you do not enable error-disable recovery for the cause, the interface stays in error-disabled state until a shutdown and no shutdown occurs. If you enable recovery for a cause, the interface is brought out of error-disabled state and allowed to retry the operation again after all the causes have timed out.

You must enter the shutdown and then the no shutdown commands to recover an interface manually from error disable.

Examples

This example shows how to enable the recovery timer for the BPDU guard error disable cause:

Switch(config)# errdisable recovery cause bpduguard

Switch(config)# 

This example shows how to set the timer to 300 seconds:

Switch(config)# errdisable recovery interval 300

Switch(config)# 

Related Commands

show errdisable recovery
show interfaces status

flowcontrol

To configure a gigabit interface to send or receive pause frames, use the flowcontrol command. To disable the flow-control setting, use the no form of this command.

flowcontrol {receive | send} {off | on | desired}

no flowcontrol {receive | send} {off | on | desired}

Syntax Description

receive	Specifies that the interface processes pause frames.
send	Specifies that the interface sends pause frames.
off	Prevents a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports.
on	Enables a local port to receive and process pause frames from remote ports or send pause frames to remote ports.
desired	Obtains predictable results whether a remote port is set to on, off, or desired.

Defaults

The default settings for GigabitEthernet interfaces are as follows:

•send flow control is desired on GigabitEthernet interfaces.

•receive flow control is off on GigabitEthernet interfaces.

•send flow control is on on oversubscribed GigabitEthernet interfaces.

•receive flow control is desired on oversubscribed GigabitEthernet interfaces.

Table 2-4 shows the default settings for modules.

Table 2-4 Module Default Settings

Module	Ports	Send
All modules except WS-X4418-GB, WS-X4412-2GB-TX, and WS-X4416-2GB-TX	All ports except for the oversubscribed ports (1-18)	No
WS-X4418-GB	Uplink ports (1-2)	No
WS-X4418-GB	Oversubscribed ports (3-18)	Yes
WS-X4412-2GB-TX	Uplink ports (13-14)	No
WS-X4412-2GB-TX	Oversubscribed ports (1-12)	Yes
WS-X4416-2GB-TX	Uplink ports (17-18)	No

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Pause frames are special packets that signal a source to stop sending frames for a specific period of time because the buffers are full.

Table 2-5 describes guidelines for using different configurations of the send and receive keywords with the flowcontrol command.

Table 2-5 Keyword Configurations for send and receive 

Configuration	Description
send on	Enables a local port to send pause frames to remote ports. To obtain predictable results, use send on only when remote ports are set to receive on or receive desired.
send off	Prevents a local port from sending pause frames to remote ports. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.
send desired	Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired.
receive on	Enables a local port to process pause frames that a remote port sends. To obtain predictable results, use receive on only when remote ports are set to send on or send desired.
receive off	Prevents remote ports from sending pause frames to local port. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.
receive desired	Obtains predictable results whether a remote port is set to send on, send off, or send desired.

Table 2-6 identifies how flow control will be forced or negotiated on gigabit interfaces based on their speed settings.

---

Note Catalyst 4006 switches support flow control only on gigabit interfaces.

---

Table 2-6 Send Capability by Switch Type, Module, and Port 

Interface Type	Configured Speed	Advertised Flow Control
10/100/1000BASE-TX	speed 1000	Configured flow control always
1000BASE-T	Negotiation always enabled	Configured flow control always negotiated
1000BASE-X	no speed nonegotiation	Configured flow control negotiated
1000BASE-X	speed nonegotiation	Configured flow control forced

Examples

This example shows how to enable send flow control:

Switch(config-if)# flowcontrol receive on

Switch(config-if)#

This example shows how to disable send flow control:

Switch(config-if)# flowcontrol send off

Switch(config-if)#

This example shows how to set receive flow control to desired:

Switch(config-if)# flowcontrol receive desired

Switch(config-if)#

Related Commands

interface port-channel
interface range
interface vlan
show flowcontrol
show running-config (refer to Cisco IOS Documentation)
speed

hw-module reset

To reset a module by turning the power off and then on, use the hw-module reset command.

hw-module {module num} reset

Syntax Description

module num

Applies the command to a specific module; valid values are from 2 to 6.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to reload a specific module:

Switch# hw-module module 3 reset

Switch# 

instance

To map a VLAN or a set of VLANs to an MST instance, use the instance command. To return the VLANs to the common instance default, use the no form of this command.

instance instance-id {vlans vlan-range}

no instance instance-id

Syntax Description

instance-id	MST instance to which the specified VLANs are mapped; valid values are from 0 to 15.
vlans vlan-range	Specifies the number of the VLANs to be mapped to the specified instance. The number is entered as a single value or a range; valid values are from 1 to 4094.

Defaults

Mapping is disabled.

Command Modes

MST configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The mapping is incremental, not absolute. This means that when you enter a range of VLANs, this range is added or removed to the existing ones.

Any unmapped VLAN is mapped to the CIST instance.

Examples

This example shows how to map a range of VLANs to instance 2:

Switch(config-mst)# instance 2 vlans 1-100

Switch(config-mst)# 

This example shows how to map a VLAN to instance 5:

Switch(config-mst)# instance 5 vlans 1100

Switch(config-mst)# 

This example shows how to move a range of VLANs from instance 2 to the CIST instance:

Switch(config-mst)# no instance 2 vlans 40-60

Switch(config-mst)# 

This example shows how to move all the VLANs mapped to instance 2 back to the CIST instance:

Switch(config-mst)# no instance 2

Switch(config-mst)# 

Related Commands

name
revision
show spanning-tree mst
spanning-tree mst configuration

interface port-channel

To access or create an IDB port channel, use the interface port-channel command.

interface port-channel channel-group

Syntax Description

channel-group

Port channel group number; valid values are from 1 to 64.

Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You do not have to create a port channel interface before assigning a physical interface to a channel group. A port channel interface is created automatically when the channel group gets its first physical interface, if it is not already created.

You can also create port channels by entering the interface port-channel command. This will create a Layer 3 port channel. To make the Layer 3 port channel into a Layer 2 port channel, use the switchport command before you assign physical interfaces to the channel group. A port channel cannot be changed from Layer 3 to Layer 2 or vice versa when it contains member ports.

Only one port channel in a channel group is allowed.

---

Caution The Layer 3 port channel interface is the routed interface. Do not enable Layer 3 addresses on the physical Fast Ethernet interfaces.

---

If you want to use CDP, you must configure it only on the physical Fast Ethernet interface and not on the port channel interface.

Examples

This example creates a port channel interface with a channel group number of 64:

Switch(config)# interface port-channel 64

Switch(config)#

Related Commands

channel-group
show etherchannel

interface range

To run a command on multiple ports at the same time, use the interface range command.

interface range {vlan vlan_id - vlan_id} {port-range | macro name}

Syntax Description

vlan vlan_id - vlan_id	Specifies a VLAN range; valid values are from 1 to 4094.
port-range	Port range; for a list of valid values for port-range, see "Usage Guidelines."
macro name	Specifies the name of a macro.

Defaults

This command has no default settings.

Command Modes

Global configuration

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended VLAN addresses added.

Usage Guidelines

You can use the interface range command on existing VLAN SVIs only. To display VLAN SVIs, enter the show running config command. VLANs not displayed cannot be used in the interface range command.

The values entered with interface range command are applied to all existing VLAN SVIs.

Before you can use a macro, you must define a range using the define interface-range command.

All configuration changes made to a port range are saved to NVRAM, but port ranges created with the interface range command do not get saved to NVRAM.

You can enter the port range in two ways:

•Specifying up to five port ranges

•Specifying a previously defined macro

You can either specify the ports or the name of a port-range macro. A port range must consist of the same port type, and the ports within a range cannot span modules.

You can define up to five port ranges on a single command; separate each range with a comma.

When you define a range, you must enter a space between the first port and the hyphen (-):

interface range gigabitethernet 5/1 -20, gigabitethernet4/5 -20.

When entering the port-range use these formats:

•interface-type {mod}/{first-port} - {last-port}

•interface-type {mod}/{first-port} - {last-port}

Valid values for interface-type are as follows:

•FastEthernet

•GigabitEthernet

•Vlan vlan_id

You cannot specify both a macro and an interface range in the same command. After creating a macro, you can enter additional ranges. If you have already entered an interface range, the CLI does not allow you to enter a macro.

You can specify a single interface in the port-range value (this makes the command similar to the interface interface-number command).

Examples

This example shows how to use the interface range command to interface to FE 5/18 - 20:

Switch(config)# interface range fastethernet 5/18 - 20

Switch(config-if)#

This command shows how to run a port-range macro:

Switch(config)# interface range macro macro1

Switch(config-if)#

Related Commands

define interface-range
show running config (refer to Cisco IOS documentation)

interface vlan

To create or access a Layer 3 SVI, use the interface vlan command. To delete an SVI, use the no form of this command.

interface vlan vlan_id

no interface vlan vlan_id

Syntax Description

vlan_id

Number of the VLAN; valid values are from 1 to 4094.

Defaults

Fast EtherChannel is not specified.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

SVIs are created the first time you enter the interface vlan vlan_id command for a particular VLAN. The vlan_id value corresponds to the VLAN tag associated with data frames on an ISL or 802.1Q encapsulated trunk, or the VLAN ID configured for an access port. A message is displayed whenever a VLAN interface is newly created, so you can check that you entered the correct VLAN number.

If you delete an SVI by entering the no interface vlan vlan_id command, the associated IDB pair is forced into an administrative down state and marked as deleted. The deleted interface will no longer be visible in a show interface command.

You can reinstate a deleted SVI by entering the interface vlan vlan_id command for the deleted interface. The interface comes back up, but much of the previous configuration will be gone.

Examples

This example shows the output when you enter the interface vlan vlan_id command for a new VLAN number:

Switch(config)# interface vlan 23

% Creating new VLAN interface.

Switch(config)#

ip dhcp snooping

To enable DHCP snooping globally, use the ip dhcp snooping command. To disable DHCP snooping, use the no form of this command.

ip dhcp snooping

no ip dhcp snooping

Syntax Description

This command has no arguments or keywords.

Defaults

DHCP snooping is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You must enable DHCP snooping globally before you can use DHCP snooping on a VLAN.

Examples

This example shows how to enable DHCP snooping:

Switch(config)# ip dhcp snooping

Switch(config)#

This example shows how to disable DHCP snooping:

Switch(config)# no ip dhcp snooping 

Switch(config)#

Related Commands

ip dhcp snooping information option
ip dhcp snooping limit rate
ip dhcp snooping trust
ip dhcp snooping vlan
show ip dhcp snooping
show ip dhcp snooping binding

ip dhcp snooping information option

To enable DHCP option 82 data insertion, use the ip dhcp snooping information option command. To disable DHCP option 82 data insertion, use the no form of this command.

ip dhcp snooping information option

no ip dhcp snooping information option

Syntax Description

This command has no arguments or keywords.

Defaults

Feature enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable DHCP option 82 data insertion:

Switch(config)# ip dhcp snooping information option

Switch(config)#

This example shows how to disable DHCP option 82 data insertion:

Switch(config)# no ip dhcp snooping information option

Switch(config)#

Related Commands

ip dhcp snooping
ip dhcp snooping limit rate
ip dhcp snooping trust
ip dhcp snooping vlan
show ip dhcp snooping
show ip dhcp snooping binding

ip dhcp snooping limit rate

To configure the number of DHCP messages an interface can receive per second, use the ip dhcp snooping limit rate command. To disable DHCP snooping rate limiting, use the no form of this command.

ip dhcp snooping limit rate rate

no ip dhcp snooping limit rate

Syntax Description

rate	Number of DHCP messages a switch can receive per second.

Defaults

DHCP snooping rate is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Normally, the rate limit applies to untrusted interfaces. If you want to set up rate limiting for trusted interfaces, keep in mind that trusted interfaces aggregate all DHCP traffic in the switch, and you will need to adjust the interfaces rate limit to a higher value.

Examples

This example shows how to enable DHCP message rate limiting:

Switch(config-if)# ip dhcp snooping limit rate 150

Switch(config-if)#

This example shows how to disable DHCP message rate limiting:

Switch(config-if)# no ip dhcp snooping limit rate

Switch(config-if)#

Related Commands

ip dhcp snooping
ip dhcp snooping information option
ip dhcp snooping trust
ip dhcp snooping vlan
show ip dhcp snooping
show ip dhcp snooping binding

ip dhcp snooping trust

To configure an interface as trusted for DHCP snooping purposes, use the ip dhcp snooping trust command. To configure an interface as untrusted, use the no form of this command.

ip dhcp snooping trust

no ip dhcp snooping trust

Syntax Description

This command has no arguments or keywords.

Defaults

Untrusted

Command Modes

Interface configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable DHCP snooping trust on an interface:

Switch(config-if)# ip dhcp snooping trust

Switch(config-if)#

This example shows how to disable DHCP snooping trust on an interface:

Switch(config-if)# no ip dhcp snooping trust

Switch(config-if)#

Related Commands

ip dhcp snooping
ip dhcp snooping information option
ip dhcp snooping limit rate
ip dhcp snooping vlan
show ip dhcp snooping
show ip dhcp snooping binding

ip dhcp snooping vlan

Use the ip dhcp snooping vlan command to enable DHCP snooping on a VLAN. To disable DHCP snooping on a VLAN, use the no form of this command.

ip dhcp snooping vlan number [number]

no ip dhcp snooping vlan number [number]

Syntax Description

number

Single VLAN number or a range of VLANs.

Defaults

DHCP snooping is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

DHCP snooping is enabled on a VLAN only if both the global snooping and the VLAN snooping are enabled.

Examples

This example shows how to enable DHCP snooping on a VLAN:

Switch(config)# ip dhcp snooping vlan 10

Switch(config)#

This example shows how to disable DHCP snooping on a VLAN:

Switch(config)# no ip dhcp snooping vlan 10

Switch(config)#

This example shows how to enable DHCP snooping on a group of VLANs:

Switch(config)# ip dhcp snooping vlan 10 55

Switch(config)#

This example shows how to disable DHCP snooping on a group of VLANs:

Switch(config)# no ip dhcp snooping vlan 10 55

Switch(config)#

Related Commands

ip dhcp snooping
ip dhcp snooping information option
ip dhcp snooping limit rate
ip dhcp snooping trust
show ip dhcp snooping
show ip dhcp snooping binding

ip igmp filter

To control whether all hosts on a Layer 2 interface can join one or more IP multicast groups by applying an IGMP profile to the interface, use the ip igmp filter command. To remove a profile from the interface, use the no form of this command

ip igmp filter profile number

no ip igmp filter

Syntax Description

profile number

IGMP profile number to be applied; valid values are from 1 to 4,294,967,295.

Defaults

Profiles are not applied.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(11b)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You can apply IGMP filters only to Layer 2 physical interfaces; you cannot apply IGMP filters to routed ports, SVIs, or ports that belong to an EtherChannel group.

An IGMP profile can be applied to one or more switch port interfaces, but one port can have only one profile applied to it.

Examples

This example shows how to apply IGMP profile 22 to an interface.

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# ip igmp filter 22

Switch(config-if)#

Related Commands

ip igmp profile
show ip igmp profile

ip igmp max-groups

To set the maximum number of IGMP groups that a Layer 2 interface can join, use the ip igmp max-groups command. To set the maximum back to the default, which is to have no maximum limit, use the no form of this command.

ip igmp max-groups number

no ip igmp max-groups

Syntax Description

number

Maximum number of IGMP groups that an interface can join; valid values are from 0 to 4,294,967,294.

Defaults

No maximum limit.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(11b)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You can use ip igmp max-groups command only on Layer 2 physical interfaces; you cannot set IGMP maximum groups for routed ports, SVIs, or ports that belong to an EtherChannel group.

Examples

This example shows how to limit the number of IGMP groups that an interface can join to 25.

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# ip igmp max-groups 25

Switch(config-if)

ip igmp profile

To create an IGMP profile, use the ip igmp profile command. To delete the IGMP profile, use the no form of this command.

ip igmp profile profile number

no ip igmp profile profile number

Syntax Description

profile number

IGMP profile number being configured; valid values are from 1 to 4,294,967,295.

Defaults

No profile created.

Command Modes

Global configuration

Command History

Release	Modification
12.1(11b)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.

You can apply an IGMP profile to one or more Layer 2 interfaces, but each interface can have only one profile applied to it.

Examples

This example shows how to configure IGMP profile 40 that permits the specified range of IP multicast addresses.

Switch # config terminal

Switch(config)# ip igmp profile 40

Switch(config-igmp-profile)# permit

Switch(config-igmp-profile)# range 233.1.1.1 233.255.255.255

Switch(config-igmp-profile)#

Related Commands

ip igmp filter
show ip igmp profile

ip igmp query-interval

To configure the frequency that the switch sends IGMP host-query messages, use the ip igmp query-interval command. To return to the default frequency, use the no form of this command.

ip igmp query-interval seconds

no ip igmp query-interval

Syntax Description

seconds

Frequency, in seconds, at which to transmit IGMP host query messages; valid values depend on the IGMP snooping mode. See "Usage Guidelines."

Defaults

60 seconds

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If you use the default IGMP snooping configuration, the valid query interval values are from 1 to 65535 seconds. If you have changed the default configuration to support CGMP as the IGMP snooping learning method, the valid query interval values are from 1 to 300 seconds.

The designated switch for a LAN is the only switch that sends IGMP host query messages. For IGMP version 1, the designated switch is elected according to the multicast routing protocol that runs on the LAN. For IGMP version 2, the designated querier is the lowest IP-addressed multicast switch on the subnet.

If no queries are heard for the timeout period (controlled by the ip igmp query-timeout command), the switch becomes the querier.

---

Note Changing the timeout period may severely impact multicast forwarding.

---

Examples

This example shows how to change the frequency at which the designated switch sends IGMP host query messages:

Switch(config-if)# ip igmp query-interval 120

Switch(config-if)#

Related Commands

ip igmp query-timeout (refer to Cisco IOS documentation)
ip pim query-interval (refer to Cisco IOS documentation)
show ip igmp groups (refer to Cisco IOS documentation)

ip igmp snooping

To enable IGMP snooping, use the ip igmp snooping command. To disable IGMP snooping, use the no form of this command.

ip igmp snooping [tcn flood | tcn flood query count count | tcn query solicit]

no ip igmp snooping tcn [tcn flood | tcn flood query count | tcn query solicit]

Syntax Description

tcn	(Optional) Specifies topology change configurations.
flood	(Optional) Specifies flooding the spanning tree table to the network when a topology change occurs.
query	(Optional) Specifies the TCN query configurations.
count count	(Optional) Specifies how often the spanning tree table is flooded.
solicit	(Optional) Specifies an IGMP general query.

Defaults

IGMP snooping is enabled on the switch and disabled on multicast routers.

Command Modes

Global configuration

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(11)EW	Support for flooding the spanning tree table was added.

Usage Guidelines

The tcn flood option applies only to Layer 2 switch ports and EtherChannels; it does not apply to routed ports, VLAN interfaces, or Layer 3 channels.

Use the tcn flood option in interface configuration mode.

Examples

This example shows how to enable IGMP snooping:

Switch(config)# ip igmp snooping

Switch(config)#

This example shows how to disable IGMP snooping:

Switch(config)# no ip igmp snooping

Switch(config)#

This example shows how to enable flooding the spanning-tree table to the network after 9 topology changes have occurred:

Switch(config)# ip igmp snooping tcn flood query count 9

Switch(config)#

This example shows how to disable flooding the spanning tree table to the network:

Switch(config)# no ip igmp snooping tcn flood

Switch(config)#

This example shows how to enable an IGMP general query:

Switch(config)# ip igmp snooping tcn query solicit

Switch(config)#

This example shows how to disable an IGMP general query:

Switch(config)# no ip igmp snooping tcn query solicit

Switch(config)#

Related Commands

ip igmp snooping vlan immediate-leave
ip igmp snooping vlan mrouter
ip igmp snooping vlan static

ip igmp snooping report-suppression

To enable report suppression, use the ip igmp snooping report-suppression command. To disable report suppression and forward reports to multicast routers, use the no form of this command.

ip igmp snooping report-suppression

no igmp snooping report-suppression

Syntax Description

This command has no arguments or keywords.

Defaults

Report suppression is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If the ip igmp snooping report-suppression command is disabled, all IGMP reports are forwarded to the multicast routers.

If the command is enabled, report suppression is done by IGMP snooping.

Examples

This example shows how to enable report suppression:

Switch(config)# ip igmp snooping report-suppression

Switch(config)#

This example shows how to disable report suppression:

Switch(config)# no ip igmp snooping report-suppression

Switch(config)#

This example shows how to display the system status for report suppression:

Switch# sh ip igmp snoop

vlan 1

----------

 IGMP snooping is globally enabled

 IGMP snooping TCN solicit query is globally disabled

 IGMP snooping global TCN flood query count is 2

 IGMP snooping is enabled on this Vlan

 IGMP snooping immediate-leave is disabled on this Vlan

 IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan

 IGMP snooping is running in IGMP_ONLY mode on this Vlan

 IGMP snooping report suppression is enabled on this Vlan 

Switch(config)#

Related Commands

ip igmp snooping vlan immediate-leave
ip igmp snooping vlan mrouter
ip igmp snooping vlan static

ip igmp snooping vlan

To enable IGMP snooping for a VLAN, use the ip igmp snooping vlan command. To disable IGMP snooping, use the no form of this command.

ip igmp snooping vlan vlan-id

no ip igmp snooping vlan vlan-id

Syntax Description

vlan-id

Number of the VLAN; valid values are from 1 to 4094.

Defaults

IGMP snooping is enabled on the switch and is not configured on multicast routers.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

Before you can enable IGMP snooping on the Catalyst 4006 switches, you must configure the VLAN interface for multicast routing.

This command is entered in VLAN interface configuration mode only.

Examples

This example shows how to enable IGMP snooping on a VLAN:

Switch(config)# ip igmp snooping vlan 200

Switch(config)#

This example shows how to disable IGMP snooping on a VLAN:

Switch(config)# no ip igmp snooping vlan 200

Switch(config)#

Related Commands

ip igmp snooping vlan immediate-leave
ip igmp snooping vlan mrouter
ip igmp snooping vlan static

ip igmp snooping vlan immediate-leave

To enable IGMP immediate-leave processing, use the ip igmp snooping vlan immediate-leave command. To disable immediate-leave processing, use the no form of this command.

ip igmp snooping vlan vlan_num immediate-leave

no ip igmp snooping vlan vlan_num immediate-leave

Syntax Description

vlan_num	Number of the VLAN; valid values are from 1 to 4094.
immediate-leave	Enables immediate leave processing.

Defaults

Immediate-leave processing is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

You enter this command in global configuration mode only.

Use the immediate-leave feature only when there is a single receiver for the MAC group for a specific VLAN.

The immediate-leave feature is supported only with IGMP version 2 hosts.

Examples

This example shows how to enable IGMP immediate-leave processing on VLAN 4:

Switch(config)# ip igmp snooping vlan 4 immediate-leave

Switch(config)#

This example shows how to disable IGMP immediate-leave processing on VLAN 4:

Switch(config)# no ip igmp snooping vlan 4 immediate-leave

Switch(config)#

Related Commands

ip igmp snooping
ip igmp snooping vlan mrouter
ip igmp snooping vlan static
show ip igmp interface (refer to Cisco IOS documentation)
show mac-address-table multicast

ip igmp snooping vlan mrouter

To statically configure a Layer 2 interface as a multicast router interface for a VLAN, use the ip igmp snooping vlan mrouter command. To remove the configuration, use the no form of this command.

ip igmp snooping vlan vlan-id mrouter {interface {{FastEthernet slot/port} |
{GigabitEthernet slot/port} | {Port-channel number}} |
{learn {cgmp | pim-dvmrp}}

no ip igmp snooping vlan vlan-id mrouter {interface {FastEthernet slot/port} |
{GigabitEthernet slot/port} | {Port-channel number}} |
{learn {cgmp | pim-dvmrp}}

Syntax Description

vlan vlan-id	Specifies the VLAN ID number to use in the command. The valid range is 1 to 4094.
interface	Specifies the next-hop interface to multicast switch.
FastEthernet	Specifies the Fast Ethernet interface.
slot/port	Number of the slot and port.
GigabitEthernet	Specifies the Gigabit Ethernet interface.
Port-channel number	Port channel number; valid values are from 1 to 64.
learn	Specifies the multicast switch learning method.
cgmp	Specifies the multicast switch snooping CGMP packets.
pim-dvmrp	Specifies the multicast switch snooping PIM-DVMRP packets.

Defaults

Multicast switch snooping RIM-DVMRP packets are specified.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

You enter this command in VLAN interface configuration mode only.

The interface to the switch must be in the VLAN where you are entering the command. It must be both administratively up and line protocol up.

The CGMP learning method can decrease control traffic.

The learning method you configure is saved in NVRAM.

Static connections to multicast interfaces are supported only on switch interfaces.

Examples

This example shows how to specify the next-hop interface to multicast switch:

Switch(config-if)# ip igmp snooping 400 mrouter interface fastethernet 5/6

Switch(config-if)#

This example shows how to specify the multicast switch learning method:

Switch(config-if)# ip igmp snooping 400 mrouter learn cgmp

Switch(config-if)#

Related Commands

ip igmp snooping
ip igmp snooping vlan immediate-leave
ip igmp snooping vlan static
show ip igmp snooping mrouter

ip igmp snooping vlan static

To configure a Layer 2 interface as a member of a group, use the ip igmp snooping vlan static command. To remove the configuration, use the no form of this command.

ip igmp snooping vlan vlan_num static mac-address {interface {FastEthernet slot/port} | {GigabitEthernet slot/port} | {Port-channel number}}

no ip igmp snooping vlan vlan_num static {{interface {FastEthernet slot/port} |
{GigabitEthernet slot/port} | {Port-channel number}}

Syntax Description

vlan vlan_num	Number of the VLAN.
static mac-address	Group MAC address.
interface	Specifies the next-hop interface to multicast switch.
FastEthernet slot/port	Specifies the Fast Ethernet interface. Number of the slot and port.
GigabitEthernet slot/port	Specifies the Gigabit Ethernet interface. Number of the slot and port.
Port-channel number	Port channel number; valid values are from 1 through 64.

Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

You enter this command in Global configuration mode only.

Examples

This example shows how to configure a host statically on an interface:

Switch(config)# ip igmp snooping vlan 4 static 0100.5e02.0203 interface fas 5/11

Configuring port FastEthernet5/11 on group 0100.5e02.0203 vlan 4

Switch(config)#

Related Commands

ip igmp snooping
ip igmp snooping vlan immediate-leave
ip igmp snooping vlan mrouter
show mac-address-table multicast

ip local-proxy-arp

To enable the local proxy ARP feature, use the ip local-proxy-arp command. To disable the feature, use the no form of this command.

ip local-proxy-arp

no ip local-proxy-arp

Syntax Description

This command has no arguments or keywords.

Defaults

Local proxy ARP is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Use this feature only on subnets where hosts are intentionally prevented from communicating directly to the switch on which they are connected.

ICMP redirect is disabled on interfaces where the local proxy ARP feature is enabled.

Examples

This example shows how to enable the local proxy ARP feature:

Switch(config-if)# ip local-proxy-arp

Switch(config-if)#

ip cef load-sharing algorithm

To configure the load-sharing hash function so that the source TCP/UDP port, or the destination TCP/UDP port, or both can be included in the hash in addition to the source and destination IP addresses, use the ip cef load-sharing algorithm command. To revert back to the default, which does not include the ports, use the no form of this command.

ip cef load-sharing algorithm {include-ports {source source | destination dest} | original | tunnel | universal}

no ip cef load-sharing algorithm{include-ports {source source | destination dest} | original | tunnel | universal}

Syntax Description

include-ports	Specifies algorithm that includes Layer 4 ports.
source source	Specifies source port in the load-balancing hash functions.
destination dest	Specifies destination port in the load-balancing hash. Uses source and destination in hash functions.
original	Original algorithm; not recommended.
tunnel	Specifies algorithm for use in tunnel only environments.
universal	Specifies the default IOS load-sharing algorithm.

Defaults

Default IOS load-sharing algorithm is specifed.

---

Note This option does not include the source or destination port in the load-balancing hash.

---

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The original algorithm, tunnel algorithm, and universal algorithm are all processed in hardware routing while software-routed packets, are processed in software. The include-ports option does not apply to software-switched traffic.

Examples

This example shows how to configure IP CEF load-sharing algorithm with the include-ports option:

Switch(config)# ip cef load-sharing algorithm include-ports

Switch(config)#

Related Commands

show ip cef vlan

ip mfib fastdrop

To enable MFIB fast drop, use the ip mfib fastdrop command. To disable MFIB fast drop, use the no form of this command.

ip mfib fastdrop

no ip mfib fastdrop

Syntax Description

This command has no arguments or keywords.

Defaults

MFIB fast drop is enabled.

Command Modes

EXEC

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable MFIB fast drops:

Switch> ip mfib fastdrop

Switch>

Related Commands

clear ip mfib fastdrop
show ip mfib fastdrop

ip sticky-arp

To enable sticky ARP, use the ip sticky-arp command. Use the no form of this command to disable sticky ARP.

ip sticky-arp

no ip sticky-arp

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

This command is supported on PVLANs only.

ARP entries that are learned on Layer3 PVLAN interfaces are sticky ARP entries. (You should display and verify ARP entries on the PVLAN interface using the show arp command).

For security reasons, sticky ARP entries on the PVLAN interface do not age out. Connecting new equipment with the same IP address generates a message and the ARP entry is not created.

Because the ARP entries on the PVLAN interface do not age out, you must manually remove ARP entries on the PVLAN interface if a MAC address changes.

Unlike static entries, sticky-ARP entries are not stored and restored when you enter the reboot and restart commands.

Examples

This example shows how to enable sticky ARP:

Switch# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config) ip sticky-arp

Switch(config)# end

Switch#

This example shows how to disable sticky ARP:

Switch# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config) no ip sticky-arp

Switch(config)# end

Switch#

Related Commands

arp (refer to Cisco IOS documentation)
show arp (refer to Cisco IOS documentation)

mac access-list extended

To access a subcommand to define extended MAC access lists, use the mac access-list extended command. To remove MAC access lists, use the no form of this command.

mac access-list extended name

no mac access-list extended name

Syntax Description

name	ACL to which the entry belongs.

Defaults

MAC access lists are not defined.

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

When you enter the ACL name, follow these naming conventions:

•Maximum of 31 characters long and can include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.).

•Must start with an alpha character and must be unique across all ACLs of all types.

•Case sensitive.

•Cannot be a number.

•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer.

When you enter the mac access-list extended name command, you use the following [no] {permit | deny} {{src-mac mask | any} destination MAC address mask} [protocol-family {appletalk | arp-non-ipv4 | decnet | ipx | ipv6 | rarp-non-ipv4 | vines | xns}] subset to create or delete entries in a MAC-Layer access list.

Table 2-7 describes the syntax of the mac access-list extended subcommands.

Table 2-7 mac access-list extended Subcommands 

Subcommand	Description
deny	Prevents access if the conditions are matched.
no	(Optional) Deletes a statement from an access list.
permit	Allows access if the conditions are matched.
src-mac mask	Source MAC address in the form: source-mac-address source-mac-address-mask.
any	Specifies any protocol type.
dest-mac mask	(Optional) Destination MAC address in the form dest-mac-address dest-mac-address-mask.
protocol-family	(Optional) Name of the protocol family. Table 2-8 explains which packets are mapped to a particular protocol family.

Table 2-8 describes mapping an Ethernet packet to a protocol family.

Table 2-8 Mapping an Ethernet Packet to a Protocol Family

Protocol-Family	Ethertype in Packet Header
Appletalk	0x809B, 0x80F3
Arp-Non-Ipv4	0x0806 and protocol header of Arp is a non-Ip protocol family
Decnet	0x6000-0x6009, 0x8038-0x8042
Ipx	0x8137-0x8138
Ipv6	0x86DD
Rarp-Ipv4	0x8035 and protocol header of Rarp is Ipv4
Rarp-Non-Ipv4	0x8035 and protocol header of Rarp is a non-Ipv4 protocol family.
Vines	0x0BAD, 0x0BAE, 0x0BAF
Xns	0x0600, 0x0807

When you enter the src-mac mask value or the dest-mac mask value, follow these guidelines:

•Enter MAC addresses as three 4-byte values in dotted hexadecimal format; for example, 0030.9629.9f84.

•Enter MAC address masks as three 4-byte values in dotted hexadecimal format. Use 1 bit as a wildcard. For example, to match an address exactly, use 0000.0000.0000 (can be entered as 0.0.0).

•For the optional protocol parameter, you can enter either the ethertype or the keyword.

•Entries without a protocol parameter match any protocol.

•Access lists entries are scanned in the order you enter them. The first matching entry is used. To improve performance, place the most commonly used entries near the beginning of the access list.

•An implicit deny any any entry exists at the end of an access list unless you include an explicit permit any any entry at the end of the list.

•All new entries to an existing list are placed at the end of the list. You cannot add entries to the middle of a list.

Examples

This example shows how to create a MAC Layer access list named mac_layer that denies traffic from 0000.4700.0001, which is going to 0000.4700.0009, and permits all other traffic:

Switch(config)# mac access-list extended mac_layer 

Switch(config-ext-macl)# deny 0000.4700.0001 0.0.0 0000.4700.0009 0.0.0 protocol-family appletak

Switch(config-ext-macl)# permit any any 

Related Commands

show vlan access-map

mac-address-table aging-time

To configure aging time for entries in the Layer 2 table, use the mac-address-table aging-time command. To reset the seconds value to the default setting, use the no version of this command.

mac-address-table aging-time seconds [vlan vlan_id]

no mac-address-table aging-time seconds [vlan vlan_id]

Syntax Description

seconds	Aging time in seconds; valid values are 0 and from 10 to 1,000,000 seconds.
vlan vlan_id	(Optional) Specifies the VLAN to apply the changed aging time; valid values are from 1to 4094.

Defaults

300 seconds

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

If you do not enter a VLAN, the change is applied to all routed-port VLANs.

Enter 0 seconds to disable aging.

Examples

This example shows how to configure the aging time to 400 seconds:

Switch(config)# mac-address-table aging-time 400

Switch(config)#

This example shows how to disable aging:

Switch(config)# mac-address-table aging-time 0

Switch(config)

Related Commands

show mac-address-table aging-time

mac-address-table static

To add static entries to the MAC address table, use the mac-address-table static command. To remove entries profiled by the combination of specified entry information, use the no form of this command.

mac-address-table static mac_addr {vlan vlan_id} {interface int1}

no mac-address-table static mac_addr {vlan vlan_id} {interface int1}

Syntax Description

mac_addr	Address to add to the MAC address table.
vlan vlan_id	Specifies the VLAN associated with the MAC address entry; valid values are from 1 to 4094.
interface int1	Specifies the interface.

Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for extended addressing was added.

Usage Guidelines

The output interface specified must be a Layer 2 IDB and not an SVI.

You can enter multiple VLAN IDs after the vlan keyword to install the entry for each VLAN entered.

An entry is automatically created for each of the four protocol types.

The no form of this command does not remove system MAC addresses.

When removing a MAC address, entering interface int is optional. For unicast entries, the entry is removed automatically. For multicast entries, if you do not specify an interface, the entire entry is removed. You can specify the selected ports to be removed by specifying the interface.

Examples

This example shows how to add static entries to the MAC address table:

Switch(config)# mac-address-table static 0050.3e8d.6400 interface fastethernet5/7 vlan 100

Switch(config)# 

This example shows how to remove a static entry from the MAC address table:

Switch(config)# no mac-address-table static 0050.3e8d.6400 interface fastethernet5/7 vlan 100

Switch(config)# 

Related Commands

show mac-address-table address

main-cpu

To enter the main CPU submode and manually synchronize the configurations on the two supervisor engines, use the main-cpu command.

main-cpu

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Redundancy

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch. (Catalyst 4507R only)

Usage Guidelines

The main CPU submode is used to manually synchronize the configurations on the two supervisor engines.

From the main CPU submode, use the auto-sync command to enable automatic synchronization of the configuration files in NVRAM.

---

Note After you enter the main CPU submode, you can use the auto-sync command to automatically synchronize the configuration between the primary and secondary route processors based on the primary configuration. In addition, you can use all of the redundancy commands that are applicable to the main CPU.

---

Related Commands

auto-sync (refer to Cisco IOS documentation)

match

To specify a match clause by selecting one or more ACLs for a VLAN access-map sequence, use the match subcommand. To remove the match clause, use the no form of this command.

match {ip address {acl-number | acl-name}} | {mac address acl-name}}

no match {ip address {acl-number | acl-name}} | {mac address acl-name}}

---

Note If a match clause is not specified, the action for the VLAN access-map sequence is applied to all packets. All packets are matched against that sequence in the access map.

---

Syntax Description

ip address acl-number	Selects one or more IP ACLs for a VLAN access-map sequence; valid values are from 1 to 199 and from 1300 to 2699.
ip address acl-name	Selects an IP ACL by name.
mac address acl-name	Selects one or more MAC ACLs for a VLAN access-map sequence.

Defaults

This command has no default settings.

Command Modes

VLAN access-map

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The match clause specifies the IP or MAC ACL for traffic filtering.

The MAC sequence is not effective for IP packets. IP packets should be access controlled by IP match clauses.

Refer to the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide  for additional configuration guidelines and restrictions.

Refer to the Cisco IOS Command Reference publication for additional match command information.

Examples

This example shows how to define a match clause for a VLAN access map:

Switch(config)# vlan access-map ganymede 10

Switch(config-access-map)# match ip address 13 

Switch(config-access-map)#

Related Commands

show vlan access-map
vlan access-map

monitor session

To start a new SPAN session, add interfaces or VLANs to an existing SPAN session, or filter SPAN traffic to specific VLANs, use the monitor session command. To remove one or more source or destination interfaces from the SPAN session, or a source VLAN from the SPAN session, use the no form of this command.

monitor session {session} {source {interface type num} | {vlan vlan_id}} [, | - | rx | tx | both]

no monitor session {session} {source {interface type num} | {vlan vlan_id}} [, | - | rx | tx | both]

monitor session {session} {destination {interface type num}

no monitor session {session} {destination {interface type num}

monitor session {session} {filter {vlan vlan_id} [, | -]}

no monitor session {session} {filter {vlan vlan_id} [, | -]}

Syntax Description

session	Number of the SPAN session; valid values are from 1 through 6.
source	Specifies the SPAN source.
interface type num	Specifies the interface type and number; valid values are FastEthernet, GigabitEthernet, and Port-channel.
vlan vlan_id	Specifies the VLAN; valid values are from 1 to 4094.
,	(Optional) Symbol to specify another range of SPAN VLANs; valid values are from 1 to 4094.
-	(Optional) Symbol to specify a range of SPAN VLANs.
rx	(Optional) Monitors received traffic only.
tx	(Optional) Monitors transmitted traffic only.
both	(Optional) Monitors received and transmitted traffic.
destination	Specifies the SPAN destination interface.
filter	Limits SPAN source traffic to specific VLANs.

Defaults

Received and transmitted traffic and all VLANs are monitored on a trunking interface.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.
12.1(12c)EW	Support for differing directions within a single user session and extended VLAN addressing was added.

Usage Guidelines

Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you will get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

With release 12.1(12c)EW, you can configure sources with differing directions within a single user session.

---

Note With release 12.1(12c)EW, SPAN is limited to two sessions containing ingress sources and four sessions containing egress sources. Bidirectional sources count as both an ingress source and an egress source.

---

A particular SPAN session can either monitor VLANs or monitor individual interfaces: you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you will get an error. You will also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunking interface, only traffic on the set of specified VLANs is monitored. Port channel interfaces are displayed in the list of interface options if you have them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.

Examples

This example shows how to add a source interface to a SPAN session:

Switch(config)# monitor session 1 source interface fa2/3

Switch(config)#

This example shows how to configure sources with differing directions within a SPAN session:

Switch(config)# monitor session 1 source interface fa2/3 rx

Switch(config)# monitor session 1 source interface fa2/2 tx

Switch(config)#

This example shows how to remove a source interface from a SPAN session:

Switch(config)# no monitor session 1 source interface fa2/3

Switch(config)#

This example shows how to limit SPAN traffic to specific VLANs:

Switch(config)# monitor session 1 filter vlan 100 - 304

Switch(config)#

Related Commands

show monitor

name

To set the MST region name, use the name command. To return to the default name, use the no form of this command.

name name

no name name

Syntax Description

name	Specifies the name of the MST region. It can be any string with a maximum length of 32 characters.

Defaults

MST region name is not set.

Command Modes

MST configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Two or more Catalyst 4500 series switches with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.

---

Caution Be careful when using the name command to set the MST region name.

---

Examples

This example shows how to name a region:

Switch(config-mst)# name Cisco

Switch(config-mst)# 

Related Commands

instance
revision
show spanning-tree mst
spanning-tree mst configuration

pagp learn-method

To learn the input interface of incoming packets, use the pagp learn-method command. To return to the default value, use the no form of this command.

pagp learn-method {aggregation-port | physical-port}

no pagp learn-method

Syntax Description

aggregation-port	Specifies learning the address on the port channel.
physical-port	Specifies learning the address on the physical port within the bundle.

Defaults

The address on the port channel is learned.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to enable port channel address learning:

Switch(config-if)# pagp learn-method 

Switch(config-if)#

This example shows how to enable physical port address learning within the bundle:

Switch(config-if)# pagp learn-method physical-port

Switch(config-if)#

This example shows how to enable aggregation port address learning within the bundle:

Switch(config-if)# pagp learn-method aggregation-port

Switch(config-if)#

Related Commands

pagp learn-method
show pagp

pagp port-priority

To select a port in hot standby mode, use the pagp port-priority command. To return to the default value, use the no form of this command.

pagp port-priority priority

no pagp port-priority

Syntax Description

priority

Port priority number; valid values are from 1 to 255.

Defaults

Port number is 128.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The higher the priority, the better the chances are that the port will be selected in the hot standby mode.

Examples

This example shows how to set the port priority:

Switch(config-if)# pagp port-priority 45

Switch(config-if)#

Related Commands

pagp learn-method
show pagp

policy-map

To access the QoS policy map configuration mode to configure the QoS policy map, use the policy-map command. To delete a policy map, use the no form of this command.

policy-map policy-map-name

no policy-map policy-map-name

Syntax Description

policy-map-name

Specifies the name of the policy map.

Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

In QoS policy-map configuration mode, these configuration commands are available:

•exit exits QoS class map configuration mode.

•no removes an existing defined policy map.

•class class-map-name accesses the QoS class map configuration mode to specify a previously created class map to be included in the policy map or to create a class map (see the class-map command for additional information).

•police [aggregate name] rate burst [conform-action {drop | transmit}] [{exceed-action {drop | policed-dscp-transmit | transmit}] defines a microflow or aggregate policer.

•trust {cos | dscp} sets the specified class trust values. Trust values that are set in this command supersede trust values set on specific interfaces.

Examples

This example shows how to create a policy map named ipp5-policy that uses the class-map named ipp5, is configured to rewrite the packet precedence to 6 and to aggregate police the traffic that matches IP precedence value of 5:

Switch# configure terminal 

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# policy-map ipp5-policy

Switch(config-pmap)# class ipp5 

Switch(config-pmap-c)# set ip precedence 6

Switch(config-pmap-c)# police 2000000000 2000000 conform-action transmit exceed-action 
policed-dscp-transmit 

Switch(config-pmap-c)# end 

Related Commands

class-map
service-policy
show class-map
show policy-map
show policy-map interface

port-channel load-balance

To set the load distribution method among the ports in the bundle, use the port-channel load-balance command. To reset the load distribution to the default, use the no form of this command.

port-channel load-balance method

no port-channel load-balance

Syntax Description

method

Specifies the load distribution method. See "Usage Guidelines."

Defaults

Load distribution on the source or destination IP address

Command Modes

Global configuration

Command History

Release	Modification
12.1(8a)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The following values are valid for the load distribution method:

•dst-ip—Load distribution on the destination IP address

•dst-mac—Load distribution on the destination MAC address

•dst-port—Load distribution on the destination TCP/UDP port

•src-dst-ip—Load distribution on the source XOR destination IP address

•src-dst-mac—Load distribution on the source XOR destination MAC address

•src-dst-port—Load distribution on the source XOR destination TCP/UDP port

•src-ip—Load distribution on the source IP address

•src-mac—Load distribution on the source MAC address

•src-port—Load distribution on the source port

Examples

This example shows how to set the load distribution method to destination IP address:

Switch(config)# port-channel load-balance dst-ip

Switch(config)# 

This example shows how to set the load distribution method to source or destination IP address:

Switch(config)# port-channel load-balance src-dst-port

Switch(config)# 

Related Commands

interface port-channel
show etherchannel

power inline

To set the inline-power state for inline-power-capable interfaces, use the power inline command. To return to the default values, use the no form of this command.

power inline {auto | never}

no power inline

Syntax Description

auto	Sets the inline power state to automatic mode for inline-power capable interfaces.
never	Disables both the detection and power for inline-power capable interfaces.

Defaults

Auto mode

Command Modes

Interface configuration

Command History

Release	Modification
12.1(11)EW	Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

If your interface does not support inline power, you will receive the following error message:

inline power not supported on interface Admin

Examples

This example shows how to set inline-power detection and power for inline-power-capable interfaces:

Switch(config-if)# power inline auto

Switch(config-if)# 

This example shows how to disable inline-power detection and power for inline-power-capable interfaces:

Switch(config-if)# power inline never

Switch(config-if)# 

Related Commands

show power

power redundancy-mode

To configure the power settings for the chassis, use the power redundancy-mode command. To return to the default setting, use the default form of this command.

power redundancy-mode {redundant | combined}

default power redundancy-mode

Syntax Description

redundant	Configures the switch to redundant power management mode.
combined	Configures the switch to combined power management mode.

Defaults

Redundant power management mode

Command Modes

Global configuration

Command History

Release	Modification
12.1(12c)EW	Support for this command was introduced on the Catalyst 4500 series switch. (Catalyst 4500 Series only: 4503, 4506, and 4507)

Usage Guidelines

The two power supplies must be the same type and wattage.

---

Caution If you have power supplies with different types or wattages installed in your switch, the switch will not recognize one of the power supplies. A switch set to redundant mode will not have power redundancy. A switch set to combined mode will only use one power supply.

---

In redundant mode, the power from a single power supply must provide enough power to support the switch configuration

Table 2-9 lists the maximum available power for chassis and inline power for each power supply.

Table 2-9 Available Power

Power Supply	Redundant Mode (W)	Combined Mode (W)
1000 W AC	System1 = 1000 Inline = 0	System = 1667 Inline = 0
2800 W AC	System = 1360 In-line = 1400	System = 2473 In-line = 2333

1 System power includes power for the supervisor engines, all line cards and the fan tray.

Examples

This example shows how to set the power management mode to combined:

Switch(config)# power redundancy-mode combined

Switch(config)#

Related Commands

show power

power supplies required

To configure the power redundancy mode for the Catalyst 4006 (only), use the power supplies required command. To return to the default power redundancy mode, use the default form of this command or the power supplies required 2 command.

power supplies required {1 | 2}

default power supplies required

Syntax Description

1	Configures the chassis for 1+1 redundancy mode.
2	Configures the switch to 2+1 redundancy mode.

Defaults

2 + 1 redundancy mode

Command Modes

Global configuration

Command History

Release	Modification
12.1(11)EW	Support for this command was introduced on the Catalyst 4500 series switch. (Catalyst 4006 only)

Usage Guidelines

This command does not work on a Catalyst 4500 series switch.

Examples

This example shows how to set the power supplies required for the chassis to 1:

Switch(config)# power supplies required 1

Switch(config)#

Related Commands

show power

private-vlan

To configure PVLANs and the association between a PVLAN and a secondary VLAN, use the private-vlan commands. To return to the default value, use the no form of this command.

private-vlan {isolated | primary}

private-vlan association secondary-vlan-list [{add secondary-vlan-list} | {remove secondary-vlan-list}]

no private-vlan {isolated | primary}

no private-vlan association

Syntax Description

isolated

Designates the VLAN as an isolated PVLAN.