Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(25)SG
aaa accounting dot1x default start-stop group radius through instance
Download this chapter
aaa accounting dot1x default start-stop group radius through instanceaaa accounting dot1x default start-stop group radius through instance
Download the complete book
Book-length PDF: Catalyst 4500 Series Switch Cisco IOS Command ReferenceBook-length PDF: Catalyst 4500 Series Switch Cisco IOS Command Reference (PDF - 5 MB)
give_us_feedback

Table Of Contents

Cisco IOS Commands for the Catalyst 4500 Series Switches

#macro keywords

aaa accounting dot1x default start-stop group radius

aaa accounting system default start-stop group radius

access-group mode

access-list hardware entries

action

apply

arp access-list

attach module

auto qos voip

auto-sync

channel-group

channel-protocol

class-map

clear counters

clear hw-module slot password

clear interface gigabitethernet

clear interface vlan

clear ip access-template

clear ip arp inspection log

clear ip arp inspection statistics

clear ip dhcp snooping database

clear ip dhcp snooping database statistics

clear ip igmp group

clear ip igmp snooping membership

clear ip mfib counters

clear ip mfib fastdrop

clear lacp counters

clear mac-address-table dynamic

clear pagp

clear port-security

clear qos

clear vlan counters

clear vmps statistics

debug adjacency

debug backup

debug condition interface

debug condition standby

debug condition vlan

debug dot1x

debug etherchnl

debug interface

debug ipc

debug ip dhcp snooping event

debug ip dhcp snooping packet

debug ip verify source packet

debug lacp

debug monitor

debug nvram

debug pagp

debug platform packet protocol lacp

debug platform packet protocol pagp

debug pm

debug psecure

debug redundancy

debug smf updates

debug spanning-tree

debug spanning-tree backbonefast

debug spanning-tree switch

debug spanning-tree uplinkfast

debug sw-vlan

debug sw-vlan ifs

debug sw-vlan notification

debug sw-vlan vtp

debug udld

debug vqpc

define interface-range

deny

diagnostic monitor action

diagnostic start

dot1x auth-fail max-attempts

dot1x auth-fail vlan

dot1x guest-vlan

dot1x guest-vlan supplicant

dot1x host-mode

dot1x initialize

dot1x max-reauth-req

dot1x max-req

dot1x port-control

dot1x re-authenticate

dot1x re-authentication

dot1x system-auth-control

dot1x timeout

duplex

erase

errdisable detect

errdisable recovery

flowcontrol

hw-module power

hw-module uplink select

instance


Cisco IOS Commands for the Catalyst 4500 Series Switches

This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco IOS commands that are not included in this publication, refer to Cisco IOS Release 12.2 Configuration Guides and Command References at this URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_product_indices_list.html

#macro keywords

To specify the help string for the macro keywords, use the #macro keywords command.

#macro keywords [keyword1] [keyword2] [keyword3]

Syntax Description

keyword 1

(Optional) Specifies a keyword that is needed while applying a macro to an interface.

keyword 2

(Optional) Specifies a keyword that is needed while applying a macro to an interface.

keyword 3

(Optional) Specifies a keyword that is needed while applying a macro to an interface.


Defaults

This command has no default settings.

Command Modes

Global configuration

Command History

Release
Modification

12.2(18)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

If you do not specify the mandatory keywords for a macro, the macro is to be considered invalid and fails when you attempt to apply it. By enteringthe #macro keywords command, you will receive a message indicating what you need to include to make the syntax valid.

Examples

This example shows how to specify the help string for keywords associated with a macro named test: 

Switch(config)# macro name test

macro name test

Enter macro commands one per line. End with the character '@'.

#macro keywords $VLAN $MAX

swichport

@


Switch(config)# int gi1/1

Switch(config-if)# macro apply test ?

  WORD  Keyword to replace with a value e.g $VLAN, $MAX   << It is shown as help

  <cr>

Related Commands

macro apply cisco-desktop
macro apply cisco-phone
macro apply cisco-router
macro apply cisco-switch

aaa accounting dot1x default start-stop group radius

To enable accounting for 802.1X authentication sessions, use the aaa accounting dot1x default start-stop group radius command. To disable accounting, use the no form of this command.

aaa accounting dot1x default start-stop group radius

no aaa accounting dot1x default start-stop group radius

Syntax Description

This command has no arguments or keywords.

Defaults

Accounting is disabled.

Command Modes

Global configuration

Command History

Release
Modification

12.2(18)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

802.1X accounting requires a RADIUS server.

This command enables the Authentication, Authorization, and Accounting (AAA) client's accounting feature to forward 802.1X update and watchdog packets from the 802.1X supplicant (workstation client) to the authentication (RADIUS) server. (Watchdog packets are defined as EAPOL-LOGON, EAPOL-LOGOFF, and EAPOL-INTERIM messages.) Successful authentication and authorization of the supplicant by the authentication server is required before these packets are considered valid and are forwarded. When the client is reauthenticated, an interim-update accounting notice is sent to the accounting server.

Examples

This example shows how to configure 802.1X accounting: 

Switch(config)# aaa accounting dot1x default start-stop group radius

Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client.

Related Commands

aaa accounting system default start-stop group radius

aaa accounting system default start-stop group radius

To receive the session termination messages after the switch reboots, use the aaa accounting system default start-stop group radius command. To disable accounting, use the no form of this command.

aaa accounting system default start-stop group radius

no aaa accounting system default start-stop group radius

Syntax Description

This command has no arguments or keywords.

Defaults

Accounting is disabled.

Command Modes

Global configuration mode

Command History

Release
Modification

12.2(18)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

802.1X accounting requires the RADIUS server.

This command enables the AAA client's accounting feature to forward 802.1X update and watchdog packets from the 802.1X supplicant (workstation client) to the authentication (RADIUS) server. (Watchdog packets are defined as EAPOL-LOGON, EAPOL-LOGOFF, and EAPOL-INTERIM messages.) Successful authentication and authorization of the supplicant by the authentication server is required before these packets are considered valid and are forwarded. When the client is reauthenticated, an interim-update accounting notice is sent to the accounting server.

Examples

This example shows how to generate a logoff after a switch reboots: 

Switch(config)# aaa accounting system default start-stop group radius

Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client.

Related Commands

aaa accounting dot1x default start-stop group radius

access-group mode

To specify the override modes (for example, VACL overrides PACL) and the non-override modes (for example, merge or strict mode), use the access-group mode command. To return to preferred port mode, use the no form of this command.

access-group mode {prefer {port | vlan} | merge}

no access-group mode {prefer {port | vlan} | merge}

Syntax Description

prefer port

Specifies that the PACL mode take precedence if PACLs are configured. If no PACL features are configured on the port, other features applicable to the interface are merged and applied on the interface.

prefer vlan

Specifies that the VLAN-based ACL mode take precedence. If no VLAN-based ACL features are configured on the port's VLAN, the PACL features on the port are applied.

merge

Merges applicable ACL features before they are programmed into the hardware.


Defaults

PACL override mode

Command Modes

Interface configuration

Command History

Release
Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

On the Layer 2 interface, prefer port, prefer VLAN, and merge modes are supported. A Layer 2 interface can have one IP ACL applied in either direction (one inbound and one outbound).

Examples

This example shows how to make the PACL mode on the switch take effect: 

(config-if)# access-group mode prefer port

This example shows how to merge applicable ACL features: 

(config-if)# access-group mode merge

Related Commands

show access-group mode interface
show ip interface (refer to Cisco IOS documentation)
show mac access-group interface

access-list hardware entries

To designate how ACLs are programmed into the switch hardware, use the access-list hardware entries command.

access-list hardware entries {packed | scattered}

Syntax Description

packed

Directs the software to use the first entry with a matching mask when selecting an entry from the ACL TCAM for programming the ACEs in an ACL.

scattered

Directs the software to use the first entry with a free mask when selecting an entry from the ACL TCAM for programming the ACEs in an ACL.


Defaults

The ACLs are programmed as packed.

Command Modes

Global configuration

Command History

Release
Modification

12.2(20)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

Two types of hardware resources are used when ACLs are programmed: entries and masks. If one of these resources is consumed, no additional ACLs can be programmed into the hardware. If the masks are consumed, but the entries are available, change the programming algorithm from packed to scattered to make the masks available. This action allows additional ACLs to be programmed into the hardware.

The goal is to use TCAM resources more efficiently; that is, to minimize the number of masks per ACL entries. To compare TCAM utilization when using the scattered or packed algorithms, use the
show platform hardware acl statistics utilization brief command. To change the algorithm from packed to scattered, use the access-list hardware entries command.

Examples

This example shows how to program ACLs into the hardware as packed. After they are programmed, you will need 89 percent of the masks to program only 49 percent of the ACL entries. 

Switch# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# access-list hardware entries packed

Switch(config)# end

Switch#

01:15:34: %SYS-5-CONFIG_I: Configured from console by console

Switch#

Switch# show platform hardware acl statistics utilization brief

Entries/Total(%)  Masks/Total(%)

                                       -----------------  ---------------

            Input  Acl(PortAndVlan)  2016 / 4096 ( 49)   460 /  512 ( 89)

            Input  Acl(PortOrVlan)      6 / 4096 (  0)     4 /  512 (  0)

            Input  Qos(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Input  Qos(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)

            Output Acl(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Output Acl(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)

            Output Qos(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Output Qos(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)


            L4Ops: used 2 out of 64

Switch# 


This example shows how to reserve space (scatter) between ACL entries in the hardware. The 
number of masks required to program 49 percent of the entries has decreased to 49 percent.


Switch# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# access-list hardware entries scattered

Switch(config)# end

Switch#

01:39:37: %SYS-5-CONFIG_I: Configured from console by console

Switch#

Switch# show platform hardware acl statistics utilization brief

Entries/Total(%)  Masks/Total(%)

                                       -----------------  ---------------

            Input  Acl(PortAndVlan)  2016 / 4096 ( 49)   252 /  512 ( 49)

            Input  Acl(PortOrVlan)      6 / 4096 (  0)     5 /  512 (  0)

            Input  Qos(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Input  Qos(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)

            Output Acl(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Output Acl(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)

            Output Qos(PortAndVlan)     0 / 4096 (  0)     0 /  512 (  0)

            Output Qos(PortOrVlan)      0 / 4096 (  0)     0 /  512 (  0)


            L4Ops: used 2 out of 64

Switch#

action

To specify an action to be taken when a match occurs in a VACL, use the action command. To remove an action clause, use the no form of this command.

action {drop | forward}

no action {drop | forward}

Syntax Description

drop

Sets the action to drop packets.

forward

Sets the action to forward packets to their destination.


Defaults

This command has no default settings.

Command Modes

VLAN access-map

Command History

Release
Modification

12.1(12c)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

In a VLAN access map, if at least one ACL is configured for a packet type (IP or MAC), the default action for the packet type is drop (deny).

If an ACL is not configured for a packet type, the default action for the packet type is forward (permit).

If an ACL for a packet type is configured and the ACL is empty or undefined, the configured action will be applied to the packet type.

Examples

This example shows how to define a drop action: 

Switch(config-access-map)# action drop 

Switch(config-access-map)#

This example shows how to define a forward action: 

Switch(config-access-map)# action forward 

Switch(config-access-map)#

Related Commands

match
show vlan access-map
vlan access-map

apply

To implement a new VLAN database, increment the configuration number, save the configuration number in NVRAM, and propagate the configuration number throughout the administrative domain, use the apply command.

apply

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

VLAN configuration

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

The apply command implements the configuration changes that you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.

You cannot use this command when the switch is in the VTP client mode.

You can verify that the VLAN database changes occurred by entering the show vlan command from privileged EXEC mode.

Examples

This example shows how to implement the proposed new VLAN database and to recognize it as the current database: 

Switch(config-vlan)# apply

Switch(config-vlan)#

Related Commands

abort (refer to Cisco IOS documentation)
exit (refer to Cisco IOS documentation)
reset
show vlan
shutdown vlan (refer to Cisco IOS documentation)
vtp (global configuration mode)

arp access-list

To define an ARP access list or add clauses at the end of a predefined list, use the arp access-list command.

arp access-list name

Syntax Description

name

Specifies the access control list name.


Defaults

None

Command Modes

Configuration

Command History

Release
Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Examples

This example shows how to define an ARP access list named static-hosts: 

Switch(config)# arp access-list static-hosts

Switch(config)#

Related Commands

deny
ip arp inspection filter vlan
permit

attach module

To remotely connect to a specific module, use the attach module configuration command.

attach module mod

Syntax Description

mod

Target module for the command.


Defaults

This command has no default settings.

Command Modes

Privileged

Command History

Release
Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

This command applies only to the Access Gateway Module on Catalyst 4500 series switches.

The valid values for mod depend on the chassis that are used. For example, if you have a Catalyst 4006 chassis, valid values for the module are from 2 to 6. If you have a 4507R chassis, valid values are from 3 to 7.

When you execute the attach module mod command, the prompt changes to Gateway#.

This command is identical in the resulting action to the session module mod and the remote login module mod commands.

Examples

This example shows how to remotely log in to an Access Gateway Module: 

Switch# attach module 5

Attaching console to module 5

Type 'exit' at the remote prompt to end the session


Gateway>

Related Commands

remote login module
session module

auto qos voip

To automatically configure quality of service (auto-QoS) for voice over IP (VoIP) within a QoS domain, use the auto qos voip interface configuration command. To change the auto-QoS configuration settings to the standard QoS defaults, use the no form of this command.

auto qos voip {cisco-phone | trust}

no auto qos voip {cisco-phone | trust}

Syntax Description

cisco-phone

Connects the interface to a Cisco IP phone and automatically configures QoS for VoIP. The CoS labels of incoming packets are trusted only when the telephone is detected.

trust

Connects the interface to a trusted switch or router and automatically configures QoS for VoIP. The CoS and DSCP labels of incoming packets are trusted.


Defaults

Auto-QoS is disabled on all interfaces.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

Use this command to configure the QoS that is appropriate for VoIP traffic within the QoS domain. The QoS domain includes the switch, the interior of the network, and the edge devices that can classify incoming traffic for QoS.

Use the cisco-phone keyword on the ports at the edge of the network that are connected to Cisco IP phones. The switch detects the telephone through the Cisco Discovery Protocol (CDP) and trusts the CoS labels in packets that are received from the telephone.

Use the trust keyword on the ports that are connected to the interior of the network. Because it is assumed that the traffic has already been classified by the other edge devices, the CoS/DSCP labels in these packets are trusted.

When you enable the auto-QoS feature on the specified interface, these actions automatically occur:

QoS is globally enabled (qos global configuration command).

DBL is enabled globally (qos dbl global configuration command).

When you enter the auto qos voip cisco-phone interface configuration command, the trusted boundary feature is enabled. It uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP phone. When a Cisco IP phone is detected, the ingress classification on the specific interface is set to trust the CoS label that is received in the packet because some old phones do not mark DSCP. When a Cisco IP phone is absent, the ingress classification is set to not trust the CoS label in the packet.

When you enter the auto qos voip trust interface configuration command, the ingress classification on the specified interface is set to trust the CoS label that is received in the packet if the specified interface is configured as Layer 2 (and is set to trust DSCP if the interface is configured as Layer 3).

You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports.

To display the QoS configuration that is automatically generated when auto-QoS is enabled, enable debugging before you enable auto-QoS. Use the debug auto qos privileged EXEC command to enable auto-QoS debugging.

To disable auto-QoS on an interface, use the no auto qos voip interface configuration command. When you enter this command, the switch enables standard QoS and changes the auto-QoS settings to the standard QoS default settings for that interface. This action will not change any global configuration performed by auto-QoS; the global configuration remains the same.

Examples

This example shows how to enable auto-QoS and to trust the CoS and DSCP labels that are received in the incoming packets when the switch or router that is connected to Gigabit Ethernet interface 1/1 is a trusted device: 

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# auto qos voip trust

This example shows how to enable auto-QoS and to trust the CoS labels that are received in incoming packets when the device connected to Fast Ethernet interface 2/1 is detected as a Cisco IP phone: 

Switch(config)# interface fastethernet2/1

Switch(config-if)# auto qos voip cisco-phone

This example shows how to display the QoS configuration that is automatically generated when auto-QoS is enabled: 

Switch# debug auto qos

AutoQoS debugging is on

Switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface gigabitethernet1/1

Switch(config-if)# auto qos voip trust

Switch(config-if)#

00:00:56:qos

00:00:57:qos map cos 3 to dscp 26

00:00:57:qos map cos 5 to dscp 46

00:00:58:qos map dscp 32 to tx-queue 1

00:00:58:qos dbl

00:01:00:policy-map autoqos-voip-policy

00:01:00:  class class-default

00:01:00:   dbl

00:01:00:interface GigabitEthernet1/1

00:01:00: qos trust cos

00:01:00: tx-queue 3

00:01:00:  priority high

00:01:00:  shape percent 33

00:01:00:  service-policy output autoqos-voip-policy

Switchconfig-if)# interface gigabitethernet1/1

Switch(config-if)# auto qos voip cisco-phone

Switch(config-if)#

00:00:55:qos

00:00:56:qos map cos 3 to dscp 26

00:00:57:qos map cos 5 to dscp 46

00:00:58:qos map dscp 32 to tx-queue 1

00:00:58:qos dbl

00:00:59:policy-map autoqos-voip-policy

00:00:59:  class class-default

00:00:59:   dbl

00:00:59:interface GigabitEthernet1/1

00:00:59: qos trust device cisco-phone

00:00:59: qos trust cos

00:00:59: tx-queue 3

00:00:59:  priority high

00:00:59:  shape percent 33

00:00:59:  bandwidth percent 33

00:00:59:  service-policy output autoqos-voip-policy

You can verify your settings by entering the show auto qos interface command.

Related Commands

debug auto qos (refer to Cisco IOS documentation)
qos map cos
qos trust
show auto qos
show qos
show qos interface
show qos maps

auto-sync

To enable automatic synchronization of the configuration files in NVRAM, use the auto-sync command. To disable automatic synchronization, use the no form of this command.

auto-sync {startup-config | config-register | bootvar | standard}

no auto-sync {startup-config | config-register | bootvar | standard}

Syntax Description

startup-config

Specifies automatic synchronization of the startup configuration.

config-register

Specifies automatic synchronization of the configuration register configuration.

bootvar

Specifies automatic synchronization of the BOOTVAR configuration.

standard

Specifies automatic synchronization of the startup configuration, BOOTVAR, and configuration registers.


Defaults

Standard automatic synchronization of all configuration files

Command Modes

Redundancy main-cpu

Command History

Release
Modification

12.1(12c)EW

Support for this command was introduced on the Catalyst 4500 series switch (Catalyst 4507R only).


Usage Guidelines

If you enter the no auto-sync standard command, no automatic synchronizations occur.

Examples

This example shows how (from the default configuration) to enable automatic synchronization of the configuration register in the main CPU: 

Switch# config terminal

Switch (config)# redundancy

Switch (config-r)# main-cpu

Switch (config-r-mc)# no auto-sync standard

Switch (config-r-mc)# auto-sync configure-register

Switch (config-r-mc)#

Related Commands

redundancy

channel-group

To assign and configure an EtherChannel interface to an EtherChannel group, use the channel-group command. To remove a channel group configuration from an interface, use the no form of this command.

channel-group number mode {active | on | auto [non-silent]} | {passive | desirable [non-silent]}

no channel-group

Syntax Description

number

Specifies the channel-group number; valid values are from 1 to 64.

mode

Specifies the EtherChannel mode of the interface.

active

Enables LACP unconditionally.

on

Forces the port to channel without PAgP.

auto

Places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not initiate PAgP packet negotiation.

non-silent

(Optional) Used with the auto or desirable mode when traffic is expected from the other device.

passive

Enables LACP only if an LACP device is detected.

desirable

Places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets.


Defaults

No channel groups are assigned.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(13)EW

Support for LACP was added.


Usage Guidelines

You do not have to create a port-channel interface before assigning a physical interface to a channel group. If a port-channel interface has not been created, it is automatically created when the first physical interface for the channel group is created.

If a specific channel number is used for the PAgP-enabled interfaces of a channel group, that same channel number cannot be used for configuring a channel that has LACP-enabled interfaces or vice versa.

You can also create port channels by entering the interface port-channel command. This will create a Layer 3 port channel. To change the Layer 3 port channel into a Layer 2 port channel, use the switchport command before you assign physical interfaces to the channel group. A port channel cannot be changed from Layer 3 to Layer 2 or vice versa when it contains member ports.

You do not have to disable the IP address that is assigned to a physical interface that is part of a channel group, but we recommend that you do so.

Any configuration or attribute changes that you make to the port-channel interface are propagated to all interfaces within the same channel group as the port channel (for example, configuration changes are also propagated to the physical interfaces that are not part of the port channel, but are part of the channel group).

You can create in on mode a usable EtherChannel by connecting two port groups together.

Caution Do not enable Layer 3 addresses on the physical EtherChannel interfaces. Do not assign bridge groups on the physical EtherChannel interfaces because it creates loops.

Examples

This example shows how to add Gigabit Ethernet interface 1/1 to the EtherChannel group that is specified by port-channel 45: 

Switch(config-if)# channel-group 45 mode on 

Creating a port-channel interface Port-channel45

Switch(config-if)#

Related Commands

interface port-channel
show interfaces port-channel (refer to Cisco IOS documentation)

channel-protocol

To enable LACP or PAgP on an interface, use the channel-protocol command. To disable the protocols, use the no form of this command.

channel-protocol {lacp | pagp}

no channel-protocol {lacp | pagp}

Syntax Description

lacp

Enables LACP to manage channeling.

pagp

Enables PAgP to manage channeling.


Defaults

PAgP

Command Modes

Interface configuration

Command History

Release
Modification

12.1(13)EW

Support for this command was introduced on the Catalyst 4500 series switches.


Usage Guidelines

This command is not supported on systems that are configured with a Supervisor Engine I.

You can also select the protocol using the channel-group command.

If the interface belongs to a channel, the no form of this command is rejected.

All ports in an EtherChannel must use the same protocol; you cannot run two protocols on one module.

PAgP and LACP are not compatible; both ends of a channel must use the same protocol.

You can manually configure a switch with PAgP on one side and LACP on the other side in the on mode.

You can change the protocol at any time, but this change causes all existing EtherChannels to reset to the default channel mode for the new protocol. You can use the channel-protocol command to restrict anyone from selecting a mode that is not applicable to the selected protocol.

Configure all ports in an EtherChannel to operate at the same speed and duplex mode (full duplex only for LACP mode).

For a complete list of guidelines, refer to the "Configuring EtherChannel" section of the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide.

Examples

This example shows how to select LACP to manage channeling on the interface: 

Switch(config-if)# channel-protocol lacp

Switch(config-if)#

Related Commands

channel-group
show etherchannel

class-map

To access the QoS class map configuration mode to configure QoS class maps, use the class-map command. To delete a class map, use the no form of this command.

class-map [match-all | match-any] name

no class-map [match-all | match-any] name

Syntax Description

match-all

(Optional) Specifies that all match criteria in the class map must be matched.

match-any

(Optional) Specifies that one or more match criteria must match.

name

Name of the class map.


Defaults

Match all criteria.

Command Modes

Global configuration

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

The name and acl_name arguments are case sensitive.

Use the class-map command and its subcommands on individual interfaces to define packet classification, marking, aggregate, and flow policing as part of a globally named service policy.

These commands are available in QoS class map configuration mode:

exit—Exits you from QoS class map configuration mode.

no—Removes a match statement from a class map.

match—Configures classification criteria.

These optional subcommands are also available:

access-group {acl_index | name acl_name}

ip {dscp | precedence} value1 value2... value8

any

The following subcommands appear in the CLI help, but they are not supported on LAN interfaces:

input-interface {interface interface_number | null number | vlan vlan_id}

protocol linktype

destination-address mac mac_address

source-address mac mac_address

qos-group

mpls

no

After you have configured the class map name and are in class map configuration mode, you can enter the match subcommands. The syntax for these subcommands is as follows:

match {[access-group {acl_index | name acl_name}] | [ip {dscp | precedence} value1 value2... value8]}

See Table 2-1 for a syntax description of the match subcommands.

Table 2-1 Syntax Description for the match Command

Optional Subcommand
Description

access-group acl_index | acl_name

Specifies the access list index or access list names; valid access list index values are from 1 to 2699.

access-group acl_name

Specifies the named access list.

ip dscp value1 value2 ... value8

Specifies the IP DSCP values to match; valid values are from 0 to 63. Enter up to eight DSCP values separated by white spaces.

ip precedence value1 value2 ... value8

Specifies the IP precedence values to match; valid values are from 0 to 7. Enter up to eight precedence values separated by white spaces.


Examples

This example shows how to access the class-map commands and subcommands and to configure a class map named ipp5 and enter a match statement for ip precedence 5: 

Switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# class-map ipp5

Switch(config-cmap)# match ip precedence 5

Switch(config-cmap)#

This example shows how to configure the class map to match an already configured access list: 

Switch(config-cmap)# match access-group IPacl1

Switch(config-cmap)#

Related Commands

policy-map
service-policy
show class-map
show policy-map
show policy-map interface

clear counters

To clear the interface counters, use the clear counters command.

clear counters [{FastEthernet interface_number} | {GigabitEthernet interface_number} |
{null interface_number} | {port-channel number} | {vlan vlan_id}]

Syntax Description

FastEthernet interface_number

(Optional) Specifies the Fast Ethernet interface; valid values are from 1 to 9.

GigabitEthernet interface_number

(Optional) Specifies the Gigabit Ethernet interface; valid values are from 1 to 9.

null interface_number

(Optional) Specifies the null interface; the valid value is 0.

port-channel number

(Optional) Specifies the channel interface; valid values are from 1 to 64.

vlan vlan_id

(Optional) Specifies the VLAN; valid values are from 1 to 4096.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(12c)EW

Support for extended VLAN addresses was added.


Usage Guidelines

This command clears all the current interface counters from all the interfaces unless you specify an interface.

Note This command does not clear the counters that are retrieved using SNMP, but only those seen when you enter the show interface counters command.

Examples

This example shows how to clear all the interface counters: 

Switch# clear counters

Clear "show interface" counters on all interfaces [confirm] y

Switch#

This example shows how to clear the counters on a specific interface: 

Switch# clear counters vlan 200

Clear "show interface" counters on this interface [confirm]y

Switch#

Related Commands

show interface counters (refer to Cisco IOS documentation)

clear hw-module slot password

To clear the password on an intelligent line module, use the clear hw-module slot password command.

clear hw-module slot slot_num password

Syntax Description

slot_num

Slot on a line module.


Defaults

The password is not cleared.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(18)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Usage Guidelines

You only need to change the password once unless the password is reset.

Examples

This example shows how to clear the password from slot 5 on a line module: 

Switch# clear hw-module slot 5 password

Switch#

Related Commands

hw-module power

clear interface gigabitethernet

To clear the hardware logic from a Gigabit Ethernet IEEE 802.3z interface, use the clear interface gigabitethernet command.

clear interface gigabitethernet slot/port

Syntax Description

slot/port

Number of the slot and port.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Examples

This example shows how to clear the hardware logic from a Gigabit Ethernet IEEE 802.3z interface: 

Switch# clear interface gigabitethernet 1/1

Switch#

Related Commands

show interfaces status

clear interface vlan

To clear the hardware logic from a VLAN, use the clear interface vlan command.

clear interface vlan number

Syntax Description

number

Number of the VLAN interface; valid values are from 1 to 4094.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(12c)EW

Support for extended VLAN addresses added.


Examples

This example shows how to clear the hardware logic from a specific VLAN: 

Switch# clear interface vlan 5

Switch#

Related Commands

show interfaces status

clear ip access-template

To clear the statistical information in access lists, use the clear ip access-template command.

clear ip access-template access-list

Syntax Description

access-list

Number of the access list; valid values are from 100 to 199 for an IP extended access list, and from 2000 to 2699 for an expanded range IP extended access list.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Examples

This example shows how to clear the statistical information for an access list: 

Switch# clear ip access-template 201

Switch#

clear ip arp inspection log

To clear the status of the log buffer, use the clear ip arp inspection log command.

clear ip arp inspection log

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.


Examples

This example shows how to clear the contents of the log buffer: 

Switch# clear ip arp inspection log

Switch#

Related Commands

arp access-list
show ip arp inspection log

clear ip arp inspection statistics

To clear the dynamic ARP inspection statistics, use the clear ip arp inspection statistics command.

clear ip arp inspection statistics [vlan vlan-range]

Syntax Description

vlan vlan-range

(Optional) Specifies the VLAN range.


Defaults

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(19)EW

S