Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Support

set ntp key through set port trap

Downloads

Table Of Contents

set ntp client

set ntp key

set ntp server

set password

set port auxiliaryvlan

set port broadcast

set port channel

set port disable

set port duplex

set port enable

set port filter

set port flowcontrol

set port gmrp

set port gvrp

set port host

set port level

set port membership

set port name

set port negotiation

set port protocol

set port qos

set port qos cos

set port qos trust

set port qos trust-ext

set port security

set port speed

set port trap

set prompt

set protocolfilter

set qos


2

set ntp client

Use the set ntp client command to enable or disable the switch as an NTP client.

set ntp client {enable | disable}

Syntax Description

enable

Keyword that specifies to enable the NTP client.

disable

Keyword that specifies to disable the NTP client.


Defaults

By default, NTP client mode is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure NTP in either broadcast-client mode or client mode. The client mode assumes that the client switch regularly sends time-of-day requests to the NTP server.

Examples

This example shows how to enable NTP client mode: 

Console> (enable) set ntp client enable

NTP client mode enabled.

Console> (enable)

Related Commands

set port broadcast

set ntp key

Use the set ntp key command to define an NTP authentication key pair or to specify a key to be trusted or untrusted.

set ntp key public_keynum {trusted | untrusted} [md5 secret_keystring]

Syntax Description

public_keynum

Number of the key pair; valid values are 1 to 4292945295.

trusted

Keyword that specifies the trusted key mode.

untrusted

Keyword that specifies the untrusted key mode.

md5

(Optional) Keyword that sets the keystring of the key pair.

secret_keystring

(Optional) Key string; valid values are 1 to 32 printable characters.


Defaults

There is no default setting for this command.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set ntp key command without the md5 keyword, the trusted or untrusted mode of the key will change after it is entered into the key table. Enter the set ntp key command with the md5 option to enter an authentication key pair into the system.

Examples

This example shows how to define an NTP authentication key: 

Console> (enable) set ntp key 435 trusted md5 have_a_smurfy_day

NTP key 435 added.

Console> (enable)

This example shows how to trust an NTP key: 

Console> (enable) set ntp key 435 trusted

NTP key 435 configured to be trusted.

Console> (enable)

This example shows how to untrust an NTP key: 

Console> (enable) set ntp key 9999 untrusted

NTP key 9999 configured not to be trusted.

Console> (enable)

Related Commands

clear ntp key
show ntp

set ntp server

Use the set ntp server command to specify the NTP server address and to configure an NTP server authentication key.

set ntp server ip_addr [key public_keynum]

Syntax Description

ip_addr

IP address of the NTP server.

key

(Optional) Keyword that specifies the key number.

public_keynum

(Optional) Number of the key pair; valid values are 1 to 4292945295.


Defaults

There is no default setting for this command.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set ntp server command without the key argument, and the authentication feature is enabled, the following message appears: 

A trusted key may be required to communicate with this server.

Examples

This example shows how to configure an NTP server: 

Console> (enable) set ntp server 172.20.52.3

NTP server 172.20.52.3 added

Console> (enable)

This example shows how to configure an NTP server with a key: 

Console> (enable) set ntp server 111.222.111.222 key 879

NTP server 111.222.111.222 with key 879 added

Console> (enable)

This example shows how to assign a new key to an NTP server: 

Console> (enable) set ntp server 111.222.111.222 key 4323423

NTP server 111.222.111.222 has been updated with key 4323423

Console> (enable)

Related Commands

clear ntp server
show ntp

set password

Use the set password command to change the normal (login) mode password on the switch.

set password

Syntax Description

This command has no arguments or keywords.

Defaults

The default configuration has no password configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Passwords are case sensitive and may be 0-30 characters in length, including spaces.

The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.

Examples

This example shows how to set the normal (login) mode password: 

Console> (enable) set password

Enter old password: <old_password>

Enter new password: <new_password>

Retype new password: <new_password>

Password changed.

Console> (enable)

Related Commands

set enablepass

set port auxiliaryvlan

Use the set port auxiliaryvlan command to configure the auxiliary VLAN ports.

set port auxiliaryvlan mod[/ports] {vlan | untagged | dot1p | none}

Syntax Description

mod [/ports]

Number of the module and (optional) ports.

vlan

Number of the VLAN; valid values are from 1 to 1000.

untagged

Keyword to specify the IP Phone 7960 send untagged packets without 802.1p priority.

dot1p

Keyword to specify the IP Phone 7960 send packets with 802.1p priority.

none

Keyword to specify that the switch does not send any auxiliary VLAN information in the CDP packets from that port.


Defaults

The default setting is none.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches and the Catalyst 4000 family switches.

If you do not specify a port, all ports are selected.

The vlan option specifies that the connected device send packets tagged with a specific VLAN.

Examples

This example shows how to set the auxiliary VLAN port to untagged: 

Console> (enable) set port auxiliaryvlan 5/7 untagged

Port 5/7 allows the connected device send and receive untagged packets and without 802.1p 
priority.

Console> (enable)

This example shows how to set the auxiliary VLAN port to dot1p: 

Console> (enable) set port auxiliaryvlan 5/9 dot1p

Port 5/9 allows the connected device send and receive packets with 802.1p priority.

Console> (enable)

This example shows how to set the auxiliary VLAN port to none: 

Console> (enable) set port auxiliaryvlan 5/12 none 

Port 5/12 will not allow sending CDP packets with Voice VLAN information.

Console> (enable)

This example shows how to set the auxiliary VLAN port to a specific module, port, and VLAN: 

Console> (enable) set port auxiliaryvlan 2/1-3 222 

Auxiliaryvlan 222 configuration successful.

AuxiliaryVlan AuxVlanStatus Mod/Ports

------------- ------------- -------------------------

222           active        1/2,2/1-3

Console> (enable)

Related Commands

show port auxiliaryvlan

set port broadcast

Use the set port broadcast command to set the broadcast/multicast suppression for one or more ports. The broadcast threshold limits the backplane traffic received from the module.

set port broadcast mod_num/port_num threshold[%]

Syntax Description

mod _num

Number of the module.

port_num

Number of the port.

threshold

Number of packets-per-second of broadcast/multicast traffic allowed on the port or the percentage of total available bandwidth that can be used by broadcast/multicast traffic. Valid values are 0 to 150000 packets per second or 0.00 to 100.00 percent. 0 pps or 100% unlimits broadcast traffic.

%

(Optional) Keyword used if threshold is expressed as a percentage of total available bandwidth that can be used by broadcast/multicast traffic.


Note Although the broadcast suppression threshold can be specified to 0.01%, not all line cards adjust to that level of precision. Most line card thresholds vary between 0.01% and 0.05%. If you specify a threshold more precise than that for a given line card, the threshold percent adjusts as close as possible.

Defaults

The default value for the threshold is 100 percent.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches and the Catalyst 2926G series switches.

Use the show port capabilities command to determine whether your hardware supports broadcast/multicast suppression.

Examples

This example shows how to limit broadcast/multicast traffic on port 2/1 to 15.65%: 

Console> (enable) set port broadcast 2/1 15.65%

Port(s) 2/1 broadcast traffic limited to 15.65%.

Console> (enable)

This example shows how to limit broadcast traffic to 500 packets per second on ports 2/1 through 2/24: 

Console> (enable) set port broadcast 2/1-2/24 500

Ports 2/1-2/24 broadcast traffic limited to 500 packets.

Console> (enable)

Related Commands

clear port broadcast
show port

set port channel

Use the set port channel command set to configure EtherChannel on Ethernet module ports.

set port channel mod/port [admin_group]

set port channel mod/port mode {on | off | desirable | auto} [silent | non-silent]

set port channel all distribution {mac} [source | destination | both]

set port channel all distribution {session} [source | destination | both]

Syntax Description

mod/port

Number of the module and the port on the module.

admin_group

(Optional) Number of administrative group; valid values are from 1 to 1024.

mode

Keyword to specify the EtherChannel mode.

on

Keyword to enable and force specified ports to channel without PAgP.

off

Keyword to prevent ports from channeling.

desirable

Keyword to set a PAgP mode that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets.

auto

Keyword to set a PAgP mode that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not initiate PAgP packet negotiation.

silent

(Optional) Keyword to use with auto or desirable when no traffic is expected from the other device to prevent the link from being reported to STP as down.

non-silent

(Optional) Keyword to use with auto or desirable when traffic is expected from the other device.

all distribution

Keywords to apply frame distribution to all ports in the switch.

mac

Keyword to specify the frame distribution method using MAC address values.

source

(Optional) Keyword to specify the frame distribution method using source address values.

destination

(Optional) Keyword to specify the frame distribution method using destination address values.

both

(Optional) Keyword to specify the frame distribution method using source and destination address values.

session

Keyword to allow frame distribution of Layer 4 traffic.

both

(Optional) Keyword to specify the frame distribution method using source and destination Layer 4 port number.


Defaults

The default is EtherChannel is set to auto and silent on all module ports. The default for frame distribution is both.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Make sure that all ports you intend to channel are configured properly. For complete information on EtherChannel configuration restrictions, refer to the Software Configuration Guide— Catalyst 5000 Family and Catalyst 2926G Series Switches.

Administrative groups specify which ports can form an EtherChannel together. An administrative group can contain a maximum of eight ports. However, administrative group membership is restricted by hardware capabilities. Use the show port capabilities command to determine which ports can form a channel together.

With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode.

If you are running QoS, make sure that bundled ports are all of the same trust types and have similar queueing and drop capabilities.

Disable the port security feature on the channeled ports (see the set port securitycommand). If you enable port security for a channeled port, the port shuts down when it receives packets with source addresses that do not match the secure address of the port.

You can configure up to eight ports on the same switch in each administrative group.

When you assign ports to an existing admin group, the original ports associated with the admin group will move to an automatically picked new admin group. You cannot add ports to the same admin group.

If you do not enter an admin_group, it means that you want to create a new administrative group with admin_group selected automatically. The next available admin_group is automatically selected.

If you do not enter the channel mode, the channel mode of the ports addressed are not modified.

The silent | non-silent parameters only apply if desirable or auto modes are entered.

If you do not specify silent or non-silent, the current setting is not affected.

To support jumbo frames, channeling ports need to have the same jumbo frame setting on each port.

Hardware support for EtherChannel is as follows:

On most Catalyst 5000 family and 2926G series modules, each EtherChannel port bundle must consist of two or four contiguous ports on the same module. The ports in an EtherChannel must belong to the same port group (ports that share the same EtherChannel bundling controller). Depending on the hardware, there might be additional restrictions. For example, on certain modules, you cannot form an EtherChannel with the last two ports in a port group unless the first two ports in the group already form an EtherChannel.

On the Catalyst 5000 family Gigabit EtherChannel module (WS-X5010), an EtherChannel bundle can consist of any two to eight ports on the module. Ports in an EtherChannel do not have to be contiguous.

Channeling is not supported on the Catalyst 5000 family three-port Gigabit Ethernet switching module (WS-X5403), the RSM, ATM modules, and Token Ring modules.

Examples

This example shows how to create an EtherChannel on ports 5-6 of module 7: 

Console> (enable) set port channel 7/5-6 on

Port(s) 7/5-6 are assigned to admin group 56.

Port(s) 7/5-6 channel mode set to on.

Console> (enable)

This example shows how to remove an EtherChannel on ports 5-6 of module 7: 

Console> (enable) set port channel 7/5-6 mode auto

Port(s) 7/5-6 channel mode set to auto.

Console> (enable) show port channel

This example shows how to set the EtherChannel to desirable on ports 5-6 of module 7: 

Console> (enable) set port channel 7/5-6 mode desirable

Port(s) 7/5-6 channel mode set to desirable.

Console> (enable) show port channel

Related Commands

set channel cost
set channel vlancost
show channel
show channel group
show port channel

set port disable

Use the set port disable command to disable a port or a range of ports.

set port disable mod_num/port_num

Syntax Description

mod _num

Number of the module.

port_num

Number of the port.


Defaults

The default system configuration has all ports enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the RSM.

Examples

This example shows how to disable port 5/10: 

Console> (enable) set port disable 5/10

Port 5/10 disabled.

Console> (enable)

Related Commands

set port enable
show port

set port duplex

Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port or range of ports.

set port duplex mod_num/port_num {full | half}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port.

full

Keyword that specifies full-duplex transmission.

half

Keyword that specifies half-duplex transmission.


Defaults

The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.

The set port duplex command is not valid on the 24- and 48-port group switching modules (WS-X5020 and WS-X5223) or the RSM.

The set port duplex command is not supported on Token Ring ports. Use the set tokenring portmode command instead.

You cannot configure the duplex mode on Gigabit Ethernet ports (they are always in full-duplex mode).

Examples

This example shows how to set port 1 on module 2 to full duplex: 

Console> (enable) set port duplex 2/1 full

Port 2/1 set to full-duplex.

Console> (enable)

This example shows how to set port 1 on module 2 to half duplex: 

Console> (enable) set port duplex 2/1 half

Port 2/1 set to half-duplex.

Console> (enable)

Related Commands

show port

set port enable

Use the set port enable command to enable a port or a range of ports.

set port enable mod_num/port_num

Syntax Description

mod _num

Number of the module.

port_num

Number of the port.


Defaults

The default system configuration has all ports enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported on the RSM.

Examples

This example shows how to enable port 3 on module 2: 

Console> (enable) set port enable 2/3

Port 2/3 enabled.

Console> (enable)

Related Commands

set port disable
show port

set port filter

Use the set port filter command to configure a MAC address filter or a protocol filter for ports on the Token Ring module.

set port filter mod_num/port_num {mac_addr | protocol_type} {permit | deny}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port on the module.

mac_addr

MAC address contained in the packets to be filtered. You can enter this address in canonical format (00-11-33-44-55) or noncanonical format (00:11:22:33:44:55).

protocol_type

Protocol type that you want to filter. For a list of the protocol types that you can filter, see Table 2-5 through Table 2-7.

permit

Keyword that specifies the filter can permit packets with the specified MAC address or protocol type.

deny

Keyword that specifies the filter can deny packets with the specified MAC address or protocol type.


Defaults

The command has no default setting.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches.

You can configure up to 16 MAC address filters or 16 protocol (eight SAPs and eight DSAPs) filters per port on the Token Ring module. See Table 2-5 through Table 2-7 for lists of SAPs and Ethertypes that you can use when defining protocol filters.

Table 2-5 and Table 2-6 list the SAPs that you can use to define protocol classes.

Table 2-5 IEEE-Defined SAPs 

Hexadecimal Value
Description

X'02'

LLC Sublayer Management

X'06'

DoD Internet

X'x6'

National Standards Bodies

X'0E'

Proway Network Management

X'4E'

Manufacturing Message Service

X'7E'

ISO 8208

X'8E'

Proway Active Station List Maintenance

X'FE'

OSI Network Layer Protocols

X'42'

Bridge Spanning-Tree Protocol


Table 2-6 IBM-Defined SAPs

Hexadecimal Value
Description

X'04'

SNA Path Control Individual

X'F0'

NetBIOS

X'F4'

LAN Management Individual

X'F8'

IMPL

X'FC'

Discovery

X'DC'

Dynamic Address Resolution

X'D4'

Resource Management


Table 2-7 lists the possible Ethertypes that you can use to define protocol filters.

Table 2-7 Ethertypes 

Hexadecimal Value
Description

X'0000' through X'05DC'

IEEE 802.3

X'0600'

Xerox XNS IDP

X'0800'

DoD IP

X'0801'

X.75 Internet

X'0802'

NBS Internet

X'0803'

ECMA Internet

X'0804'

CHAOSnet

X'0805'

X.25 Level 3

X'0806'

ARP (for IP and CHAOS)

X'6001'

DEC MOP Dump/Load Assistance

X'6002'

DEC MOP Remote Console

X'6003'

DEC DECnet Phase IV

X'6004'

DEC LAT

X'6005'

DEC DECnet Diagnostics

X'6010' through X'6014'

3Com Corporation

X'7000' through X'7002'

Ungermann-Bass download

X'7030'

Proteon

X'7034'

Cabletron

X'8035'

Reverse ARP

X'8046' through X'8047'

AT&T

X'8088' through X'808A'

Xyplex

X'809B'

Kinetics Ethertalk (Appletalk over Ethernet)

X'80C0' through X'80C3'

Digital Communications Associates

X'80D5'

IBM SNA Services over Ethernet

X'80F2'

Retix

X'80F3' through X'80F5'

Kinetics

X'80F7'

Apollo Computer

X'80FF' through X'8103'

Wellfleet Communications

X'8137' through X'8138'

Novell


Examples

This example shows how to configure a port filter on port 2 MAC address 00:40:0b:01:bc:65
of module 3 to permit packets from a specific MAC address: 

Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit

Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit.

Console> (enable)

This example shows how to configure a port filter on port 2 MAC address 00:40:0b:01:bc:65
of module 3 to deny packets from a specific MAC address: 

Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 deny

Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to deny.

Console> (enable)

Related Commands

clear port filter
show port filter

set port flowcontrol

Use the set port flowcontrol command to configure a port to send or receive pause frames. Pause frames are special packets that signal a source to stop sending frames for a specific period of time because the buffers are full.

set port flowcontrol mod_num/port_num {receive | send} {off | on | desired}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port on the module.

receive

Keyword that specifies if a port processes pause frames.

send

Keyword that specifies if a port sends pause frames.

off

Keyword that prevents a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports.

on

Keyword that enables a local port to receive and process pause frames from remote ports or send pause frames to remote ports.

desired

Keyword that obtains predictable results whether a remote port is set to on, off, or desired.


Defaults

Flow control defaults vary depending upon port speed:

Gigabit Ethernet ports default to off for receive (Rx) and desired for transmit (Tx)

Oversubscribed Gigabit Ethernet ports (ports 3-18) on Catalyst 4000 family server switching module (WS-X4418-GB) default to desired for receive (Rx) and on for transmit (Tx)

Fast Ethernet ports default to off for receive (Rx) and on for transmit (Tx)

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Table 2-8 describes guidelines for using different configurations of the send and receive keywords with the set port flowcontrol command.

Table 2-8 Send and Receive Keyword Configurations 

Configuration
Description

send on

Enables a local port to send pause frames to remote ports. To obtain predictable results, use send on only when remote ports are set to receive on or receive desired.

send off

Prevents a local port from sending pause frames to remote ports. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.

send desired

Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired.

receive on

Enables a local port to process pause frames that a remote port sends. To obtain predictable results, use receive on only when remote ports are set to send on or send desired.

receive off

Prevents remote ports from sending pause frames to local port. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired.

receive desired

Obtains predictable results whether a remote port is set to send on, send off, or send desired.


All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices. However, not all Catalyst Gigabit Ethernet ports can send pause frames to remote devices.

Table 2-9 identifies the Catalyst Gigabit Ethernet switches, modules, and ports that can send pause frames to remote devices.

Table 2-9 Send Capability by Switch Type, Module, and Port 

Switch Type
Module
Ports
Send

Catalyst 5000

All modules except WS-X5410

All ports except WS-X5410

Yes

Catalyst 5000

WS-X5410

Uplink ports

No

Catalyst 5000

WS-X5410

Oversubscribed ports

Yes

Catalyst 2926G

All modules

All ports

Yes

Catalyst 4000

All modules except WS-X4418-GB, WS-X4412-2GB-TX, and WS-X4416-2GB-TX)

All ports except for the oversubscibed ports listed below

No

Catalyst 4000

WS-X4418-GB

Uplink ports (1-2)

No

Catalyst 4000

WS-X4418-GB

Oversubscribed ports (3-18)

Yes

Catalyst 4000

WS-X4412-2GB-TX

Uplink ports (13-14)

No

Catalyst 4000

WS-X4412-2GB-TX

Oversubscribed ports (1-12)

Yes

Catalyst 4000

WS-X4416-2GB-TX

Uplink ports (17-18)

No

Catalyst 2948G

All ports

All ports

No

Catalyst 2980G

All modules

All ports

No


Examples

This example shows how to configure port 1 of module 5 to receive and process pause frames: 

Console> (enable) set port flowcontrol receive 5/1 on

Port 5/1 flow control receive administration status set to on

(port will require far end to send flowcontrol)

Console> (enable)

This example shows how to configure port 1 of module 5 to receive and process pause frames if the remote port is configured to send pause frames: 

Console> (enable) set port flowcontrol receive 5/1 desired

Port 5/1 flow control receive administration status set to desired

(port will allow far end to send flowcontrol if far end supports it)

Console> (enable)

This example shows how to configure port 1 of module 5 to receive but not process pause frames on port 1 of module 5: 

Console> (enable) set port flowcontrol receive 5/1 off

Port 5/1 flow control receive administration status set to off

(port will not allow far end to send flowcontrol)

Console> (enable)

This example shows how to configure port 1 of module 5 to send pause frames: 

Console> (enable) set port flowcontrol send 5/1 on

Port 5/1 flow control send administration status set to on

(port will send flowcontrol to far end)

Console> (enable)

This example shows how to configure port 1 of module 5 to send pause frames and yield predictable reults even if the remote port is set to receive off: 

Console> (enable) set port flowcontrol send 5/1 desired

Port 5/1 flow control send administration status set to desired

(port will send flowcontrol to far end if far end supports it)

Console> (enable)

This example shows how to configure port 1 of module 5 to not send pause frames: 

Console> (enable) set port flowcontrol send 5/1 off

Port 5/1 flow control send administration status set to off

(port will not send flowcontrol to far end)

Console> (enable)

Related Commands

show port flowcontrol

set port gmrp

Use the set port gmrp command to enable or disable GMRP on the specified ports in all VLANs.

set port gmrp mod/ports... {enable | disable}

Syntax Description

mod/ports...

Module number and port number list.

enable

Keyword that specifies to enable GMRP on a specified port.

disable

Keyword that specifies to disable GMRP on a specified port.


Defaults

The default is GMRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can modify the per-port GMRP configuration, but you must enable GMRP globally using the set gmrp enable command before the per-port GMRP configuration takes effect.

Examples

This example shows how to enable GMRP on module 3, port 1: 

Console> (enable) set port gmrp enable 3/1

GMRP enabled on port(s) 3/1.

GMRP feature is currently disabled on the switch.

Console> (enable)

This example shows how to disable GMRP on module 3, ports 1 through 5: 

Console> (enable) set port gmrp disable 3/1-5

GMRP disabled on port(s) 3/1-5.

Console> (enable)

Related Commands

show gmrp configuration

set port gvrp

Use the set port gvrp command to enable or disable GVRP on the specified ports in all VLANs.

set port gvrp mod/ports... {enable | disable}

Syntax Description

mod/ports...

Module number and port number list.

enable

Keyword that specifies to enable GVRP on the specified ports.

disable

Keyword that specifies to disable GVRP on the specified ports.


Defaults

The default is GVRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

GVRP can only be enabled on IEEE 802.1Q trunks.

When VTP pruning is enabled, VTP pruning runs on all GVRP-disabled trunks.

To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.

You can configure GVRP on a port even when GVRP is globally disabled. However, the port will not become a GVRP participant until GVRP is also globally enabled.

Examples

This example shows how to enable GVRP on module 3, port 2: 

Console> (enable) set port gvrp 3/2 enable

GVRP enabled on 3/2.

Console> (enable)

This example shows how to disable GVRP on module 3, port 2: 

Console> (enable) set port gvrp 3/2 disable

GVRP disabled on 3/2.

Console> (enable)

This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk: 

Console> (enable) set port gvrp 4/1 enable

Failed to set port 4/1 to GVRP enable. Port not allow GVRP.

Console> (enable)

This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set gvrp command: 

Console> (enable) set port gvrp 5/1 enable

GVRP enabled on 5/1.

GVRP feature is currently disabled on the switch.

Console> (enable)

Related Commands

show gvrp configuration
set gvrp
clear gvrp statistics

set port host

Use the set port host command to optimize the port configuration for a host connection.

set port host mod/ports...

Syntax Description

mod/ports...

Module number and port number list.


Defaults

This command has no default setting.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set port host command sets channel mode to off, enables spanning-tree portfast, and sets trunk mode to off. Only an end station can accept this configuration.

Enable spanning-tree portfast start only on ports connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast start port can cause temporary spanning tree loops.

Enable the set port host command to decrease the time it takes to start up packet forwarding.

Examples

This example shows how to optimize the port configuration for end station/host connections on ports 2/1 and 3/1: 

Console> (enable) set port host 2/1,3/1


Warning: Span tree port fast start should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can 
cause temporary spanning tree loops. Use with caution.

Spantree ports 2/1,3/1 fast start enabled.

Port(s) 2/1,3/1 trunk mode set to off.

Port(s) 2/1 channel mode set to off.


Console> (enable)

Related Commands

clear port host

set port level

Use the set port level command to set the priority level of a port or range of ports on the
switching bus.

set port level mod_num/port_num {normal | high}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port on the module.

normal

Keyword that specifies to set the port priority to normal.

high

Keyword that specifies to set the port priority to high.


Defaults

The default configuration has all ports at normal priority level.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Packets traveling through a port set at normal priority are served only after packets traveling through a port set at high priority are served.

Examples

This example shows how to set the priority level for port 2 on module 1 to high: 

Console> (enable) set port level 1/2 high

Port 1/2 port level set to high.

Console> (enable)

This example shows how to set the priority level for port 2 on module 1 to normal: 

Console> (enable) set port level 1/2 normal

Port 1/2 level set to normal.

Console> (enable)

Related Commands

set port disable
set port enable
set port name
set port speed
show port

set port membership

Use the set port membership command to configure ports for dynamic or static VLAN membership.

set port membership mod_num/port_num {dynamic | static}

Syntax Description

mod_num

Module number.

port_num

Port number.

dynamic

Keyword that specifies to configure the port for dynamic VLAN membership.

static

Keyword that specifies to configure the port for static VLAN membership.


Defaults

Default port membership is static.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported on the following:

RSM

Three-port Gigabit Ethernet switching module (WS-X5403)

Token Ring

Ports configured for dynamic VLAN membership obtain their VLAN assignment through VMPS. Ports configured for static VLAN membership obtain their VLAN assignment through the set vlan command.

When a port is assigned a VLAN dynamically, the show port command output identifies the VLAN as dynamic. If the dynamic port is shut down by a VMPS, its status is shown as shutdown.

Examples

This example shows how to configure a port for dynamic VLAN membership: 

Console> (enable) set port membership 3/1-3 dynamic

Ports 3/1-3 vlan assignment set to dynamic.

Spantree port fast start option enabled for ports 3/1-3.

Console> (enable)

Related Commands

set port enable
show port

set port name

Use the set port name command to configure a name for a port.

set port name mod_num/port_num [port_name]

Syntax Description

mod_num

Number of the module.

port_num

Number of the port.

port_name

(Optional) Name of the port.


Defaults

The default configuration has no port name configured for any port.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify the name string, the port name is cleared.

Examples

This example shows how to set port 1 on module 4 to Snowy: 

Console> (enable) set port name 4/1 Snowy

Port 4/1 name set.

Console> (enable)

Related Commands

show port

set port negotiation

Use the set port negotiation command to enable link negotiation on the port that you specify. Link negotiation autonegotiates flow control, duplex mode, and remote fault information.

set port negotiation mod_num/port_num [enable | disable]

Syntax Description

mod_num

Number of the module.

port_num

Number of the port.

enable

(Optional) Keyword that specifies to enable the link negotiation protocol.

disable

(Optional) Keyword that specifies to disable the link negotiation protocol.


Defaults

The default is link negotiation protocol enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Note Only use the set port negotiation command on 1000Base[SX, LX, and ZX].

If the port does not support this command, the following message appears: 

Feature not supported on Port N/N.

N/N is the module and port number.

When you enable link negotiation with the set port negotiation command, the system autonegotiates flow control, duplex mode, and remote fault information.

You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link cannot connect.

Examples

This example shows how to enable link negotiation on port 1, module 3: 

Console> (enable) set port negotiation 3/1 enable

Link negotiation protocol disabled on port 3/1.

Console> (enable)

This example shows how to disable link negotiation on port 1, module 4: 

Console> (enable) set port negotiation 4/1 disable

Link negotiation protocol disabled on port 4/1.

Console> (enable)

Related Commands

show port negotiation

set port protocol

Use the set port protocol command to set the protocol filtering group membership of ports.

set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port.

ip

Keyword that specifies the IP protocol filtering group.

ipx

Keyword that specifies the IPX protocol filtering group.

group

Keyword that specifies the Group protocol filtering group.

on

Keyword that specifies to indicate the port will receive all the flood traffic for that protocol.

off

Keyword that specifies to indicate the port will not receive any flood traffic for that protocol.

auto

Keyword that specifies to indicate the port will receive the flood traffic for that protocol only after transmitting packets of that specific protocol.


Defaults

By default, ports are configured to on for the IP protocol group and auto for the IPX and Group
protocol groups.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Protocol filtering is supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups.

You must enable protocol filtering globally on the switch using the set protocolfilter command.

If the configuration for one of the protocol groups is set to auto, the port initially does not receive any flood packets for that protocol. If the connected device transmits packets of that protocol, the port is added to the protocol group and flood traffic for that protocol is transmitted on that port.

Ports configured as auto are removed from the protocol group if the connected device does not transmit packets of that protocol within 60 minutes. They are also removed from the protocol group on detection of a link down.

On the Catalyst 5000 family and 2926G series switches, packets are classified into the following protocol groups:

IP

IPX

AppleTalk, DECnet, and Banyan VINES ("group")

Packets not belonging to any of these protocols

On the Catalyst 4000 family and 2948G switches, packets are classified into the following protocol groups:

IP

IPX

AppleTalk and DECnet ("group")

Packets not belonging to any of these protocols

Examples

This example shows how to enable IPX protocol membership of port 1 on module 2: 

Console> (enable) set port protocol 2/1 ipx on

IPX protocol disabled on port 2/1.

Console> (enable)

This example shows how to disable IPX protocol membership of port 1 on module 2: 

Console> (enable) set port protocol 2/1 ipx off

IPX protocol disabled on port 2/1.

Console> (enable)

This example shows how to enable automatic IP membership of port 1 on module 5: 

Console> (enable) set port protocol 5/1 ip auto

IP protocol set to auto mode on module 5/1.

Console> (enable)

This example shows how to disable group IP membership of port 1 on module 1: 

Console> (enable) set port protocol 1/1 group off

Group protocol disabled on port  1/1.

Console> (enable)

Related Commands

set protocolfilter
show port protocol

set port qos

Use the set port qos command to specify whether an interface is interpeted as a physical port or a VLAN.

set port qos mod/ports... port-based | vlan-based

Syntax Description

port-based

Keyword to interpret the interface as a physical port.

vlan-based

Keyword to interpret the interface as part of a VLAN.


Defaults

The default is that ports are port-based.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches.

This command is not supported by the Network Analysis Module (NAM).

You can use the set port qos command on Supervisor Engines III and III F with NFFC II, or Supervisor Engines II G and III G.

Changing a port from port-based to VLAN-based QoS detaches all ACLs from the port. Any ACLs attached to the VLAN apply to the port immediately.

When you set a port to VLAN-based using the set port qos command with RSVP or COPS enabled on that port, QoS policy-source is COPS or DSBM-election is enabled. The VLAN-based setting has been saved in NVRAM only.

Examples

This example shows how to specify an interface as a physical port: 

Console> (enable) set port qos 1/1-2 port-based

Updating configuraiton ...

QoS interface is set to port-based for ports 1/1-2.

Console> (enable)

This example shows how to specify an interface as a VLAN: 

Console> (enable) set port qos 3/1-48 vlan-based

Updating configuraiton ...

QoS interface is set to VLAN-based for ports 3/1-48.

Console> (enable)

This example shows the output if you change form port-based to VLAN-based with either RSVP or COPS enabled on the port: 

Console> (enable) set port qos 3/1-48 vlan

QoS interface is set to vlan-based for ports 3/1-48

Ports 3/1-48 - QoS policy-source is Cops or DSBM-election is enabled.

Vlan-based setting has been saved in NVRAM only.

Console> (enable)

Related Commands

show port qos

set port qos cos

Use the set port qos cos command to set the default value for all packets that have arrived through an untrusted port.

set port qos mod/ports cos cos_value

set port qos mod/ports cos-ext cos_value

Syntax Description

mod/ports...

Number of the module and the ports.

cos cos_value

Keyword and variable to specify the CoS value for a port; valid values are from 0 to 7.

cos-ext cos_value

Keyword and variable to specify the CoS extension for a phone port; valid values are from 0 to 8.


Defaults

Default is CoS 0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches and the Catalyst 4000 family switches.

This command is not supported by the Network Analysis Module (NAM).

If the default is enforced when you disable QoS, CoS is enforced when you enable QoS.

You can use the set port qos cos command on Supervisor Engines III and III F with NFFC II, or Supervisor Engines II G and III G.

Examples

This example shows how to set the default CoS value on a port: 

Console> (enable) set port qos 2/1 cos 3

Port 2/1 qos cos set to 3

Console> (enable)

This example shows how to set the CoS-ext default value on a port: 

Console> (enable) set port qos 2/1 cos-ext 3

Port 2/1 qos cos-ext set to 3.

Console> (enable)

Related Commands

clear port qos cos
show port qos
set port qos
show qos info

set port qos trust

Use the set port qos trust command to set the trusted state of a port; for example, whether the packets arriving at a port are trused to carry the correct classification.

set port qos mod/ports... trust {untrusted | trust-cos | trust-ipprec | trust-dscp}

set port qos mod/ports trust-ext {trusted | untrusted}

Syntax Description

mod/ports

Number of the module and the ports.

untrusted

Keyword to specify that packets need to be reclassified from the matching ACE.

trust-cos

Keyword to specify that although the CoS bits in the incoming packets are trusted, the ToS is invalid and a valid value needs to be derived from the CoS bits.

trust-ipprec

Keyword to specify that although the ToS/CoS bits in the incoming packets are trusted, the ToS is invalid and the ToS is set as IP Precedence.

trust-dscp

Keyword to specify that the ToS/CoS bits in the incoming packets can be accepted as is with no change.


Defaults

The default when you enable QoS, is untrusted; when you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches and the Catalyst 4000 family switches.

This command is not supported by the Network Analysis Module (NAM).

You can use the set port qos trust command on Supervisor Engines III and III F with NFFC II, or Supervisor Engines II G and III G.

On 10/100 ports, you can use only the set port qos trust command to activate the receive drop thresholds. To configure trust, you have to convert the port to port-based QoS, define an ACL that defines all (or the desired subset) of ACEs to be trusted, and attach the ACL to that port.

Examples

This example shows how to set the trusted state of a module: 

Console> (enable) set port qos 3/7 trust trust-cos

Port 3/7 qos set to trust-cos

Console> (enable)

Related Commands

show qos info
show port qos
set port qos
set port qos cos

set port qos trust-ext

Use the set port qos trust-ext command to configure the access port on an IP phone connected to the switch port.

set port qos mod/ports... trust-ext {trusted | untrusted}

Syntax Description

mod/ports...

Number of the module and the ports on the module.

untrusted

Keyword to specify that all traffic in 802.1Q or 802.1P frames received through the access port is marked with a configured Layer 2 CoS value.

trusted

Keyword to specify that all traffic received through the access port passes through the phone switch unchanged.


Defaults

The default when the phone is connected to a Cisco LAN switch is untrusted mode; trusted mode is the default when the phone is not connected to a Cisco LAN switch.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

Traffic in frame types other than 802.1Q or 802.1P passes through the phone switch unchanged, regardless of the access port trust state.

Examples

This example shows how to set the trust extension on ports on the connected phone to a trusted state: 

Console> (enable) set port qos 3/7 trust-ext trusted

Port in the phone device connected to port 3/7 is configured to be trusted.

Console> (enable)

set port security

Use the set port security command to configure port security on a port or range of ports.

set port security mod/ports... [enable | disable] [mac_addr] [age {age_time}] [maximum
{num_of_mac}] [shutdown {shutdown_time}] [violation {shutdown | restrict}]

Syntax Description

mod

Number of the module.

ports...

Number of the ports.

enable

(Optional) Keyword that specifies to enable port security.

disable

(Optional) Keyword that specifies to disable port security.

mac_addr

(Optional) Secure MAC address of the enabled port.

age

(Optional) Keyword that specifies the duration for which addresses on the port will be secured.

age_time

(Optional) Specifies the duration for which addresses on the port will be secured. Valid time in minutes is 10—1440.

maximum num_of_mac

(Optional) Keyword that specifies the maximum number of MAC addresses to secure on the port. Valid values are 1—1025.

shutdown

(Optional) Keyword that specifies the duration for which a port will remain disabled in case of a security violation.

shutdown_time

(Optional) Duration for which a port will remain disabled. Valid values are 10—1440 minutes.

violation

(Optional) Action to be taken in the event of a security violation.

shutdown

(Optional) Keyword that specifies to shut down the port in the event of a security violation.

restrict

(Optional) Keyword that specifies to restrict packets from unsecure hosts.


Defaults

The default port security configuration is as follows:

Port security is disabled.

Number of secure addresses per port is one.

Violation action is shutdown.

Age is permanent (addresses are not aged out).

Shutdown time is indefinite.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number 1024.

The set port security violation command allows you to specify whether you want the port to shut down or to restrict access only to insecure MAC addresses. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.

Examples

This example shows how to set port security with a learned MAC address: 

Console> (enable) set port security 3/1 enable

Port 3/1 security enabled.

Trunking disabled for Port 1/1 due to Security Mode.

Console> (enable)

This example shows how to set port security with a specific MAC address: 

Console> (enable) set port security 3/1 enable 01-02-03-04-05-06

Port 3/1 security enabled.

Mac address 01-02-03-04-05-06 set for port 1/1.

Console> (enable)

This example sets the shutdown time to 600 minutes on port 7/7: 

Console> (enable) set port security 7/7 shutdown 600

Port 7/7 security shutdown time 600.

Console> (enable)

This example sets the port to drop all packets that are coming in on the port from insecure hosts: 

Console> (enable) set port security 7/7 violation restrict

Port 7/7 security violation mode restrict.

Console> (enable)

Related Commands

show port security
clear port security

set port speed

Use the set port speed command to configure transmission speed or autonegotiation. In the default mode, autonegotiation manages transmission speed, duplex mode, the master link, and the slave link.

set port speed mod_num/port_num {10 | 100 | auto}

set port speed mod_num/port_num {4 | 16 | auto}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port on the module.

10

Keyword that specifies a transmission rate of 10-Mbps on 10/100 Fast Ethernet ports.

100

Keyword that specifies a transmission rate of 100-Mbps on 10/100 Fast Ethernet ports.

auto

Keyword that specifies autonegotiation for transmission speed and duplex mode on 10/100 Fast Ethernet ports. On 1000BaseT Gigabit Ethernet ports, this keyword specifies that autonegotiation determines the master and slave links.

4

Keyword that specifies a transmission rate of 4-Mbps on Token Ring ports.

16

Keywords that specifies a transmission rate of 16-Mbps on Token Ring ports.

auto

Keyword that specifies autonegotiation for transmission speed on Token Ring ports.


Defaults

The default configuration has all module ports set to auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

On 1000BaseT Gigabit Ethernet, autonegotiation determines which side of the link is master and which side is slave.

You can configure Ethernet interfaces on the 10/100-Mbps Ethernet switching modules to either 10 Mbps or 100 Mbps, or to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing mode, they configure themselves automatically to operate at the proper speed and transmission type.

You can configure Token Ring interfaces on the Token Ring module to either 4 Mbps or 16 Mbps, or to autospeed detection mode, allowing them to sense and distinguish between 4-Mbps and 16-Mbps port transmission speed. If you set the interfaces to autospeed detection mode, they automatically configure themselves to operate at the proper speed.

If you change the transmission speed of a port that is open to 4 or 16 Mbps, the port will close and reopen at the new transmission speed. If a port closes and reopens on an existing ring using a transmission speed different from that which the ring is operating, the ring will beacon.

If you set the port speed to auto, duplex mode is automatically set to auto.

If the ports on the Token Ring module are configured to detect the speed of the ring automatically, the first port inserted on the ring does not set the speed because it is unable to detect the speed.

Examples

This example shows how to configure port 1 on module 2 to auto: 

Console> (enable) set port speed 2/1 auto

Port 2/1 speed set to auto-sensing mode.

Console> (enable)

This example shows how to configure port 2 on module 2 port speed to 10 Mbps: 

Console> (enable) set port speed 2/2 10

Port 2/2 speed set to 10 Mbps.

Console> (enable)

This example shows how to configure port 4 on module 3 port speed to 16 Mbps: 

Console> (enable) set port speed 3/4 16

Port(s) 3/4 speed set to 16Mbps.

Console> (enable)

Related Commands

set port duplex
show port

set port trap

Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.

set port trap mod_num/port_num {enable | disable}

Syntax Description

mod_num

Number of the module.

port_num

Number of the port.

enable

Keyword that specifies to activate the SNMP link trap.

disable

Keyword that specifies to deactivate the SNMP link trap.


Defaults

The default configuration has all port traps disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable the SNMP link trap for module 1, port 2: 

Console> (enable) set port trap 1/2 enable

Port 1/2 up/down trap enabled.

Console> (enable)

Related Commands

set port disable
set port duplex
set port enable
set port name
set port speed
show port

set prompt

Use the set prompt command to change the prompt for the CLI.

set prompt prompt_string

Syntax Description

prompt_string

String to use as the command prompt.


Defaults

The default configuration has the prompt set to Console>.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.

Examples

This example shows how to set the prompt to system100>: 

Console> (enable) set prompt system100>

system100> (enable)

Related Commands

set system name

set protocolfilter

Use the set protocolfilter command to activate or deactivate protocol filtering.

set protocolfilter {enable | disable}

Syntax Description

enable

Keyword that specifies to activate protocol filtering.

disable

Keyword that specifies to deactivate protocol filtering.


Defaults

The default configuration has protocol filtering disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Use the set port protocol command to configure protocol filtering group membership on switch ports.

Examples

This example shows how to activate protocol filtering: 

Console> (enable) set protocolfilter enable

Protocol filtering enabled on this switch.

Console> (enable)

This example shows how to deactivate protocol filtering: 

Console> (enable) set protocolfilter disable

Protocol filtering disabled on this switch.

Console> (enable)

Related Commands

set port protocol
set protocolfilter

set qos

Use the set qos command to enable and disable QoS on the switch.

set qos {enable | disable}

Syntax Description

enable

Keyword that specifies to enable QoS on the switch.

disable

Keyword that specifies to disable QoS on the switch.


Defaults

The default is QoS is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is supported by the Catalyst 5000 family switches, Catalyst 4000 family switches, and the Catalyst 2948G and 2980G switch.

Do not enable and disable QoS in quick succession (within 2 seconds of each other).

Examples

This example shows how to enable QoS: 

Console> (enable) set qos enable

QoS is enabled.

Console> (enable)


This example shows how to disable QoS: 

Console> (enable) set qos disable

QoS is disabled.

Console> (enable)

Related Commands

show qos mac-cos