-
Catalyst 5000 Family Command Reference (6.3 and 6.4)
-
Index
-
Preface
-
Command-Line Interfaces
-
Switch and ROM Monitor Commands
-
clear banner motd through clear kerberos realm
-
clear kerberos server through clear vtp pruneeligible
-
clear vtp statistics through enable
-
format through history-switch
-
meminfo through reconfirm vmps
-
reload through session
-
set through set cops
-
set prompt through set spantree portvlanpri
-
set spantree priority through set tokenring locallearning
-
set default portstatus through set logging console
-
set logging history through set ntp client
-
set ntp key through set port trap
-
set tokenring portaging through show accounting
-
show alias through show channel
-
show channel group through show gmrp timer
-
show gvrp configuration through show ip route
-
show kerberos through show multicast group count
-
show multicast protocols status through show rif
-
show rmsautostate through show timezone
-
show tokenring through squeeze
-
switch through write terminal
-
Acronyms
-
Table Of Contents
2s.set accounting update
Use the set accounting update command to configure the frequency of accounting updates.
set accounting update {new-info | periodic} [interval]
Syntax Description
Defaults
Accounting is disabled by default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200Accounting updates will be periodic at 200 minute intervals.Console> (enable)This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-infoAccounting updates will be sent on new information only.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set tacacs server
show accountingset alias
Use the set alias command to define command aliases (shorthand versions of commands).
set alias name command [parameter] [parameter]
Syntax Description
Defaults
No aliases configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
Examples
This example shows how to set arpdel as the alias for the clear arp command:
Console> (enable) set alias arpdel clear arpCommand alias added.Console> (enable)Related Commands
set arp
Use the set arp command to add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table.
set arp [dynamic | permanent | static] [ip_addr | hw_addr]
set arp agingtime agingtime
Syntax Description
dynamic
(Optional) Keyword to specify entries are subject to ARP aging updates.
permanent
(Optional) Keyword to specify permanent entries are stored in NVRAM until they are removed by the clear arp or clear config command.
static
(Optional) Keyword to specify entries are not subject to ARP aging updates.
ip_addr
(Optional) IP address or IP alias to map to the specified MAC address.
hw_addr
(Optional) MAC address to map to the specified IP address or IP alias.
agingtime agingtime
Keyword and variable to set the period of time (in seconds) after which an ARP entry is removed from the ARP table; valid values are from 0 to 1,000,000 seconds. Setting to 0 disables aging.
Defaults
No ARP table entries exist; ARP aging is set to 1200 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The hw_addr value is 6-hexbyte MAC address in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bcARP entry added.Console> (enable)This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800ARP aging time set to 1800 seconds.Console> (enable)This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bcPermanent ARP entry added as 198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5Console> (enable)This example shows how to configure a static ARP entry, which will be removed from the ARP cache after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bcStatic ARP entry added as 198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5Console> (enable)Related Commands
set authentication enable
Use the set authentication enable command set to enable authentication using the TACACS+, RADIUS, or Kerberos server to determine if you have privileged access permission.
set authentication enable {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication enable {enable | disable} [console | telnet | http | all] [primary]
set authentication enable local {enable | disable} [console | telnet | http | all] [primary]
set authentication enable attempt count [console | telnet]
set authentication enable lockout time [console | telnet]
Syntax Description
Defaults
The default is local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are disabled for all session types. If authentication is enabled, the default attempt count value is 3.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use authentication configuration for both console and Telnet connection attempts unless you use the console or telnet keywords to specify the authentication methods for each connection type individually.
If you enter a 0 for the count or time values, you disable the specified action.
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enabletacacs enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enablelocal enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enableradius enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the TACACS+ server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable tacacs enable consoletacacs enable authentication set to enable for console session.Console> (enable)This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primarykerberos enable authentication set to enable for console, telnet and http session as primary authentication method.Console> (enable)This example shows how to limit enable mode login attempts:
Console> (enable) set authentication enable attempt 5Enable mode authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the enable mode lockout time for both console and Telnet connections:
Console> (enable) set authentication enable lockout 50Enable mode lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication login
show arpset authentication login
Use the set authentication login command set to enable TACACS+, RADIUS, or Kerberos as the authentication method for login.
set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]
set authentication login {enable | disable} [console | telnet | http | all]
set authentication login local {enable | disable} [console | telnet | http | all]
set authentication login attempt count [console | telnet]
set authentication login lockout time [console | telnet]
Syntax Description
Defaults
The default is local authentication is the primary authentication method for login.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command allows you to choose the authentification method for the web interface. If you configure the authentification method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.
If you enter a 0 for the count or timevalue, you disable the specified action.
Examples
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnettacacs login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable consoleradius login authentication set to disable for the console sessions.Console> (enable)This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnetkerberos login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions:
Console> (enable) set authentication login tacacs enable http primarytacacs login authentication set to enable for HTTP sessions as primary authentification method.Console> (enable)This example shows how to limit login attempt:
Console> (enable) set authentication login attempt 5Login authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the lockout time for both console and Telnet connections:
Console> (enable) set authentication login lockout 50Login lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication enable
show arpset authorization commands
Use the set authorization commands command to enable authorization of command events on the switch.
set authorization commands enable {config | enable | all} {option} {fallbackoption}
[console | telnet | both]set authorization commands disable [console | telnet | both]
Syntax Description
Defaults
Authorization is disabled by default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The tacacs+ keyword allows you to proceed with your action if you have authorization.
The if-authenticated keyword allows you to proceed with your action if you have been authenticated.
The none keyword allows you to proceed without further authorization if the TACACS+ server does not respond.
The deny keyword does not allow you to proceed if the TACACS+ server does not respond.
Examples
This example shows how to enable authorization for all commands with an if-authenticated option and no fallback option, in case the TACACS+ daemon is down or does not respond:
Console> (enable) set authorization commands enable all if-authenticated noneSuccessfully enabled commands authorization.Console> (enable)This example shows how to disable command authorization:
Console> (enable) set authorization commands disableSuccessfully disabled commands authorization.Console> (enable)Related Commands
set authorization enable
set authorization exec
show authorizationset authorization enable
Use the set authorization enable command to enable authorization of enable (privileged mode) session events on the switch.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
set authorization enable disable [console | telnet | both]
Syntax Description
Defaults
Authorization is disabled by default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The tacacs+ keyword allows you to proceed with your action if you have authorization.
The if-authenticated keyword allows you to proceed with your action if you have been authenticated.
The none keyword allows you to proceed without further authorization in case the TACACS+ server does not respond.
The deny keyword does not let you proceed if the TACACS+ server does not respond.
Examples
This example shows how to enable authorization of configuration commands in enable mode sessions:
Console> (enable) set authorization enable enable if-authenticated noneSuccessfully enabled enable authorization.Console> (enable)This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disableSuccessfully disabled enable authorization.Console> (enable)Related Commands
set authorization commands
set authorization exec
show authorizationset authorization exec
Use the set authorization exec command to enable authorization of exec (normal login mode) session events on the switch.
set authorization exec enable {option} {fallbackoption} [console | telnet | both]
set authorization exec disable [console | telnet | both]
Syntax Description
Defaults
Authorization is disabled by default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The tacacs+ keyword allows you to proceed with your action if you have authorization.
The if-authenticated keyword allows you to proceed with your action if you have been authenticated.
The none keyword allows you to proceed without further authorization in case the TACACS+ server does not respond.
The deny keyword does not let you proceed if the TACACS+ server does not respond.
Examples
This example shows how to enable authorization of configuration commands in exec mode sessions:
Console> (enable) set authorization exec enable if-authenticated noneSuccessfully enabled exec authorization.Console> (enable)This example shows how to disable exec mode authorization:
Console> (enable) set authorization exec disableSuccessfully disabled exec authorization.Console> (enable)Related Commands
set authorization commands
set authorization enable
show authorizationset banner motd
Use the set banner motd command to create a login banner to display when users access the switch.
set banner motd c [text] c
Syntax Description
Defaults
No MOTD banner is defined.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The banner cannot contain more than 3,070 characters, including tabs. Tabs display as eight characters but take only one character of memory.
You can use either the clear banner motd command or the set banner motd cc command to clear the message-of-the-day banner.
Examples
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd #** System upgrade at 6:00am Tuesday.** Please log out before leaving on Monday. #MOTD banner set.Console> (enable>This example shows how to clear the message of the day:
Console> (enable) set banner motd ##MOTD banner cleared.Console> (enable>Related Commands
set boot auto-config
Use the set boot auto-config command to specify one or more configuration files to use to configure the switch at startup and to set the recurrence option. A list of configuration files is stored in the config_file environment variable.
set boot auto-config device:filename [;<device:filename>...] [mod]
set boot auto-config {cfg1 | cfg2 | cfg1;cfg2}
set boot auto-config {recurring | non-recurring}
Syntax Description
Defaults
The default setting of this command is non-recurring and the config_file is not defined.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set boot auto-config command always overwrites the existing config_file environment variable settings (you cannot prepend or append a file to the variable contents).
In the Supervisor Engine III, multiple configuration files may be specified. Separate the files using a semicolon (;).
In the Supervisor Engine II G and III G, two configuration files may be specified. Separate the files using a semicolon (;).
You can set recurring, non-recurring, cfg1, and cfg2 keywords in Supervisor Engines II G and
III G only.Use a semicolon-separated list to specify multiple cfg files.
To set the recurrence on other supervisor engines and switches, use the set boot config-register auto-config command.
Examples
This example shows how to specify the configuration file environment variable:
Console> (enable) set boot auto-config slot0:cfg1CONFIG_FILE variable = slot0:cfg1WARNING: nvram configuration may be lost during next bootup,and re-configured using the file(s) specified.Console> (enable)This example shows how to specify the configuration file environment variable on Supervisor Engines II G and III G:
Console> (enable) set boot auto-config cfg1CONFIG_FILE variable = cfg1WARNING: nvram configuration may be lost during next bootup,and re-configured using the file(s) specified.Console> (enable)This example shows how to specify multiple configuration files on Supervisor Engines II G
and III G:Console> (enable) set boot auto-config cfg1;cfg2CONFIG_FILE variable = cfg1;cfg2WARNING: nvram configuration may be lost during next bootup,and re-configured using the file(s) specified.Console> (enable)This example shows how to set the auto-configuration to recurring on Supervisor Engines II G
and III G:Console> (enable) set boot auto-config recurringauto-config: recurringConsole> (enable)Related Commands
set boot config-register
Use the set boot config-register command to set the boot configuration register value.
set boot config-register 0xvalue [mod]
set boot config-register boot {rommon | bootflash | system} [mod]
set boot config-register baud {1200 | 2400 | 4800 | 9600} [mod]
set boot config-register ignore-config {enable | disable} [mod]
set boot config-register auto-config {recurring | non-recurring} [mod]
Syntax Description
Defaults
The default configuration register value is 0x10F, which specifies the following settings:
•
Boot method is "system" (the switch boots using the system images specified in the BOOT environment variable).
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
We recommend that you use only the rommon and system options to the set boot config-register boot command.
Each time you enter one of the set boot config-register commands, the system displays all current configuration register information (the equivalent of entering the show boot command).
The baud rate specified in the configuration register is used by the ROM monitor only and is different from the baud rate specified by the set system baud command.
The auto-config_file variable is slot0:switch.cfg for non-recurring.
Caution
Examples
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x10fConfiguration register is 0x10fignore-config: disabledauto-config: non-recurringconsole baud: 9600boot: image specified by the boot system commandsConsole> (enable)This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommonConfiguration register is 0x100ignore-config: disabledauto-config: non-recurringconsole baud: 9600boot: the ROM monitorConsole> (enable)This example shows how to change the ROM monitor console port baud rate to 4800:
Console> (enable) set boot config-register baud 4800Configuration register is 0x900ignore-config: disabledauto-config: non-recurringconsole baud: 4800boot: the ROM monitorConsole> (enable)This example shows how to cause the switch to ignore the configuration in NVRAM the next time the switch is reset or power cycled:
Console> (enable) set boot config-register ignore-config enableConfiguration register is 0x940ignore-config: enabledauto-config: non-recurringconsole baud: 4800boot: the ROM monitorConsole> (enable)This example shows how to set the auto-configuration to recurring:
Console> (enable) set boot config-register auto-config recurringConfiguration register is 0x960ignore-config: enabledauto-config: recurringconsole baud: 4800boot: the ROM monitorConsole> (enable)Related Commands
set boot sync now
Use the set boot sync now command to immediately initiate synchronization of the system image between the active and standby supervisor engine.
set boot sync now
Syntax Description
This command has no arguments or keywords.
Defaults
The default is synchronization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set boot sync now command initiates synchronization to force the configuration files to synchronize automatically to the standby supervisor engine. The configuration files remain consistent with the files on the active supervisor engine.
This example shows how to initiate synchronization of the auto-config file:
Console> (enable) set boot sync nowConsole> (enable)Related Commands
set boot system flash
Use the set boot system flash command to set the BOOT environment variable, which specifies a list of software images that the switch attempts to load at startup.
set boot system flash device:filename [prepend] [mod]
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter several boot system commands to provide a reliable method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them.
When you copy a new software image to a Flash device and want to switch to boot that image the next time the switch is reset, clear the BOOT environment variable using the clear boot system all command or use the prepend keyword to place the new software image file first in the list of images to attempt to boot.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and a message displays, "Warning: File not found but still added in the bootstring."
If the file does exist, but is not a supervisor engine software image, the file is not added to the bootstring, and a message displays, "Warning: file found but it is not a valid boot image."
Examples
This example shows how to append a software image file to the BOOT environment variable:
Console> (enable) set boot system flash bootflash:cat5000-sup3.6-1-1.binBOOT variable =bootflash:cat5000-sup3.5-2-1.bin,1;bootflash:cat5000-sup3.6-1-1.bin,1;Console> (enable)This example shows how to prepend a software image file to the BOOT environment variable:
Console> (enable) set boot system flash slot0:cat5000-sup3.6-1-1.bin prependBOOT variable =slot0:cat5000-sup3.6-1-1.bin,1;bootflash:cat5000-sup3.4-5-2.bin,1;Console> (enable)Related Commands
set bridge apart
Use the set bridge apart command to enable or disable APaRT on FDDI.
set bridge apart {enable | disable}
Syntax Description
Defaults
The default is APaRT enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable APaRT:
Console> (enable) set bridge apart disableAPaRT disabledConsole> (enable)Related Commands
set bridge fddicheck
Use the set bridge fddicheck command to enable or disable the relearning of MAC addresses (as FDDI MAC addresses) that were already learned from an Ethernet interface (as Ethernet MAC addresses).
set bridge fddicheck {enable | disable}
Syntax Description
enable
Keyword to permit FDDI to relearn MAC addresses learned from an Ethernet interface.
disable
Keyword to prevent FDDI from relearning MAC addresses learned from an Ethernet interface.
Defaults
The default configuration has fddicheck disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When fddicheck is enabled, a MAC address seen on the FDDI ring is not learned (stored in FDDI CAM) as an FDDI MAC address if the MAC address was previously learned from an Ethernet interface (as an Ethernet MAC address).
With fddicheck enabled, MAC addresses previously learned from an Ethernet interface will not be relearned on the FDDI interface until the CAM is cleared.
This command requires information from the FDDI CAM. If you disable APaRT, fiddicheck is also automatically disabled. To enable fddicheck, first enable APaRT.
Examples
This example shows how to enable fddicheck on the switch:
Console> (enable) set bridge fddicheck enableFDDICHECK enabledConsole> (enable)Related Commands
set bridge ipx 8022toether
Use the set bridge ipx 8022toether command to set the default method for translating IPX packets from FDDI 802.2 to Ethernet.
set bridge ipx 8022toether {8023 | snap | eii | 8023raw}
Syntax Description
Defaults
The default translation method for FDDI 802.2 to Ethernet networks is 8023 (Ethernet 802.3).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The default translation method specified is used only until the real protocol types are learned.
Examples
This example shows how to set the default protocol to SNAP for translating IPX packets between FDDI 802.2 and Ethernet networks:
Console> (enable) set bridge ipx 8022toether snap8022 to ETHER translation set.Console> (enable)Related Commands
set bridge ipx 8023rawtofddi
Use the set bridge ipx 8023rawtofddi command to set the default method for translating IPX packets from Ethernet 802.3 to FDDI.
set bridge ipx 8023rawtofddi {8022 | snap | fddiraw}
Syntax Description
Defaults
The default translation method for Ethernet 802.3 to FDDI networks is SNAP (FDDI SNAP).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The default translation method specified is used only until the real protocol types are learned.
Examples
This example shows how to set the default translation method to FDDI SNAP for translating IPX packets between Ethernet 802.3 and FDDI networks:
Console> (enable) set bridge ipx 8023rawtofddi snap8023RAW to FDDI translation set.Console> (enable)Related Commands
set bridge ipx snaptoether
Use the set bridge ipx snaptoether command to set the default method for translating IPX FDDI SNAP frames to Ethernet frames.
set bridge ipx snaptoether {8023 | snap | eii | 8023raw}
Syntax Description
Defaults
The default translation method for translating IPX FDDI SNAP frames to Ethernet frames is 8023raw (Ethernet 802.3 RAW).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The default translation specified is used for all broadcast IPX SNAP frames and for any unlearned Ethernet MAC addresses.
Examples
This example shows how to set the default method for translating IPX FDDI SNAP frames to Ethernet frames to SNAP:
Console> (enable) set bridge ipx snaptoether snapBridge snaptoether default IPX translation set.Console> (enable)Related Commands
set cam
Use the set cam command set to add entries into the CAM table, set the aging time for the CAM table, and configure traffic filtering from and to a specific host.
set cam {dynamic | static | permanent} {unicast_mac | route_descr} mod/port [vlan]
set cam {static | permanent} {multicast_mac} mod/ports.. [vlan]
set cam {static | permanent} filter {unicast_mac} vlan
set cam agingtime vlan agingtime
Syntax Description
dynamic
Keyword to specify entries are subject to aging.
static
Keyword to specify entries are not subject to aging.
permanent
Keyword to specify permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command.
unicast_mac
MAC address of the destination host used for a unicast.
route_descr
Route descriptor of the "next hop" relative to this switch; valid values are from 0 to 0xffff.
mod/port
Number of the module and the port on the module.
vlan
(Optional) Number of the VLAN; valid values are from 1 to 1005.
multicast_mac
MAC address of the destination host used for a multicast.
mod/ports..
Number of the module and the ports on the module.
filter
Keyword to specify a traffic filter entry.
agingtime
Keyword to set the period of time after which an entry is removed from the table.
agingtime
Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting the aging time to 0 disables aging.
Defaults
The default configuration has a local MAC address, spanning tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the supervisor engine). The default aging time for all configured VLANs is 300 seconds.
The vlan variable is required when you configure the traffic filter entry.
Usage Guidelines
Static (nonpermanent) entries remain in the CAM table until the system is reset.
Entering the VLAN number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword.
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and multiple ports are specified, the ports must all be in the same VLAN. If the given address is a unicast address and multiple ports are specified, the ports must be in different VLANs.
The route_descr variable is entered as two hexadecimal bytes in the following format: 004F. Do not use a hyphen (-) to separate the bytes.
The set cam command does not support the RSM.
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already associated with the port. If you enter a route descriptor, you may only use a single port number (of the associated port).
The MAC address and VLAN for a host can be stored in the NVRAM it is maintained even after a reset.
The vlan number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword.
If the ports are trunk ports, you must specify the VLAN.
Static (nonpermanent) entries remain in the table until you reset the active supervisor engine.
Examples
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300Vlan 1 CAM aging time set to 300 seconds.Console> (enable)This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9Static unicast entry added to CAM table.Console> (enable)This example shows how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12Permanent multicast entry added to CAM table.Console> (enable)This example shows how to add a traffic filter entry to the table:
Console> (enable) set cam static filter 00-02-03-04-05-06 1Filter entry added to CAM table.Console> (enable)Related Commands
set cdp
Use the set cdp command to enable or disable CDP globally or on specified ports, and to configure the CDP hold time.
set cdp {enable | disable} [mod/ports...]
Syntax Description
enable
Keyword to enable the CDP feature.
disable
Keyword to disable the CDP feature.
mod/ports...
(Optional) Number of the module and ports.
Defaults
The default system configuration has CDP enabled; the message interval is set to 60 seconds for every port.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter the global set cdp enable or disable command, CDP is globally configured. If CDP is globally disabled, CDP is automatically disabled on all ports, but the per-port enable (or disable) configuration is not changed. If CDP is globally enabled, whether CDP is running on a port or not depends on its per-port configuration.
If you configure CDP on a per-port basis, the mod/ports... value can be entered as a single module and port or a range of ports; for example, 2/1-12,3/5-12.
Examples
This example shows how to enable the CDP on port 1 on module 2:
Console> (enable) set cdp enable 2/1CDP enabled on port 2/1.Console> (enable)This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1CDP disabled on port 2/1.Console> (enable)Related Commands
set cdp holdtime
Use the set cdp holdtime command to configure the CDP hold time.
set cdp holdtime holdtime
Syntax Description
holdtime
Number of seconds for the global CDP hold time value; valid values are from 10 to 255 seconds.
Defaults
The default CDP hold time value has the message interval globally set to 180 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported on Catalyst 5000 family switches with supervisor engine software release 4.2(2) and earlier and 3.2(4) and earlier.
Examples
This example shows how to specify the global CDP hold time value:
Console> (enable) set cdp holdtime 200CDP holdtime set to 200 seconds.Console> (enable)Related Commands
set cdp interval
Use the set cdp interval command to globally set the message interval for CDP.
set cdp interval interval
Syntax Description
interval
Number of seconds the system waits between CDP message transmissions; valid values are from 5 to 900 seconds.
Defaults
The default is set to 60 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the CDP message interval to 100 seconds:
Console> (enable) set cdp interval 100CDP message interval set to 100 seconds for all ports.Console> (enable)Related Commands
set cdp version
Use the set cdp version command to set the version of CDP to run on the switch.
set cdp version v1 | v2
Syntax Description
Defaults
The default CDP version is v2.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the CDP version to 1:
Console> (enable) set cdp version v1CDP version set to v1Console> (enable)Related Commands
set cgmp
Use the set cgmp command to enable or disable CGMP on the switch.
set cgmp {enable | disable}
Syntax Description
Defaults
The default is CGMP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
CGMP requires that you connect the switch to a router running CGMP.
Examples
This example shows how to enable CGMP on a device:
Console> (enable) set cgmp enableCMGP support for IP multicast enabled.Console> (enable)This example shows how to disable CGMP on a device:
Console> (enable) set cgmp disableCMGP support for IP multicast disabled.Console> (enable)This example shows what happens if you try to enable CGMP if IGMP snooping is already enabled:
Console> (enable) set cgmp enableDisable IGMP Snooping feature to enable CGMP.Console> (enable)Related Commands
clear multicast router
set multicast router
show multicast group
show multicast group countset cgmp leave
Use the set cgmp leave command to enable or disable CGMP leave processing.
set cgmp leave {enable | disable}
Syntax Description
Defaults
The default is CGMP leave processing is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable CGMP leave processing:
Console> (enable) set cgmp leave enableCMGP support for leave processing enabled.Console> (enable)This example shows how to disable CGMP leave processing:
Console> (enable) set cgmp leave disableCMGP support for leave processing disabled.Console> (enable)Related Commands
clear multicast router
set multicast router
show multicast group
show multicast group count
show cgmp statisticsset channel cost
Use the set channel cost command to set the spanning tree port cost for an EtherChannel port bundle.
set channel cost {channel_id | all} [cost]
Syntax Description
channel_id
EtherChannel ID of the channel to modify.
all
Keyword to specify all EtherChannel port bundles on the switch.
cost
(Optional) Spanning tree port cost to apply to the EtherChannel.
Defaults
The default is the spanning tree port cost is calculated automatically based on the current port costs of the ports in the EtherChannel.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To determine the channel_id of an EtherChannel port bundle, use the show channel command.
If you do not specify the cost, the spanning tree port cost is updated based on the current port costs of the channeling ports. If you change the channel port cost, the port costs of member ports in the channel are modified to reflect the new cost. A message appears listing the ports whose port costs were changed.
Examples
This example shows how to set the channel 768 path cost to 23:
Console> (enable) set channel cost 768 23Port(s) 1/1-2,7/3,7/5 port path cost are updated to 60.Channel 768 cost is set to 23.Warning:channel cost may not be applicable if channel is broken.Console> (enable)This example shows how to set all channel path costs to 15:
Console> (enable) set channel cost all 15Port(s) 4/1-4 port path cost are updated to 39.Channel 768 cost is set to 15.Warning:channel cost may not be applicable if channel is broken.Console> (enable)Related Commands
set channel vlancost
set port channel
show channel
show channel group
show port channelset channel vlancost
Use the set channel vlancost command to set the spanning tree port-VLAN cost for an EtherChannel port bundle.
set channel vlancost channel_id [cost]
Syntax Description
channel_id
EtherChannel ID of the channel to modify.
cost
(Optional) Spanning tree port-VLAN cost to apply to the EtherChannel.
Defaults
The default is the spanning tree port-VLAN cost is calculated automatically based on the current port-VLAN costs of the ports in the EtherChannel.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure the port-VLAN cost of only one EtherChannel at a time.
To determine the channel_id of an EtherChannel port bundle, use the show channel command.
If you do not specify the cost, the spanning tree port-VLAN cost is updated based on the current port-VLAN costs of the channeling ports. If you change the channel port-VLAN cost, the port-VLAN costs of member ports in the channel are modified to reflect the new cost. A message appears listing the ports whose port-VLAN costs were changed.
Examples
This example shows how to set the channel 768 port-VLAN cost to 10:
Console> (enable) set channel vlancost 768 10Port(s) 1/1-2 vlan cost are updated to 24.Channel 768 vlancost is set to 10.Console> (enable)Related Commands
set channel cost
set port channel
show channel
show channel group
show port channelset config mode
Use the set config mode command to change the configuration mode from a binary model to a text model.
set config mode binary
set config mode text {nvram | device:file-id}
Syntax Description
Defaults
The default is binary, which saves the configuration to NVRAM when the write memory command is used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you configure the system to use text file configuration mode, the system stores its configuration as a text file in nonvolatile storage, either in NVRAM or Flash memory. The text file consists of commands entered by you to configure various features. For example, if you disable a port, the command you enter to disable that port will be saved in the text configuration file.
The text file contains only commands you have used to configure your switch. Because the text configuration file usually requires less space, NVRAM is a suitable location for the file to be stored. If the text file exceeds NVRAM space, it also can be stored to Flash memory.
User settings are not immediately saved to NVRAM. To save user settings, you must enter the write memory command to store the configuration in nonvolatile storage.
Examples
This example shows how to set the configuration mode to binary:
Console> (enable) set config mode binarySystem configuration copied to NVRAM. Configuration mode set to binary.Console> (enable)This example shows how to set the configuration mode to text and designate the location and filename for saving the text configuration file:
Console> (enable) set config mode text bootflash:switch.cfgBinary system configuration has been deleted from NVRAM. Configuration mode set to text. Use the write memory command to save configuration changes. System configuration file set to: bootflash:switch.cfgThe file specified will be used for configuration during the next bootup.Console> (enable)Related Commands
set cops
Use the set cops commands to configure COPS functionality.
set cops server ipaddress [port] [primary]
set cops domain-name domain_name
set cops retry-interval initial incr max
set cops roles {role_name}
Syntax Description
Defaults
The defaults are as follows:
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A switch may have multiple roles, and you can configure up to 64 roles per switch.
You can configure the names or addresses of up to two PDP servers. One must be the primary, and the optional second server is a secondary, or backup, PDP server.
The COPS domain name can only be set globally; there is no option to set it for each COPS client.
Names such as the server, domain name, and roles can contain a maximum of 31 characters; longer names are truncated to 31 characters. Valid letters are a-z and A-Z. Valid numbers are 0-9. Valid symbols are period (.), dash (-) and underscore (_). Names cannot start with an underscore (_). The names are not case sensitive for matching, but are case sensitive for display.
When specifying the retry-interval, the total of the initial timeout value and the incremental value (increment on each subsequent failure) may not exceed the maximum timeout value.
Examples
This example shows how to configure a server as a primary server:
Console> (enable) set cops server 171.21.34.56 primary171.21.34.56 added to COPS server table as primary server.Console> (enable)This example shows how to configure a server as a primary RSVP+ server:
Console> (enable) set cops server 171.21.34.56 primary171.21.34.56 added to COPS server table as primary server.Console> (enable)This example shows how to configure a server as a secondary (or backup) server:
Console> (enable) set cops server my_server2my_server2 added to the COPS server table as backup server.Console> (enable)This example shows how to set the domain name:
Console> (enable) set cops domain-name my_domainDomain name set to my_domain.Console> (enable)This example shows how to set the retry interval:
Console> (enable) set cops retry-interval 15 1 30Connection retry intervals set.Console> (enable)This example shows the display output if the total of the initial timeout value and the incremental value you entered exceeds the maximum timeout value:
Console> (enable) set cops retry-interval 15 1 10The initial timeout plus the increment value may not exceed the max value.Console> (enable)This example shows how to set the switch with the role backbone:
Console> (enable) set cops roles backboneRole added successfully.Console> (enable)Related Commands
set default portstatus
Use the set default portstatus command to set the default port status.
set default portstatus {enable | disable}
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set default portstatus command is supported by systems with chassis idprom.
When you enter clear config all, or during configuration loss, all ports collapse into VLAN 1, which might cause a security and network instability problem. To prevent a security breach, enter the set default portstatus command. All ports enter into disable status, and the traffic flowing through the ports during a configuration loss situation is blocked. You can then manually configure ports to the enable status.
After you enter the set default portstatus command, you must reset the system for the new configuration to take effect.
This command is not saved in the configuration file.
After you have set the default port status, the setup is not cleared when you enter the clear config all command.
Examples
This example shows how to disable the default port status:
Console> (enable) set default portstatus disableDefault port status set to disable.Console> (enable)Related Commands
set dot1x
Use the set dot1x command to configure dot1x on a system.
set dot1x system-auth-control {enable | disable}
set dot1x {quiet-period | tx-period | re-authperiod} seconds
set dot1x {supp-timeout | server-timeout} seconds
set dot1x max-req count
Syntax Description
Defaults
The default settings are:
•
•
•
•
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the system authentication value, the following applies:
•
•
When the supplicant does not notify the authenticator that it received the EAP-request/identity packet, the authenticator waits a period of time (set by entering the tx-period seconds parameter), and then retransmits the packet.
When the supplicant does not notify the backend authenticator that it received the EAP-request packet, the backend authenticator waits a period of time (set by entering the supp-timeout seconds parameter), and then retransmits the packet.
When the authentication server does not notify the backend authenticator that it received specific packets, the backend authenticator waits a period of time (set by entering the server-timeout seconds parameter), and then retransmits the packets.
Examples
This example shows how to set the system authentication control:
Console> (enable) set dot1x system-auth-control enabledot1x authorization enabled.Console> (enable)This example shows how to set the idle time between authentication attempts:
Console> (enable) set dot1x quiet-period 45dot1x quiet-period set to 45 seconds.Console> (enable)This example shows how to set the retransmission time:
Console> (enable) set dot1x tx-period 15dot1x tx-period set to 15 seconds.Console> (enable)This example shows you how to specify the reauthentication time:
Console> (enable) set dot1x re-authperiod 7200dot1x re-authperiod set to 7200 secondsConsole> (enable)This example shows you how to specify the retransmission of EAP-Request packets by the authenticator to the supplicant:
Console> (enable) set dot1x supp-timeout 15dot1x supp-timeout set to 15 seconds.Console> (enable)This example shows how to specify the retransmission of packets by the backend authenticator to the authentication server:
Console> (enable) set dot1x server-timeout 15dot1x server-timeout set to 15 seconds.Console> (enable)This example shows how to specify the maximum number of packet retransmissions:
Console> (enable) set dot1x max-req 5dot1x max-req set to 5.Console> (enable)Related Commands
