-
Catalyst 5000 Family Command Reference (6.3 and 6.4)
-
Index
-
Preface
-
Command-Line Interfaces
-
Switch and ROM Monitor Commands
-
clear banner motd through clear kerberos realm
-
clear kerberos server through clear vtp pruneeligible
-
clear vtp statistics through enable
-
format through history-switch
-
meminfo through reconfirm vmps
-
reload through session
-
set through set cops
-
set prompt through set spantree portvlanpri
-
set spantree priority through set tokenring locallearning
-
set default portstatus through set logging console
-
set logging history through set ntp client
-
set ntp key through set port trap
-
set tokenring portaging through show accounting
-
show alias through show channel
-
show channel group through show gmrp timer
-
show gvrp configuration through show ip route
-
show kerberos through show multicast group count
-
show multicast protocols status through show rif
-
show rmsautostate through show timezone
-
show tokenring through squeeze
-
switch through write terminal
-
Acronyms
-
Table Of Contents
set snmp extendedrmon vlanagent
set snmp extendedrmon vlanmode
set spantree multicast-address
set spantree portfast bpdu-filter
set spantree portfast bpdu-guard
2set qos mac-cos
Use the set qos mac-cos command to map a CoS value to a MAC address and VLAN pair.
set qos mac-cos dest_mac vlan cos
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported only on Supervisor Engine II G or III G, or Supervisor Engine III.
The set qos mac-cos command creates a permanent CAM entry that remains in the CAM table until the active supervisor is reset.
The port associated with the MAC address is learned when the first packet with this source MAC address is received. These entries are not aged out.
If you enter the show cam command, entries made with the set qos mac-cos command are displayed as dynamic. Entries made using the set qos mac-cos command do not age out.
Examples
This example shows how to map a CoS value to a MAC address and VLAN:
Console> (enable) set qos mac-cos 0f-ab-12-12-00-13 2 3CoS 3 is assigned to 0f-ab-12-12-00-13 vlan 2.Console> (enable)Related Commands
clear qos mac-cos
show qos mac-cosset qos map
Use the set qos map command to associate CoS values to a transmit queue and drop threshold.
set qos map port_type q# threshold# cos coslist
Syntax Description
Defaults
The default mappings are:
•
CoS value-to-drop threshold mapping
–
–
–
–
•
–
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported on switches configured with Supervisor Engine II G or III G or Supervisor Engine III.
Only port type 1q4t is supported, which consists of one transmit queue and four drop thresholds.
Examples
This example shows how to assign the CoS values 1 and 2 to the first transmit queue and the first drop threshold for that queue on a 1q4t port (Catalyst 5000 family switches):
Console> (enable) set qos map 1q4t tx 1 1 cos 1-2Qos tx priority queue and threshold mapped to cos successfully.Console> (enable)This example shows how to assign the CoS values 4 through 7 to the first transmit queue and the second drop threshold for that queue on a 1q4t port (Catalyst 5000 family switches):
Console> (enable) set qos map 1q4t tx 1 2 cos 4-7Qos tx priority queue and threshold mapped to cos successfully.Console> (enable)Related Commands
set qos policy-source
Use the set qos policy-source command to set the QoS policy source.
set qos policy-source local | cops
Syntax Description
local
Keyword to set the policy source to local NVRAM configuration.
cops
Keyword to set the policy source to COPS configuration.
Defaults
The default is all ports are set to local.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the policy source to local, the QoS policy is taken from local configuration stored in NVRAM. If you set the policy source to local after it was set to COPS, the QoS policy reverts back to the local configuration stored in NVRAM.
When you set the policy source to COPS, all configuration that is global to the device, such as the DSCP to marked-down DSCP, is taken from policy downloaded to the PEP by the PDP. Configuration of each physical port, however, is taken from COPS only if the policy source for that port has been set to COPS.
Examples
This example shows how to set the policy source to COPS:
Console> (enable) set qos policy-source copsQoS policy source for the switch set to COPS.Console> (enable)This example shows how to set the policy source to local NVRAM:
Console> (enable) set qos policy-source localQoS policy source for the switch set to local.Console> (enable)This example shows the output if you attempt to set the policy source to COPS and none are available:
Console> (enable) set qos policy-source copsQoS policy source for the switch set to COPS.Warning: No COPS servers configured. Use the `set cops server' commandto configure COPS servers.Console> (enable)Related Commands
clear qos config
show qos info
show qos policy-sourceset qos router-mac
Use the set qos router-mac command to specify router MAC addresses for ACE-based classification.
set qos router-mac mac_address vlan
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported only on Supervisor Engine II G or III G, or Supervisor Engine III.
This command is not supported by the MLS-RP.
Use this command to specify the MAC address of a router for which to perform ACE-based classification. For IPv4 traffic destined for a router, QoS can classify packets that match an ACE by setting the IP precedence bits (in the IP TOS header) and CoS value in the frame header.
If you are using MLS, QoS can perform ACE-based classification only for traffic that is switched using MLS. ACE-based classification is performed at the switch egress port as the flow is being multilayer switched. QoS cannot perform ACE-based classification on traffic that the MLS-RP routes off the switch. QoS learns the address of the MLS-RP automatically when MLS is configured on the switch.
Examples
This example shows how to set the router MAC address on a specific VLAN:
Console> (enable) set qos router-mac 00-40-0b-30-03-48 2Router MAC/Vlan is set for QoS.Console> (enable)Related Commands
clear qos router-mac
show qos mac-cosset qos wred-threshold
Use the set qos wred-threshold command to specify the transmit queue drop thresholds on all ports in the switch.
set qos wred-threshold port_type [rx | tx] queue {q# thr1 thr2 thr3 thr4}
Syntax Description
Defaults
The defaults are output queuing and the threshold values are 30%, 50%, 80%, and 100%.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported only on Supervisor Engine II G or III G, or Supervisor Engine III.
The number preceding the t letter in the port_type (1q4t) determines the number of threshold values the hardware supports. For example, with 1q4t, the number of thresholds specified is four.
The number preceding the q letter in the port_type determines the number of the queues that the hardware supports. For example, with 1q4t, the number of queues specified is one.
The transmit drop threshold percentages specified select a buffer usage level where each threshold applies.
The percentages to buffer usage level are as follows:
•
•
•
•
•
•
•
Due to the granularity of programming the hardware, the values set in hardware will be close approximations of the values provided.
Examples
This example shows how to configure the transmit queue drop thresholds:
Console> (enable) set qos wred-threshold 1q4t tx queue 1 30 50 80 100Transmit drop thresholds for queue 1 set at 30% 50% 80% 100%Console> (enable)Related Commands
set radius deadtime
Use the set radius deadtime command to set the time to skip RADIUS servers that do not reply.
set radius deadtime minutes
Syntax Description
minutes
The length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes.
Defaults
The default is 0 minutes.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored because there are no alternate servers available. By default, the deadtime will be 0 minutes, that is, the RADIUS servers will not be marked dead if they do not respond.
Examples
This example shows how to set the RADIUS deadtime to 10 minutes:
Console> (enable) set radius deadtime 10Radius deadtime set to 10 minutes.Console> (enable)Related Commands
set radius key
Use the set radius key command to set the encryption and authentication for all communication between the RADIUS client and the server.
set radius key key
Syntax Description
Defaults
The default of the key is set to NULL.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored, spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters. It can include any printable ASCII character except tabs.
Examples
This example shows how to set the RADIUS encryption and authentication key to Make my day:
Console> (enable) set radius key Make my dayRadius key set to Make my day.Console> (enable)Related Commands
set radius retransmit
Use the set radius retransmit command to specify the number of times the RADIUS servers are tried before giving up on the server.
set radius retransmit count
Syntax Description
count
Number of times the RADIUS servers are tried before giving up on the server; valid values are from 1 to 100.
Defaults
The default is two times (three attempts).
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the retransmit attempts to 3:
Console> (enable) set radius retransmit 3Radius retransmit count set to 3.Console> (enable)Related Commands
set radius server
Use the set radius server command to set up the RADIUS server.
set radius server ipaddr [auth-port port] [acct-port port][primary]
Syntax Description
Defaults
The default auth-port is 1812. The default acct-port is 1813.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can add up to three RADIUS servers.
The RADIUS server will not be used for authentication if the port number is set to 0.
Examples
This example shows how to add a primary server using an IP alias:
Console> (enable) set radius server tampa.users.comtampa.users.com added to RADIUS server table as primary server.Console> (enable)Related Commands
set radius timeout
Use the set radius timeout command to set the time between retransmissions to the RADIUS server.
set radius timeout seconds
Syntax Description
Defaults
The default timeout is 5 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the time between retransmissions to 7 seconds:
Console> (enable) set radius timeout 7Radius timeout set to 7 seconds.Console> (enable)Related Commands
set rcp username
Use the set rcp username command to specify your username for rcp file transfers.
set rcp username username
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Username must be different from "root" and not a null string. The only case where rcp username is not used is for the VMPS database. For the VMPS database, an rcp VMPS username is used.
Examples
This example shows how to set the username for rcp:
Console> (enable) set rcp username jdoeConsole> (enable)Related Commands
set rgmp
Use the set rgmp command to enable or disable the RGMP feature on the switch.
set rgmp {enable | disable}
Syntax Description
Defaults
The default is RGMP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
RGMP is a global command. You cannot enable or disable RGMP on a per-VLAN basis.
The RGMP feature is operational only if IGMP snooping is enabled on the switch (see the set igmp command).
Examples
This example shows how to enable RGMP on the switch:
Console> (enable) set rgmp enableRGMP is enabled.Console> (enable)This example shows how to disable RGMP on the switch:
Console> (enable) set rgmp disableRGMP is disabled.Console> (enable)Related Commands
clear rgmp statistics
set igmp
set igmp fastleave
show rgmp group
show rgmp statistics
set rsmautostate
Use the set rsmautostate command to enable and disable line protocol state determination of the RSMs due to port state changes.
set rsmautostate {enable | disable}
Syntax Description
enable
Keyword to activate line protocol state determination.
disable
Keyword to deactivate line protocol state determination.
Defaults
The default configuration has line protocol state determination disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable rsmautostate, VLAN interfaces on the RSM are active only when there is at least one other active interface within the Catalyst 5000 family switches. This interface could be a physical end-user port, a trunk connection for which the VLAN is active, or another RSM with an equivalent VLAN interface.
This command is useful for discontinuing the advertisement of routing paths when access to them is severed (either through fault or administrative disabling).
If you disable rsmautostate, you might have to use the shutdown/no shutdown Cisco IOS command to disable and then restart the VLAN interface to bring the RSM back up.
Examples
This example shows how to enable the line protocol state determination of the RSM:
Console> (enable) set rsmautostate enableConsole> (enable)This example shows how to disable the line protocol state determination of the RSM:
Console> (enable) set rsmautostate disableConsole> (enable)Related Commands
set snmp access
Use the set snmp access command to define the access rights of an SNMP group with a specific security model in different security levels.
set snmp access [-hex] {groupname} {security-model {v1 | v2c}} [read [-hex] {readview}]
[write [-hex] {writeview}] [notify [-hex] {notifyview}] [volatile | nonvolatile]set snmp access [-hex] {groupname} {security-model v3 {noauthentication | authentication
| privacy}} [read [-hex] {readview}] [write [-hex] {writeview}] [notify [-hex]
{notifyview}] [volatile | nonvolatile]Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname, readview, writeview, and notifyview (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
readview is assumed to be every object belonging to the Internet (1.3.6.1) OID space; you can use the read option to override this state.
For writeview, you must also configure write access.
For notifyview, if a view is specified, any notifications in that view are sent to all users associated with the group (an SNMP server host configuration must exist for the user).
Examples
This example shows how to set the SNMP access rights for a group:
Console> (enable) set snmp access cisco-group security-model v3 authenticationSNMP access group was set to cisco-group version v3 level authentication, readview internet, nonvolatile.Console> (enable)Related Commands
set snmp community
Use the set snmp community command to set SNMP communities and associated access types.
set snmp community {read-only | read-write | read-write-all} [community_string]
Syntax Description
Defaults
The default configuration has the following communities and access types defined:
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared.
Examples
This example shows how to set read-write access to the SNMP community called yappledapple:
Console> (enable) set snmp community read-write yappledappleSNMP read-write community string set.Console> (enable)This example shows how to clear the community string defined for read-only access:
Console> (enable) set snmp community read-onlySNMP read-only community string cleared.Console> (enable)Related Commands
set snmp extendedrmon
Use the set snmp extendedrmon command to enable or disable the Network Analysis Module.
set snmp extendedrmon {enable | disable}
Syntax Description
enable
Keyword to enable the Network Analysis Module.
disable
Keyword to disable the Network Analysis Module.
Defaults
The default is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable the Network Analysis Module:
Console> (enable) set snmp extendedrmon enableSnmp extended RMON module enabledConsole> (enable)This example shows how to disable the Network Analysis Module:
Console> (enable) set snmp extendedrmon disableSnmp extended RMON module disabledConsole> (enable)Related Commands
set snmp extendedrmon netflow
Use the set snmp extendedrmon netflow command to enable or disable the Network Analysis Module to receive the NDE stream from an NFFC or NFFC II and present the resulting statistics on reserved ifIndex.3000.
set snmp extendedrmon netflow {enable password | disable}
Syntax Description
Defaults
The default is SNMP-extended RMON NetFlow disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To enable the NetFlow Monitor option, you must purchase a NetFlow Monitor option license from your Cisco sales representative.
The option license has a registration key and URL on it. Access the URL and enter the registration key and the MAC address of the Network Analysis Module to generate the password for your Network Analysis Module.
Examples
This example shows how to enable SNMP-extended RMON NetFlow support:
Console> (enable) set snmp extendedrmon netflow enable <password>Snmp extended RMON netflow enabledConsole> (enable)This example shows how to disable SNMP-extended RMON NetFlow support:
Console> (enable) set snmp extendedrmon netflow disableSnmp extended RMON netflow disabledConsole> (enable)Related Commands
set snmp extendedrmon vlanagent
Use the set snmp extendedrmon vlanagent command to enable or disable the VLANagent option. If the VLANagent option is enabled, the NAM aggregates statistics by VLAN as well as by port.
set snmp extendedrmon vlanagent {enable | disable}
Syntax Description
enable
Keyword to activate SNMP-extended RMON VLANagent support.
disable
Keyword to deactivate SNMP-extended RMON VLANagent support.
Defaults
The default is SNMP-extended RMON VLANagent disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The VLANagent creates an increased memory load on the NAM and might not be suitable for use on a heavily loaded switch or when the switch is configured to analyze a high volume of network traffic.
Examples
This example shows how to enable extended RMON VLANagent support:
Console> (enable) set snmp extendedrmon vlanagent enableSnmp extended RMON vlanagent enabledConsole> (enable)This example shows how to disable extended RMON VLANagent support:
Console> (enable) set snmp extendedrmon vlanagent disableSnmp extended RMON vlanagent disabledConsole> (enable)Related Commands
set snmp extendedrmon vlanmode
Use the set snmp extendedrmon vlanmode command to enable or disable the VLAN monitor option. If the VLAN monitor option is enabled, the Network Analysis Module aggregates statistics by VLAN, instead of by source MAC address.
set snmp extendedrmon vlanmode {enable | disable}
Syntax Description
enable
Keyword that activates SNMP-extended RMON VLAN mode support.
disable
Keyword that deactivates SNMP-extended RMON VLAN mode support.
Defaults
The default is SNMP-extended RMON VLAN mode disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable extended-RMON VLAN mode support:
Console> (enable) set snmp extendedrmon vlanmode enableSnmp extended RMON vlanmode enabledConsole> (enable)This example shows how to disable extended-RMON VLAN mode support:
Console> (enable) set snmp extendedrmon vlanmode disableSnmp extended RMON vlanmode disabledConsole> (enable)Related Commands
set snmp group
Use the set snmp group command to establish the relationship between an SNMP group and a user with a specific security model.
set snmp group [-hex] {groupname} user [-hex] {username} {security-model {v1 | v2c |
v3}} [volatile | nonvolatile]Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname or username (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to set the SNMP group:
Console> (enable) set snmp group cisco-group user joe security-model v3SNMP group was set to cisco-group user joe and version v3,nonvolatile.Console> (enable)Related Commands
clear snmp group
show snmp groupset snmp notify
Use the set snmp notify command to set the notifyname entry in the snmpNotifyTable and the notifytag entry in the snmpTargetAddrTable.
set snmp notify [-hex] {notifyname} tag [-hex] {notifytag} [trap | inform] [volatile | nonvolatile]
Syntax Description
Defaults
The default storage type is volatile and the default notify type is trap.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the notifyname and notifytag (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to set the SNMP notify for a specific notifyname:
Console> (enable) set snmp notify hello tag world informSNMP notify name was set to hello with tag world notifyType inform, and storageType nonvolatile.Console> (enable)Related Commands
clear snmp notify
show snmp notifyset snmp rmon
Use the set snmp rmon command to enable or disable SNMP RMON support.
set snmp rmon {enable | disable}
Syntax Description
Defaults
The default for RMON support is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
RMON statistics are collected on a segment basis instead of a repeater-port basis for the Catalyst 5000 family switching Ethernet modules (WS-X5020 and WS-X5223).
The RMON feature deinstalls the domains for all of the interfaces on an Ethernet module that has been removed from the system.
RMON is supported on Ethernet, Fast Ethernet, Gigabit Ethernet, and Token Ring switch ports.
When RMON is enabled, the supported RMON groups for Ethernet ports are Statistics, History, Alarms, and Events, as specified in RFC 1757. When RMON is enabled, the supported RMON groups for Token Ring ports are Mac-Layer Statistics, Promiscuous Statistics, Mac-Layer History, Promiscuous History, Ring Station Order Table, Alarms, and Events, as specified in RFC 1513 and RFC 1757.
Note
Examples
This example shows how to enable RMON support:
Console> (enable) set snmp rmon enableSNMP RMON support enabled.Console> (enable)This example shows how to disable RMON support:
Console> (enable) set snmp rmon disableSNMP RMON support disabled.Console> (enable)Related Commands
set snmp rmonmemory
Use the set snmp rmonmemory command to set the memory usage limit in a percentage value format.
set snmp rmonmemory percentage
Syntax Description
percentage
Memory usage limit: valid values are 0 to 100 percent. See the "Usage Guidelines" section for additional information.
Defaults
The default is 85 percent.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the percentage value to 85, the RMON is not using 85 percent of memory; this value does not allow you to create new RMON entries or restore entries from the NVRAM if the memory usage exceeds 85 percent.
If you expect the device to run other sessions such as Telnet, you need to set a lower value to the memory limit. Otherwise, the new Telnet sessions may fail because there is not enough available memory.
Examples
This example shows how to set the memory usage limit:
Console> (enable) set snmp rmonmemory 90Console> (enable)Related Commands
set snmp targetaddr
Use the set snmp targetaddr command to configure the SNMP target address entries in the snmpTargetAddressTable.
set snmp targetaddr [-hex] {addrname} param [-hex] {paramsname}{ipaddr} [udpport
{port}] [timeout {value}] [retries {value}] [volatile | nonvolatile] [taglist {[-hex] tag}]
[[-hex] tag tagvalue]Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
•
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the addrname, paramsname, tag, and tagvalue (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
The maximum tagvalue and taglist length is 255 bytes.
Examples
This example shows how to set the target address in the snmpTargetAddressTable:
Console> (enable) set snmp targetaddr foo param bar 10.1.2.4 udp 160 timeout 10 retries 3 taglist tag1 tag2 tag3SNMP targetaddr name was set to foo with param bar ipAddr 10.1.2.4, udpport 160, timeout 10, retries 3, storageType nonvolatile with taglist tag1 tag2 tag3.Console> (enable)Related Commands
clear snmp targetaddr
show snmp targetaddrset snmp targetparams
Use the set snmp targetparams command set to configure the SNMP parameters used in the snmpTargetParamsTable when generating a message to a target.
set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model
{v1 | v2c}} {message-processing {v1 | v2c | v3}} [volatile | nonvolatile]set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model v3}
{message-processing v3 {noauthentication | authentication | privacy}} [volatile |
nonvolatile]Syntax Description
Defaults
The default storage type is volatile.
