-
Catalyst 6500 Series Command Reference, 6.3 and 6.4
-
Quick Links to Catalyst 6500 Series Switch and ROM Monitor Commands
-
Index
-
Preface
-
Command-Line Interfaces
-
alias to boot
-
cd to clear mls entry cef adjacency
-
clear mls exclude protocol to clear vtp pruneeligible
-
clear vtp statistics to disable
-
disconnect to enable
-
format to ping
-
pwd to reset-switch
-
restore counters to set crypto key rsa
-
set default portstatus to set logging timestamp
-
set logout to set pbf
-
set port auxiliaryvlan to set rcp username
-
set rgmp to set spantree portvlanpri
-
set spantree priority to set trunk
-
set udld to set vtp pruneeligible
-
show accounting to show default
-
show dot1q-all-tagged to show interface
-
show ip alias to show ip permit
-
show ip route to show pbf
-
show port to show snmp
-
show snmp access to show tech-support
-
show test to show udld
-
show users to squeeze
-
stack to write tech-support
-
Acronyms
-
Table Of Contents
set boot config-register auto-config
2F2restore counters
Use the restore counters command to restore MAC and port counters.
restore counters [all | mod/ports]
Syntax Description
all
(Optional) Keyword to specify all ports.
mod/ports
(Optional) Number of the module and the ports on the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a range of ports to be restored, then all ports on the switch are restored.
Examples
This example shows how to restore MAC and port counters:
Console> (enable) restore counters allThis command will restore all counter values reported by the CLI to the hardware counter values.Do you want to continue (y/n) [n]? yMAC and Port counters restored.Console> (enable)Related Commands
clear counters
show port countersrollback
Use the rollback command set to clear changes made to the ACL edit buffer since its last save. The ACL is rolled back to its state at the last commit command.
rollback qos acl {acl_name | all}
rollback security acl {acl_name | all | adjacency}
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the edit buffer of a specific QoS ACL:
Console> (enable) rollback qos acl ip-8-1Rollback for QoS ACL ip-8-1 is successful.Console> (enable)This example shows how to clear the edit buffer of a specific security ACL:
Console> (enable) rollback security acl IPACL1IPACL1 editbuffer modifications cleared.Console> (enable)Related Commands
session
Use the session command to open a session with a module (for example, the MSM, NAM, or ATM). This command allows you to use the module-specific CLI.
session mod
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter this command, the system responds with the Enter Password: prompt, if one is configured on the module.
To end the session, enter the quit command.
Use the session command to toggle between router and switch sessions.
For information on ATM commands, refer to the ATM Software Configuration Guide and Command Reference for the Catalyst 5000 Family and 6000 Family Switches.
For information on NAM commands, refer to the Catalyst 6000 Network Analysis Module Installation and Configuration Note.
Examples
This example shows how to open a session with an MSM (module 4):
Console> session 4Trying Router-4...Connected to Router-4.Escape character is `^]'.Router>Related Commands
set
Use the set command to display all of the ROM monitor variable names with their values.
set
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > setPS1=rommon ! >BOOT=?=0Related Commands
set accounting commands
Use the set accounting commands command set to enable command event accounting on the switch.
set accounting commands enable {config | enable | all} [stop-only] {tacacs+}
set accounting commands disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send records at the end of the event only using a TACACS+ server:
Console> (enable) set accounting commands enable config stop-only tacacs+Accounting set to enable for commands-config events in stop-only mode.Console> (enable)Related Commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accountingset accounting connect
Use the set accounting connect command set to enable accounting of outbound connection events on the switch.
set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}
set accounting connect disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting on Telnet and remote login sessions, generating records at stop only using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+Accounting set to enable for connect events in stop-only mode..Console> (enable)Related Commands
set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting exec
Use the set accounting exec command set to enable accounting of normal login sessions on the switch.
set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}
set accounting exec disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting of normal login sessions, generating records at start and stop using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radiusAccounting set to enable for exec events in start-stop mode.Console> (enable)This example shows how to enable accounting of normal login sessions, generating records at stop using a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+Accounting set to enable for exec events in stop-only mode.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting suppress
Use the set accounting suppress command to enable or disable suppression of accounting information for a user who has logged in without a username.
set accounting suppress null-username {enable | disable}
Syntax Description
null-username
Keyword to specify users must have a user ID.
enable
Keyword to enable suppression for a specified user.
disable
Keyword to disable suppression for a specified user.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to suppress accounting information for users without a username:
Console> (enable) set accounting suppress null-username enableAccounting will be suppressed for user with no username.Console> (enable)This example shows how to include users without the usernames' accounting event information:
Console> (enable) set accounting suppress null-username disableAccounting will be not be suppressed for user with no username.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs server
show accountingset accounting system
Use the set accounting system command set to enable accounting of system events on the switch.
set accounting system enable {start-stop | stop-only} {tacacs+ | radius}
set accounting system disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting for system events, sending records only at the end of the event using a RADIUS server:
Console> (enable) set accounting system enable stop-only radiusAccounting set to enable for system events in start-stop mode..Console> (enable)This example shows how to enable accounting for system events, sending records only at the end of the event using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+Accounting set to enable for system events in start-stop mode..Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting update
Use the set accounting update command to configure the frequency of accounting updates.
set accounting update {new-info | {periodic [interval]}}
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200Accounting updates will be periodic at 200 minute intervals.Console> (enable)This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-infoAccounting updates will be sent on new information only.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set tacacs server
show accountingset alias
Use the set alias command to define aliases (shorthand versions) of commands.
set alias name command [parameter] [parameter]
Syntax Description
name
Alias being created.
command
Command for which the alias is being created.
parameter
(Optional) Parameters that apply to the command for which an alias is being created.
Defaults
The default is no aliases are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
For additional information about parameter, see the specific command for information about applicable parameters.
Examples
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arpCommand alias added.Console> (enable)Related Commands
set arp
Use the set arp command set to add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table.
set arp [dynamic | permanent | static] {ip_addr hw_addr}
set arp agingtime agingtime
Syntax Description
dynamic
(Optional) Keyword to specify that entries are subject to ARP aging updates.
permanent
(Optional) Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear arp or clear config command.
static
(Optional) Keyword to specify that entries are not subject to ARP aging updates.
ip_addr
IP address or IP alias to map to the specified MAC address.
hw_addr
MAC address to map to the specified IP address or IP alias.
agingtime
Keyword to set the period of time after which an ARP entry is removed from the ARP table.
agingtime
Number of seconds that entries will remain in the ARP table before being deleted; valid values are from 0 to 1,000,000 seconds. Setting this value to 0 disables aging.
Defaults
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When entering the hw_addr, use a 6-hexadecimal byte MAC address in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Static (nonpermanent) entries remain in the ARP table until you reset the active supervisor engine.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bcARP entry added.Console> (enable)This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800ARP aging time set to 1800 seconds.Console> (enable)This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bcPermanent ARP entry added as198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5Console> (enable)This example shows how to configure a static ARP entry, which will be removed from the ARP cache after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bcStatic ARP entry added as198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5Console> (enable)Related Commands
set authentication enable
Use the set authentication enable command set to enable authentication using the TACACS+, RADIUS, or Kerberos server to determine if you have privileged access permission.
set authentication enable {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication enable {enable | disable} [console | telnet | http | all] [primary]
set authentication enable local {enable | disable} [console | telnet | http | all] [primary]
set authentication enable attempt count [console | telnet]
set authentication enable lockout time [console | telnet]
Syntax Description
Defaults
The default is local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are disabled for all session types. If authentication is enabled, the default attempt count is 3.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use authentication configuration for both console and Telnet connection attempts unless you use the console or telnet keywords to specify the authentication methods for each connection type individually.
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enabletacacs enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enablelocal enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enableradius enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the TACACS+ server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable tacacs enable consoletacacs enable authentication set to enable for console session.Console> (enable)This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primarykerberos enable authentication set to enable for console, telnet and http session as primary authentication method.Console> (enable)This example shows how to limit enable mode login attempts:
Console> (enable) set authentication enable attempt 5Enable mode authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the enable mode lockout time for both console and Telnet connections:
Console> (enable) set authentication enable lockout 50Enable mode lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication login
show authenticationset authentication login
Use the set authentication login command set to enable TACACS+, RADIUS, or Kerberos as the authentication method for login.
set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]
set authentication login {enable | disable} [console | telnet | http | all]
set authentication login local {enable | disable} [console | telnet | http | all]
set authentication login attempt count [console | telnet]
set authentication login lockout time [console | telnet]
Syntax Description
Defaults
The default is local authentication is the primary authentication method for login.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command allows you to choose the authentification method for the web interface. If you configure the authentification method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.
Examples
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnettacacs login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable consoleradius login authentication set to disable for the console sessions.Console> (enable)This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnetkerberos login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions:
Console> (enable) set authentication login tacacs enable http primarytacacs login authentication set to enable for HTTP sessions as primary authentification method.Console> (enable)This example shows how to limit login attempts:
Console> (enable) set authentication login attempt 5Login authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the lockout time for both console and Telnet connections:
Console> (enable) set authentication login lockout 50Login lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication enable
show authenticationset authorization commands
Use the set authorizaton commands command set to enable authorization of command events on the switch.
set authorization commands enable {config | enable | all} {option} {fallbackoption}
[console | telnet | both]set authorization commands disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
•
•
Examples
This example shows how to enable authorization for all commands with the if-authenticated option and none fallbackoption:
Console> (enable) set authorization commands enable all if-authenticated noneSuccessfully enabled commands authorization.Console> (enable)This example shows how to disable command authorization:
Console> (enable) set authorization commands disableSuccessfully disabled commands authorization.Console> (enable)Related Commands
set authorization enable
set authorization exec
show authorizationset authorization enable
Use the set authorization enable command set to enable authorization of privileged mode sessions on the switch.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
set authorization enable disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
•
•
•
Examples
This example shows how to enable authorization of configuration commands in enable, privileged login mode, sessions:
Console> (enable) set authorization enable enable if-authenticated noneSuccessfully enabled enable authorization.Console> (enable)This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disableSuccessfully disabled enable authorization.Console> (enable)Related Commands
set authorization commands
set authorization exec
show authorizationset authorization exec
Use the set authorization exec command set to enable authorization of exec, normal login mode, session events on the switch.
set authorization exec enable {option} {fallbackoption} [console | telnet | both]
set authorization exec disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is denied.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
•
•
•
Examples
This example shows how to enable authorization of configuration commands in exec, normal login mode, sessions:
Console> (enable) set authorization exec enable if-authenticated noneSuccessfully enabled exec authorization.Console> (enable)This example shows how to disable exec mode authorization:
Console> (enable) set authorization exec disableSuccessfully disabled exec authorization.Console> (enable)Related Commands
set authorization commands
set authorization enable
show authorizationset banner lcd
Use the set banner lcd command to configure the Catalyst 6500 series Switch Fabric Module LCD user banner.
set banner lcd c [text] c
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The banner may contain no more than 800 characters, including tabs. Tabs display as eight characters but take only one character of memory.
Once you configure the user banner, it is sent down to all Catalyst 6500 series Switch Fabric Modules in the switch and displayed in the LCD.
Examples
This example shows how to set the Catalyst 6500 series Switch Fabric Module LCD user banner:
Console> (enable) set banner lcd &hellothere&LCD banner setConsole> (enable)Related Commands
set banner motd
Use the set banner motd command to program an MOTD banner to appear before session login.
set banner motd c [text] c
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The banner may contain no more than 3,070 characters, including tabs. Tabs display as eight characters but take only one character of memory.
You can use either the clear banner motd command or the set banner motd cc command to clear the message-of-the-day banner.
Examples
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd #** System upgrade at 6:00am Tuesday.** Please log out before leaving on Monday. #MOTD banner set.Console> (enable)This example shows how to clear the message of the day:
Console> (enable) set banner motd ##MOTD banner cleared.Console> (enable)Related Commands
set boot auto-config
Use the set boot auto-config command to specify one or more configuration files to use to configure the switch at bootup. The list of configuration files is stored in the CONFIG_FILE environment variable.
set boot auto-config device:filename [;device:filename...] [mod]
Syntax Description