-
Catalyst 6500 Series Command Reference, 7.6
-
Quick Links to Catalyst 6500 Series Switch and ROM Monitor Commands
-
Index
-
Preface
-
Command-Line Interfaces
-
alias to boot
-
cd to clear mls exclude protocol
-
clear mls multicast statistics to clear vtp pruneeligible
-
clear vtp statistics to disable
-
disconnect to enable
-
Format to Ping
-
pwd to reset-switch
-
restore counters to set crypto key rsa
-
set default portstatus to set logging timestamp
-
set logout to set port arp-inspection
-
set port auxiliaryvlan to set rcp username
-
set rgmp to set spantree portvlanpri
-
set spantree priority to set trunk
-
set udld to set vtp pruneeligible
-
show accounting to show dot1q-all-tagged
-
show dot1x to show ip alias
-
show ip dns to show ip permit
-
show ip route to show pbf-map
-
show port to show snmp
-
show snmp access to show tech-support
-
show test to show users
-
show version to squeeze
-
stack to write tech-support
-
Acronyms
-
Table Of Contents
set boot config-register auto-config
2F2restore counters
To restore MAC and port counters, use the restore counters command.
restore counters [all | mod/ports]
Syntax Description
all
(Optional) Specifies all ports.
mod/ports
(Optional) Number of the module and the ports on the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a range of ports to be restored, then all ports on the switch are restored.
Examples
This example shows how to restore MAC and port counters:
Console> (enable) restore counters allThis command will restore all counter values reported by the CLI to the hardware counter values.Do you want to continue (y/n) [n]? yMAC and Port counters restored.Console> (enable)Related Commands
clear counters
show port countersrollback
To clear changes made to the ACL edit buffer since its last save, use the rollback command. The ACL is rolled back to its state at the last commit command.
rollback qos acl {acl_name | all}
rollback security acl {acl_name | all | adjacency}
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the edit buffer of a specific QoS ACL:
Console> (enable) rollback qos acl ip-8-1Rollback for QoS ACL ip-8-1 is successful.Console> (enable)This example shows how to clear the edit buffer of a specific security ACL:
Console> (enable) rollback security acl IPACL1IPACL1 editbuffer modifications cleared.Console> (enable)Related Commands
session
To open a session with a module (for example, the MSM, NAM, or ATM), use the session command. This command allows you to use the module-specific CLI.
session mod
Syntax Description
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter this command, the system responds with the Enter Password: prompt, if one is configured on the module.
To end the session, enter the quit command.
Use the session command to toggle between router and switch sessions.
For information on ATM commands, refer to the ATM Software Configuration Guide and Command Reference for the Catalyst 5000 Family and 6000 Family Switches.
For information on NAM commands, refer to the Catalyst 6000 Network Analysis Module Installation and Configuration Note.
Examples
This example shows how to open a session with an MSM (module 4):
Console> session 4Trying Router-4...Connected to Router-4.Escape character is `^]'.Router>Related Commands
set
To display all of the ROM monitor variable names with their values, use the set command.
set
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > setPS1=rommon ! >BOOT=?=0Related Commands
set accounting commands
To enable command event accounting on the switch, use the set accounting commands command.
set accounting commands enable {config | enable | all} [stop-only] {tacacs+}
set accounting commands disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send records at the end of the event only using a TACACS+ server:
Console> (enable) set accounting commands enable config stop-only tacacs+Accounting set to enable for commands-config events in stop-only mode.Console> (enable)Related Commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accountingset accounting connect
To enable accounting of outbound connection events on the switch, use the set accounting connect command.
set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}
set accounting connect disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting on Telnet and remote login sessions, generating records at stop only using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+Accounting set to enable for connect events in stop-only mode..Console> (enable)Related Commands
set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting exec
To enable accounting of normal login sessions on the switch, use the set accounting exec command.
set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}
set accounting exec disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting of normal login sessions, generating records at start and stop using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radiusAccounting set to enable for exec events in start-stop mode.Console> (enable)This example shows how to enable accounting of normal login sessions, generating records at stop using a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+Accounting set to enable for exec events in stop-only mode.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting suppress
To enable or disable suppression of accounting information for a user who has logged in without a username, use the set accounting suppress command.
set accounting suppress null-username {enable | disable}
Syntax Description
null-username
Specifies users must have a user ID.
enable
Enables suppression for a specified user.
disable
Disables suppression for a specified user.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to suppress accounting information for users without a username:
Console> (enable) set accounting suppress null-username enableAccounting will be suppressed for user with no username.Console> (enable)This example shows how to include users without the usernames' accounting event information:
Console> (enable) set accounting suppress null-username disableAccounting will be not be suppressed for user with no username.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs server
show accountingset accounting system
To enable accounting of system events on the switch, use the set accounting system command.
set accounting system enable {start-stop | stop-only} {tacacs+ | radius}
set accounting system disable
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting for system events, sending records only at the end of the event using a RADIUS server:
Console> (enable) set accounting system enable stop-only radiusAccounting set to enable for system events in start-stop mode..Console> (enable)This example shows how to enable accounting for system events, sending records only at the end of the event using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+Accounting set to enable for system events in start-stop mode..Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accountingset accounting update
To configure the frequency of accounting updates, use the set accounting update command.
set accounting update {new-info | {periodic [interval]}}
Syntax Description
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200Accounting updates will be periodic at 200 minute intervals.Console> (enable)This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-infoAccounting updates will be sent on new information only.Console> (enable)Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set tacacs server
show accountingset acllog ratelimit
To limit the number of packets sent to the route processor CPU for bridged ACEs, use the set acllog ratelimit command.
set acllog ratelimit rate
Syntax Description
rate
Number of packets per second; valid values are 1 to 1000. See the "Usage Guidelines" section for more information.
Defaults
ACL log rate limiting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After entering the set acllog ratelimit command or the clear acllog command, you must either reset the route processor or perform a shut/not shut on the route processor interfaces that have ACEs with the log keyword applied.
After entering the set acllog ratelimit command, the reset or shut/no shut action causes the bridged ACEs to be redirected to the route processor with rate limiting.
To disable ACL log rate limiting, enter the clear acllog command. After entering the clear acllog command, the reset or shut/no shut action causes the system to return to its previous behavior. The bridge action remains unchanged.
If the number of packets per second is greater than the rate that you specify, the packets that exceed the specified rate are dropped.
A rate value of 500 is recommended.
Examples
This example shows how to enable ACL logging and to specify a rate of 500 for rate limiting:
Console> (enable) set acllog ratelimit 500If the ACLs-LOG were already applied, the rate limit mechanism will be effective on systemrestart, or after shut/no shut the interface.Console> (enable)Related Commands
set aclmerge algo
To select the ACL merge algorithm, use the set aclmerge algo command.
set aclmerge algo {bdd | odm}
Syntax Description
bdd
Specifies the ACL merge function based on binary decision diagram (BDD).
odm
Specifies the ACL merge function based on order dependent merge (ODM).
Defaults
The merge algorithm is ODM.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If BDD is disabled, the merge algorithm can only be ODM. When BDD is enabled, you can choose either the BDD algorithm or the ODM algorithm. Use the set aclmerge bdd command to enable or disable BDD.
The ACL merge algorithm that you select is in effect for all new ACL merges. The ACLs already configured are not modified, and they use the ACL merge algorithm that was enabled when the ACLs were merged.
Examples
This example shows how to select ODM as the ACL merge algorithm:
Console> (enable) set aclmerge algo odmAcl merge algorithm set to odm.Console> (enable)Related Commands
set aclmerge bdd
To enable or disable the binary decision diagram (BDD) ACL merge algorithm, use the set aclmerge bdd command.
set aclmerge bdd {enable | disable}
Syntax Description
Defaults
BDD is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable or disable BDD, the change takes effect when your system is restarted.
BDD must be enabled in order to change the ACL merge algorithm.
Enabling BDD on a supervisor engine with 64 MB of RAM could cause memory to run low. To avoid this situation, upgrade the memory or disable BDD.
Examples
This example shows how to disable BDD:
Console> (enable) set aclmerge bdd disableBdd will be disabled on system restart.Console> (enable)This example shows how to enable BDD:
Console> (enable) set aclmerge bdd enableWarning:enabling bdd on a supervisor with 64MB RAMcould cause memory to run low, to avoid this situationplease upgrade the memory or disable BDD.Bdd will be enabled on system restart.Console> (enable)Related Commands
set aclmerge algo
show aclmergeset alias
To define aliases (shorthand versions) of commands, use the set alias command.
set alias name command [parameter] [parameter]
Syntax Description
name
Alias being created.
command
Command for which the alias is being created.
parameter
(Optional) Parameters that apply to the command for which an alias is being created.
Defaults
The default is no aliases are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
For additional information about the parameter value, see the specific command for information about applicable parameters.
Examples
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arpCommand alias added.Console> (enable)Related Commands
set arp
To add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table, use the set arp command.
set arp [dynamic | permanent | static] {ip_addr hw_addr}
set arp agingtime agingtime
Syntax Description
dynamic
(Optional) Specifies that entries are subject to ARP aging updates.
permanent
(Optional) Specifies that permanent entries are stored in NVRAM until they are removed by the clear arp or clear config command.
static
(Optional) Specifies that entries are not subject to ARP aging updates.
ip_addr
IP address or IP alias to map to the specified MAC address.
hw_addr
MAC address to map to the specified IP address or IP alias.
agingtime
Sets the period of time after which an ARP entry is removed from the ARP table.
agingtime
Number of seconds that entries will remain in the ARP table before being deleted; valid values are from 0 to 1,000,000 seconds. Setting this value to 0 disables aging.
Defaults
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When entering the hw_addr value, use a 6-hexadecimal byte MAC address in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Static (nonpermanent) entries remain in the ARP table until you reset the active supervisor engine.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bcARP entry added.Console> (enable)This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800ARP aging time set to 1800 seconds.Console> (enable)This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bcPermanent ARP entry added as198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5Console> (enable)This example shows how to configure a static ARP entry, which will be removed from the ARP cache after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bcStatic ARP entry added as198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5Console> (enable)Related Commands
set authentication enable
To enable authentication using the TACACS+, RADIUS, or Kerberos server to determine if you have privileged access permission, use the set authentication enable command.
set authentication enable {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication enable {enable | disable} [console | telnet | http | all] [primary]
set authentication enable local {enable | disable} [console | telnet | http | all] [primary]
set authentication enable attempt count [console | telnet]
set authentication enable lockout time [console | telnet]
Syntax Description
Defaults
Local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are disabled for all session types. If authentication is enabled, the default attempt count is 3.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use authentication configuration for both console and Telnet connection attempts unless you use the console or telnet keywords to specify the authentication methods for each connection type individually.
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enabletacacs enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enablelocal enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enableradius enable authentication set to enable for console, telnet and http session.Console> (enable)This example shows how to use the TACACS+ server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable tacacs enable consoletacacs enable authentication set to enable for console session.Console> (enable)This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primarykerberos enable authentication set to enable for console, telnet and http session as primary authentication method.Console> (enable)This example shows how to limit enable mode login attempts:
Console> (enable) set authentication enable attempt 5Enable mode authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the enable mode lockout time for both console and Telnet connections:
Console> (enable) set authentication enable lockout 50Enable mode lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication login
show authenticationset authentication login
To enable TACACS+, RADIUS, or Kerberos as the authentication method for login, use the set authentication login command.
set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]
set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]
set authentication login {enable | disable} [console | telnet | http | all]
set authentication login local {enable | disable} [console | telnet | http | all]
set authentication login attempt count [console | telnet]
set authentication login lockout time [console | telnet]
Syntax Description
Defaults
Local authentication is the primary authentication method for login.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command allows you to choose the authentication method for the web interface. If you configure the authentication method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.
Examples
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnettacacs login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable consoleradius login authentication set to disable for the console sessions.Console> (enable)This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnetkerberos login authentication set to disable for the telnet sessions.Console> (enable)This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions:
Console> (enable) set authentication login tacacs enable http primarytacacs login authentication set to enable for HTTP sessions as primary authentification method.Console> (enable)This example shows how to limit login attempts:
Console> (enable) set authentication login attempt 5Login authentication attempts for console and telnet logins set to 5.Console> (enable)This example shows how to set the lockout time for both console and Telnet connections:
Console> (enable) set authentication login lockout 50Login lockout time for console and telnet logins set to 50.Console> (enable)Related Commands
set authentication enable
show authenticationset authorization commands
To enable authorization of command events on the switch, use the set authorization commands command.
set authorization commands enable {config | enable | all} {option} {fallbackoption}
[console | telnet | both]set authorization commands disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
•
•
Examples
This example shows how to enable authorization for all commands with the if-authenticated option and none fallbackoption:
Console> (enable) set authorization commands enable all if-authenticated noneSuccessfully enabled commands authorization.Console> (enable)This example shows how to disable command authorization:
Console> (enable) set authorization commands disableSuccessfully disabled commands authorization.Console> (enable)Related Commands
set authorization enable
set authorization exec
show authorizationset authorization enable
To enable authorization of privileged mode sessions on the switch, use the set authorization enable command.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
set authorization enable disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
•
•
•
Examples
This example shows how to enable authorization of configuration commands in enable, privileged login mode, sessions:
Console> (enable) set authorization enable enable if-authenticated noneSuccessfully enabled enable authorization.Console> (enable)This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disableSuccessfully disabled enable authorization.Console> (enable)Related Commands
set authorization commands
set authorization exec
show authorizationset authorization exec
To enable authorization of exec, normal login mode, session events on the switch, use the set authorization exec command.
set authorization exec enable {option} {fallbackoption} [console | telnet | both]
set authorization exec disable [console | telnet | both]
Syntax Description
Defaults
The default is authorization is denied.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
•
•
•