Catalyst 6500 Series Command Reference, 7.6 - set port auxiliaryvlan to set rcp username [Cisco Catalyst 6500 Series Switches]

Table Of Contents

set port auxiliaryvlan

set port broadcast

set port channel

set port cops

set port debounce

set port disable

set port dot1q-all-tagged

set port dot1qtunnel

set port dot1x

set port duplex

set port enable

set port errdisable-timeout

set port flowcontrol

set port gmrp

set port gvrp

set port host

set port inlinepower

set port jumbo

set port l2protocol-tunnel

set port lacp-channel

set port macro

set port membership

set port name

set port negotiation

set port protocol

set port qos

set port qos autoqos

set port qos cos

set port qos policy-source

set port qos trust

set port qos trust-device

set port qos trust-ext

set port rsvp dsbm-election

set port security

set port speed

set port sync-restart-delay

set port trap

set port unicast-flood

set port voice interface dhcp

set power redundancy

set prompt

set protocolfilter

set pvlan

set pvlan mapping

set qos

set qos acl default-action

set qos acl ip

set qos acl ipx

set qos acl mac

set qos acl map

set qos autoqos

set qos bridged-microflow-policing

set qos cos-dscp-map

set qos drop-threshold

set qos dscp-cos-map

set qos ipprec-dscp-map

set qos mac-cos

set qos map

set qos policed-dscp-map

set qos policer

set qos policy-source

set qos rsvp

set qos rxq-ratio

set qos statistics export

set qos statistics export aggregate

set qos statistics export destination

set qos statistics export interval

set qos statistics export port

set qos txq-ratio

set qos wred

set qos wrr

set radius attribute

set radius deadtime

set radius key

set radius retransmit

set radius server

set radius timeout

set rcp username

2

set port auxiliaryvlan

To configure the auxiliary VLAN ports, use the set port auxiliaryvlan command.

set port auxiliaryvlan mod[/port] {vlan | untagged | dot1p | none}
Syntax Description

mod[/port]

Number of the module and (optional) port or multiple ports.

vlan

Number of the VLAN; valid values are from 1 to 4096.

untagged

Specifies the connected device send and receive untagged packets without 802.1p priority.

dot1p

Specifies the connected device send and receive packets with 802.1p priority.

none

Specifies that the switch does not send any auxiliary VLAN information in the CDP packets from that port.

Defaults

The default setting is none.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a port, all ports are selected.The vlan option specifies that the connected device send packets tagged with a specific VLAN.

If you enter the none option, voice information will not be sent or received.

Dynamic VLAN support for voice VLAN identifier (VVID) includes these restrictions to the following multiple VLAN access port (MVAP) configuration on the switch port:

•You can configure any VVID on a dynamic port including dot1p and untagged, except when the VVID is equal to dot1p or untagged. If this is the case, you must configure VMPS with the MAC address of the IP phone. When you configure the VVID as dot1p or untagged on a dynamic port, this warning message is displayed:
VMPS should be configured with the IP phone mac's.
•For dynamic ports, the auxiliary VLAN ID cannot be the same as the native VLAN ID assigned by VMPS for the dynamic port.

•You cannot configure trunk ports as dynamic ports, but an MVAP can be configured as a dynamic port.

Examples

This example shows how to set the auxiliary VLAN port to untagged:
Console> (enable) set port auxiliaryvlan 5/7 untagged
Port 5/7 allows the connected device send and receive untagged packets and 
without 802.1p priority.  
Console> (enable)
This example shows how to set the auxiliary VLAN port to dot1p:
Console> (enable) set port auxiliaryvlan 5/9 dot1p
Port 5/9 allows the connected device send and receive packets with 802.1p priority.
Console> (enable)
This example shows how to set the auxiliary VLAN port to none:
Console> (enable) set port auxiliaryvlan 5/12 none 
Port 5/12 will not allow sending CDP packets with AuxiliaryVLAN information.
Console> (enable)
This example shows how to set the auxiliary VLAN port to a specific module, port, and VLAN:
Console> (enable) set port auxiliaryvlan 2/1-3 222 
Auxiliaryvlan 222 configuration successful.
AuxiliaryVlan AuxVlanStatus Mod/Ports
------------- ------------- -------------------------
222           active        1/2,2/1-3
Console> (enable)
Related Commands

show port auxiliaryvlan

set port broadcast

To set broadcast, multicast, or unicast suppression for one or more ports, use the set port broadcast command. The threshold limits the backplane traffic received from the module.

set port broadcast mod/port threshold% [violation {drop-packets | errdisable}]
[multicast {enable | disable}] [unicast {enable | disable}]
Syntax Description

mod/port

Number of the module and the port on the module.

threshold%

Percentage of total available bandwidth that can be used by traffic; valid values are decimal numbers from 0.00% to 100% or whole numbers from 0% to 100%.

violation

(Optional) Specifies an action when suppression occurs.

drop-packets

(Optional) Drops packets when suppression occurs.

errdisable

(Optional) Errdisables the port when suppression occurs.

multicast

(Optional) Specifies multicast suppression.

enable | disable

(Optional) Enables or disables the suppression type.

unicast

(Optional) Specifies unicast suppression.

Defaults

The default is 100% (no broadcast limit).

The default action is drop-packets if a broadcast violation occurs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

You can enter the threshold value in two ways:

•A decimal number followed by a percent sign (for example 0.33%)

•A whole number followed by a percent sign (for example 33%)

The percent sign (%) is required when entering the threshold value.

The multicast and unicast keywords are supported on Gigabit Ethernet modules only.

If you enter the command without using the multicast or unicast keyword, only broadcast traffic is suppressed. If you enter the multicast or unicast keyword, both broadcast and the selected traffic type are suppressed.

Examples

This example shows how to limit broadcast traffic to 20 percent:
Console> (enable) set port broadcast 4/3 20%
Port 4/3 broadcast traffic limited to 20.00%.
Console> (enable) 
This example shows how to limit broadcast traffic to 90 percent and to errdisable when suppression occurs:
Console> (enable) set port broadcast 4/6 90% violation errdisable
Port 4/6 broadcast traffic limited to 90.00%.
On broadcast suppression port 4/6 is configured to move to errdisabled state.
Console> (enable)
This example shows how to allow a specific amount of multicast traffic to a range of ports:
Console> (enable) set port broadcast 4/1-24 80% multicast enable
Port 4/1-24 multicast traffic limited to 80%.
Console> (enable) 
This example shows how to limit broadcast and multicast traffic to 91 percent, to disable unicast traffic, and to errdisable when suppression occurs:
Console> (enable) set port broadcast 4/2 91% violation errdisable multicast enable unicast 
disable 
Port 4/2 broadcast and multicast traffic limited to 91.00%.
On broadcast suppression port 4/2 is configured to move to errdisabled state.
Console> (enable)
This example shows how to limit broadcast, multicast, and unicast traffic to 91 percent:
Console> (enable) set port broadcast 4/2 91% multicast enable unicast enable
Port 4/2 broadcast, multicast and unicast traffic limited to 91.00%.
Console> (enable)
Related Commands

clear port broadcast
show port broadcast

set port channel

To configure EtherChannel on Ethernet module ports, use the set port channel command.

set port channel mod/port [admin_group]
set port channel mod/port mode {on | off | desirable | auto} [silent | non-silent]
set port channel all mode off
set port channel all distribution {ip | mac} [source | destination | both]
set port channel all distribution {session} [source | destination | both]
Syntax Description

mod/port

Number of the module and the port on the module.

admin_group

(Optional) Number of the administrative group; valid values are from 1 to 1024.

mode

Specifies the EtherChannel mode.

on

Enables and forces specified ports to channel without PAgP.

off

Prevents ports from channeling.

desirable

Sets a PAgP mode that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets.

auto

Sets a PAgP mode that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not initiate PAgP packet negotiation.

silent

(Optional) Uses with auto or desirable when no traffic is expected from the other device to prevent the link from being reported to STP as down.

non-silent

(Optional) Uses with auto or desirable when traffic is expected from the other device.

all mode off

Turns off channeling on all ports globally.

all distribution

Applies frame distribution to all ports in the Catalyst 6500 series switch.

ip

Specifies the frame distribution method using IP address values.

mac

Specifies the frame distribution method using MAC address values.

source

(Optional) Specifies the frame distribution method using source address values.

destination

(Optional) Specifies the frame distribution method using destination address values.

both

(Optional) Specifies the frame distribution method using source and destination address values.

session

Allows frame distribution of Layer 4 traffic.

both

(Optional) Specifies the frame distribution method using source and destination Layer 4 port number.

Defaults

The default is EtherChannel is set to auto and silent on all module ports. The defaults for frame distribution are ip and both.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

This command is not supported by non-EtherChannel-capable modules.

The set port channel all distribution session command is supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2) only.

Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so forth. For more information on EtherChannel, refer to the Catalyst 6500 Series Switch Software Configuration Guide.

With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode.

If you are running QoS, make sure that bundled ports are all of the same trust types and have similar queueing and drop capabilities.

Disable the port security feature on the channeled ports (see the set port security command). If you enable port security for a channeled port, the port shuts down when it receives packets with source addresses that do not match the secure address of the port.

You can configure up to eight ports on the same switch in each administrative group.

When you assign ports to an existing administrative group, the original ports associated with the administrative group will move to a new automatically picked administrative group. You cannot add ports to the same administrative group.

If you do not enter an admin_group value, a new administrative group is created with the admin_group value selected automatically. The next available administrative group is automatically selected.

If you do not enter the channel mode, the channel mode of the ports addressed are not modified.

The silent | non-silent parameters only apply if desirable or auto modes are entered.

If you do not specify silent or non-silent, the current setting is not affected.

Note With software releases 6.2(1) and earlier, the 6- and 9-slot Catalyst 6500 series switches support a maximum of 128 EtherChannels.

With software releases 6.2(2) and later, due to the port ID handling by the spanning tree feature, the maximum supported number of EtherChannels is 126 for a 6- or 9-slot chassis and 63 for a 13-slot chassis. Note that the 13-slot chassis was first supported in software release 6.2(2).

Examples

This example shows how to set the channel mode to desirable:
Console> (enable) set port channel 2/2-8 mode desirable
Ports 2/2-8 channel mode set to desirable.
Console> (enable)
This example shows how to set the channel mode to auto:
Console> (enable) set port channel 2/7-8,3/1 mode auto
Ports 2/7-8,3/1 channel mode set to auto.
Console> (enable)
This example shows how to group ports 4/1 through 4 in an administrative group:
Console> (enable) set port channel 4/1-4 96
Port(s) 4/1-4 are assigned to admin group 96.
Console> (enable)
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1
No more than 8 ports can be assigned to an admin group.
Console> (enable) 
This example shows how to disable EtherChannel on module 4, ports 4 through 6:
Console> (enable) set port channel 4/4-6 mode off
Port(s) 4/4-6 channel mode set to off.
Console> (enable) 
This example shows the display output when you assign ports to an existing administrative group. This example moves ports in admin group 96 to another admin group and assigns ports 4/4 through 6 to admin group 96:
Console> (enable) set port channel 4/4-6 96
Port(s) 4/1-3 are moved to admin group 97.
Port(s) 4/4-6 are assigned to admin group 96.
Console> (enable) 
This example shows how to set the channel mode to off for ports 4/4 through 6 and assign ports 4/4 through 6 to an automatically selected administrative group:
Console> (enable) set port channel 4/4-6 off
Port(s) 4/4-6 channel mode set to off.
Port(s) 4/4-6 are assigned to admin group 23.
Console> (enable) 
This example shows how to configure the EtherChannel load-balancing feature:
Console> (enable) set port channel all distribution ip destination
Channel distribution is set to ip destination.
Console> (enable) 
Related Commands

show channel
show channel group
show port channel

set port cops

To create port roles, use the set port cops command.

set port cops mod/port roles role1 [role2]...
Syntax Description

mod/port

Number of the module and the port on the module.

roles role#

Specifies the roles.

Defaults

The default is all ports have a default role of null string, for example, the string of length 0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

A port may have multiple roles. You can configure a maximum of 64 total roles per switch. You can specify multiple roles in a single command.

Examples

This example shows how to create roles on a port:
Console> (enable) set port cops 3/1 roles backbone_port main_port
New role `backbone_port' created.
New role `main_port' created.
Roles added for port 3/1-4.
Console> (enable)
This example shows the display if you attempt to create a roll and exceed the maximum allowable number of roles:
Console> (enable) set port cops 3/1 roles access_port
Unable to add new role. Maximum number of roles is 64.
Console> (enable)
Related Commands

clear port cops
show port cops

set port debounce

To enable or disable the debounce timer or configure the timer setting on a per-port basis, use the set port debounce command.

set port debounce mod/port {enable | disable}
set port debounce mod/port delay time
Syntax Description

mod/port

Number of the module and the port on the module.

enable | disable

Enables or disables the debounce timer.

delay

Sets the debounce timer for gigabit fiber ports.

time

Amount of time the firmware waits before notifying the supervisor engine of a link change; valid values are 200 milliseconds or from 300 to 5000 milliseconds. This is supported on gigabit fiber ports only. See the "Usage Guidelines" section for more information.

Defaults

By default, the debounce timer is disabled on all ports.

When the debounce timer is disabled, the default debounce timer values are as follows:

•10/100 ports—300 milliseconds

•100BASE-FX ports—300 milliseconds

•10/100/1000BASE-T and gigabit TX ports—300 milliseconds

•10-gigabit ports—10 milliseconds

When the debounce timer is enabled, the default debounce timer values are as follows:

•10/100 ports—3100 milliseconds

•100BASE-FX ports—3100 milliseconds

•10/100/1000BASE-T and gigabit TX ports—3100 milliseconds

•10-gigabit ports—100 milliseconds

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The debounce timer is the time the firmware waits before notifying the supervisor engine of a link change at the physical layer.

Setting the debounce timer value to 200 milliseconds or from 300 to 5000 milliseconds is possible only for gigabit fiber ports. You do not need to enable the debounce timer on a gigabit fiber port before adjusting the timer. Any timer value that is greater than the default value in disabled state is considered a value that enables the timer.

For 10/100 ports and 100BASE-FX ports in the disabled state, the firmware may take up to 600 milliseconds to notify the supervisor engine of a link change because the firmware polling time is every 300 milliseconds.

For 10/100 ports and 100BASE-FX ports in the enabled state, the firmware may take up to 3400 milliseconds to notify the supervisor engine of a link change because the firmware polling time is every 300 milliseconds.

Examples

This example shows how to enable the debounce timer for a specific port on a specific module:
Console> (enable) set port debounce 1/1 enable
Debounce is enabled on port 1/1.
Warning:Enabling port debounce causes Link Up/Down detections to be delayed.
It results in loss of data traffic during debouncing period, which might
affect the convergence/reconvergence of various Layer 2 and Layer 3
protocols.
Use with caution.
Console> (enable)
Related Commands

show port debounce

set port disable

To disable a port or a range of ports, use the set port disable command.

set port disable mod/port
Syntax Description

mod/port

Number of the module and the port on the module.

Defaults

The default system configuration has all ports enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

It takes approximately 30 seconds for this command to take effect.

Examples

This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10
Port 5/10 disabled.
Console> (enable) 
Related Commands

set port enable
show port

set port dot1q-all-tagged

To enable the 802.1Q tagging feature on specific ports, use the set port dot1q-all-tagged command.

set port dot1q-all-tagged {mod/port} {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables the dot1q-all-tagged feature.

disable

Disables the dot1q-all-tagged feature.

Defaults

The 802.1Q tagging feature is enabled on a per-port basis. See the "Usage Guidelines" section for more information.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Although 802.1Q tagging is enabled by default on a per-port basis, tagging only takes effect when you enable the feature globally by entering the set dot1q-all-tagged enable command. When the global command is enabled, if you do not want tagging on a specific port, you must disable the feature on that port.

Examples

This example shows how to enable the dot1q tagging feature on specific ports:
Console> (enable) set port dot1q-all-tagged 1/1-2 enable
Packets on native vlan will be tagged on port(s) 1/1-2.
Console> (enable)
This example shows how to enable the dot1q tagging feature on all ports:
Console> (enable) set port dot1q-all-tagged all enable
Packets on native vlan will be tagged on all applicable ports.
Console> (enable)
This example shows how to disable the dot1q tagging feature on specific ports:
Console> (enable) set port dot1q-all-tagged 1/1-2 disable
Packets on native vlan will not be tagged for port(s) 1/1-2.
Console> (enable)
This example shows how to disable the dot1q tagging feature on all ports:
Console> (enable) set port dot1q-all-tagged all disable
Packets on native vlan will not be tagged on all applicable ports.
Console> (enable)
Related Commands

set dot1q-all-tagged
show dot1q-all-tagged
show port dot1q-all-tagged

set port dot1qtunnel

To configure the dot1q tunnel mode for the port, use the set port dot1qtunnel command.

set port dot1qtunnel mod/port {access | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

access

Turns off the port's trunking mode.

disable

Disables dot1q tunneling.

Defaults

The default is dot1qtunnel is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You cannot enable the dot1q tunneling feature on a port until dot1q-tagged-only mode is enabled.

You cannot disable dot1q-tagged-only mode on the switch until dot1q tunneling is disabled on all the ports on the switch.

You cannot set the dot1q tunnel mode to access if port security is enabled.

You cannot set the dot1q tunnel mode to access on a port with an auxiliary VLAN configured.

An interconnected network can have redundant paths to the same edge switch of ISP, but it cannot have redundant paths to two different edge switches of ISP.

Note PBF does not work with 802.1Q tunnel traffic. PBF is supported on Layer 3 IP unicast traffic, but it is not applicable to Layer 2 traffic. At the intermediate (PBF) switch, all 802.1Q tunnel traffic appears as Layer 2 traffic.

If you enable dot1q-tagged globally, the dot1q-tagged per-port setting controls whether or not the frames are tagged. If you disable dot-1q-tagged globally, the default group is never tagged and the per-port setting has no effect.

Examples

This example shows how to set dot1q tunneling on the port to access:
Console> (enable) set port dot1qtunnel 4/1 access
Dot1q tunnel feature set to access mode on port 4/1.
Port 4/2 trunk mode set to off.
Console> (enable) 
This example shows the output if you try to turn on trunking on a port that has dot1q tunneling mode set:
Console> (enable) set trunk 4/1 on
Failed to set port 4/1 to trunk mode on.
The dot1q tunnel mode for the port is currently set to access.
Console> (enable) 
Related Commands

show port dot1qtunnel

set port dot1x

To configure dot1x on a port, use the set port dot1x command.

set port dot1x mod/port multiple-host {enable | disable}
set port dot1x mod/port {port-control port_control_value}
set port dot1x mod/port {initialize | re-authenticate}
set port dot1x mod/port re-authentication {enable | disable}
set port dot1x mod/port multiple-authentication {enable | disable}
set port dot1x mod/port guest-vlan {vlan | none}
Syntax Description

mod/port

Number of the module and port on the module.

multiple-host

Specifies multiple-user access; see the "Usage Guidelines" section for more information.

enable

Enables multiple-user access.

disable

Disables multiple-user access.

port-control port_control_value

Specifies the port control type; valid values are force-authorized, force-unauthorized, and auto.

initialize

Initializes dot1x on the port.

re-authenticate

Manually initiates a reauthentication of the entity connected to the port.

re-authentication

Automatically initiates reauthentication of the entity connected to the port within the reauthentication time period; see the "Usage Guidelines" section for more information.

enable

Enables automatic reauthentication.

disable

Disables automatic reauthentication.

multiple-authentication

Specifies multiple authentications so that more than one host can gain access to the port; see the "Usage Guidelines" section for more information.

enable

Enables multiple authentication.

disable

Disables multiple authentication.

guest-vlan

Specifies an active VLAN as an 802.1x guest VLAN.

vlan

Number of the VLAN; valid values are from 1 to 1005 and 1025 to 4094.

none

Clears the guest VLAN on the port.

Defaults

The default settings are as follows:

•The default port_control_value is force-authorized.

•The multiple host feature is disabled.

•The reauthentication feature is disabled.

•The multiple authentication feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The dot1x port will not be allowed to become a trunk port, MVAP, channel port, dynamic port, or a secure port.

When setting the port control type, the following applies:

•force-authorized forces the controlled port to transition to the authorized state unconditionally and is equivalent to disabling 802.1x restriction in the port.

•force-unauthorized forces the controlled port to transit to the unauthorized state unconditionally and prevents the authorized services of the authenticator to the supplicant.

•auto enables 802.1x control on the port.

If you disable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, only that particular host (MAC address) is allowed on that port. When the system detects another host (different MAC address) on the authorized port, it shuts down the port and displays a syslog message. This is the default system behavior.

If you enable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, any host (any MAC address) is allowed to send or receive traffic on that port.

If you enable reauthentication, you can set the reauthentication time period in seconds by entering the set dot1x re-authperiod seconds command. The default for the reauthentication time period is 3600 seconds.

You can enable either multiple host mode or multiple authentication mode.

Examples

This example shows how to set the port control type automatically:
Console> (enable) set port dot1x 4/1 port-control auto
Port 4/1 dot1x port-control is set to auto.
Console> (enable)
This example shows how to initialize dot1x on a port:
Console> (enable) set port dot1x 4/1 initialize
dot1x port 4/1 initializing...
dot1x initialized on port 4/1.
Console> (enable)
This example shows how to manually reauthenticate a port:
Console> (enable) set port dot1x 4/1 re-authenticate
dot1x port 4/1 re-authenticating...
dot1x re-authentication successful...
dot1x port 4/1 authorized.
Console> (enable) 
This example shows how to enable multiple-user access on a specific port:
Console> (enable) set port dot1x 4/1 multiple-host enable
Multiple hosts allowed on port 4/1.
Console> (enable) 
This example shows how to enable automatic reauthentication on a port:
Console> (enable) set port dot1x 4/1 re-authentication enable
Port 4/1 re-authentication enabled.
Console> (enable) 
Related Commands

set dot1x
show dot1x
show port dot1x

set port duplex

To configure the duplex type of an Ethernet port or a range of ports, use the set port duplex command.

set port duplex mod/port {full | half}
Syntax Description

mod/port

Number of the module and the port on the module.

full

Specifies full-duplex transmission.

half

Specifies half-duplex transmission.

Defaults

The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.

The set port duplex command is not supported on Gigabit Ethernet ports. Gigabit Ethernet ports support full-duplex mode only.

If the transmission speed on a 16-port RJ-45 Gigabit Ethernet port is set to 1000, duplex mode is set to full. If the transmission speed is changed to 10 or 100, the duplex mode stays at full. You must configure the correct duplex mode when transmission speed is changed to 10 or 100 from 1000.

Examples

This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full
Port 2/1 set to full-duplex.
Console> (enable)
Related Commands

show port

set port enable

To enable a port or a range of ports, use the set port enable command.

set port enable mod/port
Syntax Description

mod/port

Number of the module and the port on the module.

Defaults

The default is all ports are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

It takes approximately 30 seconds for this command to take effect.

Examples

This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3
Port 2/3 enabled.
Console> (enable) 
Related Commands

set port disable
show port

set port errdisable-timeout

To prevent an errdisabled port from being enabled, use the set port errdisable-timeout command.

set port errdisable-timeout mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables errdisable timeout.

disable

Disables errdisable timeout.

Defaults

By default, the errdisable timeout for each port is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When the global timer times out, the port will be reenabled. Use the set port errdisable-timeout command if you want the port to remain in the errdisabled state.

Examples

This example shows how to prevent port 3/3 from being enabled when it goes into errdisabled state:
Console> (enable) set port errdisable-timeout 3/3 disable
Successfully disabled errdisable-timeout for port 3/3.
Console> (enable) 
Related Commands

set errdisable-timeout
show errdisable-timeout
show port errdisable-timeout

set port flowcontrol

To configure a port to send or receive pause frames, use the set port flowcontrol command. Pause frames are special packets that signal a source to stop sending frames for a specific period of time because the buffers are full.

set port flowcontrol mod/port {receive | send} {off | on | desired}
Syntax Description

mod/port

Number of the module and the port on the module.

receive

Specifies a port processes pause frames.

send

Specifies a port sends pause frames.

off

Prevents a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports.

on

Enables a local port to receive and process pause frames from remote ports or send pause frames to remote ports.

desired

Obtains predictable results regardless of whether a remote port is set to on, off, or desired.

Defaults

Flow-control defaults vary depending upon port speed:

•Gigabit Ethernet ports default to off for receive (Rx) and desired for transmit (Tx)

•Fast Ethernet ports default to off for receive and on for transmit

On the 24-port 100BASE-FX and 48-port 10/100 BASE-TX RJ-45 modules, the default is off for receive and off for send.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

When you configure the 24-port 100BASE-FX and 48-port 10/100 BASE-TX RJ-45 modules, you can set the receive flow control to on or off and the send flow control to off.

All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices.

To obtain predictable results, use these guidelines:

•Use send on only when remote ports are set to receive on or receive desired.

•Use send off only when remote ports are set to receive off or receive desired.

•Use receive on only when remote ports are set to send on or send desired.

•Use send off only when remote ports are set to receive off or receive desired.

Table 2-15 describes guidelines for different configurations of the send and receive keywords.

Table 2-15 send and receive Keyword Configurations

Configuration

Description

send on

Enables a local port to send pause frames to remote ports.

send off

Prevents a local port from sending pause frames to remote ports.

send desired

Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired.

receive on

Enables a local port to process pause frames that a remote port sends.

receive off

Prevents a local port from sending pause frames to remote ports.

receive desired

Obtains predictable results whether a remote port is set to send on, send off, or send desired.

Examples

This example shows how to configure port 1 of module 5 to receive and process pause frames:
Console> (enable) set port flowcontrol receive 5/1 on
Port 5/1 flow control receive administration status set to on
(port will require far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive and process pause frames if the remote port is configured to send pause frames:
Console> (enable) set port flowcontrol receive 5/1 desired
Port 5/1 flow control receive administration status set to desired
(port will allow far end to send flowcontrol if far end supports it)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive but NOT process pause frames on port 1 of module 5:
Console> (enable) set port flowcontrol receive 5/1 off
Port 5/1 flow control receive administration status set to off
(port will not allow far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames:
Console> (enable) set port flowcontrol send 5/1 on
Port 5/1 flow control send administration status set to on
(port will send flowcontrol to far end)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames and yield predictable results even if the remote port is set to receive off:
Console> (enable) set port flowcontrol send 5/1 desired
Port 5/1 flow control send administration status set to desired
(port will send flowcontrol to far end if far end supports it)
Console> (enable)
Related Commands

show port flowcontrol

set port gmrp

To enable or disable GMRP on the specified ports in all VLANs, use the set port gmrp command.

set port gmrp mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables GVRP on a specified port.

disable

Disables GVRP on a specified port.

Defaults

The default is GMRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

You can enter this command even when GMRP is not enabled, but the values come into effect only when you enable GMRP using the set gmrp enable command.

Examples

This example shows how to enable GMRP on module 3, port 1:
Console> (enable) set port gmrp 3/1 enable
GMRP enabled on port(s) 3/1.
GMRP feature is currently disabled on the switch.
Console> (enable)
This example shows how to disable GMRP on module 3, ports 1 through 5:
Console> (enable) set port gmrp 3/1-5 disable
GMRP disabled on port(s) 3/1-5.
Console> (enable)
Related Commands

show gmrp configuration

set port gvrp

To enable or disable GVRP on the specified ports in all VLANs, use the set port gvrp command.

set port gvrp mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables GVRP on a specified port.

disable

Disables GVRP on a specified port.

Defaults

The default is GVRP is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

When you enable VTP pruning, it runs on all the GVRP-disabled trunks.

To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the trunk.

You can configure GVRP on a port even when you globally enable GVRP. However, the port will not become a GVRP participant until you globally enable GVRP.

You can enable GVRP on an 802.1Q trunk only.

If you enter the set port gvrp command without specifying the port number, GVRP is affected globally in the switch.

Examples

This example shows how to enable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 enable
GVRP enabled on 3/2.
Console> (enable) 
This example shows how to disable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 disable
GVRP disabled on 3/2.
Console> (enable) 
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable
Failed to set port 4/1 to GVRP enable. Port not allow GVRP.
Console> (enable) 
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set gvrp command:
Console> (enable) set port gvrp 5/1 enable
GVRP enabled on port(s) 5/1.
GVRP feature is currently disabled on the switch.
Console> (enable)
Related Commands

clear gvrp statistics
set gvrp
show gvrp configuration

set port host

To optimize the port configuration for a host connection, use the set port host command.

set port host mod/port
Syntax Description

mod/port

Number of the module and the port on the module.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

To optimize the port configuration, the set port host command sets channel mode to off, enables spanning tree PortFast, sets the trunk mode to off, and disables the dot1q tunnel feature. Only an end station can accept this configuration.

Because spanning tree PortFast is enabled, you should enter the set port host command only on ports connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast-start port can cause temporary spanning tree loops.

Enable the set port host command to decrease the time it takes to start up packet forwarding.

Examples

This example shows how to optimize the port configuration for end station/host connections on ports 2/1 and 3/1:
Console> (enable) set port host 2/1,3/1
Warning: Span tree port fast start should only be enabled on 
ports connected to a single host.  Connecting hubs, concentrators, 
switches, bridges, etc. to a fast start port can cause temporary 
spanning tree loops.  Use with caution.
Spantree ports 2/1,3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s)  4/1.
Port(s) 2/1,3/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
Console> (enable) 
Related Commands

clear port host

set port inlinepower

To set the inline power mode of a port or group of ports, use the set port inlinepower command.

set port inlinepower mod/port {off | auto}
Syntax Description

mod/port

Number of the module and the port on the module.

off

Prevents the port from powering up even if an unpowered phone is connected.

auto

Powers up the port only if the switching module has discovered the phone.

Defaults

The default is auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

If you enter this command on a port that does not support the IP phone power feature, an error message is displayed.

You can enter a single port or a range of ports, but you cannot enter the module number only.

An inline power-capable device can still be detected even if the inline power mode is set to off.

Caution Damage can occur to equipment connected to the port if you are not using a phone that can be configured for the IP phone phantom power feature.

Examples

This example shows how to set the inline power to off:
Console> (enable) set port inlinepower 2/5 off
Inline power for port 2/5 set to off.
Console> (enable) 
This example shows the output if the inline power feature is not supported:
Console> (enable) set port inlinepower 2/3-9 auto
Feature not supported on module 2.
		Console> (enable)
Related Commands

set inlinepower defaultallocation
show environment
show port inlinepower

set port jumbo

To enable or disable the jumbo frame feature on a per-port basis, use the set port jumbo command.

set port jumbo mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables jumbo frames on a specified port.

disable

Disables jumbo frames on a specified port.

Defaults

If you enable the jumbo frame feature, the MTU size for packet acceptance is 9216 bytes for nontrunking ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM. The jumbo frame feature is supported on any Ethernet port and on the sc0 interface. The MSFC2 supports routing of jumbo frames. The Gigabit Switch Router (GSR) supports jumbo frames.

You can use the jumbo frame feature to transfer large frames or jumbo frames through Catalyst 6500 series switches to optimize server-to-server performance.

The Multilayer Switch Feature Card (MSFC) and the Multilayer Switch Module (MSM) do not support the routing of jumbo frames; if jumbo frames are sent to these routers, router performance is significantly degraded.

Examples

This example shows how to enable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 enable
Jumbo frames enabled on port 5/3.
Console> (enable) 
This example shows how to disable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 disable
Jumbo frames disabled on port 3/2.
Console> (enable) 
Related Commands

set trunk
show port jumbo

set port l2protocol-tunnel

To set Layer 2 protocol tunneling parameters, use the set port l2protocol-tunnel command.

set port l2protocol-tunnel mod/port {cdp | stp | vtp} {enable | disable}
set port l2protocol-tunnel mod/port {drop-threshold drop-threshold}
{shutdown-threshold shutdown-threshold}
Syntax Description

mod/port

Number of the module and the port or range of ports.

cdp | stp | vtp

Specifies the protocol type. See the "Usage Guidelines" section for more information.

enable | disable

Enables or disables the protocol.

drop-threshold drop-threshold

Specifies the drop threshold factor on a port or range of ports. See the "Usage Guidelines" section for more information.

shutdown-threshold shutdown-threshold

Specifies the shutdown threshold factor on a port or range of ports. See the "Usage Guidelines" section for more information.

Defaults

Protocol tunneling is disabled on all ports.

The default for the drop threshold and the shutdown threshold is 0. The 0 value indicates that no limit is set.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can specify more than one protocol type at a time. In the CLI, separate protocol types with a space.

The recommended maximum value for the shutdown threshold is 1000. This value reflects the number of PDUs an edge switch can handle per second (without dropping any) while performing egress and ingress tunneling. For an edge switch, the shutdown threshold value also determines the number of
Layer 2 protocol tunneling ports that can be connected to customer switches and the number of customer VLANs per Layer 2 protocol tunneling port. In determining the recommended maximum value of 1000, egress tunneling from the service provider network was also taken into consideration.

To determine the number of Layer 2 protocol tunneling ports (links) and the number of customer VLANs per Layer 2 protocol tunneling port (VLANs per link) that an edge switch can handle, use the following formula: Multiply the number of Layer 2 protocol tunneling ports by the number of VLANs and the result should be less than or equal to 1000. Some examples of acceptable configurations are as follows:

•1 Layer 2 protocol tunneling port x 1000 VLANs

•2 Layer 2 protocol tunneling port x 500 VLANs

•5 Layer 2 protocol tunneling port x 200 VLANs

•10 Layer 2 protocol tunneling port x 100 VLANs

•20 Layer 2 protocol tunneling port x 50 VLANs

•100 Layer 2 protocol tunneling port x 10 VLANs

Note The shutdown threshold factor should exceed the drop threshold factor. After reaching the drop threshold factor, the port or range of ports starts dropping PDUs. After reaching the shutdown threshold factor, the port or range of ports goes into errdisable state and is restored after timeout.

Examples

This example shows how to enable CDP on a range of ports:
Console> (enable)  set port l2protocol-tunnel 7/1-2 cdp enable
Layer 2 protocol tunneling enabled for CDP on ports 7/1-2.
Console> (enable)
This example shows how to enable STP and VTP on a range of ports:
Console> (enable)  set port l2protocol-tunnel 7/1-2 stp vtp enable
Layer 2 protocol tunneling enabled for STP VTP on ports 7/1-2.
Console> (enable)
This example shows how to disable CDP, STP, and VTP on a range of ports:
Console> (enable)  set port l2protocol-tunnel 7/1-2 cdp stp vtp disable
Layer 2 protocol tunneling disabled for CDP STP VTP on ports 7/1-2.
Console> (enable)
This example shows how to set the drop threshold to 1000 and the shutdown threshold to 20000 on a port:
Console> (enable) set port l2protocol-tunnel 7/1 drop-threshold 1000 shutdown-threshold 
20000    
Drop Threshold=1000, Shutdown Threshold=20000 set on port 7/1.
Console> (enable)
Related Commands

clear l2protocol-tunnel cos
clear l2protocol-tunnel statistics
set l2protocol-tunnel cos
show l2protocol-tunnel statistics
show port l2protocol-tunnel

set port lacp-channel

To set the priority value for physical ports, to assign an administrative key to a particular set of ports, or to change the channel mode for a set of ports that were previously assigned to the same administrative key, use the set port lacp-channel command.

set port lacp-channel mod/ports port-priority value
set port lacp-channel mod/ports [admin-key]
set port lacp-channel mod/ports mode {on | off | active | passive}
Syntax Description

mod/ports

Number of the module and the ports on the module.

port-priority

Specifies the priority for physical ports.

value

Number of the port priority; valid values are from 1 to 255. See the "Usage Guidelines" section for more information about the priority value.

admin-key

(Optional) Number of the administrative key; valid values are from 1 to 1024. See the "Usage Guidelines" section for more information about the administrative key.

mode

Specifies the channel mode for a set or ports.

on | off | active | passive

Specifies the status of the channel mode.

Defaults

LACP is supported on all Ethernet interfaces.

The default port priority value is 128.

The default mode is passive for all ports that are assigned to the administrative key.

For differences between PAgP and LACP, refer to the "Guidelines for Port Configuration" section of the "Configuring EtherChannel" chapter of the Catalyst 6500 Series Switch Software Configuration Guide.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command can only be used for ports belonging to LACP modules. This command cannot be used on ports running in PAgP mode.

Higher priority values correspond to lower priority levels.

The following usage guidelines apply when you assign an administrative key to ports:

•If you do not enter a value for the administrative key, the switch chooses a value automatically.

•If you choose a value for the administrative key, but this value is already used in your switch, all the ports associated with this value are moved to a new administrative key that is assigned automatically. The previously used value is now associated with new ports.

•You can assign a maximum of 8 ports to an administrative key.

•If you assign an administrative key to a channel that was previously assigned a particular mode, the channel will maintain that mode after you enter the administrative key value.

Examples

This example shows how to set the priority of ports 1/1 to 1/4 and 2/6 to 2/8 to 10:
Console> (enable) set port lacp-channel 4/1-4
Ports 4/1-4 being assigned admin key 96.
Console> (enable)
This example shows how to assign ports 4/1 to 4/4 to an administrative key that the switch automatically chooses:
Console> (enable) set port lacp-channel 4/1-4
Ports 4/1-4 being assigned admin key 96.
Console> (enable)
This example shows how to assign ports 4/4 to 4/6 to administrative key 96 when that key was previously assigned to ports 4/1 to 4/3:
Console> (enable) set port lacp-channel 4/4-6 96
admin key 96 already assigned to port 4/1-3.
Port(s) 4/1-3 being assigned to admin key 97.
Port(s) 4/4-6 being assigned to admin key 96.
Console> (enable)
Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel

set port macro

To execute a configuration macro on a per-port basis, use the set port macro command.

set port macro mod/ports... ciscoipphone vlan vlan [auxvlan auxvlan]
set port macro mod/ports... ciscosoftphone vlan vlan
Syntax Description

mod/ports...

Number of the module and the ports on the module.

ciscoipphone

Specifies the Cisco IP Phone configuration macro.

vlan

Specifies a VLAN interface.

vlan

Number of the VLAN.

auxvlan

(Optional) Specifies an auxiliary VLAN

auxvlan

(Optional) Number of the auxiliary VLAN.

ciscosoftphone

Specifies the Cisco Softphone configuration macro.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you use automatic voice configuration with the ciscoipphone keyword, some of the QoS configuration requires phone-specific configuration (trust-ext, ext-cos), which is supported only on the following phones: Cisco IP Phone 7910, Cisco IP Phone 7940, Cisco IP Phone 7960, and Cisco IP Phone 7935. However, the ciscoipphone keyword is not exclusive to these models only; any phone can benefit from all the other QoS settings that are configured on the switch.

To configure the QoS settings and the trusted boundary feature on the Cisco IP Phone, you must enable Cisco Discovery Protocol (CDP) version 2 or later on the port. You need to enable CDP only for the ciscoipphone QoS configuration; CDP does not affect the other components of the automatic voice configuration feature.

The automatic voice configuration commands do not support channeling.

A PFC or PFC2 is not required for the ciscoipphone keyword.

A PFC or PFC2 is required for the ciscosoftphone keyword.

The ciscoipphone keyword is only supported on 10/100 and 10/100/1000 Ethernet ports.

The ciscosoftphone keyword is supported on all Ethernet ports.

Examples

This example shows how to execute the Cisco IP Phone configuration macro with an auxiliary VLAN:
Console> (enable) set port macro 3/1 ciscoipphone vlan 2 auxvlan 3
Port 3/1 enabled.
Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.
Port 3/1 vlan assignment set to static.
Spantree port fast start option set to default for ports 3/1.
Port(s) 3/1 channel mode set to off.
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port  3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s)  3/1.
Port(s)  3/1 trunk mode set to off.
VLAN  Mod/Ports
---- -----------------------
2     2/1
      3/1
      16/1
AuxiliaryVlan Status   Mod/Ports
------------- --------
------------------------------------------------------
3             inactive 3/1
Vlan 3 is not active.
Inline power for port 3/1 set to auto.
CDP enabled globally
CDP enabled on port 3/1.
CDP version set to v2
........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp maps
configured.  Global QoS configured.
Port 3/1 ingress QoS configured for Cisco IP Phone.
Macro completed on port 3/1.
Console> (enable)
This example shows the warning message that appears when you do not specify an auxiliary VLAN:
Console> (enable) set port macro 3/1 ciscoipphone vlan 2
Warning: All inbound QoS tagging information will be lost as no auxillary
vlan was specified.
Do you want to continue (y/n) [n]?
This example shows how to execute the Cisco Softphone configuration macro:
Console> (enable) set port macro 3/1 ciscosoftphone vlan 32
Port 3/1 enabled.
Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.
Port 3/1 vlan assignment set to static.
Spantree port fast start option set to default for ports 3/1.
Port(s) 3/1 channel mode set to off.
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port  3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s)  3/1.
Port(s)  3/1 trunk mode set to off.
Vlan 32 configuration successful
VLAN 32 modified.
VLAN 2 modified.
VLAN  Mod/Ports
---- -----------------------
32    3/1
      16/1
Port 3/1 will not send out CDP packets with AuxiliaryVlan information.
Executing autoqos........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp maps
configured.  Global QoS configured.
Port 3/1 ingress QoS configured for Cisco Softphone.
Macro completed on port 3/1.
Console> (enable)
Related Commands

set cdp
set port qos autoqos
set qos autoqos

set port membership

To set the VLAN membership assignment to a port, use the set port membership command.

set port membership mod/port {dynamic | static}
Syntax Description

mod/port

Number of the module and the port on the module.

dynamic

Specifies that the port become a member of dynamic VLANs.

static

Specifies that the port become a member of static VLANs.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Dynamic VLAN support for VVID includes these restrictions to the following configuration of MVAP on the switch port:

•You can configure any VVID on a dynamic port including dot1p and untagged, except when the VVID is equal to dot1p or untagged. If this is the case, then you must configure VMPS with the MAC address of the IP phone. When you configure the VVID as dot1p or untagged on a dynamic port, this warning message is displayed:
VMPS should be configured with the IP phone mac's.
•You cannot change the VVID of the port equal to PVID assigned by the VMPS for the dynamic port.

•You cannot configure trunk ports as dynamic ports, but you can configure MVAP as a dynamic port.

Examples

This example shows how to set the port membership VLAN assignment to dynamic:
Console> (enable) set port membership 5/5 dynamic
Port 5/5 vlan assignment set to dynamic.
Spantree port fast start option enabled for ports 5/5.
Console> (enable) 
This example shows how to set the port membership VLAN assignment to static:
Console> (enable) set port membership 5/5 static
Port 5/5 vlan assignment set to static.
Console> (enable) 
Related Commands

set pvlan
set pvlan mapping
set vlan
set vlan mapping

set port name

To configure a name for a port, use the set port name command.

set port name mod/port [port_name]
Syntax Description

mod/port

Number of the module and the port on the module.

port_name

(Optional) Name of the module.

Defaults

The default is no port name is configured for any port.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

If you do not specify the name string, the port name is cleared.

Examples

This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy
Port 4/1 name set.
Console> (enable) 
Related Commands

show port

set port negotiation

To enable or disable the link negotiation protocol on the specified port, use the set port negotiation command.

set port negotiation mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables the link negotiation protocol.

disable

Disables the link negotiation protocol.

Defaults

The default is link negotiation protocol is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You cannot configure port negotiation on 1000BASE-T (copper) Gigabit Ethernet ports in this release. If a 1000BASE-T GBIC is inserted in the port that was previously configured as a negotiation-disabled port, the negotiation-disabled setting is ignored, and the port operates in negotiation-enabled mode.

The set port negotiation command is supported on Gigabit Ethernet ports only, except on WS-X6316-GE-TX and on WS-X6516-GE-TX.

If the port does not support this command, this message appears:
Feature not supported on Port N/N.
where N/N is the module and port number.

In most cases, when you enable link negotiation, the system autonegotiates flow control, duplex mode, and remote fault information. The exception applies to 16-port 10/100/1000BASE-T Ethernet modules; when you enable link negotiation on these Ethernet modules, the system autonegotiates flow control only.

You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link cannot connect.

Examples

This example shows how to disable link negotiation protocol on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable
Link negotiation protocol disabled on port 4/1.
Console> (enable) 
Related Commands

show port negotiation

set port protocol

To enable or disable protocol membership of ports, use the set port protocol command.

set port protocol mod/port {ip | ipx | group} {on | off | auto}
Syntax Description

mod/port

Number of the module and the port on the module.

ip

Specifies IP.

ipx

Specifies IPX.

group

Specifies VINES, AppleTalk, and DECnet protocols.

on

Indicates the port will receive all the flood traffic for that protocol.

off

Indicates the port will not receive any flood traffic for that protocol.

auto

Specifies that the port is added to the group only after packets of the specific protocol are received on that port.

Defaults

The default is that the ports are configured to on for the IP protocol groups and auto for IPX and group protocols.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

Protocol filtering is supported only on nontrunking EtherChannel ports. Trunking ports are always members of all the protocol groups.

If the port configuration is set to auto, the port initially does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor engine detects this and adds the port to the protocol group.

Ports configured as auto are removed from the protocol group if no packets are received for that protocol within a certain period of time. This aging time is set to 60 minutes. They are also removed from the protocol group on detection of a link down.

Examples

This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto
IP protocol set to auto mode on module 5/1.
Console> (enable)
Related Commands

show port protocol

set port qos

To specify whether an interface is interpreted as a physical port or as a VLAN, use the set port qos command.

set port qos mod/ports... port-based | vlan-based
Syntax Description

mod/ports...

Number of the module and the ports on the module.

port-based

Interprets the interface as a physical port.

vlan-based

Interprets the interface as part of a VLAN.

Defaults

The default is ports are port-based if QoS is enabled and VLAN-based if QoS is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

When you change a port from port-based QoS to VLAN-based QoS, all ACLs are detached from the port. Any ACLs attached to the VLAN apply to the port immediately.

When you set a port to VLAN-based QoS using the set port qos command with RSVP or COPS QoS enabled on that port, the QoS policy source is COPS, or DSBM-election is enabled. The VLAN-based setting is saved in NVRAM only.

Examples

This example shows how to specify an interface as a physical port:
Console> (enable) set port qos 1/1-2 port-based
Updating configuration ...
QoS interface is set to port-based for ports 1/1-2.
Console> (enable) 
This example shows how to specify an interface as a VLAN:
Console> (enable) set port qos 3/1-48 vlan-based
Updating configuration ...
QoS interface is set to VLAN-based for ports 3/1-48.
Console> (enable) 
This example shows the output if you change from port-based QoS to VLAN-based QoS with either RSVP or COPS enabled on the port:
Console> (enable) set port qos 3/1-48 vlan
Qos interface is set to vlan-based for ports 3/1-48
Port(s) 3/1-48 - QoS policy-source is Cops or DSBM-election is enabled.
Vlan-based setting has been saved in NVRAM only.
Console> (enable) 
Related Commands

set port qos cos
set port qos trust
show port qos
show qos info

set port qos autoqos

To apply the automatic QoS feature on a per-port basis, use the set port qos autoqos command.

set port qos mod/port autoqos trust {cos | dscp}
set port qos mod/port autoqos voip {ciscoipphone | ciscosoftphone}
Syntax Description

mod/port

Number of the module and ports on the module.

trust

Specifies AutoQoS for ports trusting all traffic markings.

cos

Trusts CoS-based markings of all inbound traffic.

dscp

Trusts DSCP-based markings of all inbound traffic.

voip

Specifies AutoQoS for voice applications.

ciscoipphone

Specifies AutoQoS for Cisco 79xx IP phones.

ciscosoftphone

Specifies AutoQoS for Cisco Softphones.

Defaults

The per-port AutoQos feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to trust CoS-based markings of inbound traffic on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos trust cos
Port 4/1 ingress QoS configured for trust cos.
Trusting all incoming CoS marking on port 4/1.
It is recommended to execute the "set qos autoqos" global command if not executed 
previously.
Console> (enable)
This example shows how to apply AutoQoS settings for Cisco 79xx IP phones on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos voip ciscoipphone
Port 4/1 ingress QoS configured for ciscoipphone.
It is recommended to execute the "set qos autoqos" global command if not executed 
previously.
Console> (enable)
This example shows how to apply AutoQoS settings for Cisco Softphones on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos voip ciscosoftphone
Port 4/1 ingress QoS configured for ciscosoftphone.  Policing configured on 4/1. 
It is recommended to execute the "set qos autoqos" global command if not executed 
previously.
Console> (enable)
Related Commands

set qos autoqos
show port qos
show qos acl info

set port qos cos

To set the default value for all packets that have arrived through an untrusted port, use the set port qos cos command.

set port qos mod/ports cos cos_value
set port qos mod/ports cos-ext cos_value
Syntax Description

mod/ports

Number of the module and ports.

cos cos_value

Specifies the CoS value for a port; valid values are from 0 to 7.

cos-ext cos_value

Specifies the CoS extension for a phone port; valid values are from 0 to 8.

Defaults

The default CoS value is 0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

If the default is enforced when you disable QoS, CoS is enforced when you enable QoS.

Examples

This example shows how to set the CoS default value on a port:
Console> (enable) set port qos 2/1 cos 3
Port 2/1 qos cos set to 3.
Console> (enable) 
This example shows how to set the CoS-ext default value on a port:
Console> (enable) set port qos 2/1 cos-ext 3
Port 2/1 qos cos-ext set to 3.
Console> (enable) 
Related Commands

clear port qos cos
set port qos
set port qos trust
show port qos
show qos info

set port qos policy-source

To set the QoS policy source for all ports in the specified module, use the set port qos policy-source command.

set port qos policy-source mod/ports... local | cops
Syntax Description

mod/ports...

Number of the module and the ports on the module.

local

Sets the policy source to local NVRAM configuration.

cops

Sets the policy source to COPS configuration.

Defaults

The default is all ports are set to local.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you set the policy source to local, the QoS policy is taken from local configuration stored in NVRAM. If you set the policy source to local after it was set to COPS, the QoS policy reverts back to the local configuration stored in NVRAM.

Examples

This example shows how to set the policy source to local NVRAM:
Console> (enable) set port qos 5/5 policy-source local
QoS policy source set to local on port(s) 5/1-48.
Console> (enable)
This example shows the output if you attempt to set the policy source to COPS and no COPS servers are available:
Console> (enable) set port qos 5/5 policy-source cops
QoS policy source for the switch set to COPS.
Warning: No COPS servers configured. Use the `set cops server' command
to configure COPS servers.
Console> (enable) 
This example shows the output if you set the policy source to COPS and the switch is set to local configuration (using the set qos policy-source command):
Console> (enable) set port qos 5/5 policy-source cops
QoS policy source set to COPS on port(s) 5/1-48.
Warning: QoS policy source for the switch set to use local configuration.
Console> (enable)
Related Commands

clear qos config
show port qos

set port qos trust

To set the trusted state of a port, use the set port qos trust command; for example, whether or not the packets arriving at a port are trusted to carry the correct classification.

set port qos mod/ports... trust {untrusted | trust-cos | trust-ipprec | trust-dscp}
Syntax Description

mod/ports...

Number of the module and the ports on the module.

untrusted

Specifies that packets need to be reclassified from the matching access control entry (ACE).

trust-cos

Specifies that although the CoS bits in the incoming packets are trusted, the ToS is invalid and a valid value needs to be derived from the CoS bits.

trust-ipprec

Specifies that although the ToS and CoS bits in the incoming packets are trusted, the ToS is invalid and the ToS is set as IP precedence.

trust-dscp

Specifies that the ToS and CoS bits in the incoming packets can be accepted as is with no change.

Defaults

The default is untrusted; when you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches.

This command is not supported by the NAM.

On 10/100 ports, you can use only the set port qos trust command to activate the receive-drop thresholds. To configure a trusted state, you have to convert the port to port-based QoS, define an ACL that defines all (or the desired subset) of ACEs to be trusted, and attach the ACL to that port.

Examples

This example shows how to set the port to a trusted state:
Console> (enable) set port qos 3/7 trust trust-cos
Port 3/7 qos set to trust-cos.
Console> (enable) 
This example shows the output if you try to set the trust state on a 10/100 port:
Console> (enable) set port qos 3/28 trust trust-cos
Trust type trust-cos not supported on this port.
Receive thresholds are enabled on port 3/28.
Port  3/28 qos set to untrusted.
Console> (enable) 
Related Commands

set port qos
set port qos cos
show port qos
show qos info

set port qos trust-device

To configure the trust mode on a port on a specific device or module, use the set port qos trust-device command.

set port qos mod/ports... trust-device {none | ciscoipphone}
Syntax Description

mod/port...

Number of the module and the ports on the module.

none

Sets the device trust mode to disable.

ciscoipphone

Trusts only Cisco IP phones.

Defaults

By default, the device trust mode for each port is set to none.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to trust only Cisco IP phones on port 4/1:
Console> (enable) set port qos 4/1 trust-device ciscoipphone
Port 4/1 set to only trust device of type ciscoIPPhone.
Console> (enable)
This example shows how to disable the device trust on port 4/1:
Console> (enable) set port qos 4/1 trust-device none
Port 4/1 trust device feature disabled.
Console> (enable)
Related Commands

show port qos

set port qos trust-ext

To configure the access port on a Cisco IP phone connected to the switch port, use the set port qos trust-ext command.

set port qos mod/ports... trust-ext {trusted | untrusted}
Syntax Description

mod/ports...

Number of the module and the ports on the module.

trusted

Specifies that all traffic received through the access port passes through the phone switch unchanged.

untrusted

Specifies that all traffic in 802.1Q or 802.1p frames received through the access port is marked with a configured Layer 2 CoS value.

Defaults

The default when the phone is connected to a Cisco LAN switch is untrusted mode; trusted mode is the default when the phone is not connected to a Cisco LAN switch.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

Traffic in frame types other than 802.1Q or 802.1p passes through the phone switch unchanged, regardless of the access port trust state.

Examples

This example shows how to set the trust extension on ports on the connected phone to a trusted state:
Console> (enable) set port qos 3/7 trust-ext trusted
Port in the phone device connected to port 3/7 is configured to be trusted.
Console> (enable) 
Related Commands

set port qos
set port qos cos
show qos info
show port qos

set port rsvp dsbm-election

To specify whether or not the switch participates in the Designated Subnet Bandwidth Manager (DSBM) election on that particular segment, use the set port rsvp dsbm-election command.

set port rsvp mod/port dsbm-election enable | disable [dsbm_priority]
Syntax Description

mod/port

Number of the module and the port.

enable

Enables participation in the DSBM election.

disable

Disables participation in the DSBM election.

dsbm_priority

(Optional) DSBM priority; valid values are from 128 to 255.

Defaults

The default is DSBM is disabled; the default dsbm_priority is 128.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

Examples

This example shows how to enable participation in the DSBM election:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232
DSBM election enabled for ports 2/1,3/2.
DSBM priority set to 232 for ports 2/1,3/2.
This DSBM priority will be used during the next election process.
Console> (enable) 
This example shows how to disable participation in the DSBM election:
Console> (enable) set port rsvp 2/1 dsbm-election disable
DSBM election disabled for ports(s)  2/1.
Console> (enable) 
This example shows the output when you enable participation in the DSBM election on a port that is not forwarding:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232
DSBM enabled and priority set to 232 for ports 2/1,3/2.
Warning: Port 2/1 not forwarding. DSBM negotiation will start after port starts forwarding 
on the native vlan.
Console> (enable) 
Related Commands

show port rsvp

set port security

To configure port security on a port or range of ports, use the set port security command.

set port security mod[/port...] [enable | disable] [mac_addr] [age {age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}]
[timer-type {absolute | inactivity}] [unicast-flood {enable | disable}]
[violation {shutdown | restrict}]
set port security auto-configure {enable | disable}
Syntax Description

mod[/port...]

Number of the module and optionally, the port on the module.

enable

(Optional) Enables port security or unicast flooding.

disable

(Optional) Disables port security or unicast flooding.

mac_addr

(Optional) Secure MAC address of the enabled port.

age age_time

(Optional) Specifies the duration for which addresses on the port will be secured; valid values are 0 (to disable) and from 1 to 1440 (minutes).

maximum num_of_mac

(Optional) Specifies the maximum number of MAC addresses to secure on the port; valid values are from 1 to 4097.

shutdown shutdown_time

(Optional) Specifies the duration for which a port will remain disabled in case of a security violation; valid values are 0 (to disable) and from 1 to 1440 (minutes).

timer-type

(Optional) Specifies the type of aging to be applied to the autoconfigured addresses on a per-port basis.

absolute

Specifies absolute aging. See the "Usage Guidelines" section for more information.

inactivity

Specifies inactivity aging. See the "Usage Guidelines" section for more information.

unicast-flood

(Optional) Specifies unicast flooding.

violation

(Optional) Specifies the action to be taken in the event of a security violation.

shutdown

(Optional) Shuts down the port in the event of a security violation.

restrict

(Optional) Restricts packets from unsecure hosts.

auto-configure

Automatically configures all learned MAC addresses on a secure port. See the "Usage Guidelines" section for more information.

enable

Enables the automatic configuration feature.

disable

Disables the automatic configuration feature.

Defaults

The default port security configuration is as follows:

•Port security is disabled.

•Number of secure addresses per port is one.

•Violation action is shutdown.

•Age is permanent. (Addresses are not aged out.)

•Shutdown time is indefinite.

•Timer type is set to absolute aging.

•Unicast flooding is enabled.

The automatic configuration feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number is 1024.

The set port security violation command allows you to specify whether you want the port to shut down or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.

We recommend that you configure the age timer and the shutdown timer if you want to move a host from one port to another when port security is enabled on those ports. If the age_time value is less than or equal to the shutdown_time value, the moved host will function again in an amount of time equal to the shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer begins when there is a security violation.

If you disable unicast flooding on a port, the port will drop unicast flood packets when it reaches the maximum number of MAC addresses allowed.

You can secure only unicast MAC addresses through the CLI. Unicast MAC addresses can also be learned dynamically. Multicast MAC addresses cannot be secured.

Absolute aging times out the MAC address after the age_time has been exceeded, regardless of the traffic pattern. This is the default for any secured port, and the age_time is set to 0. Inactivity aging times out the MAC address only after the age_time of inactivity from the corresponding host has been exceeded.

Enabling the automatic configuration feature automatically configures learned MAC addresses on secure ports. If a secure port shuts down because of a violation, if the port is disabled, or if port security is disabled, all learned MAC addresses are converted to configured MAC addresses and retained on the port. If this feature is disabled and the secure port experiences any of the same conditions, all learned MAC addresses are cleared.

Examples

This example shows how to set port security with a learned MAC address:
Console> (enable) set port security 3/1 enable
Port 3/1 port security enabled with the learned mac address.
Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable) set port security 3/1 enable 00-02-03-04-05-06
Port 3/1 port security enabled with 00-02-03-04-05-06 as the secure mac address.
Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600
Secure address shutdown time set to 600 minutes for port 7/7.
Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable) 
This example shows how to enable unicast flooding on port 4/1:
Console> (enable) set port security 4/1 unicast-flood enable
Port 4/1 security flood mode set to enable.
Console> (enable) 
This example shows how to disable unicast flooding on port 4/1:
Console> (enable) set port security 4/1 unicast-flood disable
WARNING: Trunking & Channelling will be disabled on the port. 
Port 4/1 security flood mode set to disable.
Console> (enable)
This example shows how to set the aging type on port 5/1 to absolute aging:
Console> (enable) set port security 5/1 timer-type absolute 
Port 5/1 security timer type absolute. 
Console> (enable)
This example shows how to enable the automatic configuration feature:
Console> (enable) set port security auto-configure enable
Auto-Configure Option Enabled Globally.
Console> (enable)
Related Commands

clear port security
show port security

set port speed

To configure the speed of a port interface, use the set port speed command.

set port speed mod/port {10 | 100 | 1000 | auto}
Syntax Description

mod/port

Number of the module and the port on the module.

10 | 100 | 1000

Sets a port speed for 10BASE-T, 100BASE-T, or 1000BASE-T ports.

auto

Specifies autonegotiation for transmission speed and duplex mode on 10/100 Fast Ethernet ports.

Defaults

The default is auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

In most cases, autonegotiation manages transmission speed, duplex mode, the master link, and the slave link. The exception applies to 16-port 10/100/1000BASE-T Ethernet modules, where autonegotiation manages transmission speed only.

You can configure Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet switching module to either 10, 100, or 1000 Mbps, or to autosensing mode, allowing the interfaces to sense and distinguish between 10- and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing, they configure themselves automatically to operate at the proper speed and transmission type.

Examples

This example shows how to configure port 1, module 2 to auto:
Console> (enable) set port speed 2/1 auto
Port 2/1 speed set to auto-sensing mode.
Console> (enable)
This example shows how to configure the port speed on port 2, module 2 to 10 Mbps:
Console> (enable) set port speed 2/2 10
Port 2/2 speed set to 10 Mbps.
Console> (enable)
Related Commands

show port

set port sync-restart-delay

To specify the synchronization restart delay of a port, use the set port sync-restart-delay command.

set port sync-restart-delay mod/port delay
Syntax Description

mod/port

Number of the module and the port on the module.

delay

Delay time in milliseconds; the delay range is 200 to 60000 milliseconds (60 seconds).

Defaults

The default delay time is 210 milliseconds.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The more dense wavelength division multiplexing (DWDM) equipment you have in the network, usually the longer the synchronization delay should be.

The set port sync-restart-delay and show port sync-restart-delay commands are available in both binary mode and text configuration mode.

Use the clear config command to reset the synchronization delay to 210 milliseconds.

Related Commands

clear config
show port sync-restart-delay

set port trap

To enable or disable the operation of the standard Simple Network Management Protocol (SNMP) link trap (up or down) for a port or range of ports, use the set port trap command.

set port trap mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Activates the SNMP link trap.

disable

Deactivates the SNMP link trap.

Defaults

The default is all port traps are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

To set SNMP traps, enter the set snmp trap command.

Examples

This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable
Port 1/2 up/down trap enabled.
Console> (enable)
Related Commands

show port trap

set port unicast-flood

To configure the switch to drop Unicast Flood traffic on an Ethernet port, use the set port unicast-flood command.

set port unicast-flood mod/port {enable | disable}
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Enables unicast flood and disables unicast flood blocking.

disable

Disables unicast flood and enables unicast flood blocking.

Defaults

Unicast flood blocking is disabled on all ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Only Ethernet ports can block unicast flood traffic.

You must have a static CAM entry associated with the Ethernet port before you disable unicast flood on the port, or you will lose network connectivity when you disable unicast flood. You can verify a static CAM entry exists by entering the show cam static command.

You cannot configure a port channel on a unicast flood disabled port, and you cannot disable unicast flood on a port channel.

You cannot disable unicast flood on a SPAN destination port, and you cannot configure a SPAN destination on a unicast flood disabled port.

You cannot disable unicast flood on a trunk port. If you do, an error message will be displayed.

If you disable unicast flood on an Ethernet port that has port security enabled on it, the switch stops sending Unicast Flood packets to the port once the switch has learned the allowed maximum number of MAC addresses. When the learned MAC address count drops below the maximum number allowed, unicast flooding is automatically re-enabled.

Unicast flood blocking and GARP VLAN Registration Protocol (GVRP) are mutually exclusive. You cannot disable unicast flood and exchange VLAN configuration information with GVRP switches at the same time.

Examples

This example shows how to enable unicast flood traffic on module 4, port 1 of a switch:
Console> (enable) set port unicast-flood 4/1 disable
WARNING: Trunking & Channelling will be disabled on the port.
Unicast Flooding is successfully disabled on the port 4/1.
Console> (enable) 
This example shows how to disable unicast flood traffic on module 4, port 1 of a switch:
Console> (enable) set port unicast-flood 4/1 enable
Unicast Flooding is successfully enabled on the port 4/1. 
Console> (enable) 
Related Commands

show port unicast-flood

set port voice interface dhcp

To set the port voice interface for the DHCP, TFTP, and DNS servers, use the set port voice interface dhcp command.

set port voice interface mod/port dhcp enable [vlan vlan]
set port voice interface mod/port dhcp disable {ipaddrspec} {tftp ipaddr} [vlan vlan]
[gateway ipaddr] [dns [ipaddr] [domain_name]]
Syntax Description

mod/port

Number of the module and the port on the module.

enable

Activates the SNMP link trap.

vlan vlan

(Optional) Specifies a VLAN interface; valid values are from 1 to 1005 and from 1025 to 4094.

disable

Deactivates the SNMP link trap.

ipaddrspec

IP address and mask; see the "Usage Guidelines" section for format instructions.

tftp ipaddr

Specifies the number of the TFTP server IP address or IP alias in dot notation a.b.c.d.

gateway ipaddr

(Optional) Specifies the number of the gateway server IP address or IP alias in dot notation a.b.c.d.

dns

(Optional) Specifies the DNS server.

ipaddr

(Optional) Number of the DNS IP address or IP alias in dot notation a.b.c.d.

domain_name

(Optional) Name of the domain.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The ipaddrspec format is {ipaddr} {mask} or {ipaddr}/{mask} {mask}. The mask is a dotted format (255.255.255.0) or number of bits (0 to 31).

You can specify a single port only when setting the IP address.

If you enable DHCP on a port, the port obtains all other configuration information from the TFTP server. When you disable DHCP on a port, the following mandatory parameters must be specified:

•If you do not specify DNS parameters, the software uses the system DNS configuration on the supervisor engine to configure the port.

•You cannot specify more than one port at a time because a unique IP address must be set for each port.

Examples

This example shows how to enable the port voice interface for the DHCP server:
Console> (enable) set port voice interface 7/4-8 dhcp enable 
Port 7/4 DHCP enabled.
Console> (enable)
This example shows how to disable the set port voice interface DHCP server:
Console> (enable) set port voice interface 7/3 dhcp disable 171.68.111.41/24 tftp 
173.32.43.11 dns 172.20.34.204 cisco.com
Port 7/3 dhcp disabled.
System DNS configurations applied.
Console> (enable)
This example shows how to enable the port voice interface for the DHCP server with a specified VLAN:
Console> (enable) set port voice interface 7/4-6 dhcp enable vlan 3
Vlan 3 configuration successful
Ports 7/4-6 DHCP enabled.
Console> (enable) 
This example shows how to enable the port voice interface for the TFTP, DHCP, and DNS servers:
Console> (enable) set port voice interface dhcp enable 4/2 171.68.111.41 tftp 173.32.43.11 
dhcp 198.98.4.1 dns 189.69.24.192
Port 4/2 interface set.
IP address: 171.68.111.41 netmask 255.255.0.0
TFTP server: 173.32.43.11
DHCP server: 198.98.4.1
DNS server: 189.69.24.192
Console> (enable)
This example shows how to enable a single port voice interface:
Console> (enable) set port voice interface 4/2-9 dhcp 123.23.32.1/24
Single port must be used when setting the IP address.
Console> (enable)
Related Commands

show port voice interface

set power redundancy

To turn redundancy between the power supplies on or off, use the set power redundancy command.

set power redundancy {enable | disable}
Syntax Description

enable

Activates redundancy between the power supplies.

disable

Deactivates redundancy between the power supplies.

Defaults

The default is power redundancy is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

In a system with dual power supplies, this command turns redundancy on or off between the power supplies. In a redundant configuration, the power available to the system is the maximum power capability of the weakest power supply.

In a nonredundant configuration, the power available to the system is the sum of the power capability of both power supplies.

Examples

This example shows how to activate redundancy between power supplies:
Console> (enable) set power redundancy enable
Power supply redundancy enabled.
Console> (enable)
This example shows how to deactivate redundancy between power supplies:
Console> (enable) set power redundancy disable
Power supply redundancy disabled.
Console> (enable) 
Related Commands

show environment
show system

set prompt

To change the prompt for the CLI, use the set prompt command.

set prompt prompt_string
Syntax Description

prompt_string

String to use as the command prompt.

Defaults

The default is the prompt is set to Console>.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.

Examples

This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100>
system100> (enable)
Related Commands

set system name

set protocolfilter

To activate or deactivate protocol filtering on Ethernet VLANs and on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports, use the set protocolfilter command.

set protocolfilter {enable | disable}
Syntax Description

enable

Activates protocol filtering.

disable

Deactivates protocol filtering.

Defaults

The default is protocol filtering is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not supported by the NAM.

Protocol filtering is supported only on Ethernet VLANs and on nontrunking EtherChannel ports.

Examples

This example shows how to activate protocol filtering:
Console> (enable) set protocolfilter enable
Protocol filtering enabled on this switch.
Console> (enable)
This example shows how to deactivate protocol filtering:
Console> (enable) set protocolfilter disable
Protocol filtering disabled on this switch.
Console> (enable)
Related Commands

show protocolfilter

set pvlan

To bind the isolated or community VLAN to the primary VLAN and assign the isolated or community ports to the private VLAN, use the set pvlan command.

set pvlan primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan}
[mod/port | sc0]

Caution We recommend that you read and understand the "Configuring VLANs" chapter in the Catalyst 6500 Series Switch Software Configuration Guide before using this command.

Syntax Description

primary_vlan

Number of the primary VLAN.

isolated_vlan

Number of the isolated VLAN.

community_vlan

Number of the community VLAN.

twoway_community_vlan

Number of the two-way community VLAN.

mod/port

(Optional) Module and port numbers of the isolated or community ports.

sc0

(Optional) Specifies the inband port sc0.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must set the primary VLAN, isolated VLAN, and community VLANs using the set vlan pvlan-type pvlan_type command before making the association with the set pvlan command.

Each isolated or community VLAN can have only one primary VLAN associated with it. A primary VLAN may have one isolated or multiple community VLANs associated to it.

Although you can configure sc0 as a private port, you cannot configure sc0 as a promiscuous port.

Examples

This example shows how to map VLANs 901, 902, and 903 (isolated or community VLANs) to VLAN 7 (the primary VLAN):
Console> (enable) set pvlan 7 901 4/3
Port 4/3 is successfully assigned to vlan 7, 901 and is made an isolated port.
Console> (enable) set pvlan 7 902 4/4-5
Ports 4/4-5 are successfully assigned to vlan 7, 902 and are made community ports.
Console> (enable) set pvlan 7 903 4/6-7
Ports 4/6-7 are successfully assigned to vlan 7, 903 and are made community ports.
Console> (enable) set pvlan 300 301 sc0
Successfully set the following ports to Private Vlan 300, 301:
sc0
Console> (enable)
Related Commands

clear config pvlan
clear pvlan mapping
clear vlan
set pvlan mapping
set vlan
show pvlan
show pvlan capability
show pvlan mapping
show vlan

set pvlan mapping

To map isolated or community VLANs to the primary VLAN on the promiscuous port, use the set pvlan mapping command.

set pvlan mapping primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan} mod/port
Syntax Description

primary_vlan

Number of the primary VLAN.

isolated_vlan

Number of the isolated VLAN.

community_vlan

Number of the community VLAN.

twoway_community_vlan

Number of the two-way community VLAN.

mod/port

Module and port number of the promiscuous port.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must set the primary VLAN, isolated VLANs, and community VLANs using the set vlan pvlan-type command combined with the set pvlan command before you can apply the VLANs on any of the promiscuous ports with the set pvlan mapping command.

You should connect the promiscuous port to an external device for the ports in the private VLAN to communicate with any other device outside the private VLAN.

You should apply this command for each primary or isolated (community) association in the private VLAN.

Examples

This example shows how to remap community VLAN 903 to the primary VLAN 901 on ports 3 through 5 on module 8:
Console> (enable) set pvlan mapping 901 903 8/3-5
Successfully set mapping between 901 and 903 on 8/3-5.
Console> (enable)
Related Commands

clear pvlan mapping
clear vlan
set pvlan
set vlan
show pvlan
show pvlan mapping
show vlan

set qos

To turn on or turn off QoS functionality on the switch, use the set qos command.

set qos enable | disable
Syntax Description

enable

Activates QoS functionality.

disable

Deactivates QoS functionality.

Defaults

The default is QoS functionality is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Refer to the Catalyst 6500 Series Switch Software Configuration Guide for information on how to change the QoS default configurations.

When you enable and disable QoS in quick succession, a bus timeout might occur.

If you enable or disable QoS on channel ports with different port types, channels might break or form.

Examples

This example shows how to enable QoS:
Console> (enable) set qos enable
QoS is enabled.
Console> (enable)Console> (enable) 
This example shows how to disable QoS:
Console> (enable) set qos disable
QoS is disabled.
Console> (enable) 
Related Commands

show qos info

set qos acl default-action

To set the ACL default actions, use the set qos acl default-action command.

set qos acl default-action ip {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[{microflow microflow_name}] [{aggregate aggregate_name}]
set qos acl default-action ipx {{dscp dscp} | trust-cos} [{microflow microflow_name}]
[{aggregate aggregate_name}]
set qos acl default-action {ipx | mac} {{dscp dscp} | trust-cos}
[{aggregate aggregate_name}]
Syntax Description

ip

Specifies the IP ACL default actions.

dscp dscp

Sets the DSCP to be associated with packets matching this stream.

trust-cos

Specifies DSCP is derived from the packet CoS.

trust-ipprec

Specifies DSCP is derived from the packet's IP precedence.

trust-dscp

Specifies DSCP is contained in the packet already.

microflow microflow_name

(Optional) Specifies the name of the microflow policing rule to be applied to packets matching the ACE.

aggregate aggregate_name

(Optional) Specifies the name of the aggregate policing rule to be applied to packets matching the ACE.

ipx

Specifies the IPX ACL default actions.

mac

Specifies the MAC ACL default actions.

Defaults

The default is no ACL is set up. When you enable QoS, the default-action is to classify everything to best effort and to do no policing. When you disable QoS, the default-action is trust-dscp on all packets and no policing.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Configurations you make by entering this command are saved to NVRAM and the switch and do not require that you enter the commit command.

Examples

This example shows how to set up the IP ACL default actions:
Console> (enable) set qos acl default-action ip dscp 5 microflow micro aggregate agg 
QoS default-action for IP ACL is set successfully.
Console> (enable)
This example shows how to set up the IPX ACL default actions:
Console> (enable) set qos acl default-action ipx dscp 5 microflow micro aggregate agg 
QoS default-action for IPX ACL is set successfully.
Console> (enable) 
This example shows how to set up the MAC ACL default actions:
Console> (enable) set qos acl default-action mac dscp 5 microflow micro aggregate agg 
QoS default-action for MAC ACL is set successfully.
Console> (enable)
Related Commands

clear qos acl
show qos acl info

set qos acl ip

To create or add IP access lists, use the set qos acl ip command.

set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {src_ip_spec}
[precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {protocol} {src_ip_spec}
{dest_ip_spec} [precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] icmp {src_ip_spec}
{dest_ip_spec} [icmp_type [icmp_code] | icmp_message] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] tcp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator} {port} [port]] [established]
[precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] udp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator} {port} [port]] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] igmp {src_ip_spec} {dest_ip_spec} [igmp_type] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
Syntax Description

acl_name

Unique name that identifies the list to which the entry belongs.

dscp dscp

Sets CoS and DSCP from configured DSCP values.

trust-cos

Specifies DSCP is derived from the packet CoS.

trust-ipprec

Specifies DSCP is derived from the packet's IP precedence.

trust-dscp

Specifies DSCP is contained in the packet already.

microflow microflow_name

(Optional) Specifies the name of the microflow policing rule to be applied to packets matching the ACE.

aggregate aggregate_name

(Optional) Specifies the name of the aggregate policing rule to be applied to packets matching the ACE.

src_ip_spec

Source IP address and the source mask. See the "Usage Guidelines" section for the format.

before editbuffer_index

(Optional) Inserts the new ACE in front of another ACE.

modify editbuffer_index

(Optional) Replaces an ACE with the new ACE.

protocol

Keyword or number of an IP protocol; valid numbers are from 0 to 255 representing an IP protocol number. See the "Usage Guidelines" section for the list of valid keywords and corresponding numbers.

dest_ip_spec

Destination IP address and the destination mask. See the "Usage Guidelines" section for the format.

precedence precedence

(Optional) Specifies the precedence level to compare with an incoming packet; valid values are from 0 to 7 or by name. See the "Usage Guidelines" section for a list of valid names.

dscp-field dscp

(Optional) Specifies the DSCP field level to compare with an incoming packet. Valid values are from 0 to 7 or by name; valid names are critical, flash, flash-override, immediate, internet, network, priority, and routine.

icmp

Specifies ICMP.

icmp-type

(Optional) ICMP message type; valid values are from 0 to 255.

icmp-code

(Optional) ICMP message code; valid values are from 0 to 255.

icmp-message

(Optional) ICMP message type name or ICMP message type and code name. See the "Usage Guidelines" section for a list of valid names.

tcp

Specifies TCP.

operator

(Optional) Operands; valid values include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

port

(Optional) TCP or UDP port number or name; valid port numbers are from 0 to 65535. See the "Usage Guidelines" section for a list of valid names.

established

(Optional) For TCP protocol only; specifies an established connection.

udp

Specifies UDP.

igmp

Specifies IGMP.

igmp_type

(Optional) IGMP message type; valid values are from 0 to 15.

Defaults

The default is there are no ACLs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Configurations you make by entering any of these commands are saved to NVRAM and the switch only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save them in NVRAM and the switch.

Use the show qos acl info command to view the edit buffer.

The dscp dscp, trust-cos, trust-ipprec, and trust-dscp keywords and variables are used to select a marking rule. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional marking rule information.

The optional microflow microflow_name and aggregate aggregate_name keywords and variables are used to configure policing in the ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule information.

The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables are used to configure filtering.

When you enter the ACL name, follow these naming conventions:

•Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.)

•Must start with an alpha character and must be unique across all ACLs of all types

•Case sensitive

•Cannot be a number

•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer

When you specify the source IP address and the source mask, use the form source_ip_address source_mask and follow these guidelines:

•The source_mask is required; 0 indicates a "care" bit, 1 indicates a "don't-care" bit.

•Use a 32-bit quantity in four-part dotted-decimal format.

•Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

•Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

When you enter a destination IP address and the destination mask, use the form destination_ip_address destination_mask. The destination mask is required.

•Use a 32-bit quantity in a four-part dotted-decimal format

•Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255

•Use host/source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0

Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority, and routine.

Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal.

Valid protocol keywords include icmp (1), ip, ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88), gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP protocol number is displayed in parentheses. Use the keyword ip to match any Internet Protocol.

ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code.

Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address, conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply, general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect, host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply, information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect, net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing, packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable, reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench, source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and unreachable.

If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number only.

TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen, daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www.

UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc, bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp.

If no layer protocol number is entered, you can use this syntax:

set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {src_ip_spec}
[before editbuffer_index | modify editbuffer_index]
If a Layer 4 protocol is specified, you can use this syntax:

set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {protocol} {src_ip_spec}
{dest_ip_spec} [precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
If ICMP is used, you can use this syntax:

set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] icmp {src_ip_spec}
{dest_ip_spec} [icmp_type [icmp_code] | icmp_message] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
If TCP is used, you can use this syntax:

set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] tcp {src_ip_spec} [{operator} {port} [port]] {dest_ip_spec} [{operator} {port} [port]] [established]
[precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
If UDP is used, you can use this syntax:

set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[[microflow microflow_name] [aggregate aggregate_name] udp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator {port} [port]] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
Examples

This example shows how to define a TCP access list:
Console> (enable) set qos acl ip my_acl trust-dscp microflow my-micro tcp 1.2.3.4 
255.0.0.0 eq port 21 172.20.20.1 255.255.255.0 
my_acl editbuffer modified. Use `commit' command to apply changes.
Console> (enable) 
This example shows how to define an ICMP access list:
Console> (enable) set qos acl ip icmp_acl trust-dscp my-micro icmp 1.2.3.4 255.255.0.0 
172.20.20.1 255.255.255.0 precedence 3 
my_acl editbuffer modified. Use `commit' command to apply changes.
Console> (enable) 
Related Commands

clear qos acl
commit
rollback
show qos acl info

set qos acl ipx

To define IPX access lists, use the set qos acl ipx command.

set qos acl ipx {acl_name} {dscp dscp | trust-cos} [aggregate aggregate_name] {protocol}
{src_net} [dest_net.[dest_node] [[dest_net_mask.]dest_node_mask]
[before editbuffer_index | modify editbuffer_index]
Syntax Description

acl_name

Unique name that identifies the list to which the entry belongs.

dscp dscp

Sets CoS and DSCP from configured DSCP values.

trust-cos

Specifies that the DSCP is derived from the packet CoS.

aggregate aggregate_name

(Optional) Specifies the name of the aggregate policing rule to be applied to packets matching the ACE.

protocol

Keyword or number of an IPX protocol; valid values are from 0 to 255 representing an IPX protocol number. See the "Usage Guidelines" section for a list of valid keywords and corresponding numbers.

src_net

Number of the network from which the packet is being sent. See the "Usage Guidelines" section for format guidelines.

dest_net.

(Optional) Mask to be applied to destination-node. See the "Usage Guidelines" section for format guidelines.

dest_node

(Optional) Node on destination-network of the packet being sent.

dest_net_mask.

(Optional) Mask to be applied to the destination network. See the "Usage Guidelines" section for format guidelines.

dest_node_mask

(Optional) Mask to be applied to destination-node. See the "Usage Guidelines" section for format guidelines.

before editbuffer_index

(Optional) Inserts the new ACE in front of another ACE.

modify editbuffer_index

(Optional) Replaces an ACE with the new ACE.

Defaults

There are no default ACL mappings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional marking rule information.

The dscp dscp and trust-cos keywords and variables are not supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2).

The optional aggregate aggregate_name keyword and variable are used to configure policing in the ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule information.

Use the show security acl command to display the list.

The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables, are used to configure filtering.

When you enter the ACL name, follow these naming conventions:

•Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.)

•Must start with an alpha character and must be unique across all ACLs of all types

•Case sensitive

•Cannot be a number

•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer

Valid protocol keywords include ncp (17), rip (1), sap (4), and spx (5). The IP network number is listed in parentheses.

The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network cable segments. When you specify the src_net or dest_net, use the following guidelines:

•It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks.

•You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

The dest_node is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

The destination_mask is of the form N.H.H.H or H.H.H where N is the destination network mask and H is the node mask. It can be specified only when the destination node is also specified for the destination address.

The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must be immediately followed by a period, which must in turn be immediately followed by destination-node-mask. You can enter this value only when dest_node is specified.

The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when dest_node is specified.

The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies the network cable segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA. Following are dest_net_mask examples:

•123A

•123A.1.2.3

•123A.1.2.3 ffff.ffff.ffff

•1.2.3.4 ffff.ffff.ffff.ffff

Examples

This example shows how to create an IPX ACE:
Console> (enable) set qos acl ipx my_IPXacl trust-cos aggregate my-agg -1
my_IPXacl editbuffer modified. Use `commit' command to apply changes.
Console> (enable)
Related Commands

clear qos acl
commit
rollback
show qos acl info

set qos acl mac

To define MAC access lists, use the set qos acl mac command.

set qos acl mac {acl_name} {dscp dscp | trust-cos} [aggregate aggregate_name]
{src_mac_addr_spec} {dest_mac_addr_spec} [ether-type] [before editbuffer_index | modify editbuffer_index]
Syntax Description

acl_name

Unique name that identifies the list to which the entry belongs.

dscp dscp

Sets CoS and DSCP from configured DSCP values.

trust-cos

Specifies that the DSCP is derived from the packet CoS.

aggregate aggregate_name

(Optional) Specifies the name of the aggregate policing rule to be applied to packets matching the ACE.

src_mac_addr_spec

Number of the source MAC address in the form source_mac_address source_mac_address_mask.

dest_mac_addr_spec

Number of the destination MAC address.

ether-type

(Optional) Name or number that matches the Ethertype for Ethernet-encapsulated packets. See the "Usage Guidelines" section for a list of valid names and numbers.

before editbuffer_index

(Optional) Inserts the new ACE in front of another ACE.

modify editbuffer_index

(Optional) Replaces an ACE with the new ACE.

Defaults

There are no default ACL mappings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional marking rule information.

The dscp dscp and trust-cos keywords and variables are not supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2).

The optional aggregate aggregate_name keyword and variable are used to configure policing in the ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule information.

When you enter the ACL name, follow these naming conventions:

•Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.)

•Must start with an alpha character and must be unique across all ACLs of all types

•Case sensitive

•Cannot be a number

•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer

The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff). Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these guidelines:

•The source_mask is required; 0 indicates a "care" bit, 1 indicates a "don't-care" bit.

•Use a 32-bit quantity in 4-part dotted-decimal format.

•Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

•Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the dest_mac_spec, use the following guidelines:

•Use a 48-bit quantity in 6-part dotted-hexadecimal format for the source address and mask.

•Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 ff-ff-ff-ff-ff-ff.

•Use host source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

Valid names for Ethertypes (and corresponding numbers) are Ethertalk (0x809B), AARP (0x8053), dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004), dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009), dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041), banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601).

The ether-type is a 16-bit hexadecimal number written with a leading 0x.

Use the show security acl command to display the list.

Examples

This example shows how to create a MAC access list:
Console> (enable) set qos acl mac my_MACacl trust-cos aggregate my-agg any any
my_MACacl editbuffer modified. Use `commit' command to apply changes.
Console> (enable) 
Related Commands

clear qos acl
commit
rollback
show qos acl info

set qos acl map

To attach an ACL to a specified port or VLAN, use the set qos acl map command.

set qos acl map acl_name {mod/port | vlan}
Syntax Description

acl_name

Name of the list to which the entry belongs.

mod/port

Number of the module and the port on the module.

vlan

Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.

Defaults

There are no default ACL mappings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Caution This command may fail if you try to map an ACL to a VLAN and the NVRAM is full.

Caution Use the copy command to save the ACL configuration to Flash memory.

Examples

This example shows how to attach an ACL to a port:
Console> (enable) set qos acl map my_acl 2/1
ACL my_acl is attached to port 2/1.
Console> (enable)
This example shows how to attach an ACL to a VLAN:
Console> (enable) set qos acl map ftp_acl 4
ACL ftp_acl is attached to vlan 4.
Console> (enable) 
This example shows what happens if you try to attach an ACL that has not been committed:
Console> (enable) set qos acl map new_acl 4
Commit ACL new_acl before mapping.
Console> (enable) 
Related Commands

clear qos acl
commit
rollback
show qos acl map

set qos autoqos

To apply automatic QoS settings to all ports on the switch, use the set qos autoqos command.

set qos autoqos
Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When the switch has applied all global QoS settings successfully, the switch displays a prompt that shows the CLI for port-based AutoQoS commands that are currently supported.

Examples

This example shows how to apply all global QoS settings to all ports on the switch:
Console> (enable) set qos autoqos
........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS and IP Precedence to DSCP maps configured.
Global QoS configured, port specific autoqos recommended:
    set port qos <mod/ports..> autoqos trust [cos|dscp]
    set port qos <mod/ports..> autoqos voip [ciscoipphone|ciscosoftphone]
Console> (enable)
Related Commands

set port qos autoqos
show port qos
show qos info

set qos bridged-microflow-policing

To enable or disable microflow policing of bridged packets on a per-VLAN basis, use the set qos bridged-microflow-policing command.

set qos bridged-microflow-policing {enable | disable} vlanlist
Syntax Description

enable

Activates microflow policing functionality.

disable

Deactivates microflow policing functionality.

vlanlist

List of VLANs; valid values are from 1 to 1001 and from 1025 to 4094.

Defaults

The default is intraVLAN QoS is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Layer 3 switching engine-based systems do not create NetFlow entries for bridged packets. Without a NetFlow entry, these packets cannot be policed at the microflow level. You must enter the set qos bridged-microflow-policing enable command if you want the bridged packets to be microflow policed.

This command is supported on systems configured with a Layer 3 switching engine only.

Examples

This example shows how to enable microflow policing:
Console> (enable) set qos bridged-microflow-policing enable 1-1000
QoS microflow policing is enabled for bridged packets on vlans 1-1000.
Console> (enable) 
This example shows how to disable microflow policing:
Console> (enable) set qos bridged-microflow-policing disable 10
QoS microflow policing is disabled for bridged packets on VLAN 10. 
Console> (enable) 
Related Commands

show qos bridged-microflow-policing

set qos cos-dscp-map

To set the CoS-to-DSCP mapping, use the set qos cos-dscp-map command.

set qos cos-dscp-map dscp1 dscp2... dscp8
Syntax Description

dscp#

Number of the differentiated services code point (DSCP); valid values are from 0 to 63.

Defaults

The default CoS-to-DSCP configuration is listed in Table 2-16.

Table 2-16 CoS-to-DSCP Mapping

CoS

0

1

2

3

4

5

6

7

DSCP

0

8

16

24

32

40

48

56

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted ports (or flows) to a DSCP where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their corresponding DSCP values. The switch has one map.

This command is supported on systems configured with a Layer 3 switching engine only.

Examples

This example shows how to set the CoS-to-DSCP mapping:
Console> (enable) set qos cos-dscp-map 20 30 1 43 63 12 13 8
QoS cos-dscp-map set successfully.
Console> (enable) 
Related Commands

clear qos cos-dscp-map
show qos maps

set qos drop-threshold

To program the transmit-queue and receive-queue drop thresholds on all ports in the system, use the set qos drop-threshold command.

set qos drop-threshold 2q2t tx queue q# thr1 thr2
set qos drop-threshold {1q2t | 1q4t | 1p1q4t} rx queue q# thr1 thr2 thr3 thr4
Syntax Description

2q2t tx

Specifies the transmit-queue drop threshold.

1q2t | 1q4t | 1p1q4t rx

Specifies the receive-queue drop threshold.

queue q#

Specifies the queue; valid values are 1 and 2.

thr1, thr2, thr3, thr4

Threshold percentage; valid values are from 1 to 100.

Defaults

If you enable QoS, the following defaults apply:

•Transmit-queue drop thresholds:

–Queue 1—80%, 100%

–Queue 2—80%, 100%

•Receive-queue drop thresholds:

–Queue 1—50%, 60%, 80%, 100% if the port is trusted

–Queue 2—100%, 100%, 100%, 100% if the port is untrusted

If you disable QoS, the following defaults apply:

•Transmit-queue drop thresholds:

–Queue 1—100%, 100%

–Queue 2—100%, 100%

•Receive-queue drop thresholds: queue 1—100%, 100%, 100%, 100%

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The number preceding the t letter in the port type (2q2t, 1q2t, 1q4t, or 1p1q4t) determines the number of threshold values the hardware supports. For example, with 2q2t and 1q2t, the number of thresholds specified is two; with 1q4t and 1p1q4t, the number of thresholds specified is four. Due to the granularity of programming the hardware, the values set in hardware will be close approximations of the values provided.

The number preceding the q letter in the port type determines the number of the queues that the hardware supports. For example, with 2q2t, the number of queues specified is two; with 1q2t, 1q4t and 1p1q4t, the number of queues specified is one. The system defaults for the transmit queues attempt to keep the maximum latency through a port at a maximum of 10 milliseconds.

The number preceding the p letter in the 1p1q4t port types determines the threshold in the priority queue.

When you configure the drop threshold for 1p1q4t, the drop threshold for the second queue is 100 percent and is not configurable.

The thresholds are all specified as percentages; 10 indicates a threshold when the buffer is 10 percent full.

The single-port ATM OC-12 module does not support transmit-queue drop thresholds.

Examples

This example shows how to assign the transmit-queue drop threshold:
Console> (enable) set qos drop-threshold 2q2t tx queue 1 40 80
Transmit drop thresholds for queue 1 set at 40% and 80%
Console> (enable) 
These examples show how to assign the receive-queue drop threshold:
Console> (enable) set qos drop-threshold 1q4t rx queue 1 40 50 60 100
Receive drop thresholds for queue 1 set at 40% 50% 60% 100%
Console> (enable) 
Console> (enable) set qos drop-threshold 1p1q4t rx queue 1 40 50 60 100
Receive drop thresholds for queue 1 set at 40% 50% 60% 100%
Console> (enable) 
Related Commands

show qos info

set qos dscp-cos-map

To set the DSCP-to-CoS mapping, use the set qos dscp-cos-map command.

set qos dscp-cos-map dscp_list:cos_value ...
Syntax Description

dscp_list

Number of the DSCP; valid values are from 0 to 63.

cos_value...

Number of the CoS; valid values are from 0 to 7.

Defaults

The default DSCP-to-CoS configuration is listed in Table 2-17.

Table 2-17 DSCP-to-CoS Mapping

DSCP

0 to 7

8 to 15

16 to 23

24 to 31

32 to 39

40 to 47

48 to 55

56 to 63

CoS

0

1

2

3

4

5

6

7

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map determines the output queue and threshold to which the packet is assigned. The CoS map is written into the ISL header or 802.1Q tag of the transmitted packet on trunk ports and contains a table of 64 DSCP values and their corresponding CoS values. The switch has one map.

This command is supported on systems configured with a Layer 3 switching engine only.

Examples

This example shows how to set the DSCP-to-CoS mapping:
Console> (enable) set qos dscp-cos-map 20-25:7 33-38:3
QoS dscp-cos-map set successfully.
Console> (enable)
Related Commands

clear qos map
show qos maps

set qos ipprec-dscp-map

To set the IP precedence-to-DSCP map, use the set qos ipprec-dscp-map command. This command applies to all packets and all ports.

set qos ipprec-dscp-map dscp1 ... dscp8
Syntax Description

dscp1#

Number of the IP precedence value; up to eight values can be specified.

Defaults

The default IP precedence-to-DSCP configuration is listed in Table 2-18.

Table 2-18 IP Precedence-to-DSCP Mapping

IPPREC

0

1

2

3

4

5

6

7

DSCP

0

8

16

24

32

40

48

56

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Use this command to map the IP precedence of IP packets arriving on trusted ports (or flows) to a DSCP when the trust type is trust-ipprec. This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The switch has one map. The IP precedence values are as follows:

•network 7

•internet 6

•critical 5

•flash-override 4

•flash 3

•immediate 2

•priority 1

•routine 0

This command is supported on systems configured with a Layer 3 switching engine only.

Examples

This example shows how to assign IP precedence-to-DSCP mapping and return to the default:
Console> (enable) set qos ipprec-dscp-map 20 30 1 43 63 12 13 8
QoS ipprec-dscp-map set successfully.
Console> (enable) 
Related Commands

clear qos ipprec-dscp-map
show qos maps

set qos mac-cos

To set the CoS value to the MAC address and VLAN pair, use the set qos mac-cos command.

set qos mac-cos dest_mac vlan cos
Syntax Description

dest_mac

MAC address of the destination host.

vlan

Number of the VLAN; valid values are from 1 to 1001 and from 1025 to 4094.

cos

CoS value; valid values are from 0 to 7, higher numbers represent higher priority.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command has no effect on a switch configured with a PFC since the Layer 3 switching engine's result always overrides the Layer 2 result. Instead, use the set qos acl command.

The set qos mac-cos command creates a permanent CAM entry in the CAM table until you reset the active supervisor engine.

The port associated with the MAC address is learned when the first packet with this source MAC address is received. These entries do not age out.

The CoS for a packet going to the specified MAC address is overwritten even if it is coming from a trusted port.

If you enter the show cam command, entries made with the set qos mac-cos command display as dynamic because QoS considers them to be dynamic, but they do not age out.

Examples

This example shows how to assign the CoS value 3 to VLAN 2:
Console> (enable) set qos mac-cos 0f-ab-12-12-00-13 2 3
CoS 3 is assigned to 0f-ab-12-12-00-13 vlan 2.
Console> (enable) 
Related Commands

clear qos mac-cos
show qos mac-cos

set qos map

To map a specific CoS value to the transmit- or receive-priority queues and the thresholds per available priority queue for all ports, use the set qos map command.

set qos map port_type tx | rx q# thr# cos coslist
set qos map port_type tx | rx q# cos coslist
Syntax Description

port_type

Port type; valid values are 2q2t, 1p2q2t, 1p3q1t, and 1p2q1t for transmit and 1q2t, 1p1q4t, 1p1q0t, and 1p1q8t, 2q8t for receive. See the "Usage Guidelines" section for additional information.

tx

Specifies the transmit queue.

rx

Specifies the receive queue.

q#

Value determined by the number of priority queues provided at the transmit or receive end; valid values are 1 and 2, with the higher value indicating a higher priority queue.

thr#

Value determined by the number of drop thresholds available at a port; valid values are 1and 2, with the higher value indicating lower chances of being dropped.

cos coslist

Specifies CoS values; valid values are from 0 through 7, with the higher numbers representing a higher priority.

Defaults

The default mappings for all ports are shown in Table 2-19 and Table 2-20.

Table 2-19 CoS-to-Queue-to-Threshold Mapping (TX)

Queue

Threshold

Cos Values¹

QoS enabled

1

1

0, 1

2

1

2, 3, 4

3

1

6, 7

4

0

5

QoS disabled

1

0

0, 1, 2, 3, 4, 5 ,6, 7

¹All CoS values, except CoS 5, are mapped to WRED. CoS 5, which is mapped to queue 4 does not have an associated WRED threshold.

Table 2-20 CoS-to-Queue Mapping (RX)

Queue

COS Values

QoS enabled

1

0, 1, 2, 3, 4, 6, 7

2

5

QoS disabled

1

0, 1, 2, 3, 4, 5, 6, 7

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter the set qos map port_type tx | rx q# cos coslist command, the following is a list of possible port types available:

•tx port_type = 1p3q1t and 1p2q1t

•rx port_type = 1p1q0t and 2q8t

You can enter the cos_list variable as a single CoS value, multiple noncontiguous CoS values, a range of CoS values, or a mix of values. For example, you can enter any of the following: 0, or 0,2,3, or 0-3,7.

The priority queue number is 4 for transmit and queue number 2 for receive.

When specifying the priority queue for the 1p2q2t port type, the priority queue number is 3 and the threshold number is 1.

The receive- and transmit-drop thresholds have this relationship:

•Receive-queue 1 (standard) threshold 1 = transmit-queue 1 (standard low priority) threshold 1

•Receive-queue 1 (standard) threshold 2 = transmit-queue 1 (standard low priority) threshold 2

•Receive-queue 1 (standard) threshold 3 = transmit-queue 2 (standard high priority) threshold 1

•Receive-queue 1 (standard) threshold 4 = transmit-queue 2 (standard high priority) threshold 2

Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional usage guidelines.

Examples

This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop threshold in that queue:
Console> (enable) set qos map 2q2t tx 1 1 cos 1,2,5
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable) 
This example shows how to assign the CoS values to queue 1 and threshold 2 in that queue:
Console> (enable) set qos map 2q2t tx 1 2 cos 3-4,7
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable) 
This example shows how to map the CoS value 5 to strict-priority transmit-queue 3/drop-threshold 1:
Console> (enable) set qos map 1p2q2t tx 3 1 cos 5
Qos tx strict queue and threshold mapped to cos successfully.
Console> (enable) 
Related Commands

clear qos map
show qos info

set qos policed-dscp-map

To set the mapping of policed in-profile DSCPs, use the set qos policed-dscp-map command.

set qos policed-dscp-map [normal | excess] in_profile_dscp:policed_dscp...
Syntax Description

normal

(Optional) Specifies normal rate policers.

excess

(Optional) Specifies excess rate policers.

in_profile_dscp

Number of the in-profile DSCP; valid values are from 0 through 63.

:policed_dscp

Number of the policed DSCP; valid values are 0 through 63.

Defaults

The default map is no markdown.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can enter in_profile_dscp as a single DSCP, multiple DSCPs, or a range of DSCPs (for example, 1 or 1,2,3 or 1-3,7).

The colon between in_profile_dscp and policed_dscp is required.

This command is supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2) only.

Examples

This example shows how to set the mapping of policed in-profile DSCPs:
Console> (enable) set qos policed-dscp-map 60-63:60 20-40:5
QoS policed-dscp-map set successfully.
Console> (enable) 
Related Commands

clear qos policed-dscp-map
show qos maps
show qos policer

set qos policer

To create a policing rule for ACL, use the set qos policer command.

set qos policer {microflow microflow_name} {rate rate} {burst burst} {drop | policed-dscp}
set qos policer {aggregate aggregate_name} {rate rate} {burst burst} {drop | policed-dscp}
set qos policer {aggregate aggregate_name} {rate rate} policed-dscp {erate erate} {drop | policed-dscp} burst burst [eburst eburst]
Syntax Description

microflow microflow_name

Specifies the name of the microflow policing rule.

rate rate

Specifies the average rate; valid values are 0 and from 32 kilobits per second to 32 gigabits per second.

burst burst

Specifies the burst size; valid values are 1 to 32000 kilobits.

drop

Specifies drop traffic.

policed-dscp

Specifies policed DSCP.

aggregate aggregate_name

Specifies the name of the aggregate policing rule.

erate erate

Specifies the excess rate value; valid values are 0 and from 32 kilobits per second to 8 gigabits per second.

eburst eburst

(Optional) Specifies the excess burst size; valid values are 1 to 32000 kilobits.

Defaults

The default is no policing rules or aggregates are configured.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Before microflow policing can occur, you must define a microflow policing rule. Policing allows the switch to limit the bandwidth consumed by a flow of traffic.

The Catalyst 6500 series switch supports up to 63 microflow policing rules. When a microflow policer is used in any ACL that is attached to any port or VLAN, the NetFlow flow mask is increased to full flow.

Before aggregate policing can occur, you must create an aggregate and a policing rule for that aggregate. The Catalyst 6500 series switch supports up to 1023 aggregates and 1023 policing rules.

When both normal and excess rates are zero, you can specify any burst size. If the normal rates and excess rates are zero, the value is ignored and set internally by hardware.

The excess rate must be greater than or equal to the normal rate.

The set qos policer aggregate command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the microflow microflow_name rate rate burst burst, the range for the average rate is 32 kilobits per second to 8 gigabits per second, and the range for the burst size is 1 kilobit (entered as 1) to 32 megabits (entered as 32000). The burst can be set lower, higher, or equal to the rate. Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the switch if that entry is currently being used.

Note We recommend a 32-kilobit minimum value burst size. Due to the nature of the traffic at different customer sites, along with the hardware configuration, smaller values occasionally result in lower rates than the specified rate. If you experiment with smaller values but problems occur, increase the burst rate to this minimum recommended value.

When you modify an existing microflow or aggregate rate limit, that entry in NVRAM is modified, as well as in the switch if it is currently being used.

When you enter the policing name, follow these naming conventions:

•Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.)

•Must start with an alpha character and must be unique across all ACLs of all types

•Case sensitive

•Cannot be a number

•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer

The burst keyword and the burst value and the optional eburst keyword and the eburst value set the token bucket sizes. To sustain a specific rate, set the token bucket size to be at least the rate divided by 4000, because tokens are removed from the bucket every 1/4000th of a second (0.25 milliseconds) and the bucket needs to be at least as large as the burst size to sustain the specified rate.

If you do not enter the eburst keyword and the eburst value, QoS sets both token buckets to the size configured with the burst keyword and the burst value.

Examples

This example shows how to create a microflow policing rule for ACL:
Console> (enable) set qos policer microflow my-micro rate 1000 burst 10000 policed-dscp
QoS policer for microflow my-micro set successfully.
Console> (enable) 
These examples show how to create an aggregate policing rule for ACL:
Console> (enable) set qos policer aggregate my-agg rate 1000 burst 2000 drop
QoS policer for aggregate my-aggset successfully.
Console> (enable) 
Console> (enable) set qos policer aggregate test3 rate 64 policed-dscp erate 128 drop burst 96
QoS policer for aggregate test3 created successfully.
Console> (enable) 
Related Commands

clear qos policer
show qos policer

set qos policy-source

To set the QoS policy source, use the set qos policy-source command.

set qos policy-source local | cops
Syntax Description

local

Sets the policy source to local NVRAM configuration.

cops

Sets the policy source to COPS-PR configuration.

Defaults

The default is all ports are set to local.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you set the policy source to local, the QoS policy is taken from local configuration stored in NVRAM. If you set the policy source to local after it was set to cops, the QoS policy reverts back to the local configuration stored in NVRAM.

When you set the policy source to cops, all global configurations to the device, such as the DSCP-to-marked-down DSCP, is taken from policy downloaded to the policy enforcement point (PEP) by the policy decision point (PDP). Configuration of each physical port, however, is taken from COPS-PR only if the policy source for that port has been set to cops.

Examples

This example shows how to set the policy source to COPS-PR:
Console> (enable) set qos policy-source cops
QoS policy source for the switch set to COPS.
Console> (enable) 
This example shows how to set the policy source to local NVRAM:
Console> (enable) set qos policy-source local
QoS policy source for the switch set to local.
Console> (enable) 
This example shows the output if you attempt to set the policy source to COPS-PR and no COPS-PR servers are available:
Console> (enable) set qos policy-source cops
QoS policy source for the switch set to COPS.
Warning: No COPS servers configured. Use the `set cops server' command
to configure COPS servers.
Console> (enable) 
Related Commands

clear qos config
show qos policy-source

set qos rsvp

To turn on or turn off the RSVP feature on the switch, to set the time in minutes after which the RSVP databases get flushed (when the policy server dies), and to set the local policy, use the set qos rsvp command.

set qos rsvp enable | disable
set qos rsvp policy-timeout timeout
set qos rsvp local-policy forward | reject
Syntax Description

enable

Activates the RSVP feature.

disable

Deactivates the RSVP feature.

policy-timeout timeout

Specifies the time in minutes after which the RSVP databases get flushed; valid values are from 1 to 65535 minutes.

local-policy forward | reject

Specifies the policy configuration local to the network device to either accept existing flows and forward them or not accept new flows.

Defaults

The default is the RSVP feature is disabled, policy-timeout is 30 minutes, and local policy is forward.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The local policy guidelines are as follows:

•There is no connection with the policy server.

•New flows that come up after connection with the policy server have been lost.

•Old flows that come up after the PDP policy times out.

Examples

This example shows how to enable RSVP:
Console> (enable) set qos rsvp enable
RSVP enabled. Only RSVP qualitative service supported.
QoS must be enabled for RSVP.
Console> (enable) 
This example shows how to disable RSVP:
Console> (enable) set qos rsvp disable
RSVP disabled on the switch.
Console> (enable) 
This example shows how to set the policy timeout interval:
Console> (enable) set qos rsvp policy-timeout 45
RSVP database policy timeout set to 45 minutes.
Console> (enable) 
This example shows how to set the policy timeout interval:
Console> (enable) set qos rsvp local-policy forward
RSVP local policy set to forward.
Console> (enable) 
Related Commands

show qos rsvp

set qos rxq-ratio

To set the amount of packet buffer memory allocated to high-priority incoming traffic and low-priority incoming traffic, use the set qos rxq-ratio command.

set qos rxq-ratio port_type queue1_val queue2_val... queueN_val
Syntax Description

port_type

Port type; valid value is 1p1q0t and 1p1q8t.

queue1_val

Percentage of low-priority traffic; valid values are from 1 to 99 and must total 100 with the queue2_val value.

queue2_val

Percentage of high-priority traffic; valid values are from 1 to 99 and must total 100 with the queue1_val value.

queueN_val

Percentage of strict-priority traffic; valid values are from 1 to 99 and must total 100 with the queue1_val and queue1_val values.

Defaults

The default is 80:20 (queue 1 and queue 2) if you enable QoS and 100:0 (queue 1 and queue 2) if you disable QoS.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Caution Use caution when using this command. When entering the set qos rxq-ratio command, all ports go through a link up and link down condition.

The values set in hardware are close approximations of the values provided. For example, if you specify 0 percent, the actual value programmed is not necessarily 0.

The rxq ratio is determined by the traffic mix in the network. High-priority traffic is typically a smaller fraction of the traffic. Because the high-priority queue gets more service, you should set the high-priority queue lower than the low-priority queue.

The strict-priority queue requires no configuration.

For the strict-priority queue on 1p1q8t ingress ports, the minimum valid value is 3 percent.

Examples

This example shows how to set the receive-queue size ratio:
Console> (enable) set qos rxq-ratio 1p1q0t 80 20
QoS rxq-ratio is set successfully.
Console> (enable)
Related Commands

show qos info

set qos statistics export

To globally enable or disable statistics data gathering from hardware, use the set qos statistics export command.

set qos statistics export {enable | disable}
Syntax Description

enable

Enables statistics data gathering.

disable

Disables statistics data gathering.

Defaults

The default is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Statistics polling does not occur if statistics are disabled, regardless of any other settings.

You must designate an export destination prior to entering this command. If an export destination is not set, this message is displayed:
Warning: Export destination not set. Use the `set qos statistics export destination' 
command to configure the export destination.
Examples

This example shows how to enable statistics polling:
Console> (enable) set qos statistics export enable
QoS statistics export enabled.
Export destination: Stargate, port 9996
Console> (enable)
Related Commands

show qos statistics export info

set qos statistics export aggregate

To enable or disable statistics data export on an aggregate policer, use the set qos statistics export aggregate command.

set qos statistics export aggregate name {enable | disable}
Syntax Description

name

(Optional) Name of the policer.

enable

Enables statistics data export for the named aggregate policer.

disable

Disables statistics data export for the named aggregate policer.

Defaults

The default is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

To export data, you need to enable statistics on the port. You also must globally enable statistics and data export. (See the set qos statistics export command.)

This command is supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2) only.

Examples

This example shows how to enable statistics export:
Console> (enable) set qos statistics export aggregate ipagg_3 enable
Statistics data export enabled for aggregate policer ipagg_3.
Export destination: 172.20.15.1 (Stargate), port 9996
Console> (enable)
Related Commands

set qos statistics export
show mac
show qos statistics export info

set qos statistics export destination

To specify the statistics data export destination address, use the set qos statistics export destination command.

set qos statistics export destination {host_name | host_ip} [port]
set qos statistics export destination {host_name | host_ip} [syslog [{facility severity}]]
Syntax Description

host_name

Host name.

host_ip

Host IP address.

port

(Optional) UDP port number.

syslog

(Optional) Specifies the syslog port.

facility

(Optional) Value to specify the type of facility to export; see the "Usage Guidelines" section for a list of valid values.

severity

(Optional) Value to specify the severity level to export; see the "Usage Guidelines" section for a list of valid values.

Defaults

The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:

•port is 514

•facility is local6

•severity is debug

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Valid facility values are kern, user, mail, daemon, auth, lpr, news, uucp, cron, local0, local1, local2, local3, local4, local5, local6, and local7.

Valid severity levels are emerg, alert, crit, err, warning, notice, info, and debug.

Examples

This example shows how to specify the statistics data export destination address:
Console> (enable) set qos statistics export destination stargate 9996
Statistics data export destination set to stargate port 9996.
Console> (enable)
Related Commands

set qos statistics export
show qos statistics export info

set qos statistics export interval

To specify how often a port or aggregate policer statistics data is read and exported, use the set qos statistics export interval command.

set qos statistics export interval interval
Syntax Description

interval

Export time interval; valid values are from 30 seconds to 65535 seconds.

Defaults

The default is 30 seconds.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the export interval:
Console> (enable) set qos statistics export interval 35
Statistics export interval set to 35 seconds.
Console> (enable) 
Related Commands

show qos statistics export info

set qos statistics export port

To enable or disable statistics data export on a port, use the set qos statistics export port command.

set qos statistics export port mod/port {enable | disable}
Syntax Description

mod/port

(Optional) Number of the module and the port on the module.

enable

Enables statistics data export.

disable

Disables statistics data export.

Defaults

The default is disabled.

Command Types

Switch command.

Command Modes

Normal.

Usage Guidelines

For data export to be performed, you should enable statistics on the aggregate policer as well. You must globally enable statistics and data export (see the set qos statistics export command).

Examples

This example shows how to enable statistics export on a port:
Console> (enable) set qos statistics export port 2/5 enable
Statistics data export enabled on port 2/5.
Console> (enable)
Related Commands

show qos statistics export info

set qos txq-ratio

To set the amount of packet buffer memory allocated to high-priority traffic and low-priority traffic, use the set qos txq-ratio command.

set qos txq-ratio port_type queue1_val queue2_val... queueN_val
Syntax Description

port_type

Port type; valid values are 2q2t, 1p2q2t, and 1p2q1t.

queue1_val

Percentage of low-priority traffic; valid values are from 1 to 99 and must total 100 with the queue2_val value.

queue2_val

Percentage of high-priority traffic; valid values are from 1 to 99 and must total 100 with the queue1_val value.

queueN_val

Percentage of strict-priority traffic; valid values are from 1 to 99 and must total 100.

Defaults

The default for 2q2t is 80:20 if you enable QoS and 100:0 if you disable QoS. The default for 1p2q2t is 70:15:15 if you enable QoS and 100:0:0 if you disable QoS.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Caution Use caution when using this command. When entering the set qos txq-ratio command, all ports go through a link up and down condition.

The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0.

The txq ratio is determined by the traffic mix in the network. Because high-priority traffic is typically a smaller fraction of the traffic and because the high-priority queue gets more service, you should set the high-priority queue lower than the low-priority queue.

The strict-priority queue requires no configuration.

For the strict-priority queue on 1p2q1t egress ports, the minimum valid value is 5 percent.

Examples

This example shows how to set the transmit-queue size ratio:
Console> (enable) set qos txq-ratio 2q2t 75 25
QoS txq-ratio is set successfully.
Console> (enable) 
Related Commands

show qos info

set qos wred

To configure the WRED threshold parameters for the specified port type, use the set qos wred command.

set qos wred port_type [tx] queue q# {[thr1Lo:]thr1Hi} {[thr2Lo:]thr2Hi}...
Syntax Description

port_type

Port type; valid values are 1p2q2t, 1p2q1t, 1p3q1t, and 1p1q8t.

tx

(Optional) Specifies the parameters for output queuing.

queue q#

Keyword and variable to specify the queue to which the arguments apply; valid values are 1 through 3.

thr1Lo

(Optional) Percentage of the lower threshold size for the first WRED curve; valid values are 1 to 100.

thr1Hi

Percentage of the upper threshold size for the first WRED curve; valid values are 1 to 100.

thr2Lo

(Optional) Percentage of the lower threshold size for the second WRED curve; valid values are 1 to 100.

thr2Hi

Percentage of the upper threshold size for the second WRED curve; valid values are 1 to 100.

Defaults

The default thresholds are as follows:

•For 1p2q2t = 40:70 (threshold1) and 70:100 (threshold2) (low:high percentage)/queue

•For 1p3q1t = 70:100 (low:high)

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The queue values range from 1 to 3. Queue 4 is the strict-priority queue and does not have an associated WRED threshold. The thresholds are all specified as percentages ranging from 1 to 100. A value of 10 indicates a threshold when the buffer is 10 percent full.

The colon between the low and high threshold values is required.

Examples

This example shows how to configure lower and upper threshold values for queue 1:
Console> (enable) set qos wred 1p2q2t queue 1 20:60 40:90
WRED thresholds for queue 1 set to 20:60 and 40:90 on all WRED-capable 1p2q2t ports.
Console> (enable) 
This example shows how to configure the upper threshold value for queue 1:
Console> (enable) set qos wred 1p3q1t tx queue 1 20   
WRED thresholds for queue 1 set to 0:20 on all WRED-capable 1p3q1t ports.
Console> (enable) 
Related Commands

clear qos config
show qos info

set qos wrr

To specify the weights that determine how many packets will transmit out of one queue before switching to the other queue, use the set qos wrr command.

set qos wrr port_type queue1_val queue2_val...
Syntax Description

port_type

Port type; valid values are 2q2t, 1p2q2t, 1p3q1t, and 1p2q1t.

queue#_val

Number of weights for queues 1, 2, or 3; valid values are from 1 to 255.

Defaults

The default WRR with QoS enabled for port type 1p3q1t is as follows:

•Queue 1 = 100

•Queue 2 = 150

•Queue 3 = 200

With QoS disabled, the default is 255 for all three queues.

The default WRR for port types 2q2t and 1p2q2t is 4:255.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The WRR weights are used to partition the bandwidth between the queues in the event all queues are not empty. For example, weights of 1:3 mean that one queue gets 25 percent of the bandwidth and the other gets 75 percent as long as both queues have data.

Weights of 1:3 do not necessarily lead to the same results as when the weights are 10:30. In the latter case, more data is serviced from each queue and the latency of packets serviced from the other queue goes up. For best results, set the weights so that at least one packet (maximum size) can be serviced from the lower priority queue at a time. For the higher priority queue, set the weights so that multiple packets are serviced at any one time.

The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0. Whatever weights you choose, make sure that the resulting byte values programmed (see the show qos info command with the runtime keyword) are at least equal to the MTU size.

The ratio achieved is only an approximation of what you specify since the cutoff is on a packet and midway through a packet. For example, if you specify that the ratio services 1000 bytes out of the low-priority queue, and there is a 1500-byte packet in the low-priority queue, the entire 1500-byte packet is transmitted because the hardware services an entire packet.

For 1p2q2t and 2q2t, only two queues can be set; the third queue is strict priority.

For 1p3q1t, three queues can be set; a fourth queue is strict priority.

Examples

This example shows how to specify the weights for queue 1 and queue 2 to 30 and 70:
Console> (enable) set qos wrr 2q2t 30 70
QoS wrr ratio is set successfully.
Console> (enable) 
Related Commands

show qos info
show qos statistics

set radius attribute

To set attributes to the RADIUS ACCESS_REQUEST packet, use the set radius attribute command.

set radius attribute {number | name} include-in-access-req {enable | disable}
Syntax Description

number

Attribute number; valid value is 8.

name

Attribute name; valid value is framed-ip-address.

include-in-access-req

Sets attributes to the ACCESS_REQUEST packet.

enable | disable

Enables or disables the attribute.

Defaults

All RADIUS attributes are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set radius attribute command allows you to specify the transmission of certain optional attributes such as Framed-IP address, NAS-Port, Called-Station-Id, Calling-Station-Id and so on. You can set attribute transmission by either the attribute number or the attribute name.

Examples

This example shows how to specify and enable the Framed-IP address attribute by number:
Console> (enable) set radius attribute 8 include-in-access-req enable
Transmission of Framed-ip address in access-request packet is enabled.
Console> (enable) 
This example shows how to specify and disable the Framed-IP address attribute by name:
Console> (enable) set radius attribute framed-ip-address include-in-access-req disable
Transmission of Framed-ip address in access-request packet is disabled.
Console> (enable)
Related Commands

show radius

set radius deadtime

To set the time to skip RADIUS servers that do not reply to an authentication request, use the set radius deadtime command.

set radius deadtime minutes
Syntax Description

minutes

Length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes.

Defaults

The default is 0 minutes.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored since no alternate servers are available. By default, the deadtime is 0 minutes; the RADIUS servers are not marked dead if they do not respond.

Examples

This example shows how to set the RADIUS deadtime to 10 minutes:
Console> (enable) set radius deadtime 10
Radius deadtime set to 10 minutes.
Console> (enable) 
Related Commands

show radius

set radius key

To set the encryption and authentication for all communication between the RADIUS client and the server, use the set radius key command.

set radius key key
Syntax Description

key

Name of the key to authenticate the transactions between the RADIUS client and the server.

Defaults

The default of the key is set to null.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters; it can include any printable ASCII characters except tabs.

If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS server.

Examples

This example shows how to set the RADIUS encryption and authentication key to Make my day:
Console> (enable) set radius key Make my day
Radius key set to Make my day.
Console> (enable)
Related Commands

show radius

set radius retransmit

To specify the number of times the RADIUS servers are tried before giving up on the server, use the set radius retransmit command.

set radius retransmit count
Syntax Description

count

Number of times the RADIUS servers are tried before giving up on the server; valid values are from 1 to 100.

Defaults

The default is two times (three attempts).

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the retransmit attempts to 3:
Console> (enable) set radius retransmit 3
Radius retransmit count set to 3.
Console> (enable) 
Related Commands

show radius

set radius server

To set up the RADIUS server, use the set radius server command.

set radius server ipaddr [auth-port port] [acct-port port] [primary]
Syntax Description

ipaddr

Number of the IP address or IP alias in dot notation a.b.c.d.

auth-port port

(Optional) Specifies a destination User Datagram Protocol (UDP) port for RADIUS authentication messages.

acct-port port

(Optional) Specifies a destination UDP port for RADIUS accounting messages.

primary

(Optional) Specifies this server be contacted first.

Defaults

The default auth-port is 181, and the default acct-port is 1813.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you configure multiple RADIUS servers, the first server configured is the primary. Authentication requests are sent to this server first. You can specify a particular server as primary by using the primary keyword. You can add up to three RADIUS servers.

The ipaddr value can be entered as an IP alias or an