Table Of Contents

set macro ciscosmartports

set mac utilization load-interval

set mls agingtime

set mls bridged-flow-statistics

set mls cef load-balance

set mls cef maximum-routes

set mls cef per-prefix-statistics

set mls exclude protocol

set mls flow

set mls nde

set mls netflow-entry-create

set mls netflow-per-interface

set mls rate

set mls statistics protocol

set mls verify

set module

set module autoshut

set module name

set module power

set module shutdown

set msfcautostate

set msmautostate

set multicast ratelimit

set multicast router

set mvrp

set mvrp dynamic-VLAN creation

set ntp broadcastclient

set ntp broadcastdelay

set ntp client

set ntp server

set ntp summertime

set ntp timezone

set packet-capture

set packet-capture direction

set packet-capture dump-file

set packet-capture filter

set packet-capture limit

set packet-capture snap-length

set password

set pbf

set pbf arp-inspection

set pbf client

set pbf gw

set pbf-map

set pbf vlan

set policy

set poll

set port arp-inspection

set port auto-mdix

2

set macro ciscosmartports

To set the global Cisco SmartPorts template, use the set macro ciscosmartports command.

set macro ciscosmartports

Syntax Description

This command has no keywords or arguments

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you enter the set macro ciscosmartports global macro command, the following configuration is displayed:

set macro ciscosmartports

----------------------------------------------------

set udld enable

set errdisable-timeout enable udld

set errdisable-timeout enable duplex-mismatch

set errdisable-timeout enable channel-misconfig

set errdisable-timeout enable bpdu-guard

set errdisable-timeout interval 60

set cdp enable

set cdp version v2

set spantree mode rapid-pvst+

set spantree macreduction enable

set spantree portfast bpdu-guard enable

set spantree global-default loop-guard enable 

set qos autoqos

Examples

This example shows how to enable the Cisco SmartPorts global macro:

Console> (enable) set macro ciscosmartports

Console> (enable)

Related Commands

set port macro

set mac utilization load-interval

To set the MAC utilization load interval, use the set mac utilization load-interval command.

set mac utilization load-interval

Syntax Description

This command has no keywords or arguments

Defaults

The default is 300 seconds.

Command Types

Switch command.

Command Modes

Enabled.

Examples

This example shows how to set MAC utilization load-interval:

Console> (enable) set mac utilization load-interval

Set the mac utilization load interval(30 or 300 seconds)

Console> (enable) set mac utilization load-interval 30

Load interval set to 30 seconds.

Related Commands

show mac

clear mac utilization

set mls agingtime

To specify the MLS aging time of shortcuts to an MLS entry in the Catalyst 6500 series switches, use the set mls agingtime command.

set mls agingtime ip agingtime

set mls agingtime fast {fastagingtime} {pkt_threshold}

set mls agingtime long-duration {longagingtime}

Syntax Description

ip	Specifies IP MLS.
agingtime	MLS aging time of shortcuts to an MLS entry; valid values are from 1 to 1920 seconds.
fast	Specifies the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created.
fastagingtime	MLS aging time of shortcuts to an MLS entry; valid values are from 0 to 128 seconds.
pkt_threshold	Packet threshold value; valid values are from 0 to 127 packets.
long-duration	Sets the aging time for active flows.
longagingtime	MLS aging time of shortcuts to an MLS entry; valid values are 0 (to disable) and 8 to 1920 seconds.

Defaults

•The default IP agingtime is 16 seconds.

•The default fastagingtime is 0, no fast aging.

•The default pkt_threshold is 0.

•The default longagingtime is 320.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use the ip keyword, you are specifying a shortcut for IP MLS.

If you enter 0 for the fastagingtime value, fast aging is disabled.

If you do not specify fastagingtime or pkt_threshold, the default value is used.

If you enter any of the set mls commands on a Catalyst 6500 series switch without MLS, this warning message displays:

MLS not supported on feature card.

The fastagingtime value can be configured in the range of 0 to 128 seconds.

The default pkt_threshold value is 0. If you do not configure fastagingtime exactly the same for these values, it adjusts to the closest value. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively. (It means no packet switched within 32 seconds after the entry was created.)

The agingtime value applies to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. A typical example is the MLS entry destined to or sourced from a DNS or TFTP server. This entry may never be used again once it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed.

The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP.

Keep the number of MLS entries in the MLS cache below 32,000. If the number of MLS entries exceed 32,000, some flows (less than 1 percent) are sent to the router.

To keep the number of MLS cache entries below 32,000, decrease the aging time up to 8 seconds. If your switch has a lot of short flows used by only a few packets, then you can use fast aging.

If cache entries continue to exceed 32,000, decrease the normal aging time in 64-second increments from the 256-second default.

You can force an active flow to age out by entering the set mls agingtime long-duration command. You can specify the aging time of the active flow in the range of 64 to 1920 seconds in increments of 64.

Examples

These examples show how to set the aging time:

Console> (enable) set mls agingtime 512

IP Multilayer switching aging time set to 512 seconds.

Console> (enable)

This example shows how to set the fast aging time:

Console> (enable) set mls agingtime fast 32 0

Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 
packet switched.

Console> (enable) 

This example shows how to set the aging time for active flows:

Console> (enable) set mls agingtime long-duration 128

Multilayer switching agingtime set to 128 seconds for long duration flows 

Console> (enable)

Related Commands

clear mls statistics entry
show mls

set mls bridged-flow-statistics

To enable or disable statistics for bridged flows for specified VLANs, use the set mls bridged-flow-statistics command.

set mls bridged-flow-statistics {enable | disable} {vlanlist}

Syntax Description

enable	Enables statistics for bridged flows.
disable	Disables statistics for bridged flows.
vlanlist	Number of the VLAN or VLANs; valid values are 1 to 4094. See the "Usage Guidelines" section for more information.

Defaults

By default, bridged-flow statistics is disabled on all VLANs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can enter one or multiple VLANs. The following examples are valid VLAN lists: 1; 1,2,3; 1-3,7.

Bridged flows are exported through NDE when bridged flow statistics is enabled.

Examples

This example shows how to enable bridged-flow statistics on the specified VLANs:

Console> (enable) set mls bridged-flow-statistics enable 1-21

Netflow statistics is enabled for bridged packets on vlan(s) 1-21.

Console> (enable)

Related Commands

show mls nde
show mls entry
show mls statistics

set mls cef load-balance

To include or exclude Layer 4 ports in a load-balancing hash, use the set mls cef load-balance command.

set mls cef load-balance {full | source-destination-ip}

Syntax Description

full	Bases the hash on Layer 4 ports and source and destination IP addresses.
source-destination-ip	Bases the hash on source and destination IP addresses.

Defaults

By default, the load-balancing hash is based on source and destination IP addresses.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When multiple paths are available to reach a destination, the new hash is used to choose the path to be used for forwarding.

Examples

This example shows how to base the hash on Layer 4 ports and source and destination IP addresses:

Console> (enable) set mls cef load-balance full

Console> (enable)

This example shows how to base the hash on source and destination IP addresses:

Console> (enable) set mls cef load-balance source-destination-ip

Console> (enable)

Related Commands

show mls

set mls cef maximum-routes

To set the maximum number of routes that can be programmed in the FIB TCAM for a protocol, use the set mls cef maximum-routes command.

set mls cef maximum-routes {ip | ip-multicast} routes

Syntax Description

ip	Specifies IP MLS.
ip-multicast	Specifies IP multicasting MLS.
routes	Number of routes that can be programmed in the FIB TCAM.

Defaults

The routes argument is 0, which means that the system-determined bootup default is used:

•IP version 4 unicast—192,000.

•IP version 4 multicast—32,000.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is only available on the Supervisor Engine 720.

Routes that exceed the specified number of routes are not installed in the hardware. Packets that take those routes are switched by MSFC. The routes argument is a unit of 1,000 entries. Setting the routes argument to 0 returns the system to a system-determined default value.

When no protocols are set, an initial default value is assigned for each protocol. When at least one protocol is set, the default value for other unassigned protocols might change as the system tries to assign the remaining space to the unassigned protocols.

This command has the following characteristics:

•Changing the setting takes effect only after rebooting the active supervisor engine. The change does not take effect after a switchover.

•The setting on the standby supervisor engine is synchronized with the active supervisor engine. If the standby supervisor is inserted, both the bootup setting and new setting, if existing, on the active supervisor engine are synchronized with the standby supervisor engine. The standby supervisor engine uses the bootup setting to configure the FIB TCAM. The standby supervisor engine might need to be reset if its original bootup setting is different from the bootup setting of the active supervisor engine. An informational message (FIB_MAXROUTES_RESET) is printed on the active supervisor engine console if this situation occurs.

•To maximize the TCAM utilization, we recommend that you set the maximum routes for IP unicast as a multiple of 16,000 and set the maximum routes for IP multicast as a multiple of 8,000. The internal allocation scheme uses 16,000 as the allocation unit for unicast and 8,000 as the allocation unit for multicast. For example, if IP unicast is set to 1,000, 16,000 entries are reserved, but only 1,000 is allowed.

•When the maximum routes is exceeded or the allocated TCAM space for a protocol is full, a system message (FIB_ALLOC_TCAM_FULL) displays. Note that because of the internal software allocation scheme, the allocated TCAM space might be full before the maximum routes is exceeded.

---

Note The sum of the number of maximum routes for all protocols cannot exceed 256,000.

---

---

Note If the routes values for all protocols are set to 0, the bootup default is used. When you set the routes value for one protocol to a non-zero value, the default value for the other protocol changes to the remaining size.

---

Examples

This example shows how to set the maximum number of routes for IP unicast:

Console> (enable) set mls cef maximum-routes ip 220

Configuration change will take effect after next reboot.

Console> (enable)

Related Commands

show mls cef maximum-routes

set mls cef per-prefix-statistics

To set MLS CEF per-prefix statistics mode, use the set mls cef per-prefix statistics command.

set mls cef per-prefix statistics {enable | disable}

Syntax Description

enable	Enables per-prefix statistics for all FIB entries
disable	Disables per-prefix statistics for all FIB entries.

Defaults

MLS CEF per-prefix statistics mode is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When the set mls cef per-prefix-statistics command is enabled, the switch makes a best effort to allocate adjacencies with statistics for each prefix. Statistics for a prefix are computed by adding up the packet/byte counts of all the adjacencies that are associated with the prefix. Because only half of the adjacency table entries have statistics, all prefixes might not be associated with adjacencies that have statistics.

Examples

This example shows how to enable per-prefix statistics for all FIB entries:

Console> (enable) set mls cef per-prefix-stats enable

Per prefix stats is enabled

Console> (enable)

This example shows how to disable per-prefix statistics for all FIB entries:

Console> (enable) set mls cef per-prefix-stats disable

Per prefix stats is disabled

Console> (enable)

Related Commands

show mls

set mls exclude protocol

To exclude an MLS protocol port on a switch configured with the Supervisor Engine 1 with Layer 3 Switching Engine WS-F6K-PFC, use the set mls exclude protocol command. To exclude protocols from statistics gathering on switches configured with the Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2), use the set mls exclude protocol command.

set mls exclude protocol {tcp | udp | both} {port_number | port_name}

Syntax Description

tcp | udp | both	Specifies a TCP, UDP port, or that the port be applied to both TCP and UDP traffic.
port_number	Number of the protocol port; valid values are from 1 to 65535.
port_name	Name of the port; valid values are dns, ftp, smtp, telnet, x, www.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter any of the set mls commands on a Catalyst 6500 series switch without MLS, this warning message is displayed:

MLS not supported on feature card.

You can add a maximum of four protocol ports to the exclude table.

MLS exclusion is supported in full flow mode only.

If you enter x for the port name, this specifies the Layer 4 port used by the X-windows application.

Examples

This example shows how to exclude TCP packets on protocol port 6017:

Console> (enable) set mls exclude protocol tcp 6017

TCP packets with protocol port 6017 will be switched by RP.

Console> (enable)

This example shows how to exclude UDP packets on protocol port 6017:

Console> (enable) set mls exclude protocol udp 6017

TCP and UDP packets with protocol port 6017 will be switched by RP.

Console> (enable)

Related Commands

show mls

set mls flow

To specify the minimum flow mask used for MLS, use the set mls flow command. This command is needed to collect statistics for the supervisor engine.

set mls flow {destination | destination-source | full | null}

---

Caution Use this command carefully. This command purges all existing shortcuts and affects the number of active shortcuts. This command can increase the cache usage and increase the load on the router.

---

---

Caution Be extremely careful if you enter this command on a switch that already has a large number of shortcuts (greater than 16,000).

---

---

Caution Do not place this command in scripts that are frequently executed—changing the MLS flow mask purges all MLS cache entries.

---

Syntax Description

destination	Sets the minimum flow mask to destination flow.
destination-source	Sets the minimum flow mask to source flow.
full	Sets the minimum flow mask to an extended access list.
null	Clears the flow mask.

Defaults

In software release 8.5(1) and subsequent releases, null is the default action.

Before software release 8.5(1), if there are no access lists on any MLS-RP, the flow mask is set to destination flow.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command specifies the minimum MLS flow mask. Depending on the MLS-RP configuration, the actual flow mask used might be more specific than the specified minimum flow mask. For example, if you configure the minimum flow mask to destination-source, but an MLS-RP interface is configured with IP extended access lists, the actual flow mask used will be full.

If you configure a more specific flow mask (for example, destination-source or full), the number of active flow entries increases. To limit the number of active flow entries, you might need to decrease the MLS aging time.

This command is intended to be used for gathering very detailed statistics at the protocol port level—for example, when NetFlow data is exported to an RMON2 probe.

In software release 8.5(1) and subsequent releases, multiple flow masks are supported on the Supervisor Engine 720. Various RP features, such as NAT in the hardware, are also supported. Because of flow mask resolution requirements in NDE and NAT, if the NDE flow mask has been configured and you need to use NAT, the NDE flow mask must be cleared. To clear the flow mask, use the null keyword.

When the flow mask is set to null and no feature is driving a more specific flow mask, all the netflows will match the same null flow. The counters for that flow are incremented each time another flow hits it. When the flow mask is set to null and you enter the show mls stat entry command, the command output will show information about this null flow.

If NDE is enabled when the null option is configured, NDE will not export any flows.

If you uprade the software from software release 8.4 to release 8.5, the NVRAM configuration is preserved. You will not encounter issues during an upgrade from previous images to 8.5(1) or subsequent releases if the switch configuration mode is set to binary. In text configuration mode, if you had entered the destination keyword, then you must set the flow mask again after upgrade.

Examples

These examples show how to specify that only expired flows to subnet 171.69.194.0 are exported:

Console> (enable) set mls flow destination

Configured flow mask is set to destination flow.

Console> (enable) 

Console> (enable) set mls flow destination-source

Configured flow mask is set to destination-source flow.

Console> (enable) 

Console> (enable) set mls flow full

Configured flow mask is set to full flow.

Console> (enable) 

Related Commands

show config mode
show mls
show mls flowmask

set mls nde

To configure the NetFlow Data Export (NDE) feature in the Catalyst 6500 series switches to allow command-exporting statistics to be sent to the preconfigured collector, use the set mls nde command.

set mls nde {enable | disable}

set mls nde {collector_ip | collector_name} {udp_port_num}

set mls nde version {1 | 5 | 7 | 8}

set mls nde flow [exclude | include] [destination ip_addr_spec] [source ip_addr_spec]
[protocol protocol] [src-port src_port] [dst-port dst_port]

set mls nde {destination-ifindex | source-ifindex} {enable | disable}

Syntax Description

enable	Enables NDE.
disable	Disables NDE.
collector_ip	IP address of the collector if DNS is enabled.
collector_name	Name of the collector if DNS is enabled.
udp_port_num	Number of the UDP port to receive the exported statistics.
version	Specifies the version of the NDE; valid versions are 1, 5, 7, and 8.
1 | 5 | 7 | 8	Version of the NDE feature.
flow	Adds filtering to NDE.
exclude	(Optional) Allows exporting of all flows except the flows matching the given filter.
include	(Optional) Allows exporting of all flows matching the given filter.
destination	(Optional) Specifies the destination IP address.
ip_addr_spec	(Optional) Full IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit.
source	(Optional) Specifies the source IP address.
protocol	(Optional) Specifies the protocol type.
protocol	(Optional) Protocol type; valid values can be a number from 0 to 255 or ip, ipinip, icmp, igmp, tcp, or udp. 0 indicates "do not care."
src-port src_port	(Optional) Specifies the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care."
dst-port dst_port	(Optional) Specifies the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care."
destination-ifindex	Specifies destination ifIndex support.
source-ifindex	Specifies source ifIndex support.
enable	Enables ifIndex support.
disable	Disables ifIndex support.

Defaults

The defaults are Netflow Data Export version 7, and all expired flows are exported until the filter is specified explicitly. Destination ifIndex support and source ifIndex support are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter any set mls nde commands on a Catalyst 6500 series switch without MLS, this warning message is displayed:

mls not supported on feature card.

When you try to enable NDE and there are previously configured filtered flows on the switch, this warning message is displayed:

Console> (enable) set mls nde enable

Netflow export configured for port 80 on host 172.20.25.101

Netflow export enabled.

Warning!! There is a potential statistics mismatch due to existing excluded

protocols.

When you try to add a filter to exclude some protocol packets and NDE is currently enabled, this warning message is displayed:

Console> (enable) set mls nde flow exclude protocol tcp 80

Netflow tables will not create entries for TCP packets with protocol port 80.

Warning!! There's a potential statistics mismatch due to enabled NDE.

Before you use the set mls nde command for the first time, you must configure the host to collect MLS statistics. The host name and UDP port number are saved in NVRAM, so you do not need to specify them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector values in NVRAM do not clear when NDE is disabled because this command configures the collector but does not enable NDE automatically.

The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.

If the protocol is not tcp or udp, set the dst-port dst_port and src-port src_port values to 0; otherwise, no flows are displayed.

If you try to enable NDE without first specifying a collector, you see this display:

Console> (enable) set mls nde enable

Please set host name and UDP port number with `set mls nde <collector_name | collector_ip> 
<udp_port_number>'.

Console> (enable)

The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled.

In software releases before 8.3(1), only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is assumed to be an inclusion filter.

In software release 8.3(1) and later releases, the dual destination feature allows NetFlow export data to be sent to two destinations simultaneously. With this enhancement, you can set up two unique collectors. The same NetFlow data is exported to both the destinations. However, the count of the packets to the two collectors may differ depending on the time the two destinations were created. The count of the packets sent to the individual collectors is maintained separately. Apart from the count, the other NetFlow parameters for both the destinations are the same.

NDE cannot be enabled unless a collector is set up. Both the primary and secondary destinations should be set up before enabling NDE. The secondary destination IP address and port number cannot be equal to the primary destination IP address and port number.

Use the following syntax to specify an IP subnet address:

•ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address of 8, 16, or 24 bits.

•ip_addr/subnet_mask—This is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as 172.22.253.1/255.255.252.00.

•ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet address as the ip_subnet_addr.

When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host name and UDP port number are saved in NVRAM and need not be specified again. If you specify a host name and UDP port, the new values overwrite the values in NVRAM. Collector values in NVRAM do not clear when you disable NDE.

If NDE is enabled when you set the MLS flow mask to null by entering the set mls flow null command, NDE will not export any flows.

Examples

This example shows how to set the NDE version to 5:

Console> (enable) set mls nde version 5

Multilayer switching netflow data export version set to 5

Console> (enable)

This example shows how to specify that only expired flows to a specific subnet are exported:

Console> (enable) set mls nde flow include destination 171.69.194.140/24

NDE destination filter set to 171.69.194.0/24

Console> (enable)

This example shows how to specify that only expired flows to a specific host are exported:

Console> (enable) set mls nde flow include destination 171.69.194.140

NDE destination filter set to 171.69.194.140/32.

Console> (enable)

This example shows how to specify that only expired flows from a specific subnet to a specific host are exported:

Console> (enable) set mls nde flow include destination 171.69.194.140/24 source 
171.69.173.5/24

NDE destination filter set to 171.69.194.0/24, source filter set to 171.69.173.0/24

Console> (enable)

This example shows how to specify that only flows from a specific port are exported:

Console> (enable) set mls nde flow include dst_port 23

NDE source port filter set to 23.

Console> (enable)

This example shows how to specify that only expired flows from a specific host that are of a specified protocol are exported:

Console> (enable) set mls nde flow include source 171.69.194.140 protocol 51

NDE destination filter set to 171.69.194.140/32, protocol set to 51.

Console> (enable)

This example shows how to specify that all expired flows except those from a specific host to a specific destination port are exported:

Console> (enable) set mls nde flow exclude source 171.69.194.140 dst_port 23

NDE destination filter set to 171.69.194.140/32, source port filter set to 23.

Flows matching the filter will be excluded. 

Console> (enable)

This example shows how to disable destination ifIndex support:

Console> (enable) set mls nde destination-ifindex disable

destination-index export has been disabled.

Console> (enable)

This example shows how to disable source ifIndex support:

Console> (enable) set mls nde source-ifindex disable

source-index export has been disabled.

Console> (enable)

This example shows how to specify an NDE collector when no other collectors have been configured:

Console> (enable) set mls nde 10.6.1.10 7772 

Number of collectors configured is 1

Netflow export configured for port 7772 on host 10.6.1.10

Netflow export is not enabled. Please enable it now.

Console> (enable)

This example shows how to specify an NDE collector when one collector has already been configured:

Console> (enable) set mls nde 10.6.1.10 7775 

Number of collectors configured is 2

Netflow export configured for port 7775 on host 10.6.1.10

Netflow export is not enabled. Please enable it now.

Console> (enable)

This example shows the message that displays if a collector with the same IP address and port already exists:

Console> (enable) set mls nde 10.6.1.10 7772

Collector Exists with same IP address and port Number 

Failed to set Netflow Data Export

Console> (enable)

This example shows the message that displays when two collectors have already been configured:

Console> (enable) set mls nde 10.6.1.10 7777

Collector Not set up

A maximum of 2 collectors allowed 

Please clear an exiting Collector first

Failed to set Netflow Data Collector.

Console> (enable)

Related Commands

clear mls nde flow
show mls
show mls nde

set mls netflow-entry-create

To specify the VLANs on which you can enable or disable the creation of NetFlow entries, use the set mls netflow-entry-create command.

set mls netflow-entry-create {enable | disable} vlan_list

Syntax Description

enable	Specifies that NetFlow entry creation can be enabled on the specified VLANs.
disable	Specifies that NetFlow entry creation cannot be enabled on the specified VLANs.
vlan_list	VLAN numbers; valid values are from 1 to 4094.

Defaults

This command is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The status of the creation of NetFlow entries on specific VLANs (whether this feature is enabled or disabled) is displayed as part of the show mls command output. The VLANs that have entry creation enabled are displayed as part of the VLANs that have the bridged flow statistics feature enabled.

NetFlow entries on the specified VLANs are not created until you enter the set mls netflow-per-interface enable command.

Related Commands

set mls netflow-per-interface
show mls

set mls netflow-per-interface

To enable or disable the creation of NetFlow entries on a per-VLAN basis, use the set mls netflow-per-interface command.

set mls netflow-per-interface {enable | disable}

Syntax Description

enable	Enables the creation of NetFlow entries on a per-VLAN basis.
disable	Disables the creation of NetFlow entries on a per-VLAN basis.

Defaults

This feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Entering the set mls netflow-per-interface disable command results in the creation of NetFlow entries for all VLANs.

If you enable this feature, NetFlow entries are created both for VLANs on which bridged-flow statistics is enabled and for VLANs on which NetFlow entry creation is enabled. Enabling this feature on specific VLANs causes bridged-flow statistics to be enabled automatically.

For example, if you enable Layer 3 per-VLAN entry creation on VLANs 100 and 200 and at the same time you want to enable bridged-flow statistics on VLANs 150 and 250, NetFlow entry creation and bridged-flow statistics are both enabled on all four VLANs. To collect only bridged-flow statistics for VLAN 150 and 250, you must disable the per-VLAN entry creation feature.

Use the set mls netflow-entry-create command to specify the VLANs for which NetFlow entry creation can be enabled or disabled.

Related Commands

set mls netflow-entry-create
show mls

set mls rate

To set the rate at which index-directed packets are sent to the MSFC, use the set mls rate command.

set mls rate kpps

Syntax Description

kpps	MLS rate in thousands of packets per second; valid values are from 0 to 700. See the "Usage Guidelines" section for more information.

Defaults

The kpps argument is 0.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You disable MLS rate limiting when you set the kpps argument to 0. When you disable MLS rate limiting, the switch bridges packets to the MSFC; packets are not index-directed.

Examples

This example shows how to set MLS rate limiting to 100 kpps:

Console> (enable) set mls rate 100

MLS rate limiting set to 100 Kpps

Console> (enable)

This example shows how to disable MLS rate limiting:

Console> (enable) set mls rate 0

MLS rate limiting disabled

Console> (enable)

Related Commands

show mls

set mls statistics protocol

To add protocols to the protocols statistics list, use the set mls statistics protocol command.

set mls statistics protocol protocol src_port

Syntax Description

protocol	Name or number of the protocol; valid values are from 1 to 255, ip, ipinip, icmp, igmp, tcp, and udp.
src_port	Number or type of the source port; valid values are from 1 to 65535, dns, ftp, smtp, telnet, x, and www.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you enter any set mls commands on a Catalyst 6500 series switch without MLS, this warning message is displayed:

MLS not supported on feature card.

You can configure a maximum of 64 ports using the set mls statistics protocol command.

If you enter x for the source port, this specifies the Layer 4 port used by the X-windows application.

Examples

This example shows how to set protocols for statistic collection:

Console> (enable) set mls statistics protocol 17 1934

Protocol 17 port 1934 is added to protocol statistics list.

Console> (enable) 

Related Commands

clear mls statistics entry
show mls statistics

set mls verify

To enable or disable checksum or packet checking based on packet length, use the set mls verify command.

set mls verify checksum {enable | disable}

set mls verify length ip inconsistent {enable | disable}

Syntax Description

checksum	Specifies IP checksum.
enable	Enables IP checksum.
disable	Disables IP checksum.
length	Specifies checking IP packets based on packet length.
ip	Specifies IP packet.
inconsistent	Specifies checking inconsistent packet length. See the "Usage Guidelines" section for more information.
enable	Enables checking IP packets based on packet length.
disable	Disables checking IP packets based on packet length.

Defaults

IP checksum is enabled.

Checking IP packets based on inconsistent packet length is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set mls verify command is available on Supervisor Engine 2 (WS-X6K-SUP2-2GE).

If you enable IP checksum or packet checking based on packet length, the Layer 3 ASIC drops Layer 3 error packets that it encounters. If you disable this feature, the packets are not dropped.

---

Note We recommend that you do not disable IP checksum or packet checking based on packet length unless you have a specific need to pass nonstandard packets.

---

Checking for inconsistent packet length means that the switch checks for an inconsistency between the physical length of the packet and the length coded in the packet.

Examples

This example shows how to enable IP checksum:

Console> (enable) set mls verify checksum enable

Ip checksum verification enabled

Console> (enable)

This example shows how to enable checking inconsistent IP packet length:

Console> (enable) set mls verify length ip inconsistent enable

Ip inconsistant length verification enabled

Console> (enable)

Related Commands

show mls verify

set module

To enable or disable a module, use the set module command.

set module enable | disable mod

Syntax Description

enable	Enables a module.
disable	Disables a module.
mod	Number of the module.

Defaults

The default is all modules are enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Avoid disabling a module when you are connected through a Telnet session; if you disable your session, you will disconnect your Telnet session.

If there are no other network connections to a Catalyst 6500 series switch (for example, on another module), you have to reenable the module from the console.

You can specify a series of modules by entering a comma between each module number (for
example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5).

The set module disable command does not cut off the power to a module, it only disables the module. To turn off power to a module, refer to the set module power command.

If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.

Examples

This example shows how to enable module 2:

Console> (enable) set module enable 2

Module 2 enabled.

Console> (enable)

This example shows how to disable module 3 when connected through the console port:

Console> (enable) set module disable 3

Module 3 disabled.

Console> (enable)

This example shows how to disable module 2 when connected through a Telnet session:

Console> (enable) set module disable 2

This command may disconnect your telnet session.

Do you want to continue (y/n) [n]? y

Module 2 disabled.

Console> (enable) 

Related Commands

show module

set module autoshut

To enable or disable automatic module shutdown, use the set module autoshut command.

set module autoshut {enable | disable} mod

Syntax Description

enable	Enables automatic module shutdown.
disable	Disables automatic module shutdown
mod	Module number.

Defaults

Automatic module shutdown is disabled. If enabled, the defaults are as follows:

•Frequency is three times.

•Period is 2 minutes.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can shut down a module manually using the set module disable or the set module power down commands.

After the module shuts down, you must reenable the module manually.

This command is supported on Ethernet modules only.

Each time a module shuts down by automatic module shutdown, the following SYSLOG message is sent to the configured logging destination:

%SYS-5-MOD_AUTOSHUT: Module 2 shutdown automatically, reset 4 times in last 5 minutes 
due to inband failure

Each time a module exceeds the reset frequency but occurs over a period greater than the configured period, the following SYSLOG message is sent to the configured logging destination:

%%SYS-4-MOD_AUTOSHUT_SLOW:Module 1 reset frequency exceeded threshold but over 46 
mins. Hence NOT powering down module

Examples

This example shows how to enable automatic module shutdown on a module:

Console> (enable) set module autoshut enable 2

Console> (enable)

This example shows how to disable automatic module shutdown on a module:

Console> (enable) set module autoshut disable 2

Console> (enable)

Related Commands

clear autoshut
set autoshut
show autoshut

set module name

To set the name for a module, use the set module name command.

set module name mod [mod_name]

Syntax Description

mod	Number of the module.
mod_name	(Optional) Name created for the module.

Defaults

The default is no module names are configured for any modules.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If no module name is specified, any previously specified name is cleared.

Use the set module name command to set the module for the MSM. Additional set module commands are not supported by the MSM.

Examples

This example shows how to set the name for module 1 to Supervisor:

Console> (enable) set module name 1 Supervisor

Module name set.

Console> (enable)

Related Commands

show module

set module power

To turn the power on or off to a module, use the set module power command.

set module power {up | down} mod [pm_option]

Syntax Description

up

T