S Commands

This chapter describes the system management commands that begin with S.

shut (ERSPAN)

form of this command.

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

ERSPAN session configuration mode

 
Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.

 
Usage Guidelines

This command does not require a license.

Examples

This example shows how to shut down an ERSPAN session:

switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# shut
switch(config-erspan-src)#
 

This example shows how to enable an ERSPAN session:

switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# no shut
switch(config-erspan-src)#
 

 
Related Commands

Command
Description

Enters the monitor configuration mode.

Displays the virtual SPAN or ERSPAN configuration.

 

snmp-server community

form of this command.

 
Syntax Description

SNMP community string. The name can be any alphanumeric string up to 32 characters.

(Optional) Specifies the group to which the community belongs. The name can be a maximum of 32 characters.

(Optional) Specifies read-only access with this community string.

(Optional) Specifies read-write access with this community string.

(Optional) Specifies the access control list (ACL) to filter SNMP requests. The name can be a maximum of 32 characters.

 
Command Default

None

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

5.2(1)N1(1)

IPv6 support added.

4.2(1)N1(1)

This command was introduced.

 
Usage Guidelines

You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops the request and sends a system message.

for more information on creating ACLs. The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community.

Examples

This example shows how to create an SNMP community string and assign an ACL to the community to filter SNMP requests:

switch(config)# snmp-server community public use-acl my_acl_for_public
switch(config)#
 

 
Related Commands

Command
Description

Displays the SNMP community strings.

snmp-server contact

form of this command.

 
Syntax Description

(Optional) String that describes the system contact information. The text can be any alphanumeric string up to 32 characters and cannot contain spaces.

 
Command Default

No system contact (sysContact) string is set.

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to set an SNMP contact:

switch(config)# snmp-server contact DialSystemOperatorAtBeeper#1235
switch(config)#
 

This example shows how to remove an SNMP contact:

switch(config)# no snmp-server contact DialSystemOperatorAtBeeper#1235
switch(config)#
 

 
Related Commands

Command
Description

Displays information about SNMP.

Sets the system location string.

snmp-server context

form of this command.

 
Syntax Description

SNMP context. The name can be any alphanumeric string up to 32 characters.

(Optional) Specifies a protocol instance. The name can be any alphanumeric string up to 32 characters.

(Optional) Specifies the virtual routing and forwarding (VRF) instance. The name is case sensitive, and can be a maximum of 32 alphanumeric characters.

Specifies the default VRF.

Specifies the management VRF.

(Optional) Specifies the topology. The name can be any alphanumeric string up to 32 characters.

 
Command Default

None

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

 
Usage Guidelines

command to map between SNMP contexts and logical network entities, such as protocol instances or VRFs.

Examples

This example shows how to map the public1 context to the default VRF:

switch(config)# snmp-server context public1 vrf default
switch(config)#
 

 
Related Commands

Command
Description

Displays the SNMP status.

Displays information about SNMP contexts.

snmp-server enable traps

form of this command.

 
Syntax Description

(Optional) Enables notifications for a AAA server state change.

(Optional) Specifies the AAA server state change.

(Optional) Enables Cisco Call Home notifications.

(Optional) Specifies the Cisco Call Home external event notification.

(Optional) Specifies the SMTP message send fail notification.

(Optional) Enables notifications for a change in the module status, fan status, or power status.

(Optional) Specifies the entity fan status change.

(Optional) Specifies the entity MIB change.

(Optional) Specifies the entity module inserted.

(Optional) Specifies the entity module removed.

(Optional) Specifies the entity module status change.

(Optional) Specifies the entity power out change.

(Optional) Specifies the entity power status change.

(Optional) Specifies the entity unrecognized module.

(Optional) Enables notifications for the Fibre Channel domain.

(Optional) Enables notifications for the name server.

(Optional) Enables notifications for the fabric configuration server.

(Optional) Enables notifications for the route to an N port.

(Optional) Enables notifications for the Fabric Shortest Path First (FSPF).

(Optional) Enables notifications for the license manager.

(Optional) Specifies the license expiry notification.

(Optional) Specifies the license expiry warning notification.

(Optional) Specifies the license file missing notification.

(Optional) Specifies that a notification is sent when no license needs to be installed for the feature.

(Optional) Enables notifications for uplink and downlink interfaces.

(Optional) Enables notifications for the redundancy framework.

(Optional) Specifies the Redundancy_Framework (RF) supervisor switchover MIB.

(Optional) Enables notifications for rising, falling, and high-capacity alarms.

(Optional) Specifies the RMON falling alarm.

(Optional) Specifies the high-capacity RMON falling alarm.

(Optional) Specifies the high-capacity RMON rising alarm.

(Optional) Specifies the RMON rising alarm.

(Optional) Enables RSCN notifications.

(Optional) Enables SNMP authentication notifications.

(Optional) Specifies the SNMP authentication trap.

(Optional) Enables notifications for VSANs.

vtp

(Optional) Enables notifications for a VLAN Trunking Protocol (VTP) domain.

(Optional) Enables zone notifications.

(Optional) Specifies the default zone behavior change notification.

(Optional) Specifies the merge failure notification.

(Optional) Specifies the merge success notification.

(Optional) Specifies the request reject notification.

(Optional) Specifies the unsupported member notification.

(Optional) Enables STPX MIB notifications.

(Optional) Enables SNMP STPX MIB InconsistencyUpdate notifications.

(Optional) Enables SNMP STPX MIB Loop InconsistencyUpdate notifications.

(Optional) Enables SNMP STPX MIB RootInconsistencyUpdate notifications.

 
Command Default

All notifications

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

5.0(2)N1(1)

Added support to enable SNMP traps for a VLAN Trunking Protocol (VTP) domain.

 
Usage Guidelines

command enables both traps and informs, depending on the configured notification host receivers.

Examples

This example shows how to enable SNMP notifications for the server state change:

switch(config)# snmp-server enable traps aaa
switch(config)#
 

This example shows how to disable all SNMP notifications:

switch(config)# no snmp-server enable traps
switch(config)#
 

 
Related Commands

Command
Description

Enables the Simple Network Management Protocol (SNMP) notifications on link traps.

Displays the SNMP notifications enabled or disabled.

snmp-server enable traps link

form of this command.

 
Syntax Description

(Optional) Type of notification to enable. If no type is specified, all notifications available on your device are sent. The notification type can be one of the following keywords:

  • IETF-extended-linkDown —Enables the Internet Engineering Task Force (IETF) extended link state down notification.
  • IETF-extended-linkUp —Enables the IETF extended link state up notification.
  • cisco-extended-linkDown —Enables the Cisco extended link state down notification.
  • cisco-extended-linkUp —Enables the Cisco extended link state up notification.
  • connUnitPortStatusChange —Enables the overall status of the connectivity unit Notification.
  • delayed-link-state-change —Enables the delayed link state change.
  • fcTrunkIfDownNotify —Enables the Fibre Channel Fabric Element (FCFE) link state down notification.
  • fcTrunkIfUpNotify —Enables the FCFE link state up notification.
  • fcot-inserted —Specifies that the Fibre Channel optical transmitter (FCOT) hardware has been inserted.
  • fcot-removed —Specifies that the FCOT has been removed.
  • linkDown —Enables the IETF Link state down notification.
  • linkUp —Enables the IETF Link state up notification.

 
Command Default

Disabled

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

 
Usage Guidelines

This command is disabled by default. Most notification types are disabled.

arguments, the default is to enable all notification types controlled by this command

Examples

This example shows how to enable the SNMP link trap notification on the switch:

switch(config)# snmp-server enable traps link
switch(config)#
 

This example shows how to disable the SNMP link trap notification on the switch:

switch(config)# no snmp-server enable traps link
switch(config)#
 

 
Related Commands

Command
Description

Displays the SNMP notifications enabled or disabled.

 

snmp-server globalEnforcePriv

form of this command.

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

The SNMP agent accepts SNMPv3 messages without authentication and encryption.

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to configure SNMP message encryption for all users:

switch(config)# snmp-server globalEnforcePriv
switch(config)#
 

This example shows how to remove SNMP message encryption for all users:

switch(config)# no snmp-server globalEnforcePriv
switch(config)#
 

 
Related Commands

Command
Description

Configures a new user to an SNMP group.

Displays the current SNMP sessions.

snmp-server host

form of this command.

 
Syntax Description

IPv4 or IPv6 address or DNS name of the SNMP notification host.

String sent with the notification operation. The string can be a maximum of 32 alphanumeric characters.

command.

Specifies the virtual routing and forwarding (VRF) instance. The name is case sensitive and can be a maximum of 32 alphanumeric characters.

Specifies the default VRF.

Specifies the management VRF.

Sends SNMP informs to this host.

Sends SNMP traps to this host.

keyword, one of the following must be specified:

  • 1 —SNMPv1.
  • 2c —SNMPv2C.
  • 3 —SNMPv3. The following three optional keywords can follow the version 3 keyword:

—Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication

keyword is not specified.

—Enables Data Encryption Standard (DES) packet encryption (also called “privacy”)

(Optional) Specifies the UDP port of the host to use. The port range is from 0 to 65535.

 
Command Default

Disabled

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

5.2(1)N1(1)

IPv6 support added.

4.1(3)N2(1)

This command was introduced.

 
Usage Guidelines

SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Therefore, informs are more likely to reach their intended destination.

Examples

This example shows how to sends the SNMP traps to the host specified by the IPv4 address 192.168.0.10. The community string is defined as my_acl_for_public.:

switch(config)# snmp-server community public use-acl my_acl_for_public
switch(config)# snmp-server host 192.168.0.10 my_acl_for_public
switch(config)#
 

This example shows how to send all inform requests to the host myhost.cisco.com using the community string my_acl_for_public:

switch(config)# snmp-server enable traps
switch(config)# snmp-server host myhost.cisco.com informs version 2c my_acl_for_public
switch(config)#
 

 
Related Commands

Command
Description

Displays information about the SNMP host.

snmp-server location

form of this command.

 
Syntax Description

(Optional) String that describes the system location information.

 
Command Default

No system location string is set.

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to set a system location string:

switch(config)# snmp-server location Building 3/Room 21
switch(config)#
 

This example shows how to remove the system location string:

switch(config)# no snmp-server location Building 3/Room 21
switch(config)#
 

 
Related Commands

Command
Description

Sets the SNMP system contact (sysContact) string.

snmp-server mib community-map

form of this command.

 
Syntax Description

String sent with the notification operation. The string can be a maximum of 32 alphanumeric characters.

command.

Specifies the SNMP context to be mapped to the logical network entity.

SNMP context. The name can be any alphanumeric string up to 32 characters.

 
Command Default

None

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to map an SNMPv2c community named my_acl_for_public to an SNMP context public1:

switch(config)# snmp-server mib community-map my_acl_for_public context public1
switch(config)#
 

This example shows how to remove the mapping of an SNMPv2c community to an SNMP context:

switch(config)# no snmp-server mib community-map my_acl_for_public context public1
switch(config)#
 

 
Related Commands

Command
Description

Configures an SNMP community.

Configures an SNMP context.

Displays the SNMP status.

snmp-server tcp-session

form of this command.

 
Syntax Description

(Optional) Specifies that one-time authentication for SNMP be enabled over the TCP session.

 
Command Default

Disabled

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to enable one-time authentication for SNMP over a TCP session:

switch(config)# snmp-server tcp-session auth
switch(config)#
 

This example shows how to disable one-time authentication for SNMP over a TCP session:

switch(config)# no snmp-server tcp-session auth
switch(config)#
 

 
Related Commands

Command
Description

Displays the SNMP status.

snmp-server user

form of this command.

 
Syntax Description

Name of the user on the host that connects to the agent. The name can be a maximum of 32 alphanumeric characters.

(Optional) Name of the group to which the user is associated. The name can be a maximum of 32 alphanumeric characters.

(Optional) Specifies that an authentication level setting will be initiated for the session.

(Optional) Specifies that the HMAC-MD5-96 authentication level be used for the session.

(Optional) Specifies that the HMAC-SHA-96 authentication level be used for the session.

(Optional) Authentication password for the user that enables the agent to receive packets from the host. The password can be a maximum of 130 characters.

(Optional) Specifies the SNMP engine ID.

(Optional) Specifies whether the passwords are in localized key format.

(Optional) The option that initiates a privacy authentication level setting session.

(Optional) Privacy password for the user that enables the host to encrypt the content of the message that it sends to the agent. The password can be a maximum of 130 characters.

(Optional) Specifies that a 128-bit AES algorithm for privacy be used for the session.

 
Command Default

None

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

4.1(3)N2(1)

This command was introduced.

Examples

This example shows how to configure an SNMP user named authuser with authentication and privacy parameters:

switch(config)# snmp-server user authuser publicsecurity auth sha shapwd priv aes-128
switch(config)#
 

This example shows how to delete an SNMP user:

switch(config)# no snmp-server user authuser
switch(config)#
 

 
Related Commands

Command
Description

Displays information about one or more SNMP users.

snmp trap link-status

form of this command.

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

Enabled

 
Command Modes

Virtual Ethernet interface configuration mode

 
Command History

Release
Modification

4.0(0)N1(1)

This command was introduced.

5.0(3)N1(1)

Support for Layer 3 interfaces was added.

5.1(3)N1(1)

Support for virtual Ethernet interfaces was added.

 
Usage Guidelines

By default, SNMP link traps are sent when a Layer 2 interface goes up or down. You can disable SNMP link trap notifications on an individual interface. You can use these limit notifications on a flapping interface (an interface that transitions between up and down repeatedly).

You can use this command on the following interfaces:

  • Layer 2 interface
  • Layer 3 interface

Note Use the no switchport command to configure an interface as a Layer 3 interface.

  • Virtual Ethernet interface

Examples

This example shows how to disable SNMP link-state traps for a specific Layer 2 interface:

switch(config)# interface ethernet 1/1
switch(config-if)# no snmp trap link-status
switch(config-if)#
 

This example shows how to enable SNMP link-state traps for a specific Layer 3 interface:

switch(config)# interface ethernet 1/5
switch(config-if)# no switchport
switch(config-if)# snmp trap link-status
switch(config-if)#
 

This example shows how to enable SNMP link-state traps for a specific Layer 2 interface:

switch(config)# interface ethernet 1/1
switch(config-if)# snmp trap link-status
switch(config-if)#
 

This example shows how to enable SNMP link-state traps for a specific virtual Ethernet interface:

switch(config)# interface vethernet 1
switch(config-if)# snmp trap link-status
switch(config-if)#
 

 
Related Commands

Command
Description

Configures a virtual Ethernet interface.

Configures an interface as a Layer 3 routed interface.

Displays the SNMP notifications, enabled or disabled.

 

source (SPAN, ERSPAN)

form of this command.

}

}

 
Syntax Description

Specifies the interface type to use as the source SPAN port.

Specifies the Ethernet interface to use as the source SPAN port. The slot number is from 1 to 255 and the port number is from 1 to 128.

Specifies the EtherChannel interface to use as the source SPAN port. The EtherChannel number is from 1 to 4096.

Specifies the virtual Ethernet interface to use as the source SPAN or ERSPAN port. The virtual Ethernet interface number is from 1 to 1048575.

(Optional) Specifies both ingress and egress traffic on the source port.

Note This keyword applies to the ERSPAN source port.

(Optional)Specifies only ingress traffic on the source port.

Note This keyword applies to the ERSPAN source port.

(Optional) Specifies only egress traffic on the source port.

Note This keyword applies to the ERSPAN source port.

Specifies the VLAN inteface to use as the source SPAN port. The range is from 1 to 3967 and 4048 to 4093.

Specifies the virtual storage area network (VSAN) to use as the source SPAN port. The range is from 1 to 4093.

 
Command Default

None

 
Command Modes

ERSPAN session configuration mode

 
Command History

Release
Modification

4.0(0)N1(1a)

This command was introduced.

5.0(2)N1(1)

Port Channel and SAN Port Channel interfaces can be configured as ingress or egress source ports.

The limit on the number of egress (TX) sources in a monitor session has been lifted.

5.1(3)N1(1)

Support for a virtual Ethernet interface and ERSPAN was added.

 
Usage Guidelines

) is a switched port that you monitor for network traffic analysis. In a single local SPAN session, you can monitor source port traffic such as received (Rx), transmitted (Tx), or bidirectional (both).

A source port can be an Ethernet port, port channel, SAN port channel, VLAN, or a VSAN port. It cannot be a destination port.


Note For Cisco NX-OS Release 4.2(1)N2(1) and earlier, the Cisco Nexus 5010 Switch and the Cisco Nexus 5020 Switch supports a maximum of two egress SPAN source ports.

Beginning with Cisco NX-OS Release 5.0(2)N2(1):

  • There is no limit to the number of egress SPAN source ports.
  • SAN Port Channel interfaces can be configured as ingress or egress source ports.
  • The limit on the number of egress (TX) sources in a monitor session has been lifted.
  • Port-channel interfaces can be configured as egress sources.

, the source traffic is analyzed for both directions.

Examples

This example shows how to configure an Ethernet SPAN source port:

switch# configure terminal
switch(config)# monitor session 9 type local
switch(config-monitor)# description A Local SPAN session
switch(config-monitor)# source interface ethernet 1/1
switch(config-monitor)#
 

This example shows how to configure a port channel SPAN source:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 5
switch(config-monitor)#
 

This example shows how to configure an ERSPAN source port to receive traffic on the port:

switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# source interface ethernet 1/5 rx
switch(config-erspan-src)#
 

 
Related Commands

Command
Description

Configures a destination SPAN port.

Creates a new SPAN session configuration.

Displays SPAN session configuration information.

Displays the running configuration information of a SPAN session.

 

switchport monitor rate-limit

form of this command.

]

 
Syntax Description

(Optional) Specifies that the rate limit is 1 GB.

 
Command Default

None

 
Command Modes

Interface configuration mode

 
Command History

Release
Modification

5.0(3)N1(1)

This command was introduced.

 
Usage Guidelines

This command is applicable to the following Cisco Nexus 5000 Series switches:

  • Cisco Nexus 5010 Series
  • Cisco Nexus 5020 Series

This command does not require a license.

Examples

This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:

switch(config)# interface ethernet 1/2
switch(config-if)# switchport monitor rate-limit 1G
switch(config-if)#
 

 
Related Commands

Command
Description

Displays information on all interfaces configured as switch ports.

Associates the isolated trunk port with the primary and secondary VLANs of a private VLAN.

 

switch-profile

form of this command.

 
Syntax Description

Name of the switch profile. The name is case sensitive, can be a maximum of 64 alphanumeric characters and can include an underscore and hyphen. The name cannot contain spaces or special characters.

Specifies that the switch profile be deleted with all local and peer configurations.

Specifies that the switch profile and all local configurations be deleted.

profile-only

Specifies that the switch profile only is to be deleted and no other configurations.

 
Command Default

None

 
Command Modes

Configuration synchronization mode

 
Command History

Release
Modification

5.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

Use this command to create a switch profile on each of the peer switches. You must use the same profile name on both the switches in the Cisco Fabric Services (CFS) peer configuration.


Note In this release of Cisco NX-OS, only a pair of switches can be configured as a peer.

You can configure only one active switch profile on each peer switch. If you create or configure a second switch profile, you see the following error message:

Error: Another switch profile already exists. Cannot configure more than one switch-profile.
 

The configuration that is made locally on the switch is synchronized and made available on the peer switch only after the connectivity is established between the peer switches and the configuration is verified and committed on the local switch.

You can configure a switch profile to include the interface configuration, quality of service (QoS), and virtual port channel (vPC) commands. FCoE commands are not supported on a switch profile.

When you delete a switch profile, you can choose to delete the local switch profile with the local configurations on the switch, delete the switch profile with the local configurations and configuration information in the peer, or delete the switch profile only while saving all other configuraiton information. The peer becomes unreachable.

Examples

This example shows how to create a switch profile named s5010 on switch 1 of the peer:

Peer A

switch# configure terminal
switch(config)# cfs ipv4 distribute
switch(config)# exit
switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile s5010
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
 

This example shows how to create a switch profile named s5010 on switch 2 of the peer:

Peer B

switch# configure terminal
switch(config)# cfs ipv4 distribute
switch(config)# exit
switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile s5010
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
 

This example shows how to delete a switch profile named s5010 and its local configuration on switch 1 of the peer:

Peer A

switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# no switch-profile s5010 local-config
switch(config-sync)#
 

 
Related Commands

Command
Description

Enters configuration synchronization mode.

Displays the switch profile created on the switch and its configuration revision.

Configures the peer switch for configuration synchronization.

system ethernet dom polling

form of this command.

 
Syntax Description

This command has no arguments or keywords

 
Command Default

Disabled

 
Command Modes

Configuration mode

 
Command History

Release
Modification

5.2(1)N1(5)

This command was introduced.

 
Usage Guidelines

Use this command to enable transceiver digital optical monitoring periodic polling.

Examples

This example shows how to enable transceiver digital optical monitoring periodic polling:

switch# configure terminal
switch(config)# system ethernet dom polling

 
Related Commands

Command
Description

Displays the status of transceiver digital optical monitoring periodic polling.