Cisco ME 3800X, ME 3600X, ME 3600X-24CX Switch Command Reference, Release 15.4(2)S
- Updated:
- February 18, 2018
Chapter: Cisco IOS Commands - aaa through reserved-only
- action
- aggregate interval
- aggregate interval burst-cycles
- alarm-contact
- archive download-sw
- archive tar
- bandwidth
- boot config-file
- boot helper
- boot helper-config-file
- boot manual
- boot private-config-file
- boot system
- channel-group
- channel-protocol
- class
- class-map
- clear ipc
- clear lacp
- clear logging onboard
- clear mac address-table
- clear pagp
- clear rep counters
- clear spanning-tree counters
- conform-action
- controller BITS input applique
- controller BITS output applique
- controller BITS shutdown
- copy logging onboard module
- define interface-range
- delete
- deny (MAC access-list configuration)
- diagnostic schedule test
- diagnostic start test
- distribution
- duplex
- errdisable detect cause
- errdisable recovery
- ethernet evc
- ethernet lmi
- ethernet oam remote-failure
- ethernet uni id
- ethernet y1731 delay
- ethernet y1731 delay receive
- ethernet y1731 loss
- exceed-action
- flowcontrol
- frame consecutive
- frame interval
- frequency (IP SLA)
- history interval
- hw-module module logging onboard
- interface port-channel
- interface range
- interface vlan
- ip access-group
- ip address
- ip igmp filter
- ip igmp max-groups
- ip igmp profile
- ip igmp snooping
- ip igmp snooping last-member-query-interval
- ip igmp snooping report-suppression
- ip igmp snooping tcn
- ip igmp snooping tcn flood
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan mrouter
- ip igmp snooping vlan static
- ip sla
- ip sla reaction-configuration
- ip sla schedule
- ip ssh
- l2protocol
- lacp fast-switchover
- lacp max-bundle
- lacp port-priority
- lacp rate
- lacp system-priority
- location (global configuration)
- location (interface configuration)
- logging event
- logging file
- mac access-group
- mac access-list extended
- mac address-table aging-time
- mac address-table learning
- mac address-table move update
- mac address-table notification
- mac address-table static
- macro apply
- macro description
- macro global
- macro global description
- match (access-map configuration)
- match access-group
- match cos
- match discard-class
- match ip dscp
- match ip precedence
- match mpls experimental topmost
- match qos-group
- match vlan
- max-delay
- mdix auto
- mtu
- network-clock hold-off
- network-clock input-source
- network-clock revertive
- network-clock synchronization ssm option
- network-clock wait-to-restore
- network-clock-select
- network-clock-select hold-off timeout
- network-clock-select hold-timeout
- network-clock-select mode
- network-clock-select option
- network-clock-select output
- network-clock-select wait-to-restore-timeout
- oam protocol cfm svlan
- pagp learn-method
- pagp port-priority
- permit (MAC access-list configuration)
- police
- policy-map
- port-channel load-balance
- port-type
- priority
- ql-enabled rep-segment
- queue-limit
- random-detect
- random-detect cos
- random-detect cos-based
- random-detect dscp
- random-detect exponential-weighting-constant
- random-detect precedence
- rep admin vlan
- rep block port
- rep lsl-age-timer
- rep preempt delay
- rep preempt segment
- rep segment
- rep stcn
- reserved-only
action
To set the action for the VLAN access map entry, use the action command in access-map configuration mode. To set the action to the default value, which is to forward, use the no form of this command.
Command Modes
Usage Guidelines
You enter access-map configuration mode by using the vlan access-map global configuration command.
If the action is drop, you should define the access map, including configuring any access control list (ACL) names in match clauses, before applying the map to a VLAN, or all packets could be dropped.
In access-map configuration mode, use the match access-map configuration command to define the match conditions for a VLAN map. Use the action command to set the action that occurs when a packet matches the conditions.
The drop and forward parameters are not used in the no form of the command.
You can verify your settings by entering the show vlan access-map privileged EXEC command.
Examples
This example shows how to identify and apply a VLAN access map vmap4 to VLANs 5 and 6 that causes the VLAN to forward an IP packet if the packet matches the conditions defined in access list al2 :
aggregate interval
To configure an aggregate interval for an IP Service Level Agreements (SLAs) Metro-Ethernet 3.0 (Y.1731) operation, use the aggregate interval command in IP SLA Y.1731 delay or IP SLA Y.1731 loss configuration mode. To return to the default, use the no form of this command.
Command Modes
P SLA Y.1731 delay configuration (config-sla-y1731-delay)
IP SLA Y.1731 loss configuration (config-sla-y1731-loss)
Usage Guidelines
An aggregate interval is the length of time during which the performance measurements are conducted and the results stored. Use this command to change the number of intervals for a delay, delay variation, or frame loss operation from the default (900 seconds) to the specified value.
The aggregate interval value must be less than the life value of the IP SLAs schedule. The default life value for an IP SLAs schedule or IP SLAs multioperation group scheduler configuration is 3600 seconds.
Examples
The following example shows how to configure a single-ended IP SLAs Ethernet delay operation with an aggregate interval of 1500 seconds:
Related Commands
aggregate interval burst-cycles
To configure an aggregate interval for burst-cycles for an IP Service Level Agreements (SLAs) Metro-Ethernet 3.0 (Y.1731) operation, use the aggregate interval command in IP SLA Y.1731 synthetic loss configuration mode. To return to the default, use the no form of this command.
Command Modes
IP SLA Y.1731 loss configuration (config-sla-y1731-loss)
Usage Guidelines
An aggregate interval burst-cycle is the number of burst cycles on which the performance measurements are conducted and teh resultes stored. Use this command to change the number of intervals for a frame loss operation from the default (1 second) to the specified value.
The aggregate interval value must be less than the life value of the IP SLAs schedule. The default life value for an IP SLAs schedule or IP SLAs multioperation group scheduler configuration is 3600 seconds.
Examples
The following example shows how to configure a single-ended IP SLAs Ethernet delay operation with an aggregate interval of 6 seconds:
Related Commands
alarm-contact
To configure triggers and severity levels for external alarms, use the alarm-contact command in global configuration mode. To remove the configuration, use the no form of this command.
alarm-contact { contact-number { description string | severity { critical | major | minor } | trigger { closed | open }} | all { severity { critical | major | minor } | trigger { closed | open }}
no alarm-contact { contact-number { description | severity | trigger } | all { severity | trigger }
Command Modes
Usage Guidelines
The no alarm-contact contact-number description sets the description to an empty string.
The no alarm-contact { contact-number | all } severity sets the alarm-contact severity to minor.
The no alarm-contact { contact-number | all } trigger sets the external alarm-contact trigger to closed.
You can verify your settings by entering the show env alarm-contact or the show running-config privileged EXEC command.
Examples
This example shows how to configure alarm contact number 1 to report a critical alarm when the contact is open.
This example shows how to configure clear alarm contact number 1 and the show command outputs.
archive download-sw
To download a new image from a TFTP server to the switch and to overwrite or keep the existing image, use the archive download-sw command in privileged EXEC mode.
archive download-sw { /force-reload | /imageonly | /leave-old-sw | /no-set-boot | /no-version-check | /overwrite | /reload | /safe } source-url
Syntax Description
Defaults
The current software image is not overwritten with the downloaded image.
Both the software image and HTML files are downloaded.
The new image is downloaded to the flash: file system.
The BOOT environment variable is changed to point to the new software image on the flash: file system.
Image names are case sensitive; the image file is provided in tar format.
Compatibility of the version on the image to be downloaded is checked.
Command Modes
Usage Guidelines
The /imageonly option removes the HTML files for the existing image if the existing image is being removed or replaced. Only the Cisco IOS image (without the HTML files) is downloaded.
Using the /safe or /leave-old-sw option can cause the new image download to fail if there is insufficient flash memory. If leaving the software in place prevents the new image from fitting in flash memory due to space constraints, an error results.
If you used the /leave-old-sw option and did not overwrite the old image when you downloaded the new one, you can remove the old image by using the delete privileged EXEC command. For more information, see the delete command.
Note Use the /no-version-check option with care. This option allows an image to be downloaded without first confirming that it is not incompatible with the switch.
Use the /overwrite option to overwrite the image on the flash device with the downloaded one.
If you specify the command without the /overwrite option, the download algorithm verifies that the new image is not the same as the one on the switch flash device. If the images are the same, the download does not occur. If the images are different, the old image is deleted, and the new one is downloaded.
After downloading a new image, enter the reload privileged EXEC command to begin using the new image, or specify the /reload or /force-reload option in the archive download-sw command.
Examples
This example shows how to download a new image from a TFTP server at 172.20.129.10 and overwrite the image on the switch:
This example shows how to download only the software image from a TFTP server at 172.20.129.10 to the switch:
This example shows how to keep the old software version after a successful download:
archive tar
To create a tar file, list files in a tar file, or extract the files from a tar file, use the archive tar command in privileged EXEC mode.
archive tar { /create destination-url flash:/ file-url } | { /table source-url } | { /xtract source-url flash:/ file-url [ dir / file... ]}
Syntax Description
Command Modes
Examples
This example shows how to create a tar file. The command writes the contents of the new-configs directory on the local flash device to a file named saved.tar on the TFTP server at 172.20.10.30:
This example shows how to display the contents of the file that is in flash memory. The contents of the tar file appear on the screen:
This example shows how to display only the html directory and its contents:
This example shows how to extract the contents of a tar file on the TFTP server at 172.20.10.30. This command extracts just the new-configs directory into the root directory on the local flash file system. The remaining files in the saved.tar file are ignored.
bandwidth
To configure class-based weighted fair queuing (CBWFQ) by setting the output bandwidth for a policy-map class, use the bandwidth command in policy-map class configuration mode. To remove the bandwidth setting for the class, use the no form of this command.
bandwidth { rate | percent value | remaining percent value }
no bandwidth [ rate | percent value | remaining percent value ]
Syntax Description
Command Modes
Policy-map class configuration
Usage Guidelines
You use the bandwidth policy-map class command to control output traffic. The bandwidth command specifies the bandwidth for traffic in that class. CBWFQ derives the weight for packets belonging to the class from the bandwidth allocated to the class and uses the weight to ensure that the queue for that class is serviced fairly. Bandwidth settings are not supported in input policy maps.
- Configuring bandwidth for a class of traffic as an absolute rate (kilobits per second) or a percentage of total bandwidth represents the minimum bandwidth guarantee (CIR) for that traffic class.
- You cannot configure bandwidth as an absolute rate or a percentage of total bandwidth when priority is configured for another class in the output policy. However, you can configure CIR, PIR, and EIR bandwidth independently for a class so can use the bandwidth , bandwidth remaining , and shape average commands at the same time within a class.
- Configuring bandwidth as a percentage of remaining bandwidth determines the portion of the excess bandwidth of the target that is allocated to the class. This means that the class is allocated bandwidth only if there is excess bandwidth on the target, and if there is no minimum bandwidth guarantee for this traffic class. By default the total excess bandwidth is divided equally among the classes.
- You cannot configure bandwidth as percentage of remaining bandwidth when priority is configured for another class in the output policy map.
When you configure bandwidth in an output policy, you must specify the same units in each bandwidth configuration; that is, all absolute values (rates) or percentages.
You can verify your settings by entering the show policy-map privileged EXEC command.
Examples
This example shows how to allocate 25 percent of the total available bandwidth to the traffic class defined by the class map:
This example shows how to set the precedence of output queues by setting bandwidth in kilobits per second. The classes outclass1 , outclass2 , and outclass3 and class-default get a minimum of 40000, 20000, 10000, and 10000 kb/s. Any excess bandwidth is divided among the classes in the same proportion as the CIR rate.
This example shows how to allocate the excess bandwidth among queues by configuring bandwidth for a traffic class as a percentage of remaining bandwidth. The class outclass1 is given priority queue treatment. The other classes are configured to get percentages of the excess bandwidth if any remains after servicing the priority queue: outclass2 is configured to get 50 percent, outclass3 to get 20 percent, and the class class-default to get the remaining 30 percent.
boot config-file
To specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration, use the boot config-file command in global configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
Filenames and directory names are case sensitive.
This command changes the setting of the CONFIG_FILE environment variable. For more information, see Appendix A, “Cisco ME 3800X, ME 3600X, and ME 3600X-24CX Switch Boot Loader Commands.”
boot helper
To dynamically load files during boot loader initialization to extend or patch the functionality of the boot loader, use the boot helper command in global configuration mode. To return to the default, use the no form of this command.
Command Modes
Usage Guidelines
This variable is used only for internal development and testing.
Filenames and directory names are case sensitive.
This command changes the setting of the HELPER environment variable. For more information, see Appendix A, “Cisco ME 3800X, ME 3600X, and ME 3600X-24CX Switch Boot Loader Commands.”
boot helper-config-file
To specify the name of the configuration file to be used by the Cisco IOS helper image, use the boot helper-config-file command in global configuration mode. If this is not set, the file specified by the CONFIG_FILE environment variable is used by all versions of Cisco IOS that are loaded. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
This variable is used only for internal development and testing.
Filenames and directory names are case sensitive.
This command changes the setting of the HELPER_CONFIG_FILE environment variable. For more information, see Appendix A, “Cisco ME 3800X, ME 3600X, and ME 3600X-24CX Switch Boot Loader Commands.”
boot manual
To enable manually booting the switch during the next boot cycle, use the boot manual command in global configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The next time you reboot the system, the switch is in boot loader mode, which is shown by the switch: prompt. To boot the system, use the boot boot loader command, and specify the name of the bootable image.
This command changes the setting of the MANUAL_BOOT environment variable. For more information, see Appendix A, “Cisco ME 3800X, ME 3600X, and ME 3600X-24CX Switch Boot Loader Commands.”
boot private-config-file
To specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration, use the boot private-config-file command in global configuration mode. To return to the default setting, use the no form of this command.
Command Modes
boot system
To specify the Cisco IOS image to load during the next boot cycle, use the boot system command in global configuration mode. To return to the default setting, use the no form of this command.
boot system filesystem:/file-url ...
Defaults
The switch attempts to automatically boot the system by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory.
Command Modes
Usage Guidelines
Filenames and directory names are case sensitive.
If you are using the archive download-sw privileged EXEC command to maintain system images, you never need to use the boot system command. The boot system command is automatically manipulated to load the downloaded image.
This command changes the setting of the BOOT environment variable. For more information, see Appendix A, “Cisco ME 3800X, ME 3600X, and ME 3600X-24CX Switch Boot Loader Commands.”
channel-group
To assign an Ethernet port to an EtherChannel group, use the channel-group command in interface configuration mode. To remove an Ethernet port from an EtherChannel group, use the no form of this command.
channel-group channel -group-number mode { active | auto [ non-silent ] | desirable [ non-silent ] | on | passive }
PAgP modes:
channel-group
channel
-group-number
mode
{
auto
[
non-silent
] |
desirable
[
non-silent
]}
LACP modes:
channel-group
channel
-group-number
mode {active | passive}
On mode:
channel-group
channel
-group-number
mode on
Syntax Description
Command Modes
Usage Guidelines
For Layer 2 EtherChannels, you do not have to create a port-channel interface first by using the interface port-channel global configuration command before assigning a physical port to a channel group. Instead, you can use the channel-group interface configuration command. It automatically creates the port-channel interface when the channel group gets its first physical port if the logical interface is not already created. If you create the port-channel interface first, the channel-group-number can be the same as the port - channel-number, or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.
If the port is a UNI or an ENI, you must use the no shutdown interface configuration command to enable it before using the channel-group command. UNIs and ENIs are disabled by default. NNIs are enabled by default.
You do not have to disable the IP address that is assigned to a physical port that is part of a channel group, but we strongly recommend that you do so.
You create Layer 3 port channels by using the interface port-channel command followed by the no switchport interface configuration command. You should manually configure the port-channel logical interface before putting the interface into the channel group.
After you configure an EtherChannel, configuration changes that you make on the port-channel interface apply to all the physical ports assigned to the port-channel interface. Configuration changes applied to the physical port affect only the port where you apply the configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk.
If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent mode is used when the switch is connected to a device that is not PAgP-capable and seldom, if ever, sends packets. A example of a silent partner is a file server or a packet analyzer that is not generating traffic. In this case, running PAgP on a physical port prevents that port from ever becoming operational. However, it allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. Both ends of the link cannot be set to silent.
In the on mode, an EtherChannel exists only when a port group in the on mode is connected to another port group in the on mode.
Do not configure an EtherChannel in both the PAgP and LACP modes. EtherChannel groups running PAgP and LACP can coexist on the same switch. Individual EtherChannel groups can run either PAgP or LACP, but they cannot interoperate.
If you set the protocol by using the channel-protocol interface configuration command, the setting is not overridden by the channel-group interface configuration command.
For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
You can verify your settings by entering the show running-config privileged EXEC command.
Examples
This example shows how to configure an EtherChannel. It assigns two static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable :
This example shows how to configure an EtherChannel. It assigns two static-access ports in VLAN 10 to channel 5 with the LACP mode active :
channel-protocol
To restrict the protocol used on a port to manage channeling, use the channel-protocol command in interface configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
Use the channel-protocol command only to restrict a channel to LACP or PAgP. If you set the protocol by using the channel-protocol command, the setting is not overridden by the channel-group interface configuration command.
You must use the channel-group interface configuration command to configure the EtherChannel parameters. The channel-group command also can set the mode for the EtherChannel.
You cannot enable both the PAgP and LACP modes on an EtherChannel group.
PAgP and LACP are not compatible; both ends of a channel must use the same protocol.
You can verify your settings by entering the show etherchannel [ channel-group-number ] protocol privileged EXEC command.
class
To specify the name of the class whose policy you want to create or to change or to specify the system default class before you configure a policy and to enter policy-map class configuration mode, use the class command in policy-map configuration mode. To remove the class from a policy map, use the no form of this command.
class { class-map-name| class-default }
Command Modes
Usage Guidelines
Before using the class class-map-name command in policy-map configuration mode, you must create the class by using the class-map class-map-name global configuration command. The class class-default is the class to which traffic is directed if that traffic does not match any of the match criteria in the configured class maps.
Use the policy-map global configuration command to identify the policy map and to enter policy-map configuration mode. After specifying a policy map, you can configure a policy for new classes or modify a policy for any existing classes in that policy map.
You attach the policy map to a port by using the service-policy interface configuration command.
After entering the class command, you enter policy-map class configuration mode, and these configuration commands are available:
- bandwidth : specifies the bandwidth allocated for a class belonging to a policy map. For more information, see the bandwidth command.
- exit : exits policy-map class configuration mode and returns to policy-map configuration mode.
- no : returns a command to its default setting.
- police : defines an individual policer for the classified traffic. The policer specifies the bandwidth limitations and the action to take when the limits are exceeded. For more information, see the police and policy-map class commands.
- priority : sets the strict scheduling priority for this class or, when used with the police keyword, sets priority with police. For more information, see the priority policy-map class command.
- queue-limit : sets the queue maximum threshold for Weighted Tail Drop (WTD). For more information, see the queue-limit command.
- service-policy : configures a QoS service policy to attach to a parent policy map for an input or output policy. For more information, see the set cos command.
- set : specifies a value to be assigned to the classified traffic. For more information, see the set commands.
- shape average : specifies the average traffic shaping rate. For more information, see the shape average command.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
You can verify your settings by entering the show policy-map privileged EXEC command.
Examples
This example shows how to create a policy map called policy1, define a class class1 , and enter policy-map class configuration mode to set a criterion for the class.
class-map
To create a class map to be used for matching packets to a specified criteria and to enter class-map configuration mode, use the class-map command in global configuration mode. To delete an existing class map, use the no form of this command.
class-map [ match-all | match-any ] class-map-name
Command Modes
Usage Guidelines
Use this command to specify the name of the class for which you want to create or to modify class-map match criteria and to enter class-map configuration mode.
The switch supports a maximum of 4000 unique class maps.
You use the class-map command and class-map configuration mode to define packet classification as part of a globally named service policy applied on a per-port basis. When you configure a class map, you can use one or more match commands to specify match criteria. Packets arriving at either the input or output interface (determined by how you configure the service-policy interface configuration command) are checked against the class-map match criteria to determine if the packet belongs to that class.
A match-all class map means that the packet must match all entries and can have no other match statements. The match-all keyword is supported only for outer VLAN and inner VLAN, or outer CoS and inner CoS matches for 802.1Q tunneling (QinQ) packets. The match-all keyword is rejected for all other mutually exclusive match criteria.
After you are in class-map configuration mode, these configuration commands are available:
- description : describes the class map (up to 200 characters). The show class-map privileged EXEC command displays the description and the name of the class map.
- exit : exits QoS class-map configuration mode.
- match : configures classification criteria. For more information, see the match class-map configuration commands.
- no : removes a match statement from a class map.
You can verify your settings by entering the show class-map privileged EXEC command.
Examples
This example shows how to configure the class map called class1. By default, the class map is match-all and therefore can contain no other match criteria.
This example shows how to configure a match-any class map with one match criterion, which is an access list called 103. This class map (matching an ACL) is supported only in an input policy map.
Related Commands
clear ipc
To clear Interprocess Communications Protocol (IPC) statistics, use the clear ipc command in privileged EXEC mode.
Command Modes
Usage Guidelines
You can clear all statistics by using the clear ipc statistics command, or you can clear only the queue statistics by using the clear ipc queue-statistics command.
You can verify that the statistics were deleted by entering the show ipc rpc or the show ipc session privileged EXEC command.
clear lacp
To clear Link Aggregation Control Protocol (LACP) channel-group counters, use the clear lacp command in privileged EXEC mode.
Command Modes
Usage Guidelines
You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command.
You can verify that the information was deleted by entering the show lacp counters or the show lacp 4 counters privileged EXEC command.
clear logging onboard
To clear all the on-board failure logging (OBFL) data except for the uptime and CLI-command information stored in the flash memory, use the clear logging onboard command in privileged EXEC mode.
Command Modes
Usage Guidelines
We recommend that you keep OBFL enabled and do not clear the data stored in the flash memory.
You can verify that the information was cleared by entering the show logging onboard onboard privileged EXEC command.
clear mac address-table
To delete a specific dynamic address from the MAC address table, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN, use the clear mac address-table command in privileged EXEC mode. This command also clears the MAC address notification global counters.
clear mac address-table { dynamic [ address mac-addr | bridge-domain number3 | interface interface-id | vlan vlan-id ] | move update | notification }
Syntax Description
Command Modes
Examples
This example shows how to remove a specific MAC address from the dynamic address table:
You can verify that any information was deleted by entering the show mac address-table privileged EXEC command.
This example shows how to clear the mac address-table move update related counters.
You can verify that the information was cleared by entering the show mac address-table move update privileged EXEC command.
clear pagp
To clear Port Aggregation Protocol (PAgP) channel-group information, use the clear pagp command in privileged EXEC mode.
Command Modes
Usage Guidelines
You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command.
You can verify that information was deleted by entering the show pagp privileged EXEC command.
clear rep counters
To clear Resilient Ethernet Protocol (REP) counters for the specified interface or all interfaces, use the clear rep counters command in privileged EXEC mode.
Command Modes
Usage Guidelines
You can clear all REP counters by using the clear rep counters command, or you can clear only the counters for the interface by using the clear rep counters interface interface-id command.
When you enter the clear rep counters command, only the counters visible in the output of the show interface rep detail command are cleared. SNMP visible counters are not cleared as they are read-only.
You can verify that REP information was deleted by entering the show interfaces rep detail privileged EXEC command.
clear spanning-tree counters
To clear the spanning-tree counters or to restart the protocol migration processor on all spanning-tree interfaces or on the specified interface, use the clear spanning-tree counters command in privileged EXEC mode.
clear spanning-tree {counters [ interface interface-id ] | detected-protocols [ interface interface-id ]}
Syntax Description
Command Modes
Usage Guidelines
If the interface-id is not specified, spanning-tree counters are cleared for all STP ports or the protocol migration is restarted on all STP ports.
A switch running the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol or the Multiple Spanning Tree Protocol (MSTP) supports a built-in protocol migration mechanism that enables it to interoperate with legacy IEEE 802.1D switches. If a rapid-PVST+ switch or an MSTP switch receives a legacy IEEE 802.1D configuration bridge protocol data unit (BPDU) with the protocol version set to 0, it sends only IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).
However, the switch does not automatically revert to the rapid-PVST+ or the MSTP mode if it no longer receives IEEE 802.1D BPDUs. It cannot learn whether the legacy switch has been removed from the link unless the legacy switch is the designated switch. Use the clear spanning-tree detected-protocols command in this situation.
conform-action
To set actions for a policy-map class for packets that conform to the committed information rate (CIR), use the conform-action command in policy-map class police configuration mode. To cancel the action or to return to the default action, use the no form of this command.
conform-action { drop | set-cos-transmit new cos-value | set-discard-class-transmit new discard-value | set-dscp-transmit new dscp-value | set-mpls-exp-imposition-transmit new-imposition-exp-value | set-mpls-exp-topmost transmit new-topmost-exp-value | set-prec-transmit value new prec-value | set-qos-transmit value new qos-value | transmit }
no conform-action { drop | set-cos-transmit new cos-value | set-discard-class-transmit new discard-value | set-dscp-transmit new dscp-value | set-mpls-exp-imposition-transmit new-imposition-exp-value | set-mpls-exp-topmost transmit new-topmost-exp-value | set-prec-transmit value new prec-value | set-qos-transmit value new qos-value | transmit }
Syntax Description
Command Modes
Policy-map class police configuration
Usage Guidelines
You configure conform actions for packets when the packet rate conforms to the configured conform burst.
The switch also supports simultaneously marking multiple QoS parameters for the same class and configuring conform-action, exceed-action, and violate-action marking.
Access policy-map class police configuration mode by entering the police policy-map class command. See the police policy-map class configuration command for more information.
Use this command to set one or more conform actions for a traffic class.
You can verify your settings by entering the show policy-map privileged EXEC command.
Examples
This example shows how to configure the conform action of a policy map to set a new CoS value to 3 and send the packet.
Related Commands
controller BITS input applique
To configure the Building Integrated Timing Supply (BITS) clock input link type and characteristics, use the co ntroller BITS input applique command in global configuration mode. To remove the configuration, use the no form of this command.
controller BITS input applique E1 { 2048KHz | framing { fas_crc4 | fas_nocrc | | mfas_crc4 | mfas_nocre } linecode { ami | hdb3 }
controller BITS input applique T1 framing { d4 | esf } linecode { ami | b8zs }
Command Modes
controller BITS output applique
To configure the Building Integrated Timing Supply (BITS) clock output link type and characteristics, use the controller BITS output applique command in global configuration mode. To remove the configuration, use the no form of this command.
controller BITS output applique E1 { 2048KHz | framing { fas_crc4 | fas_nocrc | | mfas_crc4 | mfas_nocre } linecode { ami | hdb3 }
controller BITS output applique T1 framing { d4 | esf } linecode { ami | b8zs } line-build-out { 0-133ft | 133-266ft | 266-399ft | 399-533ft | 533-655ft }
Command Modes
controller BITS shutdown
To shut down the Building Integrated Timing Supply (BITS) clock controller, use the controller BITS shutdown command in global configuration mode.To reverse the shutdown, use the no form of this command.
copy logging onboard module
To copy on-board failure logging (OBFL) data to the local network or a specific file system, use the copy logging onboard module command in privileged EXEC mode.
copy logging onboard module [ slot-number ] destination
Syntax Description
Command Modes
define interface-range
To create an interface-range macro, use the define interface-range command in global configuration mode. To delete the defined macro, use the no form of this command.
define interface-range macro-name interface-range
Command Modes
Usage Guidelines
The macro name is a 32-character maximum character string.
A macro can contain up to five ranges.
All interfaces in a range must be the same type; that is, all Gigabit Ethernet ports, all TenGigabit Ethernet ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro.
When entering the interface-range , use this format:
- type { first-interface } - { last-interface }
- You must add a space between the first interface number and the hyphen when entering an interface-range . For example, gigabitethernet 0/1 - 2 is a valid range; gigabit ethernet 0/1-2 is not a valid range
Valid values for type and interface :
VLAN interfaces must have been configured with the interface vlan command (the show running-config privileged EXEC command displays the configured VLAN interfaces). VLAN interfaces not displayed by the show running-config command cannot be used in interface-ranges.
- port-channel port-channel-number , where port-channel-number is from 1 to 48
- gigabitethernet module /{ first port } - { last port }
- tengigabitethernet module /{ first port } - { last port }
When you define a range, you must enter a space before the hyphen (-), for example:
You can also enter multiple ranges. When you define multiple ranges, you must enter a space after the first entry before the comma (,). The space after the comma is optional, for example:
delete
To delete a file or directory on the flash memory device, use the delete command in privileged EXEC mode.
Command Modes
Usage Guidelines
If you use the /force keyword, you are prompted once at the beginning of the deletion process to confirm the deletion.
If you use the /recursive keyword without the /force keyword, you are prompted to confirm the deletion of every file.
The prompting behavior depends on the setting of the file prompt global configuration command. By default, the switch prompts for confirmation on destructive file operations. For more information about this command, see the Cisco IOS Command Reference for Release 12.2 .
deny (MAC access-list configuration)
To prevent non-IP traffic from being forwarded if the conditions are matched, use the deny command in MAC access-list configuration mode. To remove a deny condition from the named MAC access list, use the no form of this command.
deny { any | host src-MAC-addr | src-MAC-addr mask } { any | host dst-MAC-addr | dst-MAC-addr mask } [ type mask | aarp | amber | cos cos | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask |mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp ]
no deny { any | host src-MAC-addr | src-MAC-addr mask } { any | host dst-MAC-addr | dst-MAC-addr mask } [ type mask | aarp | amber | cos cos | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp ]
Syntax Description
Note Though visible in the command-line help strings, appletalk is not supported as a matching condition.
To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology and Cisco IOS terminology are listed in Table 2-1 .
Command Modes
Usage Guidelines
You enter MAC-access list configuration mode by using the mac access-list extended global configuration command.
If you use the host keyword, you cannot enter an address mask; if you do not use the host keyword, you must enter an address mask.
When an access control entry (ACE) is added to an access control list, an implied deny - any - any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.
Note For more information about named MAC extended access lists, see the software configuration guide for this release.
You can verify your settings by entering the show access-lists privileged EXEC command.
Examples
This example shows how to define the named MAC extended access list to deny NETBIOS traffic from any source to MAC address 00c0.00a0.03fa. Traffic matching this list is denied.
This example shows how to remove the deny condition from the named MAC extended access list:
diagnostic schedule test
To configure the diagnostic test schedule, use the diagnostic schedule test command in global configuration mode. to remove the schedule, use the no form of this command.
diagnostic schedule test { name | test-id | test-id-range | all | basic } { daily hh : mm | on mm dd yyyy hh : mm | weekly day-of-week hh : mm }
no diagnostic schedule test { name | test-id | test-id-range | all | basic } { daily hh : mm | on mm dd yyyy hh : mm | weekly day-of-week hh : mm }
Syntax Description
Specifies the name of the test. To display the test names in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Specifies the ID number of the test. The range is from 1 to 6. To display the test numbers in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Specifies more than one test with the range of test ID numbers. Enter the range as integers separated by a comma and a hyphen (for example, 1,3-6 specifies test IDs 1, 3, 4, 5, and 6). To display the test numbers in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Specifies the daily scheduling of the diagnostic tests. hh : mm— Enter the time as a 2-digit number (for a 24-hour clock) for hours:minutes; the colon ( : ) is required, such as 12:30. |
|
Specifies the scheduling of the diagnostic tests on a specific day and time. |
|
Specifies the weekly scheduling of the diagnostic tests. day-of-week— Spell out the day of the week, such as Monday, Tuesday, and so on, with upper-case or lower-case characters. |
Command Modes
diagnostic start test
To run an online diagnostic test, use the diagnostic start test command in privileged EXEC mode.
diagnostic start test { name | test-id | test-id-range | all | basic }
Syntax Description
Specifies the name of the test. To display the test names in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Specifies the ID number of the test. The range is from 1 to 6. To display the test numbers in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Specifies more than one test with the range of test ID numbers. Enter the range as integers separated by a comma and a hyphen (for example, 1,3-6 specifies test IDs 1, 3, 4, 5, and 6). To display the test numbers in the test-ID list, enter the show diagnostic content privileged EXEC command. |
|
Command Modes
Usage Guidelines
After you start the tests by using the diagnostic start command, you cannot stop the testing process.
The switch supports these tests:
To identify a test name, use the show diagnostic content privileged EXEC command to display the test ID list. To specify test 3 by using the test name, enter the diagnostic start switch number test TestPortAsicCam privileged EXEC command.
To specify more than one test, use the test-id-range parameter, and enter integers separated by a comma and a hyphen. For example, to specify tests 2, 3, and 4, enter the diagnostic start test 2-4 comman d. To specify tests 1, 3, 4, 5, and 6, enter the diagnostic start test 1,3-6 comman d.
distribution
To configure statistics distributions for an IP Service Level Agreements (SLAs) Metro-Ethernet 3.0 (ITU-T Y.1731) operation, use the distribution command in IP SLA Y.1731 delay configuration mode. To return to the default value, use the no form of the command.
distribution { delay | delay-variation } { one-way | two-way } number-of-bins boundary [, ...,boundary ]
no distribution {delay | delay-variation} {one-way | two-way}
Syntax Description
Command Modes
IP SLA Y.1731 delay configuration (config-sla-y1731-delay)
Usage Guidelines
Use this command change the type of performance measurements to be calculated and the number and range of distribution bins from the defaults (10 bins with upper boundaries of 5000,10000,15000,20000,25000,30000,35000,40000,45000,-1, for both delay and delay-variation performance measurements) to the specified values.
Configure this command on the Maintenance End Point (MEP) that performs the performance measurement calculation. For single-ended operations, calculations are performed at the sender MEP. For dual-ended operations, calculations are performed at the receiver MEP on the responder.
Statistics distributions are defined by number and range of bins per interval.
A bin is a counter that counts the number of measurements initiated and completed during a specified length of time for each operation. The results of performance measurements falling within a specified range are stored in each bin. When the number of distributions reaches the number and range specified, no further distribution-based information is stored.
The lower bound value for the first upper boundary is always 0 microseconds, such as 0 to 5000 microseconds for the default first upper boundary.
The maximum allowed value for the uppermost boundary is -1 microsecond.
An aggregate interval is the length of time during which the performance measurements are conducted and the results stored. You can configure the interval by using the aggregate interval command.
To avoid significant impact on router memory, careful consideration should be used when configuring distribution.
Examples
The following example shows how to configure the sender MEP to calculate two-way, delay-variation performance measurements for a single-ended IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731) operation, and store the statistics in five bins:
duplex
To specify the duplex mode of operation for a port, use the duplex command in interface configuration mode. To return the port to its default value, use the no form of this command.
Note This command is not available on 10 Gigabit Ethernet ports.
Syntax Description
Command Modes
Usage Guidelines
This command is visible for an SPP module only when a 1000BASE-T SFP module or a 100BASE-FX MMF SFP module is in the SFP module slot. All other SFP modules operate only in full-duplex mode.
- When a 1000BASE-T SFP module is in the SFP module slot, you can configure duplex mode to auto or full .
- When a 100BASE-FX MMF SFP module is in the SFP module slot, you can configure duplex mode to half or full . Although the auto keyword is available, it puts the interface in half-duplex mode (the default) because the 100BASE-FX MMF SFP module does not support autonegotiation.
Certain ports can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached.
For Gigabit Ethernet ports, setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter.
Note Half-duplex mode is supported on Gigabit Ethernet interfaces if duplex mode is auto and the connected device is operating at half duplex. However, you cannot configure these interfaces to operate in half-duplex mode.
If both ends of the line support autonegotiation, we highly recommend using the default autonegotiation settings. If one interface supports autonegotiation and the other end does not, configure duplex and speed on both interfaces; do use the auto setting on the supported side.
If the speed is set to auto , the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
You can configure the duplex setting when the speed is set to auto .
Note For guidelines on setting the switch speed and duplex parameters, see the software configuration guide for this release.
You can verify your setting by entering the show interfaces privileged EXEC command.
errdisable detect cause
To enable error-disabled detection for a specific cause or all causes, use the errdisable detect cause command in global configuration mode. To disable the error-disabled detection feature, use the no form of this command.
errdisable detect cause { all | bpduguard | gbic-invalid | link-flap | loopback | pagp-flap | ppoe-ia-rate-limit | security-violation | sfp-config-mismatch }
no errdisable detect cause { all | bpduguard | gbic-invalid | link-flap | loopback | pagp-flap | ppoe-ia-rate-limit | security-violation | sfp-config-mismatch }
Note Although visible in the command-line help, the arp-inspection and dhcp rate-limit keywords are not supported.
Syntax Description
Command Modes
Usage Guidelines
A cause ( all , link-flap , and so forth) is the reason why the error-disabled state occurred. When a cause is detected on an interface, the interface is placed in an error-disabled state, an operational state that is similar to a link-down state.
When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
If you set a recovery mechanism for the cause by entering the errdisable recovery global configuration command for the cause, the interface is brought out of the error-disabled state and allowed to retry the operation when all causes have timed out. If you do not set a recovery mechanism, you must enter the shutdown and then the no shutdown commands to manually recover an interface from the error-disabled state.
You can verify your setting by entering the show errdisable detect privileged EXEC command.
errdisable recovery
To configure the recover mechanism variables, use the errdisable recovery command in global configuration mode. To return to the default setting, use the no form of this command.
errdisable recovery { cause { all | bpduguard | channel-misconfig | gbic-invalid | link-flap | loopback | mac-limit | pagp-flap | oam-remote failure | port-mode failure | ppoe-ia-rate-limit | storm-control | unicast-flood | | udld } | { interval interval }
no errdisable recovery { cause { all | bpduguard | channel-misconfig | gbic-invalid | link-flap | loopback | mac-limit | pagp-flap | oam-remote failure | port-mode failure | ppoe-ia-rate-limit | storm-control | unicast-flood | | udld } | { interval interval }
Note Although visible in the command-line help, the dhcp-rate-limit and psecure-violation keywords are not supported.
Syntax Description
Note Although visible in the command-line interface help, the arp-inspection, security-violation, and vmps keywords are not supported.
Command Modes
Usage Guidelines
A cause ( all , bpduguard and so forth) is defined as the reason that the error-disabled state occurred. When a cause is detected on an interface, the interface is placed in error-disabled state, an operational state similar to link-down state. If you do not enable errdisable recovery for the cause, the interface stays in error-disabled state until you enter a shutdown and no shutdown interface configuration command. If you enable the recovery for a cause, the interface is brought out of the error-disabled state and allowed to retry the operation again when all the causes have timed out.
Otherwise, you must enter the shutdown then no shutdown commands to manually recover an interface from the error-disabled state
You can verify your settings by entering the show errdisable recovery privileged EXEC command.
ethernet evc
To define an Ethernet virtual connection (EVC) and to enter EVC configuration mode, use the ethernet evc command in global configuration mode.To delete the EVC, use the no form of this command.
Command Modes
Usage Guidelines
After you enter the ethernet evc evc-id command, the switch enters EVC configuration mode, and these configuration commands are available:
- default : sets the EVC to its default states.
- exit : exits EVC configuration mode and returns to global configuration mode.
- no : negates a command or returns a command to its default setting.
- oam protocol cfm svlan : configures the Ethernet operation, administration, and maintenance (OAM) protocol as IEEE 802.1ag Connectivity Fault Management (CFM) and sets parameters. See the oam protocol cfm svlan command.
- uni count : configures a UNI count for the EVC. See the uni count command.
ethernet lmi
To configure enable Ethernet Local Management Interface (E-LMI) and to configure the switch as a customer-edge (CE) device, use the ethernet lmi command in global configuration mode. To disable E-LMI globally or to disable E-LMI CE, use the no form of this command.
Command Modes
Usage Guidelines
Use ethernet lmi global command to enable E-LMI globally. Use ethernet lmi ce command to enable the switch as E-LMI CE device.
Ethernet LMI is disabled by default on an interface and must be explicitly enabled by entering the ethernet lmi interface interface configuration command. The ethernet lmi global command enables Ethernet LMI on all interfaces for an entire device. The benefit of this command is that you can enable Ethernet LMI on all interfaces with one command instead of enabling Ethernet LMI separately on each interface. To enable the interface in CE mode, you must also enter the ethernet lmi ce global configuration command.
To disable Ethernet LMI on a specific interface after you have entered the ethernet lmi global command, enter the no ethernet lmi interface interface configuration command.
The sequence in which you enter the ethernet lmi interface interface configuration and ethernet lmi global global configuration commands is important. The latest command entered overrides the prior command entered.
Note For information about the ethernet lmi interface configuration command, see the Cisco IOS Carrier Ethernet Command Reference at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
To enable the switch as an Ethernet LMI CE device, you must enter both the ethernet lmi global and ethernet lmi ce commands. By default Ethernet LMI is disabled.
When the switch is configured as an Ethernet LMI CE device, these interface configuration commands and keywords are visible, but not supported:
ethernet oam remote-failure
To configure Ethernet operations, maintenance, and administration (EOM) remote failure indication, use the ethernet oam remote-failure command in interface configuration or configuration template mode. To remove the configuration, use the no form of this command.
ethernet oam remote-failure { critical-event | dying-gasp | link-fault } action error-disable-interface
no ethernet oam remote-failure { critical-event | dying-gasp | link-fault } action
Syntax Description
Command Modes
Ethernet service configuration
Usage Guidelines
You can apply this command to an Ethernet OAM template and to an interface. The interface configuration takes precedence over template configuration. To enter OAM template configuration mode, use the template template-name global configuration command.
The switch does not generate Link Fault or Critical Event OAM PDUs. However, if these PDUs are received from a link partner, they are processed. The switch supports generating and receiving Dying Gasp OAM PDUs when Ethernet OAM is disabled, the interface is shut down, the interface enters the error-disabled state, or the switch is reloading. The switch can also generate and receive Dying Gasp PDUs based on loss of power. The PDU includes a reason code to indicate why it was sent.
You can configure an error-disable action to occur if the remote link goes down, if the remote device is disabled, or if the remote device disables Ethernet OAM on the interface.
For complete command and configuration for the Ethernet OAM protocol, see the
Cisco IOS Carrier Ethernet Configuration Guide
at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
ethernet uni id
To create an Ethernet user-network interface (UNI) ID, use the ethernet uni command in interface configuration mode.To remove the UNI ID, use the no form of this command.
Command Modes
Usage Guidelines
When you configure a UNI ID on a port, that ID is used as the default name for all maintenance end points (MEPs) configured on the port.
You must enter the ethernet uni id name command on all ports that are directly connected to customer-edge (CE) devices. If the specified ID is not unique on the device, an error message appears.
ethernet y1731 delay
To configure a sender Maintenance End Point (MEP) for an IP Service Level Agreement (SLA) Metro Ethernet 3.0 (UIT-T Y.1731) delay or delay variation operation, use the ethernet y1731 delay command in IP SLA configuration mode.
ethernet y1731 delay DMM| DMMv1|1DM| domain domain {{ vlan | evc } value }{ mpid | mac - address } value cos value source { mpid | mac-address } value
Syntax Description
Command Modes
IP SLA configuration (config-ip-sla)
Usage Guidelines
This command begins configuring a sender MEP for an Ethernet Frame Delay (ETH-DM: FD) operation and enters IP SLA Y.1731 delay configuration mode.
The DMM| DMMv1|1DM| keyword for this command is not case sensitive. The keyword in online help contains uppercase letters to enhance readability only.
To change the operation type of an existing IP SLA operation, you must first use the no ip sla command to delete the IP SLA operation and then reconfigure the iperation with the new operation type.
Examples
This example shows how to configure an MEP for a two-way frame delay or delay variation operation.
This example shows how to configure an MEP for a one-way frame delay or delay variation operation. Before you begin, configure the receiver, schedule it to pending state, configure the sender, and then start the session on it.
ethernet y1731 delay receive
To configure a receiver Maintenance End Point (MEP) on the responder for a dual-ended IP Service Level Agreement (SLA ) Metro Ethernet 3.0 (ITU-T Y.1731) delay or delay variation operation, use the ethernet y1731 delay receive command in IP SLA configuration mode.
ethernet y1731 delay receive 1DM domain domain-name {evc evc-id| vlan vlan-id}cos cos {mpid source-mp-id| mac-address source-address}
Syntax Description
Command Modes
IP SLA configuration (config-ip-sla)
Usage Guidelines
Use the ethernet y1731 delay receive command to configure a receiver MEP on the responder device for a dual-ended Ethernet Frame Delay (ETH-DM: FD) or Ethernet Frame Delay Variation (ETH-DM: FDV) operation and to enter the IP SLA Y.1731 delay configuration mode. A receiver MEP on the responder device is required for dual-ended operations.
The 1DM keyword for this command is not case sensitive. The keywords in online help contain uppercase letters to enhance readability.
The no form of this command is unsupported. To change the operation type of an existing IP SLA operation, you must first use the no ip sla command to delete the IP SLA operation and then reconfigure the operation with the new operation type.
ethernet y1731 loss
To configure a sender Maintenance End Point (MEP) for an IP Service Level Agreement (SLA) Metro Ethernet 3.0 (UIT-T Y.1731) frame loss operation, use the ethernet y1731 loss command in the IP SLA configuration mode.
ethernet y1731 loss SLM [ burst ] domain domain {{ vlan | evc } value }{ mpid | mac - address } value cos value source { mpid | mac-address } value
Syntax Description
Command Modes
IP SLA configuration (config-ip-sla)
Usage Guidelines
Use this command to configure a sender MEP for an Ethernet Synthetic Loss Measurement (ETH-SLM) and to enter the IP SLA Y.1731 loss configuration mode.
The SLM keyword for this command is not case sensitive. The keyword in online help contains uppercase letters to enhance readability.
You must configure CoS-level monitoring; use the monitor loss counter [ priority cos range ] command under the EVC CFM sub-config mode for those interfaces that require loss monitoring.
To change the operation type of an existing IP SLA operation, you must first use the no ip sla command to delete the IP SLA operation and then reconfigure the iperation with the new operation type.
exceed-action
To set actions for a policy-map class for packets that conform to the peak information rate (PIR) but not the committed information rate (CIR), use the exceed-action command in policy-map class police configuration mode. To cancel the action or to return to the default action, use the no form of this command.
exceed-action { drop | set-cos-transmit new cos-value | set-discard-class-transmit new discard-value | set-dscp-transmit new dscp-value | set-mpls-exp-imposition-transmit new-imposition-exp-value | set-mpls-exp-topmost transmit new-topmost-exp-value | set-prec-transmit value new prec-value | set-qos-transmit value new qos-value | transmit }
no exceed-action { drop | set-cos-transmit new cos-value | set-discard-class-transmit new discard-value | set-dscp-transmit new dscp-value | set-mpls-exp-imposition-transmit new-imposition-exp-value | set-mpls-exp-topmost transmit new-topmost-exp-value | set-prec-transmit value new prec-value | set-qos-transmit value new qos-value | transmit }
Syntax Description
Command Modes
Policy-map class police configuration
Usage Guidelines
You configure exceed actions for packets that conform to the peak information rate but not the committed information rate (CIR).
The switch also supports simultaneously marking multiple QoS parameters for the same class and configuring conform-action, exceed-action, and violate-action marking.
Access policy-map class police configuration mode by entering the police policy-map class command. See the police policy-map class configuration command for more information.
You can use this command to set one or more exceed actions for a traffic class.
You can verify your settings by entering the show policy-map privileged EXEC command.
Examples
This example shows how configure multiple actions in a policy map that sets a committed information rate of 5000000 bits per second (b/s) and a peak rate of 8000000 b/s:
Related Commands
flowcontrol
To set the receive flow-control state for an interface, use the flowcontrol command in interface configuration mode. When flow control send is operable and on for a device and it detects any congestion at its end, it notifies the link partner or the remote device of the congestion by sending a pause frame. When flow control receive is on for a device and it receives a pause frame, it stops sending any data packets. This prevents any loss of data packets during the congestion period.
To disable flow control, use the receive off keywords.
flowcontrol receive { desired | off | on }
Note The switch can only receive pause frames.
Syntax Description
Command Modes
Usage Guidelines
The switch does not support sending flow-control pause frames.
Note that the on and desired keywords have the same result.
When you use the flowcontrol command to set a port to control traffic rates during congestion, you are setting flow control on a port to one of these conditions:
- receive on or desired : The port cannot send out pause frames, but can operate with an attached device that is required to or is able to send pause frames; the port is able to receive pause frames.
- receive off : Flow control does not operate in either direction. In case of congestion, no indication is given to the link partner and no pause frames are sent or received by either device.
Table 2-2 shows the flow control results on local and remote ports for a combination of settings. The table assumes that receive desired has the same results as using the receive on keywords.
You can verify your settings by entering the show interfaces privileged EXEC command.
frame consecutive
To configure the number of consecutive measurements to be used to determine status for an IP Service Level Agreement (SLA) Metro-Ethernet 3.0 (ITU-T Y.1731) frame loss operation, use the frame consecutive command in IP SLA Y.1731 loss configuration mode. To return to the default, use the no form of the command.
Command Modes
frame interval
To configure the rate at which an IP Service Level Agreement (SLA) Metro-Ethernet 3.0 (ITU-T Y.1731) operation sends synthetic frames, use the frame interval command in the IP SLA Y.1731 delay or IP SLA Y.1731 loss configuration mode. To return to the default, use the no form of the command.
Command Modes
IP SLA Y.1731 delay configuration (config-sla-y1731-delay)
IP SLA Y.1731 loss configuration (config-sla-y1731-loss)
Usage Guidelines
Use this command to change the gap between successive synthetic frames sent in an Ethernet delay, delay variation, or frame loss operation from the default (1000 ms) to the specified value.
Frames will be sent at a given frequency for the lifetime of the operation. For example, a delay operation with a frame interval of 1000 ms sends a frame once every second, for the lifetime of the operation.
Configure this command on the sender Maintenance End Point (MEP).
frequency (IP SLA)
To set the rate at which a specified IP Service Level Agreements (SLAs) operation repeats, use the frequency (IP SLA) command in the appropriate submode of IP SLA configuration or IP SLA monitor configuration mode. To return to the default value, use the no form of this command.
Command Modes
IP SLA Y.1731 loss configuration (config-sla-y1731-loss)
Usage Guidelines
A single IP SLAs operation will repeat at a given frequency for the lifetime of the operation.
If an individual IP SLAs operation takes longer to execute than the specified frequency value, a statistics counter called "busy" is incremented rather than immediately repeating the operation.
For IP SLAs operations, the following configuration guideline is recommended:
(frequencyseconds ) > (timeoutmilliseconds ) > (thresholdmilliseconds )
Note We recommend that you do not set the frequency value to less than 60 seconds because the potential overhead from numerous active operations could significantly affect network performance.
history interval
To set the number of statistics distributions kept during the lifetime of an IP Service Level Agreements (SLAs) Metro Ethernet 3.0 (ITU-T Y.1731) operation, use the history interval command in the IP SLA Y.1731 delay configuration or IP SLA Y.1731 loss configuration mode. To return to the default value, use the no form of this command.
Command Modes
IP SLA Y.1731 loss configuration (config-sla-y1731-delay)
IP SLA Y.1731 loss configuration (config-sla-y1731-loss)
Usage Guidelines
Use this command to change the number of distribution statistics kept from the default (2) to the specified number.
Use the distribution command to configure the number and range of distribution bins to calculate delay and delay-variation performance measurements per interval.
Use the aggregate interval command to configure the length of time during which the performance measurements are conducted and the results stored for an Ethernet operation.
hw-module module logging onboard
To enable on-board failure logging (OBFL), use the hw-module module logging onboard command in global configuration mode.To disable this feature, use the no form of this command.
hw-module module [ slot-number ] logging onboard [ message level level ]
no hw-module module [ slot-number ] logging onboard [ message level ]
Command Modes
Usage Guidelines
We recommend that you keep OBFL enabled and do not clear the data stored in the flash memory.
To ensure that the time stamps in the OBFL data logs are accurate, manually set the system clock, or configure it by using Network Time Protocol (NTP).
If you do not enter the message level level parameter, all the hardware-related messages generated by the switch are stored in the flash memory.
The optional slot number is always 1. Entering the hw-module module [ slot-number ] logging onboard [ message level level ] command has the same result as entering the hw-module module logging onboard [ message level level ] command.
You can verify your settings by entering the show logging onboard privileged EXEC command.
interface port-channel
To access or create the port-channel logical interface, use the interface port-channel command in global configuration mode. To remove the port-channel, use the no form of this command.
Command Modes
Usage Guidelines
For Layer 2 EtherChannels, you do not have to create a port-channel interface first before assigning a physical port to a channel group. Instead, you can use the channel-group interface configuration command. It automatically creates the port-channel interface when the channel group gets its first physical port. If you create the port-channel interface first, the channel-group-number can be the same as the port - channel-number, or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.
Note EtherChannels are not supported on ports configured with Ethernet flow point (EFP) service instances.
You create Layer 3 port channels by using the interface port-channel command followed by the no switchport interface configuration command. You should manually configure the port-channel logical interface before putting the interface into the channel group.
Only one port channel in a channel group is allowed.
If you want to use the Cisco Discovery Protocol (CDP), you must configure it only on the physical port and not on the port-channel interface.
For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
You can verify your setting by entering the show running-config privileged EXEC or show etherchannel channel-group-number detail privileged EXEC command.
interface range
To enter interface range configuration mode and to execute a command on multiple ports at the same time, use the interface range command in global configuration mode. To remove an interface range, use the no form of this command.
interface range { port-range | macro name }
Command Modes
Usage Guidelines
When you enter interface range configuration mode, all interface parameters you enter are attributed to all interfaces within the range.
For VLANs, you can use the interface range command only on existing VLAN switch virtual interfaces (SVIs). To display VLAN SVIs, enter the show running-config privileged EXEC command. VLANs not displayed cannot be used in the interface range command. The commands entered under interface range command are applied to all existing VLAN SVIs in the range.
All configuration changes made to an interface range are saved to NVRAM, but the interface range itself is not saved to NVRAM.
You can enter the interface range in two ways:
All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs. However, you can define up to five interface ranges with a single command, with each range separated by a comma.
Valid values for port-range type and interface :
- vlan vlan-ID - vlan-ID , where VLAN ID is from 1 to 4094
- gigabitethernet module /{ first port } - { last port }, where module is always 0
- tengigabitethernet module /{ first port } - { last port }, where module is always 0
–
the range is type 0/number - number (for example, gigabitethernet0/1 - 2)
Note When you use the interface range command with port channels, the first and last port channel number in the range must be active port channels.
When you define a range, you must enter a space between the first entry and the hyphen (-):
When you define multiple ranges, you must still enter a space after the first entry and before the comma (,):
You cannot specify both a macro and an interface range in the same command.
A single interface can also be specified in port-range (this would make the command similar to the interface interface-id global configuration command).
Note For more information about configuring interface ranges, see the software configuration guide for this release.
interface vlan
To create or access a switch virtual interface (SVI) and to enter interface configuration mode, use the interface vlan command in global configuration mode. To delete an SVI, use the no form of this command.
Command Modes
Usage Guidelines
SVIs are created the first time that you enter the interface vlan vlan-id command for a particular vlan . The vlan-id corresponds to the VLAN-tag associated with data frames on an IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access port.
Note When you create an SVI, it does not become active until it is associated with a physical port.
If you delete an SVI by entering the no interface vlan vlan -id command, the deleted interface is no longer visible in the output from the show interfaces privileged EXEC command.
Note You cannot delete the VLAN 1 interface.
You can reinstate a deleted SVI by entering the interface vlan vlan-id command for the deleted interface. The interface comes back up, but much of the previous configuration will be gone.
You can verify your setting by entering the show interfaces and show interfaces vlan vlan-id privileged EXEC commands.
ip access-group
To control access to a Layer 2 or Layer 3 interface, use the ip access-group command in interface configuration mode.To remove all access groups or the specified access group from the interface, use the no form of this command.
ip access-group { access-list-number | name } { in | out }
no ip access-group [ access-list-number | name ] { in | out }
Note You cannot attach an ACL to a Layer 2 port that has an Ethernet flow point (EFP) service instance configured on it. The ip access-group command is rejected on these ports.
Command Modes
Usage Guidelines
You can apply named or numbered standard or extended IP access lists to an interface. To define an access list by name, use the ip access-list global configuration command. To define a numbered access list, use the access list global configuration command. You can used numbered standard access lists ranging from 1 to 99 and 1300 to 1999 or extended access lists ranging from 100 to 199 and 2000 to 2699.
You can use this command to apply an access list to a Layer 2 interface (port ACL) or Layer 3 interface. However, note these limitations for port ACLs:
- You can only apply ACLs in the inbound direction; the out keyword is not supported for Layer 2 interfaces.
- You cannot apply an ACL to a port configured with a service instance. Layer 2 ACLs are not supported on these ports.
– If you try to configure a service instance on a port that has a port ACL attached, the service port configuration is rejected with a warning message.
– If you try to attach a port ACL to a port that has a service instance, the configuration is rejected with a warning message.
- You can only apply one IP ACL and one MAC ACL per interface.
- Port ACLs do not support logging; if the log keyword is specified in the IP ACL, it is ignored.
- An IP ACL applied to a Layer 2 interface only filters IP packets. To filter non-IP packets, use the mac access-group interface configuration command with MAC extended ACLs.
You can use router ACLs, input port ACLs, and VLAN maps on the same switch. However, a port ACL always takes precedence. When both an input port ACL and a VLAN map are applied, incoming packets received on ports with the port ACL applied are filtered by the port ACL. Other packets are filtered by the VLAN map.
- When an input port ACL is applied to an interface and a VLAN map is applied to a VLAN that the interface is a member of, incoming packets received on ports with the ACL applied are filtered by the port ACL. Other packets are filtered by the VLAN map.
- When an input router ACL and input port ACLs exist in an switch virtual interface (SVI), incoming packets received on ports to which a port ACL is applied are filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by the router ACL. Other packets are not filtered.
- When an output router ACL and input port ACLs exist in an SVI, incoming packets received on the ports to which a port ACL is applied are filtered by the port ACL. Outgoing routed IP packets are filtered by the router ACL. Other packets are not filtered.
- When a VLAN map, input router ACLs, and input port ACLs exist in an SVI, incoming packets received on the ports to which a port ACL is applied are only filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by both the VLAN map and the router ACL. Other packets are filtered only by the VLAN map.
- When a VLAN map, output router ACLs, and input port ACLs exist in an SVI, incoming packets received on the ports to which a port ACL is applied are only filtered by the port ACL. Outgoing routed IP packets are filtered by both the VLAN map and the router ACL. Other packets are filtered only by the VLAN map.
- VLAN maps are applied to all switchports that belong to the VLAN, as well as EFPs with a bridge domain equal to the VLAN.
You can apply IP ACLs to both outbound or inbound Layer 3 interfaces.
A Layer 3 interface can have one IP ACL applied in each direction.
You can configure only one VLAN map and one router ACL in each direction (input/output) on a VLAN interface.
For standard inbound access lists, after the switch receives a packet, it checks the source address of the packet against the access list. IP extended access lists can optionally check other fields in the packet, such as the destination IP address, protocol type, or port numbers. If the access list permits the packet, the switch continues to process the packet. If the access list denies the packet, the switch discards the packet. If the access list has been applied to a Layer 3 interface, discarding a packet (by default) causes the generation of an Internet Control Message Protocol (ICMP) Host Unreachable message. ICMP Host Unreachable messages are not generated for packets discarded on a Layer 2 interface.
For standard outbound access lists, after receiving a packet and sending it to a controlled interface, the switch checks the packet against the access list. If the access list permits the packet, the switch sends the packet. If the access list denies the packet, the switch discards the packet and, by default, generates an ICMP Host Unreachable message.
If the specified access list does not exist, all packets are passed.
You can verify your settings by entering the show ip interface, show access-lists, or show ip access-lists privileged EXEC command.
ip address
To set an IP address for the Layer 2 switch or to set an IP address for each switch virtual interface (SVI) or routed port on the Layer 3 switch, use the ip address command in interface configuration mode. To remove an IP address or to disable IP processing, use the no form of this command.
ip address ip-address subnet-mask [ secondary ]
Command Modes
Usage Guidelines
If you remove the switch IP address through a Telnet session, your connection to the switch will be lost.
Hosts can find subnet masks using the Internet Control Message Protocol (ICMP) Mask Request message. Routers respond to this request with an ICMP Mask Reply message.
You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the switch detects another host using one of its IP addresses, it will send an error message to the console.
You can use the optional keyword secondary to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.
Note If any router on a network segment uses a secondary address, all other devices on that same segment must also use a secondary address from the same network or subnet. Inconsistent use of secondary addresses on a network segment can very quickly cause routing loops.
When you are routing Open Shortest Path First (OSPF), ensure that all secondary addresses of an interface fall into the same OSPF area as the primary addresses.
If your switch receives its IP address from a Bootstrap Protocol (BOOTP) or a DHCP server and you remove the switch IP address by using the no ip address command, IP processing is disabled, and the BOOTP or the DHCP server cannot reassign the address.
You can verify your settings by entering the show running-config privileged EXEC command.
ip igmp filter
To control whether or not all hosts on a Layer 2 interface can join one or more IP multicast groups by applying an Internet Group Management Protocol (IGMP) profile to the interface, use the ip igmp filter command in interface configuration mode. To remove the specified profile from the interface, use the no form of this command.
Command Modes
Usage Guidelines
You can apply IGMP filters only to Layer 2 physical interfaces.
You cannot apply IGMP filters to routed ports, switch virtual interfaces (SVIs), or ports that belong to an EtherChannel group.
An IGMP profile can be applied to one or more switch port interfaces, but one port can have only one profile applied to it.
You can verify your setting by using the show running-config privileged EXEC command and by specifying an interface.
ip igmp max-groups
To set the maximum number of Internet Group Management Protocol (IGMP) groups that a Layer 2 interface can join, or to configure the IGMP throttling action when the maximum number of entries is in the forwarding table, use the ip igmp max-groups command in interface configuration mode. To set the maximum back to the default, which is to have no maximum limit, or to return to the default throttling action, which is to drop the report, use the no form of this command.
ip igmp max-groups { number | action { deny | replace }}
no ip igmp max-groups { number | action }
Syntax Description
Command Modes
Usage Guidelines
You can use this command only on Layer 2 physical interfaces and on logical EtherChannel interfaces.
You cannot set IGMP maximum groups for routed ports, switch virtual interfaces (SVIs), or ports that belong to an EtherChannel group.
Follow these guidelines when configuring the IGMP throttling action:
- If you configure the throttling action as deny and set the maximum group limitation, the entries that were previously in the forwarding table are not removed but are aged out. After these entries are aged out, when the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface.
- If you configure the throttling action as replace and set the maximum group limitation, the entries that were previously in the forwarding table are removed. When the maximum number of entries is in the forwarding table, the switch replaces a randomly-selected multicast entry with the received IGMP report.
- When the maximum group limitation is set to the default (no maximum), entering the ip igmp max-groups { deny | replace } command has no effect.
You can verify your setting by using the show running-config privileged EXEC command and by specifying an interface.
ip igmp profile
To create an Internet Group Management Protocol (IGMP) profile and enter IGMP profile configuration mode, use the ip igmp profile command in global configuration mode. In enter IGMP profile configuration mode, you can specify the configuration of the IGMP profile to be used for filtering IGMP membership reports from a switchport. To delete the IGMP profile, use the no form of this command.
ip igmp profile profile number
Command Modes
Usage Guidelines
When you are in IGMP profile configuration mode, you can create the profile by using these commands:
- deny : specifies that matching addresses are denied; this is the default condition.
- exit : exits from igmp-profile configuration mode.
- no : negates a command or resets to its defaults.
- permit : specifies that matching addresses are permitted.
- range : specifies a range of IP addresses for the profile. This can be a single IP address or a range with a start and an end address.
When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.
You can apply an IGMP profile to one or more Layer 2 interfaces, but each interface can have only one profile applied to it.
You can verify your settings by using the show ip igmp profile privileged EXEC command.
ip igmp snooping
To globally enable Internet Group Management Protocol (IGMP) snooping on the switch or to enable it on a per-VLAN basis, use the ip igmp snooping command in global configuration mode. To return to the default setting, use the no form of this command.
ip igmp snooping [ vlan vlan-id ]
Command Modes
Usage Guidelines
When IGMP snooping is enabled globally, it is enabled in all the existing VLAN interfaces. When IGMP snooping is disabled globally, it is disabled on all the existing VLAN interfaces.
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip igmp snooping last-member-query-interval
To enable the Internet Group Management Protocol (IGMP) configurable-leave timer globally or on a per-VLAN basis, use the ip igmp snooping last-member-query-interval command in global configuration command. To the default setting, use the no form of this command to return.
ip igmp snooping [ vlan vlan-id ] last-member-query-interval time
no ip igmp snooping [ vlan vlan-id ] last-member-query-interval
Command Modes
Usage Guidelines
When IGMP snooping is globally enabled, IGMP snooping is enabled on all the existing VLAN interfaces. When IGMP snooping is globally disabled, IGMP snooping is disabled on all the existing VLAN interfaces.
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
Configuring the leave timer on a VLAN overrides the global setting.
The IGMP configurable leave time is only supported on devices running IGMP Version 2.
The configuration is saved in NVRAM.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
Examples
This example shows how to globally enable the IGMP leave timer for 2000 milliseconds:
This example shows how to configure the IGMP leave timer for 3000 milliseconds on VLAN 1:
ip igmp snooping report-suppression
To enable Internet Group Management Protocol (IGMP) report suppression, use the ip igmp snooping report-suppression command in global configuration mode. To disable IGMP report suppression and to forward all IGMP reports to multicast routers, u se the no form of this command.
Command Modes
Usage Guidelines
IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. This feature is not supported when the query includes IGMPv3 reports.
The switch uses IGMP report suppression to forward only one IGMP report per multicast router query to multicast devices. When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.
If the multicast router query includes requests only for IGMPv1 and IGMPv2 reports, the switch forwards only the first IGMPv1 or IGMPv2 report from all hosts for a group to all the multicast routers. If the multicast router query also includes requests for IGMPv3 reports, the switch forwards all IGMPv1, IGMPv2, and IGMPv3 reports for a group to the multicast devices.
If you disable IGMP report suppression by entering the no ip igmp snooping report-suppression command, all IGMP reports are forwarded to all the multicast routers.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip igmp snooping tcn
To configure the Internet Group Management Protocol (IGMP) Topology Change Notification (TCN) behavior, use the ip igmp snooping tcn command in global configuration mode. To return to the default settings, use the no form of this command.
ip igmp snooping tcn { flood query count count | query solicit }
no ip igmp snooping tcn { flood query count | query solicit }
Command Modes
Usage Guidelines
You can prevent the loss of the multicast traffic that might occur because of a topology change by using this command. If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving one general query. If you set the count to 7, the flooding of multicast traffic due to the TCN event lasts until seven general queries are received. Groups are relearned based on the general queries received during the TCN event.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
Examples
This example shows how to specify 7 as the number of IGMP general queries for which the multicast traffic is flooded:
ip igmp snooping tcn flood
To specify multicast flooding as the Internet Group Management Protocol (IGMP) snooping spanning-tree Topology Change Notification (TCN) behavior, use the ip igmp snooping tcn flood command in interface configuration mode. To disable the multicast flooding, use the no form of this command.
Command Modes
Usage Guidelines
When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, this flooding behavior might not be desirable because the flooded traffic might exceed the capacity of the link and cause packet loss.
You can change the flooding query count by using the ip igmp snooping tcn flood query count count global configuration command.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip igmp snooping vlan immediate-leave
To enable Internet Group Management Protocol (IGMP) snooping immediate-leave processing on a per-VLAN basis, use the ip igmp snooping vlan vlan-id immediate-leave command in global configuration mode.To return to the default setting, use the no form of this command.
ip igmp snooping vlan vlan-id immediate-leave
Command Modes
Usage Guidelines
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
You should only configure the Immediate Leave feature when there is a maximum of one receiver on every port in the VLAN. The configuration is saved in NVRAM.
The Immediate Leave feature is supported only with IGMP Version 2 hosts.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip igmp snooping vlan mrouter
To add a multicast router port or to configure the multicast learning method, use the ip igmp snooping vlan vlan-id mrouter command in global configuration mode. To return to the default settings, use the no form of this command.
ip igmp snooping vlan vlan-id mrouter { interface interface-id | learn pim-dvmrp }
no ip igmp snooping vlan vlan-id mrouter { interface interface-id | learn pim-dvmrp }
Note Though visible in the command-line help strings, the cgmp keyword is not supported.
Syntax Description
Command Modes
Usage Guidelines
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
The configuration is saved in NVRAM.
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip igmp snooping vlan static
To enable Internet Group Management Protocol (IGMP) snooping and to statically add a Layer 2 port as a member of a multicast group, use the ip igmp snooping vlan vlan-id static command in global configuration mode. To remove ports specified as members of a static multicast group, use the no form of this command.
ip igmp snooping vlan vlan-id static ip-address interface interface-id
no ip igmp snooping vlan vlan-id static ip-address interface interface-id
Command Modes
Usage Guidelines
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
Examples
This example shows how to statically configure a port as a multicast router port:
You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
ip sla
To begin configuring a Cisco IOS IP Service Level Agreements (SLAs) operation and enter IP SLA configuration mode, use the ip slacommand in global configuration mode. To remove all configuration information for an operation, including the schedule of the operation, reaction configuration, and reaction triggers, use the no form of this command.
Command Modes
Usage Guidelines
The ip sla command is used to begin configuration for an IP SLAs operation. Use this command to specify an identification number for the operation you are about to configure. After you enter this command, the router will enter IP SLA configuration mode.
The ip sla command is supported in IPv4 networks. This command can also be used when configuring an IP SLAs operation that supports IPv6 addresses.
IP SLAs allows a maximum of 2000 operations.
Debugging is supported only on the first 32 operation numbers.
After you configure an operation, you must schedule the operation. For information on scheduling an operation, refer to the ip sla schedule and ip sla group schedule global configuration commands. You can also optionally set reaction triggers for the operation. For information on reaction triggers, refer to the ip sla reaction-configuration and ip sla reaction-trigger global configuration commands.
To change the operation type of an existing IP SLAs operation, you must first delete the IP SLAs operation (using the no ip sla ) and then reconfigure the operation with the new operation type.
Note After you schedule an operation, you cannot modify the configuration of the operation. To modify the configuration of the operation after it is scheduled, you must first unschedule the IP SLAs operation (using the no ip sla command) and then reconfigure the operation with the new operation parameters.
To display the current configuration settings of the operation, use the show ip sla configuration command in user EXEC or privileged EXEC mode.
Examples
In the following example, operation 99 is configured as a UDP jitter operation in an IPv4 network and scheduled to start running in 5 hours. The example shows the ip sla command being used in an IPv4 network.
Note If operation 99 already exists and has not been scheduled, the command line interface will enter IP SLA configuration mode for operation 99. If the operation already exists and has been scheduled, this command will fail.
Related Commands
ip sla reaction-configuration
To configure proactive threshold monitoring parameters for an IP Service Level Agreements (SLAs) operation, use the ip sla reaction-configuration command in global configuration mode. To disable all the threshold monitoring configuration for a specified IP SLAs operation, use the no form of this command.
ip sla reaction-configuration operation-number { react { unavailableDS | unavailableSD }{ loss-ratioDS | loss-ratioSD }[ threshold-type { average [ number-of-measurements ] | consecutive [ occurrences ] | immediate | never }] [ threshold-value upper-threshold lower-threshold ]]
no ip sla reaction-configuration operation-number [ react monitored-element ]
Syntax Description
Command Modes
Usage Guidelines
You can configure the ip sla reaction-configuration command multiple times to enable proactive threshold monitoring for multiple elements, such as configuring thresholds for both destination-to-source packet loss and MOS for the same operation. However, disabling individual monitored elements is not supported. The no ip sla reaction-configuration command disables all proactive threshold monitoring configuration for the specified IP SLAs operation.
The keyword options for this command are not case sensitive. The keywords in online help for the action-type option and react monitored-element keyword and argument combinations contain uppercase letters to enhance readability only.
The never keyword option for the threshold-type keyword does not work with the unavailableDS and unavailableSD monitored elements for measuring Ethernet Frame Loss Ratio (FLR).
Not all elements can be monitored by all IP SLAs operations. If you attempt to configure an unsupported monitored-element, such as MOS for a UDP echo operation, the following message displays:
ip sla schedule
To configure the scheduling parameters for a single Cisco IOS IP Service Level Agreements (SLAs) operation, use the ip sla schedulecommand in global configuration mode. To stop the operation and place it in the default state (pending), use the no form of this command.
ip sla schedule operation-number [ life { forever | seconds}] [ start-time {hh : mm [: ss] [month day | day month] | pending | now | after hh : mm : ss}] [ ageout seconds] [ recurring ]
no ip sla schedule operation-number
Syntax Description
Command Modes
Usage Guidelines
After you schedule the operation with the ip sla schedule command, you cannot change the configuration of the operation. To change the configuration of the operation, use the no form of the i p sla global configuration command and reenter the configuration information.
If the operation is in a pending state, you can define the conditions under which the operation makes the transition from pending to active with the ip sla reaction-trigger and ip sla reaction-configuration global configuration commands. When the operation is in an active state, it immediately begins collecting information.
The following time line shows the age-out process of the operation:
W----------------------X----------------------Y----------------------Z
- W is the time the operation was configured with the ip sla global configuration command.
- X is the start time or start of life of the operation (that is, when the operation became "active").
- Y is the end of life as configured with the ip sla schedule global configuration command (life seconds have counted down to zero).
- Z is the age out of the operation.
Age out starts counting down at W and Y, is suspended between X and Y, and is reset to its configured size at Y.
The operation to can age out before it executes (that is, Z can occur before X). To ensure that this does not happen, configure the difference between the operation's configuration time and start time (X and W) to be less than the age-out seconds.
Note The total RAM required to hold the history and statistics tables is allocated at the time of scheduling the IP SLAs operation. This prevents router memory problems when the router gets heavily loaded and lowers the amount of overhead an IP SLAs operation causes on a router when it is active.
The recurring keyword is supported only for scheduling single IP SLAs operations. You cannot schedule multiple IP SLAs operations using the ip sla schedule command. The life value for a recurring IP SLAs operation should be less than one day. The ageout value for a recurring operation must be "never" (which is specified with the value 0), or the sum of the life and ageout values must be more than one day. If the recurring option is not specified, the operations are started in the existing normal scheduling mode.
The ip sla schedule command is supported in IPv4 networks. This command can also be used when configuring an IP SLAs operation that supports IPv6 addresses.
Examples
In the following example, operation 25 begins actively collecting data at 3:00 p.m. on April 5. This operation will age out after 12 hours of inactivity, which can be before it starts or after it has finished with its life. When this operation ages out, all configuration information for the operation is removed (that is, the configuration information is no longer in the running configuration in RAM).
In the following example, operation 1 begins collecting data after a 5-minute delay:
In the following example, operation 3 begins collecting data immediately and is scheduled to run indefinitely:
In the following example, operation 15 begins automatically collecting data every day at 1:30 a.m.:
Related Commands
ip ssh
To configure the switch to run Secure Shell (SSH) Version 1 or SSH Version 2, use the ip ssh global configuration command. To return to the default setting, use the no form of this command.
This command is available only when your switch is running the cryptographic (encrypted) software image.
Command Modes
Usage Guidelines
If you do not enter this command or if you do not specify a keyword, the SSH server selects the latest SSH version supported by the SSH client. For example, if the SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2.
The switch supports an SSHv1 or an SSHv2 server. It also supports an SSHv1 client. For more information about the SSH server and the SSH client, see the software configuration guide for this release.
A Rivest, Shamir, and Adelman (RSA) key pair generated by an SSHv1 server can be used by an SSHv2 server and the reverse.
You can verify your settings by entering the show ip ssh or show ssh privileged EXEC command.
l2protocol
To tunnel Layer 2 control packets as data over an Ethernet flow point (EFP) service instance or to allow Layer 2 protocols to peer over an interface configured with a service instance, use the l2protocol command in service-instance configuration mode. To remove the configuration, use the no form of the command.
l2protocol { peer | tunnel } [ cdp | dtp | lacp | lldp | pagp | stp | udld | vtp ]
no l2protocol { peer | tunnel } [ cdp | dtp | lacp | lldp | pagp | stp | udld | vtp ]
Syntax Description\
Command Modes
Service-instance configuration mode.
Usage Guidelines
You can enter a keyword to identify a Layer 2 control protocol. If you do not enter a protocol, all Layer 2 control protocols are peered or tunneled.
Although you can configure DTP and VTP peering, this has no effect because the switch does not support these protocols.
In ME3800X platform, Cisco IOS Release 12.2(52)EY, the forward keyword is not supported for the l2protocol command. Therefore, it is impossible to forward Layer 2 control packets from a ME3800X switch to a Cisco 7600 router and vice versa. The tunnel option in ME3800X overwrites the PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0), while the forward option in Cisco 7600 simply forwards the PDU without any change or local processing; thus, the two platforms cannot cooperate.
Peer: PDUs are processed locally
Tunnel: Overwrites the PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0)
lacp fast-switchover
To enable Link Aggregation Control Protocol (LACP) fast switchover on a port channel, use the lacp fast-switchover command in interface configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
When a port from a hot-standby state moves to a bundled state, the default time is two seconds. Enabling fast switchover on the port channel changes this time to 50 ms. This faster time allows the port to quickly transition to the bundled state, and the port channel continues to stay up.
For information about configuring LACP on physical ports, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
lacp max-bundle
To configure the Link Aggregation Control Protocol (LACP) maximum number of ports to bundle in the port channel, use the lacp max-bundle command in interface configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
You can configure the maximum number of members that can be bundled. Any members in excess of this maximum number are kept in hot-standby state and are transitioned to bundled state when one of the bundled members goes down.
For information about configuring LACP on physical ports, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
Examples
This example shows how to configure the maximum number of ports to bundle in a port channel:
lacp port-priority
To configure the port priority for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command in interface configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The lacp port-priority interface configuration command determines which ports are bundled and which ports are put in hot-standby mode when there are more than eight ports in an LACP channel group. This command takes effect only on EtherChannel ports that are already configured for LACP. If the interface is a user network interface (UNI), you must use the port-type nni or port-type eni interface configuration command to change the interface to an NNI or ENI before configuring lacp port-priority.
In priority comparisons, numerically lower values have higher priority. The switch uses the priority to decide which ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from being active. If two or more ports have the same LACP port priority (for example, they are configured with the default setting of 65535), an internal value for the port number determines the priority.
Note The LACP port priorities are only effective if the ports are on the switch that controls the LACP link. See the lacp system-priority global configuration command for information about determining which switch controls the link.
Use the show lacp internal privileged EXEC command to display LACP port priorities and internal port number values.
For information about configuring LACP on physical ports, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
You can verify the configuration by entering the show lacp [ channel-group-number ] internal privileged EXEC command.
lacp rate
To set the rate at which Link Aggregation Control Protocol (LACP) packets are ingressed to an interface, lacp rate command in interface configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The lacp rate fast interface configuration command can be used to assist with early detection of a member link failure.
Use the show lacp internal priviledged EXEC command to show the rate flag. F indicates fast rate is configured. A indicates the normal rate.
For information about configuring LACP on physical ports, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
lacp system-priority
To configure the system priority for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command in global configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The lacp system-priority command determines which switch in an LACP link controls port priorities. Although this is a global configuration command, the priority only takes effect on EtherChannels that have physical ports that are already configured for LACP.
An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel group, the switch on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode. Port priorities on the other switch (the noncontrolling end of the link) are ignored.
In priority comparisons, numerically lower values have higher priority. Therefore, the switch with the numerically lower system value (higher priority value) for LACP system priority becomes the controlling switch. If both switches have the same LACP system priority (for example, they are both configured with the default setting of 32768), the LACP system ID (the switch MAC address) determines which switch is in control.
The lacp system-priority command applies to all LACP EtherChannels on the switch.
Use the show etherchannel summary privileged EXEC command to see which ports are in the hot-standby mode (denoted with an H port-state flag).
For more information about configuring LACP on physical ports, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
You can verify the configuration by entering the show lacp sys-id privileged EXEC command.
location (global configuration)
To configure location information for a Link Layer Discovery Protocol (LLDP) endpoint, use the location command in global configuration mode. To remove the location information, use the no form of this command.
location { admin-tag string | civic-location identifier id | elin-location string identifier id}
no location { admin-tag string | civic-location identifier id | elin-location string identifier id}
Syntax Description
Command Modes
Usage Guidelines
After entering the location civic-location identifier id global configuration command, you enter civic location configuration mode. In this mode, you can enter the civic location and the postal location information.
The civic-location identifier must not exceed 250 bytes.
Use the no lldp med-tlv-select location information interface configuration command to disable the location TLV. The location TLV is enabled by default. For more information, see the “Configuring LLDP and LLDP-MED” chapter of the software configuration guide for this release.
You can verify the configuration by entering the show location elin privileged EXEC command.
Examples
This example shows how to configure civic location information on the switch:
Switch(config-civic)# number 3550
Switch(config-civic)# primary-road-name "Cisco Way"
Switch(config-civic)# city "San Jose"
Switch(config-civic)# state CA
Switch(config-civic)# building 19
Switch(config-civic)# room C6
Switch(config-civic)# county "Santa Clara"
Switch(config-civic)# country US
Switch(config-civic)# end
This example shows how to configure the emergency location information location on the switch:
location (interface configuration)
To enter Link Layer Discovery Protocol (LLDP) location information for an interface, use the location interface command in interface configuration mode. To remove the interface location information, use the no form of this command.
location { additional-location-information word | civic-location-id id | elin-location-id id}
no location { additional-location-information word | civic-location-id id | elin-location-id id}
Syntax Description
Command Modes
Usage Guidelines
After entering the location civic-location-id id interface configuration command, you enter civic location configuration mode. In this mode, you can enter the additional location information.
The civic-location identifier must not exceed 250 bytes.
You can verify the configuration by entering the show location elin interface privileged EXEC command.
Examples
These examples show how to enter civic location information for an interface:
Switch(config-if)# location civic-location-id 1
Switch(config-if)# end
Switch(config-if)# int g2/0/1
Switch(config-if)# location civic-location-id 1
Switch(config-if)# end
This example shows how to enter emergency location information for an interface:
logging event
To enable notification of interface link status changes, use the logging event command in interface configuration mode. To disable notification, use the no form of this command.
logging event { bundle-status | link-status | spanning-tree | status | trunk status }
no logging event { bundle-status | link-status | spanning-tree | status | trunk status }
logging file
To set logging file parameters, use the logging file command in global configuration mode. To return to the default setting, use the no form of this command.
logging file filesystem : filename [ max-file-size [ min-file-size ]] [ severity-level-number | type ]
no logging file filesystem: filename [ severity-level-number | type ]
Syntax Description
Command Modes
Usage Guidelines
The log file is stored in ASCII text format in an internal buffer on the switch. You can access logged system messages by using the switch command-line interface (CLI) or by saving them to a properly configured syslog server. If the switch fails, the log is lost unless you had previously saved it to flash memory by using the logging file flash: filename global configuration command.
After saving the log to flash memory by using the logging file flash: filename global configuration command, you can use the more flash: filename privileged EXEC command to display its contents.
The command rejects the minimum file size if it is greater than the maximum file size minus 1024; the minimum file size then becomes the maximum file size minus 1024.
Specifying a level causes messages at that level and numerically lower levels to be displayed.
You can verify the configuration by entering the show running-config privileged EXEC command.
mac access-group
To apply a MAC access control list (ACL) to a Layer 2 interface, use the mac access-group command in interface configuration mode. To remove all MAC ACLs or the specified MAC ACL from the interface, use the no form of this command. You create the MAC ACL by using the mac access-list extended global configuration command.
Note You cannot attach an ACL to a Layer 2 port that has an Ethernet flow point (EFP) service instance configured on it. The mac access-group command is rejected on these ports.
Command Modes
Interface configuration (Layer 2 interfaces only)
Usage Guidelines
You can apply MAC ACLs only to ingress Layer 2 interfaces. You cannot apply MAC ACLs to Layer 3 interfaces or to Layer 2 interfaces that have service instances configured on them.
On Layer 2 interfaces, you can filter IP traffic by using IP access lists and non-IP traffic by using MAC access lists. You can filter both IP and non-IP traffic on the same Layer 2 interface by applying both an IP ACL and a MAC ACL to the interface. You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface.
If a MAC ACL is already configured on a Layer 2 interface and you apply a new MAC ACL to the interface, the new ACL replaces the previously configured one.
If you apply an ACL to a Layer 2 interface on a switch, and the switch has an input Layer 3 ACL or a VLAN map applied to a VLAN that the interface is a member of, the ACL applied to the Layer 2 interface takes precedence.
When an inbound packet is received on an interface with a MAC ACL applied, the switch checks the match conditions in the ACL. If the conditions are matched, the switch forwards or drops the packet, according to the ACL.
If the specified ACL does not exist, the switch forwards all packets.
You can verify MAC ACL configuration by entering the show mac access-group privileged EXEC command. You can see configured ACLs on the switch by entering the show access-lists privileged EXEC command.
Note For more information about configuring MAC extended ACLs, see the “Configuring Network Security with ACLs” chapter in the software configuration guide for this release.
mac access-list extended
To create an access list based on MAC addresses for non-IP traffic, use the mac access-list extended command in global configuration mode. Using this command puts you in the extended MAC access-list configuration mode. To return to the default setting, use the no form of this command.
Note You cannot apply named MAC extended ACLs to Layer 3 interfaces or to Layer 2 interfaces with service instances configured.
Command Modes
Usage Guidelines
MAC named extended lists are used with VLAN maps and class maps.
You can apply named MAC extended ACLs to VLAN maps or to Layer 2 interfaces, except Layer 2 interfaces that have service instances configured on them.
You cannot apply named MAC extended ACLs to Layer 3 interfaces.
Entering the mac access-list extended command enables the MAC access-list configuration mode. These configuration commands are available:
- default : sets a command to its default.
- deny : specifies packets to reject. For more information, see the deny (MAC access-list configuration) MAC access-list configuration command.
- exit : exits from MAC access-list configuration mode.
- no : negates a command or sets its defaults.
- permit : specifies packets to forward. For more information, see the permit (MAC access-list configuration) command.
You can verify MAC ACL configuration by entering the show access-lists privileged EXEC command.
Note For more information about MAC extended access lists, see the software configuration guide for this release.
Examples
This example shows how to create a MAC named extended access list named mac1 and to enter extended MAC access-list configuration mode:
This example shows how to delete MAC named extended access list mac1 :
mac address-table aging-time
To set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated, use the mac address-table aging-time command in global configuration mode. To return to the default setting, use the no form of this command. The aging time applies to all VLANs or a specified VLAN.
mac address-table aging-time { 0 | 10-1000000 }[ bridge-domain domain-id | routed-mac | vlan vlan-id]
no mac address-table aging-time { 0 | 10-1000000 } [ bridge-domain vlan-id | routed-mac | vlan vlan-id ]
Syntax DescriptionI
Command Modes
Usage Guidelines
If hosts do not send continuously, increase the aging time to record the dynamic entries for a longer time. Increasing the time can reduce the possibility of flooding when the hosts send again.
If you do not specify a specific VLAN, this command sets the aging time for all VLANs and bridge domains.
You can verify your setting by entering the show mac address-table aging-time privileged EXEC command.
mac address-table learning
To enable MAC address learning on a VLAN or bridge domain, use the mac address-table learning command in global configuration mode. This is the default state. To disable MAC address learning to control which VLANs or bridge domains can learn MAC addresses, use the no form of this command.
mac address-table learning { vlan vlan-id | bridge-domain domain-id }
no mac address-table learning { vlan vlan-id | bridge-domain domain-id }
Command Modes
Usage Guidelines
Customers in a service provider network can tunnel a large number of MAC addresses through the network and fill the available MAC address table space. When you control MAC address learning on a VLAN or bridge domain, you can manage the available MAC address table space by controlling which VLANs or bridge domains, and therefore which ports, can learn MAC addresses.
You can disable MAC address learning on a VLAN or bridge domain by entering the no mac address-table learning { vlan vlan-id | bridge-domain domain-id } command.
Before you disable MAC address learning, be sure that you are familiar with the network topology and the switch system configuration. Disabling MAC address learning could cause flooding in the network. For example, if you disable MAC address learning on a VLAN with a configured switch virtual interface (SVI), the switch floods all IP packets in the Layer 2 domain. If you disable MAC address learning on a VLAN that includes more than two ports, every packet entering the switch is flooded in that VLAN domain. We recommend that you disable MAC address learning only in VLANs that contain two ports and that you use caution before disabling MAC address learning on a VLAN with an SVI.
To display MAC address learning status or all VLANs and bridge domains, enter the show mac-address-table learning command. To display for a specific VLAN or bridge domain, enter the show mac address-table learning [ bridge-domain number ] [ vlan vlan-id ] command.
mac address-table move update
To enable the MAC address-table move update feature, use the mac address-table move update command in global configuration mode. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The MAC address-table move update feature allows the switch to provide rapid bidirectional convergence if a primary (forwarding) link goes down and the standby link begins forwarding traffic.
You can configure the access switch to send the MAC address-table move update messages if the primary link goes down and the standby link comes up. You can configure the uplink switches to receive and process the MAC address-table move update messages.
You can verify the configuration by entering the show mac address-table move update privileged EXEC command.
Examples
This example shows how to configure an access switch to send MAC address-table move update messages:
This example shows how to configure an uplink switch to get and process MAC address-table move update messages:
mac address-table notification
To enable the MAC address notification feature on the switch, use the mac address-table notification command in global configuration mode. To return to the default setting, use the no form of this command.
mac address-table notification { change [ history-size value | interval value ] | mac-move | threshold [[ limit percentage ] interval time ]}
no mac address-table notification { change [ history-size value | interval value ] | mac-move | threshold [[ limit percentage ] interval time ]}
Syntax Description
Defaults
By default, the MAC address notification, MAC move, and MAC threshold monitoring are disabled.
The default MAC change trap interval is 1 second.
The default number of entries in the history table is 1.
The default MAC utilization threshold is 50 percent.
The default time between MAC threshold notifications is 120 seconds.
Command Modes
Usage Guidelines
The MAC address notification change feature sends Simple Network Management Protocol (SNMP) traps to the network management system (NMS) whenever a new MAC address is added or an old address is deleted from the forwarding tables. MAC change notifications are generated only for dynamic and secure MAC addresses and are not generated for self addresses, multicast addresses, or other static addresses.
When you configure the history-size option, the existing MAC address history table is deleted, and a new table is created.
You enable the MAC address notification change feature by using the mac address-table notification change command. You must also enable MAC address notification traps on an interface by using the snmp trap mac-notification change interface configuration command and configure the switch to send MAC address traps to the NMS by using the snmp-server enable traps mac-notification change global configuration command.
You can also enable traps whenever a MAC address is moved from one port to another in the same VLAN by entering the mac address-table notification mac-move command and the snmp-server enable traps mac-notification move global configuration command.
To generate traps whenever the MAC address table threshold limit is reached or exceeded, enter the mac address-table notification threshold [ limit percentage ] | [ interval time ] command and the snmp-server enable traps mac-notification threshold global configuration command.
You can verify the configuration by entering the show mac address-table notification privileged EXEC command.
Examples
This example shows how to enable the MAC address-table change notification feature, set the interval time to 60 seconds, and set the history-size to 100 entries:
mac address-table static
To add static addresses to the MAC address table or to enable unicast MAC address filtering, use the mac address-table static command in global configuration mode. To remove static entries from the table or return to the default setting, use the no form of this command.
mac address-table static mac-addr vlan vlan-id { drop | interface interface-id }
no mac address-table static mac-addr vlan vlan-id [drop | interface interface-id ]
Syntax Description
Command Modes
Usage Guidelines
Follow these guidelines when using the drop keyword to configure MAC address filtering:
- Multicast MAC addresses, broadcast MAC addresses, and router MAC addresses are not supported. Packets that are forwarded to the CPU are also not supported.
- If you add a unicast MAC address as a static address and configure unicast MAC address filtering, the switch either adds the MAC address as a static address or drops packets with that MAC address, depending on which command was entered last. The second command that you entered overrides the first command.
For example, if you enter the mac address-table static mac-addr vlan vlan-id interface interface-id global configuration command followed by the mac address-table static mac-addr vlan vlan-id drop command, the switch drops packets with the specified MAC address as a source or destination.
If you enter the mac address-table static mac-addr vlan vlan-id drop global configuration command followed by the mac address-table static mac-addr vlan vlan-id interface interface-id command, the switch adds the MAC address as a static address.
You can verify your setting by entering the show mac address-table or show mac address-table static privileged EXEC command.
Examples
This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped:
This example shows how to disable unicast MAC address filtering:
This example shows how to add the static address c2f3.220a.12f4 to the MAC address table. When a packet is received in VLAN 4 with this MAC address as its destination, the packet is forwarded to the specified interface:
macro apply
To apply a macro to an interface or to apply and trace a macro configuration on an interface, use the macro apply or macro trace command in interface configuration command.
macro { apply | trace } macro-name [ parameter value ] [ parameter value ] [ parameter value ]
Note There is not a no form of this command.
Syntax Description
Command Modes
Usage Guidelines
You can use the macro trace macro-name interface configuration command to apply and show the macros running on an interface or to debug the macro to find any syntax or configuration errors.
If a command fails because of a syntax error or a configuration error when you apply a macro, the macro continues to apply the remaining commands to the interface.
When creating a macro that requires the assignment of unique values, use the parameter value keywords to designate values specific to the interface.
Keyword matching is case sensitive. All matching occurrences of the keyword are replaced with the corresponding value. Any full match of a keyword, even if it is part of a larger string, is considered a match and is replaced by the corresponding value.
Some macros might contain keywords that require a parameter value. You can use the macro apply macro-name ? command to display a list of any required values in the macro. If you apply a macro without entering the keyword values, the commands are invalid and are not applied.
When you apply a macro to an interface, the macro name is automatically added to the interface. You can display the applied commands and macro names by using the show running-configuration interface interface-id user EXEC command.
A macro applied to an interface range behaves the same way as a macro applied to a single interface. When you use an interface range, the macro is applied sequentially to each interface within the range. If a macro command fails on one interface, it is still applied to the remaining interfaces.
You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command.
Examples
After you have created a macro by using the macro name global configuration command, you can apply it to an interface. This example shows how to apply a user-created macro called duplex to an interface:
To debug a macro, use the macro trace interface configuration command to find any syntax or configuration errors in the macro as it is applied to an interface. This example shows how troubleshoot the user-created macro called duplex on an interface:
macro description
To enter a description about which macros are applied to an interface, use the macro description command in interface configuration mode. To remove the description, use the no form of this command.
Command Modes
Usage Guidelines
Use the description keyword to associate comment text, or the macro name, with an interface. When multiple macros are applied on a single interface, the description text will be from the last applied macro.
This example shows how to add a description to an interface:
You can verify your settings by entering the show parser macro description privileged EXEC command.
Related Commands
macro global
To apply a macro to a switch or to apply and trace a macro configuration on a switch, use the macro global command in global configuration mode.
macro global { apply | trace } macro-namemacro-name [ parameter value ] [ parameter value ] [ parameter value ]
Command Modes
Usage Guidelines
You can use the macro trace macro-name global configuration command to apply and to show the macros running on a switch or to debug the macro to find any syntax or configuration errors.
If a command fails because of a syntax error or a configuration error when you apply a macro, the macro continues to apply the remaining commands to the switch.
When creating a macro that requires the assignment of unique values, use the parameter value keywords to designate values specific to the switch.
Keyword matching is case sensitive. All matching occurrences of the keyword are replaced with the corresponding value. Any full match of a keyword, even if it is part of a larger string, is considered a match and is replaced by the corresponding value.
Some macros might contain keywords that require a parameter value. You can use the macro global apply macro-name ? command to display a list of any required values in the macro. If you apply a macro without entering the keyword values, the commands are invalid and are not applied.
When you apply a macro to a switch, the macro name is automatically added to the switch. You can display the applied commands and macro names by using the show running-configuration user EXEC command.
You can delete a global macro-applied configuration on a switch only by entering the no version of each command contained in the macro.
Examples
After you have created a new macro by using the macro name global configuration command, you can apply it to a switch. This example shows how see the snmp macro and how to apply the macro and set the hostname to test-server and set the IP precedence value to 7:
To debug a macro, use the
macro global trace
global configuration command to find any syntax or configuration errors in the macro when it is applied to a switch. In this example, the
ADDRESS
parameter value was not entered, causing the
snmp-server host
command to fail while the remainder of the macro is applied to the switch:
Related Commands
macro global description
To enter a description about the macros that are applied to the switch, use the macro global description in global configuration mode. To remove the description, use the no form of this command
Command Modes
Usage Guidelines
Use the description keyword to associate comment text, or the macro name, with a switch. When multiple macros are applied on a switch, the description text will be from the last applied macro.
This example shows how to add a description to a switch:
You can verify your settings by entering the show parser macro description privileged EXEC command.
Related Commands
match (access-map configuration)
To match packets against one or more access lists, use the match command in access-map configuration command mode to set the VLAN map. To remove the match parameters, use the no form of this command.
match { ip address { name | number } [ name | number ] [ name | number ]...} | { mac address { name } [ name ] [ name ]...}
no match { ip address { name | number } [ name | number ] [ name | number ]...} | { mac address { name } [ name ] [ name ]...}
Command Modes
Usage Guidelines
You enter access-map configuration mode by using the vlan access-map global configuration command.
You must enter one access list name or number; others are optional. You can match packets against one or more access lists. Matching any of the lists counts as a match of the entry.
In access-map configuration mode, use the match command to define the match conditions for a VLAN map applied to a VLAN. Use the action command to set the action that occurs when the packet matches the conditions.
Packets are matched only against access lists of the same protocol type; IP packets are matched against IP access lists, and all other packets are matched against MAC access lists.
Both IP and MAC addresses can be specified for the same map entry.
You can verify the configuration by entering the show vlan access-map privileged EXEC command.
Examples
This example shows how to define and apply a VLAN access map vmap4 to VLANs 5 and 6 that will cause the interface to drop an IP packet if the packet matches the conditions defined in access list al2 .
Related Commands
Configures a standard numbered ACL. For syntax information, refer to the Cisco IOS Master Command List, All Releases at: http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html |
|
Specifies the action to be taken if the packet matches an entry in an access control list (ACL). |
|
Creates a named access list. For syntax information, refer to the Cisco IOS Master Command List, All Releases at: http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html |
|
match access-group
To configure the match criteria for a class map on the basis of the specified access control list (ACL), use the match access-group command in class-map configuration mode. To remove the ACL match criteria, use the no form of this command.
match access-group acl-index-or-name
Command Modes
Usage Guidelines
The match access-group command specifies a numbered or named ACL to use as the match criteria to determine if packets belong to the class specified by the class map.
Before using the match access-group command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can use the match access-group classification only on input policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match cos
To match a packet based on a Layer 2 class of service (CoS) marking, use the match cos command in class-map configuration mode. You can match on the outer VLAN tag or the inner (customer) tag). to remove the CoS match criteria, use the no form of this command.
match cos { cos-list | inner cos-list }
no match cos { cos-list | inner cos-list }
Syntax Description
Command Modes
Usage Guidelines
The match cos and match cos inner commands specify a CoS value to use as the match criteria to determine if packets belong to the class specified by the class map.
Before using the match cos or match cos inner command , you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
Matching of CoS values is supported only on ports carrying Layer 2 VLAN-tagged traffic. That is, you can use the cos classification only on IEEE 802.1Q trunk ports.
You can use match cos and match cos inner classification in input and output policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match discard-class
To configure the match criteria for a class map based on the drop precedence of a packet during congestion management, use the match discard-class command in class-map configuration mode. To remove the match criteria, use the no form of this command.
Command Modes
Usage Guidelines
The match discard-class command specifies a drop value to use as the match criteria to determine if packets belong to the class specified by the class map.
Before using the match discard-class command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can use the match discard-class classification only on output policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match ip dscp
To identify a specific IPv4 Differentiated Service Code Point (DSCP) value as match criteria for a class, use the match ip dscp command inclass-map configuration mode. To remove the match criteria, use the no form of this command.
Syntax Description
Command Modes
Usage Guidelines
The match ip dscp command specifies a DSCP value to use as the match criteria to determine if packets belong to the class specified by the class map.
This command is used by the class map to identify a specific DSCP value marking on a packet. In this context, DSCP values are used as markings only and have no mathematical significance. For example, the DSCP value of 2 is not greater than 1, but merely indicates that a packet marked with a value of 2 is different than one marked with a value of 1. You define the treatment of these marked packets by setting QoS policies in policy-map class configuration mode.
Before using the match ip dscp command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can enter up to eight DSCP values in one match statement. For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7, enter the match ip dscp 0 1 2 3 4 5 6 7 command. The packet must match only one (not all) of the specified IPv4 DSCP values to belong to the class.
You can use match ip dscp classification in input and output policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match ip precedence
To identify IPv4 precedence values as match criteria for a class, use the match ip precedence command in class-map configuration mode. To remove the match criteria, use the no form of this command.
match ip precedence ip-precedence-list
no match ip precedence ip-precedence-list
Syntax Description
Command Modes
Usage Guidelines
The match ip precedence command specifies an IPv4 precedence value to use as the match criteria to determine if packets belong to the class specified by the class map.
The precedence values are used as marking only. In this context, the IP precedence values have no mathematical significance. For example, the precedence value of 2 is not greater than 1, but merely indicates that a packet marked with a value of 2 is different than one marked with a value of 1. You define the treatment of these marked packets by setting QoS policies in policy-map class configuration mode.
Before using the match ip precedence command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can enter up to four IPv4 precedence values in one match statement. For example, if you wanted the IP precedence values of 0, 1, 2, or 7, enter the match ip precedence 0 1 2 7 command. The packet must match only one (not all) of the specified IP precedence values to belong to the class.
You can use match ip precedence classification in input and output policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match mpls experimental topmost
To identify the outer multiprotocol label switching (MPLS) experimental label to use as the match criteria for a class, use the mpls experimental topmost command in class-map configuration mode. To remove the match criteria, use the no form of this command.
match experimental topmost value
Command Modes
Usage Guidelines
The match experimental topmost value command specifies a value for the topmost (outer) MPLS label to use as the match criteria to determine if packets belong to the class specified by the class map.
Before using the match experimental topmost value command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can enter up to eight MPLS EXP label values in one match statement. You can enter multiple lines to match more than eight values.
In an MPLS network, the IP precedence bits in the packet header are copied into the MPLS EXP fields at the edge of a network. Instead of overwriting the value in the IP precedence field, you can set the MPLS experimental bit. You can use different values to mark packets based on characteristics such as rate or type so that packets have the same priority.
You can use match experimental topmost value classification in input and output policy maps.
You can verify the configuration by entering the show class-map privileged EXEC command.
match qos-group
To identify a specific quality of service (QoS) group value as a match criterion for a class, use the match qos-group command in class-map configuration mode. To remove the match criteria, use the no form of this command.
Command Modes
Usage Guidelines
The match qos-group command specifies a QoS group value to use as the match criterion to determine if packets belong to the class specified by the class map.
The QoS-group values are used as marking only and have no mathematical significance. For example, the precedence value of 2 is not greater than 1, but merely indicates that a packet marked with a value of 2 is different than one marked with a value of 1. You define the treatment of these marked packets by setting QoS policies in policy-map class configuration mode.
The QoS-group value is local to the switch, meaning that the QoS-group value marked on a packet does not leave the switch when the packet leaves the switch. If you require a marking that remains with the packet, use IP Differentiated Service Code Point (DSCP) values, IP precedence values, or another method of packet marking.
Before using the match qos-group command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can use the match qos-group classification only on output policy maps.
There can be no more than 100 QoS groups on the switch (0 to 99).
You can verify the configuration by entering the show class-map privileged EXEC command.
match vlan
To apply QoS policies to frames carried on a user-specified VLAN for a given interface, use the match vlan command in class-map configuration mode in the parent policy of a hierarchical policy map. You can use hierarchical policy maps for per-VLAN classification on trunk ports. To remove the match criteria, use the no form of this command.
match vlan { vlan-list | inner vlan-list }
no match vlan { vlan-list | inner vlan-list }
Syntax Description
Command Modes
Usage Guidelines
You configure per-VLAN QoS by entering the match vlan vlan-id or match vlan-inner vlan-id class-map configuration command for one or more VLANs.
The feature is supported using a 2-level hierarchical input policy map, where the parent-level defines the VLAN-based classification, and the child-level defines the QoS policy to be applied to the corresponding VLAN(s).
You use the match vlan vlan-id class-map configuration command to classify based on the outer VLAN. Use the match vlan inner vlan-id class-map configuration command to classify based on the inner VLAN
With classification based on VLAN IDs, you can apply QoS policies to frames carried on a user-specified VLAN for a given interface. You can use hierarchical policy maps for per-VLAN classification on trunk ports. Per-VLAN classification is not required on access ports because access ports carry traffic for a single VLAN.
Per-port, per-VLAN QoS is supported only on IEEE 802.1Q trunk ports.
Before using the match vlan command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
You can verify your configuration by entering the show class-map privileged EXEC command.
Examples
This example shows how to create a class-map called parent-class , which matches incoming traffic with VLAN IDs in the range from 30 to 40.
This example shows how to match VLAN and CoS in the same policy. When you attach the service policy vlan to an interface, packets with the outer VLAN of 2 and an outer CoS of 2 are included in class map phb .
max-delay
To configure the maximum length of time a Maintenance Endpoint (MEP) in an IP Service Level Agreements (SLAs) Metro-Ethernet 3.0 (ITU-T Y.1731) operation waits for a synthetic frame, use the max-delay command in IP SLA Y1731 delay configuration mode. To return to the default, use the no form of this command.
Command Modes
IP SLA Y.1731 delay configuration (config-sla-y1731-delay)
Usage Guidelines
Use this command to change the maximum amount of time an MEP in an Ethernet delay or delay variation operation will wait for a synthetic frame from the default (5000 ms) to the specified value.
mdix auto
To enable the automatic medium-dependent interface crossover (auto-MDIX) feature on the interface, use the mdix auto command in interface configuration mode. When auto-MDIX is enabled, the interface automatically detects the required cable connection type (straight-through or crossover) and configures the connection appropriately. To disable auto-MDIX, use the no form of this command.
Command Modes
Usage Guidelines
When you enable auto-MDIX on an interface, you must also set the speed and duplex on the interface to auto so that the feature operates correctly.
When auto-MDIX (along with autonegotiation of speed and duplex) is enabled on one or both of connected interfaces, link up occurs, even if the required cable type (straight-through or crossover) is not present.
Auto-MDIX is supported on all 10/100-Mbps interfaces and on 10/100/1000BASE-T/BASE-TX small form-factor pluggable (SFP)-module interfaces. It is not supported on 1000BASE-SX or -LX SFP module interfaces.
You can verify the operational state of auto-MDIX on the interface by entering the show controllers ethernet-controller interface-id phy privileged EXEC command.
mtu
To set the maximum packet size or maximum transmission unit (MTU) size for an interface, use the mtu command in interface configuration mode. To return to the default value, use the no form of this command.
Command Modes
Usage Guidelines
When you use this command to change the MTU size on an interface, it is not necessary to reset the switch before the new configuration takes effect.
Because the switch does not fragment Layer 2 packets, it drops switched Layer 2 packets larger than the packet size supported on the egress interface.
network-clock hold-off
To configure the time that the switch waits when a SyncE reference clock goes down before removing it as the network clock, use the network-clock hold-off command in global configuration mode. To return to the default value, use the no form of this command.
Command Modes
Usage Guidelines
Setting a hold-off timeout ensures that the short activation of a signal failure is not passed to the clock selection process.
network-clock input-source
To configure the Synchronous Ethernet (SyncE) input clock and priority, use the network-clock input-source command in global configuration mode. To remove the priority, use the no form of this command.
network-clock input-source priority [ external] [interface]
no network-clock input-source priority [ external] [interface]
Command Modes
network-clock revertive
To configure the Synchronous Ethernet (SyncE) input clock to determine the action to take if clock reference with higher priority than the selected reference clock becomes available, use the network-clock revertive command in global configuration mode. To return to the default value, use the no form of this command.
Command Modes
Usage Guidelines
The network clock can be selected by an automatic selection algorithm based on the highest priority valid input clock. In revertive mode, the network clock is automatically selected reference based on the configured priority of the clock.
network-clock synchronization ssm option
To configure the Synchronous Status Message (SSM) option for a Synchronous Ethernet (SynchE) network clock, use the network-clock synchronization ssm option command in global configuration mode. To return to the default value, use the no form of this command.
network-clock synchronization ssm option [ [ 1 | 2 ] GEN1 | GEN2 ]
no network-clock synchronization ssm option [ [ 1 | 2 ] GEN1 | GEN2 ]
Command Modes
Usage Guidelines
When Option 2 is selected, GEN1 must be configured. GEN2 is not supported in Release 15.1(2)EY.
network-clock wait-to-restore
To configure the time that the switch waits before a previously failed Synchronous Ethernet (SyncE) input clock must be fault-free before it is considered available as a synchronization source, use the network-clock wait-to-restore command in global configuration mode. To return to the default value, use the no form of this command.
network-clock wait-to-restore value
network-clock-select
To configure the Synchronous Ethernet (SyncE) input clock and priority, use the network-clock-select command in global configuration mode. To remove the priority, use the no form of this command.
network-clock-select priority [ BITS | SYNCE port-number ]
Command Modes
Usage Guidelines
During normal operation, the reference clock is selected based on an algorithm that uses the priority rankings that you assign to the input clocks by using the network-clock-select priority priority global configuration command.
The reference clock source can be the BITS input or a PHY-recovered clock from one of the uplink ports. The ME 3800X and ME 3600X switch supports a BITS port through an RJ45 connector.
network-clock-select hold-off timeout
To configure the time that the switch should wait if a Synchronous Ethernet (SyncE) reference clock goes down before removing it as the reference clock, use the network-clock-select hold-off timeout command in global configuration mode. To return to the default value, use the no form of this command.
network-clock-select hold-off timeout value
Command Modes
Usage Guidelines
This command is supported only if you enter the ql-enabled rep-segment command in global configuration mode to configure the Resilient Ethernet Protocol (REP) workaround for resiliency and to avoid timing loops.
Setting a hold-off timeout ensures that the short activation of a signal failure is not passed to the clock selection process.
network-clock-select hold-timeout
To configure the time after which the switch moves from the holdover state to the free-run state for system timing, use the network-clock-select hold-timeout command in global configuration mode. To return to the default value, use the no form of this command.
network-clock-select hold-timeout { value | infinite }
no network-clock-select hold-timeout
Syntax Description
Command Modes
Usage Guidelines
If there is no reliable clock source available, the switch goes into holdover mode and replays the saved clock from the last source.
You can configure a holdout time only if you enter the ql-enabled rep-segment command in global configuration mode to configure the Resilient Ethernet Protocol (REP) workaround for resiliency and to avoid timing loops.
When the configured holdout time expires, the switch goes into free-run state, where the timing clock is internal to the switch.
If you do not configure the REP workaround, the holdout time in a priority-based configuration is infinite.
network-clock-select mode
To configure the Synchronous Ethernet (SyncE) input clock to determine the action to take if clock reference with higher priority than the selected reference clock becomes available, use the network-clock-select mode command in global configuration mode. To return to the default value, use the no form of this command.
network-clock-select mode { nonrevert | revert }
no network-clock-select mode { nonrevert | revert }
Syntax Description
Command Modes
Usage Guidelines
An input reference clock can be either forced or selected by an automatic selection algorithm based on the highest priority valid input clock. In revert mode, the forces clock automatically becomes the selected reference. In non-revertive mode, the forced clock becomes the selected reference only if the existing reference is invalidated or made unavailable for selection.
You can use the set network-clocks privileged EXEC command for more configuration of not-revertive mode.
network-clock-select option
To configure the Synchronous Ethernet (SyncE) Ethernet Equipment Clock (EEC) option, use the network-clock-select option command in global configuration mode. To select the other (nonconfigured) option (E1 or T1), use the no form of this command.
network-clock-select option { option1 | option2 }
Command Modes
Usage Guidelines
You should base the selected option on the timing format of the area of deployment.
After selecting the clock option, you can use the controller BITS global configuration commands to specify the line characteristics. Before using the controller BITS command to change the E1/T1 settings, you should ensure that the selection matches the option in this command.
network-clock-select output
To set the priority and select the line interfaces to drive the output clock, use the network-clock-select output command in global configuration mode. To remove the configuration, use the no form of this command.
network-clock-select output priority SYNCE port
Command Modes
Usage Guidelines
The output clock (T4 or BITS OUT) is driven only on uplink ports.
The clock is not driven by the Building Integrated Timing Supply (BITS) or the system clock (T0).
network-clock-select wait-to-restore-timeout
To configure the time that the switch waits before a previously failed Synchronous Ethernet (SyncE) input clock must be fault-free before it is considered available as a synchronization source, use the network-clock-select wait-to-restore timeout command in global configuration mode. To return to the default value, use the no form of this command.
network-clock-select wait-to-restore timeout value
Command Modes
Usage Guidelines
You can configure a holdout time only if you configure the REP quality level by entering the ql-enabled rep-segment command.
oam protocol cfm svlan
To configure the Ethernet virtual connection (EVC) operation, administration, and maintenance (OAM) protocol as IEEE 801.2ag Connectivity Fault Management (CFM) and to identify the service provider VLAN-ID for a CFM domain level, use the oam protocol cfm svlan command in EVC configuration mode. To remove the OAM protocol configuration for the EVC, use the no form of this command.
Command Modes
Usage Guidelines
When you enter domain domain-name , the CFM domain must have already been created by entering the ethernet cfm domain domain-name level level-id global configuration command. If the CFM domain does not exist, the command is rejected, and an error message appears.
pagp learn-method
To learn the source address of incoming packets received from an EtherChannel port, use the pagp learn-method command in interface configuration mode. To return to the default setting, use the no form of this command.
pagp learn-method { aggregation-port | physical-port }
Syntax Description
Command Modes
Usage Guidelines
When configuring pagp learn-method, learn must be configured to the same method at both ends of the link.
- The switch supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority interface configuration commands have no effect on the switch hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports.
- When the link partner to the switch is a physical learner, we recommend that you configure the switch as a physical-port learner. Use the pagp learn-method physical-port interface configuration command, and set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command. Only use the pagp learn-method interface configuration command in this situation.
You can verify the configuration by entering the show running-config privileged EXEC command or the show pagp channel-group-number internal privileged EXEC command.
pagp port-priority
To select a port over which all Port Aggregation Protocol (PAgP) traffic through the EtherChannel is sent, use the pagp port-priority command in interface configuration mode. If all unused ports in the EtherChannel are in hot-standby mode, they can be placed into operation if the currently selected port and link fails. To return to the default setting, use the no form of this command.
Command Modes
Usage Guidelines
The physical port with the highest operational priority and that has membership in the same EtherChannel is the one selected for PAgP transmission.
- The switch supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority interface configuration commands have no effect on the switch hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports.
- When the link partner to the switch is a physical learner, we recommend that you configure the switch as a physical-port learner by using the pagp learn-method physical-port interface configuration command and to set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command. Use the pagp learn-method interface configuration command only in this situation.
You can verify your setting by entering the show running-config privileged EXEC command or the show pagp channel-group-number internal privileged EXEC command.
permit (MAC access-list configuration)
To allow non-IP traffic to be forwarded if the conditions are matched, use the permit command in MAC access-list configuration mode. To remove a permit condition from the extended MAC access list, use the no form of this command.
{ permit | deny } { any | host src-MAC-addr | src-MAC-addr mask } { any | host dst-MAC-addr | dst-MAC-addr mask } [ type mask | cos cos | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp ]
no { permit | deny } { any | host src-MAC-addr | src-MAC-addr mask } { any | host dst-MAC-addr | dst-MAC-addr mask } [ type mask | cos cos | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | mop-dump | msdos | mumps | netbios | vines-echo |vines-ip | xns-idp ]
Note Though visible in the command-line help strings, appletalk is not supported as a matching condition.
Syntax Description
To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology and Cisco IOS terminology are listed in Table 2-3 .
Command Modes
Usage Guidelines
You enter MAC access-list configuration mode by using the mac access-list extended global configuration command.
If you use the host keyword, you cannot enter an address mask; if you do not use the any or host keywords, you must enter an address mask.
After an access control entry (ACE) is added to an access control list, an implied deny - any - any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.
You can verify the configuration by entering the show access-lists privileged EXEC command.
Note For more information about MAC-named extended access lists, see the software configuration guide for this release.
Examples
This example shows how to define the MAC-named extended access list to allow NETBIOS traffic from any source to MAC address 00c0.00a0.03fa. Traffic matching this list is allowed.
This example shows how to remove the permit condition from the MAC-named extended access list:
police
To define a policer for classified traffic and to enter policy-map class police configuration mode, use the police command in policy-map class configuration mode. A policer defines an average traffic rate, a committed information rate (CIR), a peak information rate (PIR), and an action to take if a maximum is exceeded. In policy-map class police configuration mode, you can specify multiple actions for a packet. To remove a policer, use the no form of this command.
police
{
rate-bps
|
cir
{
cir-bps
[
burst-bytes
] [
bc
burst-bytes
]
|
percent
percent
[
burst-ms
] [
bc
burst-ms
]} [
pir
{
pir-bps
[
be
peak-burst
]
|
percent
percent
[
be
peak-ms
]}] [
action
]
[
conform-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
[
exceed-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
[
violate-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
no
police
{
rate-bps
|
cir
{
cir-bps
[
burst-bytes
] [
bc
burst-bytes
]
|
percent
percent
[
burst-ms
] [
bc
burst-ms
]} [
pir
{
pir-bps
[
be
peak-burst
]
|
percent
percent
[
be
peak-ms
]}] [
action
]
[
conform-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
[
exceed-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
[
violate-action
{
drop
|
set-cos-transmit
new cos-value
|
set-discard-class-transmit
new discard-value
|
set-dscp-transmit
new dscp-value
|
set-mpls-exp-imposition-transmit
new-imposition-exp-value
|
set-mpls-exp-topmost transmit
new-topmost-exp-value
|
set-prec-transmit value
new prec-value
|
set-qos-transmit value
new qos-value
|
transmit
}]
Syntax Description
Command Modes
Policy-map class configuration
Usage Guidelines
You can enter a single conform-action, exceed-action, or violate-action as part of the command string following the police command. You can also press Enter after the police command to enter policy-map class police configuration mode, where you can enter multiple actions. In policy-map class police configuration mode, you must enter an action to take.
The switch also supports marking multiple QoS parameters for the same class and simultaneously configuring conform-action, exceed-action, and violate-action marking.
The switch supports single-rate policing with a 2-color marker, or a 2-rate policer with a 3-color marker. Mapped packets can be sent without modification, dropped, or marked to options specified by the set command. Note that traffic rates are configured in bits per second and burst size is entered in bytes.
You can configure policing for any number of classes on any one of the three levels of the policy-map hierarchy. If you configure marking on one level, you can configure policing without marking (transmit, drop) on another level.
The ME 3600X switch supports 2000 policers. The number of policers supported on the ME 3800X switch is either 8000 or 16000, depending on the switch license.
An output policy map should match only the modified values of the out-of-profile traffic and not the original values.
When you define the policer and press Enter, you enter policy-map class police configuration mode, in which you can configure multiple policing actions. These commands are available:
- conform-action
- exceed-action
- violate-action
- exit : exits from QoS policy-map class police configuration mode. If you do not want to set multiple actions, you can enter exit without entering any other policy-map class police commands.
- no : negates or sets the default values of a command.
You can verify the configuration by entering the show policy-map privileged EXEC command.
Examples
This example shows how to create a traffic classification with a CoS value of 4, create a policy map, and attach it to an ingress port. The average traffic rate is limited to 10000000 b/s with a burst size of 10000 bytes:
This example shows how to create policy map with a conform action of set dscp and a default exceed action, and attach it to an EFP.
This example shows how to use policy-map class police configuration mode to set multiple conform actions and an exceed action. The policy map sets a committed information rate of 23000 bits per second (b/sb/s) and a conform burst size of 10000 bytes. The policy map includes multiple conform actions (for DSCP and for Layer 2 CoS) and an exceed action.
Related Commands
policy-map
To create or to modify a policy map that can be attached to multiple physical ports and to enter policy-map configuration mode, use the policy-map command in global configuration mode. To delete an existing policy map, use the no form of this command.
Command Modes
Usage Guidelines
The switch supports a maximum of 1024 unique policy maps.
Before configuring policies for classes whose match criteria are defined in a class map, use the policy-map command to specify the name of the policy map to be created or modified. Entering the policy-map command also enables the policy-map configuration mode, in which you can configure or modify the class policies for that policy map.
After entering the policy-map command, you enter policy-map configuration mode, and these configuration commands are available:
- class : the specified traffic classification for which the policy actions are applied. The classification is defined in the class-map global configuration command. For more information, see the class-map command.
- description : describes the policy map (up to 200 characters).
- exit : exits policy-map configuration mode and returns to global configuration mode.
- no : removes a previously defined policy map.
Note If you enter the no policy-map configuration command or the no policy-map policy-map-name global configuration command to delete a policy map that is attached to an interface, a warning message appears that lists any interfaces (physical interfaces or Ethernet flow points (EFPs) from which the policy map is being detached. The policy map is then detached and deleted. For example:Warning: Detaching Policy test1 from Interface GigabitEthernet0/1
You can configure class policies in a policy map only if the classes have match criteria defined for them. To configure the match criteria for a class, use the class-map global configuration and match class-map configuration commands. You define packet classification on a physical-port basis.
You can create input policy maps and output policy maps, and you can assign one input policy map and one output policy map to a target (port or EFP service instance). The input policy map acts on incoming traffic on the port; the output policy map acts on outgoing traffic.
You can apply the same policy map to multiple targets.
Follow these guidelines when configuring input policy maps:
- The total number of input policy maps that can be attached to interfaces on the switch is limited by the availability of hardware resources. If you attempt to attach an input policy map that would exceed any hardware resource limitation, the configuration fails.
- You cannot configure an IP (IP standard and extended ACL, DSCP or IP precedence) and a non-IP (MAC ACL or CoS) classification within the same policy map, either within a single class map or across class maps within the policy map.
- These commands are not supported on input policy maps: match discard-class command, match qos-group command, bandwidth command for Class-Based-Weighting-Queuing (CBWFQ), priority command for class-based priority queueing, queue-limit command for Weighted Tail Drop (WTD), shape average command for port shaping, or class-based traffic shaping.
Follow these guidelines when configuring output policy maps:
- Output policy maps can have a maximum of eight classes, one of which is class-default , when the classes in the policy map are of class-level classification, such as cos , dscp , and mpls exp . There are no restrictions for classes in a VLAN-level policy map as long as the number does not exceed that supported by the license installed on the switch.
- Each class of a policy map can have three unique queue-limit configurations, including an unqualified queue-limit (that is a queue-limit without any qualifier). The switch supports a maximum of eight queues per policy map, including the class-default. Queue-limit configurations are unique for a class of a policy map. There are a total of 256 queue-limit profiles in the switch, some of which are default profiles. Each profile can have three queue-limit configurations. When queue-limit configurations are the same across classes, the classes use the same queue-limit profile.
- All output policy maps must include the same number of class maps (one to three) and the same classification (that is, the same class maps).
You can verify your settings by entering the show policy-map privileged EXEC command.
For more information about policy maps, see the software configuration guide for this release.
port-channel load-balance
To set the load-distribution method among the ports in the EtherChannel, use the port-channel load-balance command in global configuration mode. To return to the default setting, use the no form of this command.
port-channel load-balance { dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac }
Syntax Description
Command Modes
Usage Guidelines
For information about when to use these forwarding methods, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.
You can verify the configuration by entering the show running-config privileged EXEC command or the show etherchannel load-balance privileged EXEC command.
port-type
To configure the port type on a Cisco ME switch, use the port-type command in interface configuration mode. Since all ports are network node interfaces (NNIs), this command has no effect.
priority
To configure class-based priority queuing for a class of traffic belonging to an output policy map, use the priority command in policy-map class configuration mode. To remove a priority specified for a class, use the no form of this command.
Command Modes
Policy-map class configuration
Usage Guidelines
The priority command assigns traffic to a low-latency path and ensures that packets belonging to the class have the lowest possible latency. Packets in the priority queue are scheduled and sent until the queue is empty.
Note Only one unique class map in an attached policy map can be associated with a priority command. You cannot configure priority along with any other queuing action (bandwidth or shape average).
Note You should exercise care when using the priority command. Excessive use of strict priority queuing might cause congestion in other queues.
You can associate the priority command only with a single unique class for all attached output policies on the switch.
You cannot associate the priority command with the class-default of the output policy map.
You cannot configure priority and any other scheduling action ( shape average or bandwidth ) in the same class.
All output classes and queues use a default queue-limit (see the queue-limit command). However, you can override the default value by explicitly configuring an unqualified queue-limit on the class of an output policy map. You can change the queue limit by using the queue-limit policy-map class command, overriding the default set by the priority command.
You can verify the configuration by entering the show policy-map privileged EXEC command.
Examples
This example shows how to configure the class out-class1 as a strict priority queue so that all packets in that class are sent before any other class of traffic. Other traffic queues are configured so that out-class-2 gets 50 percent of the remaining bandwidth and out-class3 gets 20 percent of the remaining bandwidth. The class class-default receives the remaining 30 percent with no guarantees.
ql-enabled rep-segment
To configure a Synchronous Ethernet (SyncE) Resilient Ethernet Protocol (REP) workaround for network resiliency and to avoid timing loops when there are any network failures within the REP segment, use the ql-enabled rep-segment command in global configuration mode. To disable the workaround, use the no form of this command.
Command Modes
Usage Guidelines
Some SyncE networks use Ethernet Synchronous Messaging Channel (ESMC) with source-specific multicast (SSM) to ensure that the highest quality level clock available is selected and to prevent timing loops in the network. Because ESMC SSM is not supported on the switch, we recommend configuring the SyncE network as a REP segment to provide a REP workaround.
If you do not configure a REP workaround, an intermittent failure or change in network topology can cause timing loops in the SyncE network. Configuring REP allows the segment to automatically respond to a failure in the ring and avoid timing loops by changing the direction of the reference clock path.
SyncE uses REP only for failure detection, and not for timing topology discovery or timing loop prevention. Timing loops can still occur if port priority is not correctly configured.
You can see if a REP segment is enabled by entering the show network-clocks privileged EXEC command.
See the software configuration guide for more information about configuring REP segments and configuring the REP workaround.
queue-limit
To set the queue maximum threshold for Weighted Tail Drop (WTD) in an output policy map, use the queue-limit command in policy-map class configuration mode. To return to the default, use the no form of this command.
queue-limit { limit [ bytes bytes | us microseconds ] | cos value | discard-class value | dscp value | exp value | precedence value | qos-group value }
no queue-limit { limit [ bytes | us ] | cos value | discard-class value | dscp value | exp value | precedence value | qos-group value }
Syntax Description
Command Modes
Policy-map class configuration
Usage Guidelines
You use the queue-limit policy-map class command to control output traffic. Queue-limit settings are not supported in input policy maps.
Use the other classification values to specify the subtype of traffic that needs to be mapped to the unique threshold on the queue.
The switch supports one output policy map for each interface. Each class of a policy map can have three unique queue-limit configurations, including an unqualified queue-limit (that is a queue-limit without any qualifier).
The switch supports a maximum of eight queues per policy map, including the class-default. Queue-limit configurations are unique for a class of a policy map. There are a total of 256 queue-limit profiles in the switch, some of which are default profiles. Each profile can have three queue-limit configurations. When queue-limit configurations are the same across classes, the classes use the same queue-limit profile.
If you try to attach an output policy map that contains a fourth queue-limit configuration to an interface, you see an error message and the attachment is not allowed.
The queue-limit command is supported only after you first configure a scheduling action, such as bandwidth , shape-average , or priority , except when you configure queue-limit in the class-default of an output policy map.
You cannot configure more than two unique threshold values for WTD qualifiers ( cos , dscp , precedence , exp , discard-class , or qos-group ) in the queue-limit command. However, you can map any number of qualifiers to those thresholds. You can configure a third unique threshold value to set the threshold for the queue, using the queue-limit command with no qualifiers.
You can use these same queue-limit values in multiple output policy maps on the switch. However, changing one of the queue-limit values in a class would create a new, unique queue-limit configuration. You can attach only three unique queue-limit configurations in output policy maps to interfaces at any one time. If you try to attach an output policy map with a fourth unique queue-limit configuration, you see this error message:
You can verify your settings by entering the show policy-map privileged EXEC command.
Examples
This example shows a policy map with a specified bandwidth and queue size. Traffic that is not DSCP 30 or 10 is assigned a queue-limit of 2000 bytes. Traffic with a DSCP value of 30 is assigned a queue-limit of 1000 bytes, and traffic with a DSCP value of 10 is assigned a queue limit of 1500 bytes. All traffic not belonging to the class traffic is classified into class-default , which is configured with 10 percent of the total available bandwidth and a large queue size of 3000 bytes.
There can be only three unique qualified queue-limit thresholds. In this example, there are four unique thresholds, so the configuration is rejected:
In the next example, although there appear to be only three unique thresholds, in reality there are four threshold configurations, including an implied default threshold. The configuration is rejected.
In this example, only three unique thresholds are configured and the configuration is allowed.
random-detect
To configure WRED for a class in a policy map, use the random-detect command in policy-map class configuration mode. To disable WRED, use the no form of this command.
random-detect [ dscp-based | prec-based|cos-based ]
Syntax Description
Command Modes
Policy-map class configuration when used in a policy map (config-pmap-c)
Usage Guidelines
If you choose not to use either the dscp-based or the prec-based keywords, WRED uses the IP Precedence value (the default method) to calculate the drop probability for the packet.
WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when congestion exists. WRED is most useful with protocols like Transport Control Protocol (TCP) that respond to dropped packets by decreasing the transmission rate.
The router automatically determines parameters to use in the WRED calculations. To change these parameters, use the random-detect precedence command.
You can configure WRED as part of the policy map for a standard class or the default class. If you configure WRED, its packet drop capability is used to manage the queue when packets exceeding the configured maximum count are enqueued. If you configure the queue-limit command, tail drop is used.
To configure a policy map and create class policies, use the policy-map and class (policy-map) commands.
Two Methods for Calculating the Drop Probability of a Packet
This command includes two optional keywords, dscp-based and prec-based , that determine the method WRED uses to calculate the drop probability of a packet.
Note the following points when deciding which method to instruct WRED to use:
- With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type of service (ToS) byte) to calculate the drop probability.
- With the prec-based keyword, WRED will use the IP Precedence value to calculate the drop probability.
- The dscp-based and prec-based keywords are mutually exclusive.
- If neither argument is specified, WRED uses the IP Precedence value to calculate the drop probability (the default method).
Examples
The following example configures the policy map called policy1 to contain policy specification for the class called class1. During times of congestion, WRED packet drop is used instead of tail drop.
The following example enables WRED to use the DSCP value 8. The minimum threshold for the DSCP value 8 is 24 and the maximum threshold is 40. This configuration was performed at the interface level.
The following example enables WRED to use the DSCP value 8 for class c1. The minimum threshold for DSCP value 8 is 24 and the maximum threshold is 40. The last line attaches the service policy to the output interface or virtual circuit (VC) p1.
random-detect cos
To specify the outer class of service (CoS) value of a packet, the minimum and maximum thresholds, and the maximum probability denominator used for enabling weighted random early detection (WRED), use the random-detect cos command in policy-map class configuration mode. To reset the thresholds and maximum probability denominator to the default values for the specified CoS, use the no form of this command.
random-detect cos cos-value min-threshold max-threshold mark-probability-denominator
no random-detect cos cos-value min-threshold max-threshold mark-probability-denominator
Syntax Description
Defaults
The default values for the min-threshold and max-threshold arguments are based on the output buffering capacity and the transmission speed for the interface.
The default value for the mark-probability-denominator argument is 10; 1 out of every 10 packets is dropped at the maximum threshold.
Command Modes
Policy-map class configuration
Usage Guidelines
Note the following points when using the random-detect cos command:
- When the average queue length reaches the minimum threshold, WRED randomly drops some packets with the specified IP precedence.
- When the average queue length exceeds the maximum threshold, WRED drops all packets with the specified IP precedence.
- The mark-probability-denominator argument is the fraction of packets dropped when the average queue depth is at the maximum threshold. For example, if the denominator is 512, 1 out of every 512 packets is dropped when the average queue is at the maximum threshold.
Examples
In the following example, WRED has been enabled using the random-detect cos command. With the random-detect cos command, the CoS value has been specified, along with the minimum and maximum thresholds, and the maximum probability denominator.
Switch(config)# policy-map policymap1
random-detect cos-based
To enable weighted random early detection (WRED) on the basis of the class of service (CoS) value of a packet, use the random-detect cos-based command in policy-map class configuration mode. To disable WRED, use the no form of this command.