|
|
This chapter is a command-by-command description of the Cisco IOS commands that have created or changed for the Catalyst 2900 series XL switches. Table 2-1 lists the commands described in this chapter and the command mode from which they are entered.
| Commands | Description | |
|---|---|---|
| Exec mode | ||
| clear mac-address-table | Delete all addresses currently in the MAC address table. | |
| show mac-address-table | Display the MAC address table. | |
| show port block | Display the blocking of unicast and multicast filtering for the port. | |
| show port group | Display the ports that have been assigned to groups. | |
| show port monitor | Display the ports that have had port monitoring enabled for them. | |
| show port security | Display the ports that have had port security enabled. | |
| show port storm-control | Display the disposition of broadcast-storm control. | |
| Configuration mode | ||
| mac-address-table aging-time | Set the length of time that a dynamic entry can remain in the address table. | |
| mac-address-table dynamic | Enable address learning on the current interface. | |
| mac-address-table secure | Add entries to the address table that are known to be secure addresses. | |
| mac-address-table static | Add static entries to the address table. | |
| Interface configuration mode | ||
| ip address | Set a primary or secondary IP address of an interface. | |
| duplex | Specify the duplex mode of operation for an interface. | |
| port block | Prevent the flooding of unknown destination MAC addresses and multicast address on this interface. | |
| port group | Place this interface into a port aggregation group | |
| port monitor | Implement port monitoring on this port. | |
| port security | Enable port security on a port. | |
| port storm-control | Broadcast traffic is disabled if too many broadcast packets are seen on this port. | |
| shutdown | Disable an interface. | |
| spantree disable | Disable Spanning-Tree Protocol for the switch. | |
| spantree forwarding-time | Specify the forward delay interval for the switch. | |
| spantree hello-time | Specify the interval between Hello Bridge Protocol Data Units (BPDUs). | |
| spantree max-age | Change the interval the switch waits to hear BPDUs from the root bridge. | |
| spantree cost | Set a different path cost. | |
| spantree priority | Configure the priority of an individual bridge or the likelihood that it will be selected as the root bridge. | |
| spantree priority | Configure the Spanning-Tree Protocol priority of a port. | |
| spantree protocol | Define the type of Spanning-Tree Protocol. | |
| speed | Specify the speed of an interface. | |
Use the clear mac-address-table EXEC command to delete entries from the MAC address table.
clear mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface]
| static | Clear only the static addresses. |
| dynamic | Clear only the dynamic addresses. |
| secure | Clear only the secure addresses. |
| address | Clear all the addresses for an address. |
| hw-addr | Clear the addresses for this address. |
| interface | Clear all the addresses for an interface. |
| interface | Clear the addresses for this interface. |
EXEC
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions in the argument must be true for that entry to be deleted.
The following example shows how to clear the switch MAC address table:
Switch# clear mac-address-table
Use the duplex interface configuration command to specify the duplex mode of operation for an interface. Use the no form of this command to return the interface to its default value.
duplex {full | half | auto}
no duplex
| full | Specifies that the interface is in full-duplex mode. |
| half | Specifies that the interface is in half-duplex mode. |
| auto | Specifies that the interface should automatically detect whether it should run in full- or half-duplex mode. |
The default is auto.
Interface configuration
Certain interfaces can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All fixed ports can be configured for either full or half duplex. Setting the fixed ports to auto will have the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.
The following example shows how to set port 1 on module 2 to full duplex:
Switch(config)# interface fastethernet2/1 Switch(config-if)# duplex full
To set a primary or secondary IP address for an interface, use the ip address interface configuration command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask
no ip address ip-address mask
| ip-address | IP address. |
| mask | Mask for the associated IP subnet. |
No IP address is defined for the interface.
Interface configuration
An interface can have one primary IP address.
The following shows how to configure the IP address for the switch on a subnetted class B network:
Switch(config)# interface vlan1 Switch(config-if)# ip address 172.20.128.2 255.255.255.0
Use the mac-address-table aging-time configuration command to set the length of time that a dynamic entry can remain in the MAC address table, from the time the entry was used or last updated. Use the no form of this command to return to the default aging-time interval.
mac-address-table aging-time age
no mac-address-table aging-time
| age | A number from 10 to 1000000 seconds. |
The default is 300 seconds.
Configuration
If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts transmit again.
The following example sets the aging time to 200 seconds:
Switch(config)# mac-address-table aging-time 200
clear mac-address-table secure
show mac-address-table
mac-address-table static
mac-address-table dynamic
Use the mac-address-table dynamic configuration command to add entries to the MAC address table that are subject to aging. Use the no form of this command to remove entries from the MAC address table.
mac-address-table dynamic hw-addr interface
no mac-address-table dynamic hw-addr
| hw-addr | The MAC address that is added to the table. |
| interface | The interface to which packets destined for hw-addr are forwarded. |
Configuration
The following example shows how to add a dynamic address to the address table:
Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa0/1
clear mac-address-table secure
show mac-address-table
mac-address-table static
mac-address-table aging-time
Use the mac-address-table secure configuration command to add entries to the MAC address table that are known to be secure addresses. Use the no form of this command to remove entries from the MAC address table.
mac-address-table secure hw-addr interface
no mac-address-table secure hw-addr
| hw-addr | The MAC address that will be added to the table. |
| interface | The interface to which packets destined for hw-address will be forwarded. |
Configuration
Secure addresses can only be assigned to one port at a time. Therefore, if a secure address table entry for the specified hw-addr already exists on another port, it is removed from that port and assigned to the specified interface.
The following example shows how to add a secure MAC address to the first port of the system:
Switch(config)# mac-address-table secure 00c0.00a0.03fa fa0/1
mac-address-table aging-time
show mac-address-table
mac-address-table static
mac-address-table dynamic
Use the mac-address-table static configuration command to add static entries to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.
mac-address-table static hw-addr in-port out-port-list
no mac-address-table static hw-addr
| hw-addr | The MAC address that will be added to the table. |
| in-port | The input port from which packets received with a destination address of hw-addr will be forwarded to the list of ports in out-port-list. |
| out-port-list | The list of ports to which packets received with a destination address of hw-addr on ports in in-port will be forwarded. |
Configuration
Static addresses are not assigned to a port, but instead to the system. Each static address has an associated forwarding table that contains one entry for each input port in the system. This allows the following algorithm to be used: when a packet is received on the in-port, it is forwarded to each port in the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address that is already defined as a static address only modifies that port map (out-port-list) for the port specified in the in-port.
The following example adds a static address with port 1 as an input port and port 2 and port 8 as output ports:
Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8
mac-address-table aging-time
show mac-address-table
mac-address-table secure
mac-address-table dynamic
Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.
port block {unicast | multicast}
no port block {unicast | multicast}
| unicast | Do not forward packets with unknown unicast addresses to this port. |
| multicast | Do not forward packets with unknown multicast addresses to this port. |
Flood unknown unicast and multicast packets to all ports.
Interface configuration
The following example shows how to block the forwarding of multicast and unicast packets to a port:
Switch(config-if)# port block unicast Switch(config-if)# port block multicast
Use the port group interface configuration command to assign a port to a Fast EtherChannel port group. There can be four groups defined for a switch, and any number of ports can belong to a port group. Use the no form of this command to remove the port from the port group.
| group-number | Port group to which the port is assigned. This can be from 1 to 4. |
Port does not belong to a port group.
Interface configuration
This command cannot be used when Switched Port Analyzer (SPAN) port monitoring or port security is enabled for the port.
The following example shows how to add a port to a port group:
Switch(config-if)# port group 1
Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the interface to its default value.
port monitor [interface]
no port monitor [interface]
| interface | The module and port number for which SPAN is to be enabled. |
Port does not monitor any other ports.
Interface configuration
This command cannot be used when a port is part of a Fast EtherChannel port group or when port security is enabled. Specifying port monitoring without an interface causes all other ports to be monitored.
The following example shows how to enable port monitoring on a port:
Switch(config-if)# port monitor
Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the interface to its default value.
port security [action {shutdown | trap}]
port security [max-mac-count addresses]
no port security
| action | (Optional) Defines the action to take when an address violation occurs on this port. |
| shutdown | Disable the port when a security violation occurs. |
| trap | Generate an SNMP trap when a security violation occurs. |
| max-mac-count | (Optional) The maximum number of secure addresses that this port can support. |
| addresses | 1 to 132. |
Port security is disabled.
Interface configuration
This command cannot be used when a port is part of a Fast EtherChannel port group or when Switched Port Analyzer (SPAN) port monitoring is enabled.
The following example shows how to enable port security on a port. The maximum number of addresses that the port can learn is set to 8.
Switch(config-if)# port security action shutdown Switch(config-if)# port security max-mac-count 8
show port security
Use the port storm-control interface configuration command to enable broadcast storm control on a port. Use the no form of this command to disable storm control on the interface.
port storm-control [filter] [trap] [threshold {rising rising-number | falling falling-number}]
no port storm-control [filter] [trap] [threshold {rising rising-number | falling falling-number}]
| filter | Disable the port during a broadcast storm. |
| threshold | The threshold which signals the beginning or end of a broadcast storm. |
| rising | The threshold which signals the beginning of a broadcast storm. |
| rising-number | 0 to 4294967295 packets per second. |
| falling | The threshold which signals the end of a broadcast storm. |
| falling-number | 0 to 4294967295 packets per second. |
| trap | Generate an SNMP trap when the port crosses the rising or falling threshold. |
Broadcast storm control is not enabled.
Interface configuration
The following example shows how to enable broadcast storm control on a port:
Switch(config-if)# port storm-control threshold rising 1000 falling 200
Use the show mac-address-table EXEC command to display the MAC address table.
show mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface]
| static | (Optional) Display only the static addresses. |
| dynamic | (Optional) Display only the dynamic addresses. |
| secure | (Optional) Display only the secure addresses. |
| address | (Optional) Display entries for a specific address. |
| hw-addr | Display addresses for this address. |
| interface | (Optional) Indicates that only entries for a specific interface is displayed. |
| interface | Display entries for this interface. |
None
EXEC
This command displays the global MAC address table. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.
The following example shows how to display the switch MAC address table:
Switch# show mac-address-table Dynamic Addresses Count: 19 Secure Addresses (User-defined) Count: 0 Static Addresses (User-defined) Count: 0 System Self Addresses Count: 29 Total MAC addresses: 48 Non-static Address Table: Destination Address Address Type Destination Port ------------------- ------------ -------------------- 0000.0c5c.e176 Dynamic FastEthernet0/8 0000.2424.96b4 Dynamic FastEthernet0/8
To display the blocking of unicast or multicast flooding to a port, use the show port block EXEC command.
show port block {unicast | multicast} [interface]
| unicast | Show whether ports are blocking unicast packets or not. |
| multicast | Show whether ports are blocking multicast packets or not. |
| interface | (Optional) Show whether this port is blocking unicast or multicast packets. |
None
EXEC
None
The following example shows how to display port block information for a fixed port:
Switch# show port block unicast fa0/8 FastEthernet0/8 is blocked from unknown unicast addresses
port block
To display port groups, use the show port group EXEC command.
show port group [group-number]
| group-number | Port group to which the port is assigned. |
None
EXEC
Switched Port Analyzer (SPAN) port monitoring and port security cannot be enabled when a port belongs to a port group.
The following example shows how to display the members of a port group.
Switch# show port group 1
Group Interface
----- ---------------
1 FastEthernet0/1
1 FastEthernet0/4
port group
To display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled, use the show port monitor EXEC command.
show port monitor interface
| interface | The module and port number enabled for SPAN. |
None
EXEC
SPAN port monitoring cannot be enabled when a port belongs to a Fast EtherChannel group or when port security is enabled.
The following example shows how to display the ports that are being monitored by a fixed port:
Switch# show port monitor fa0/8 Monitor Port Port Being Monitored ------------------ -------------------- FastEthernet0/8 FastEthernet0/1 FastEthernet0/8 FastEthernet0/2 FastEthernet0/8 FastEthernet0/3 FastEthernet0/8 FastEthernet0/4 FastEthernet0/8 FastEthernet0/5 FastEthernet0/8 FastEthernet0/6 FastEthernet0/8 FastEthernet0/7
port monitor
To show the port security parameters defined for the port, use the show port security EXEC command.
show port security interface
Syntax Description
| interface | The module and port number to be displayed. |
None
EXEC
The following example shows how to display the port security information for a fixed port:
Switch# show port security fa0/4
Secure Port Secure Addr Secure Addr Security Security Action
Cnt (Current) Cnt (Max) Reject Cnt
--------------- ------------- ----------- ---------- ----------------------
FastEthernet0/4 1 132 0 Send Trap
port security
To display the rising and falling threshold for broadcast storm control, use the show port storm-control EXEC command. This command also displays the action that the switch takes when the thresholds are reached.
show port storm-control [interface]
| interface | (Optional) Show storm-control parameters for this port. |
None
EXEC
The following example shows how to display storm-control information for the switch:
Switch# show port storm-control Interface Filter State Trap State Rising Falling Current Traps Sent --------- ------------ ------------- ------ ------- ------- ---------- Fa0/1 <inactive> <inactive> 500 250 0 0 Fa0/2 <inactive> <inactive> 500 250 0 0 Fa0/3 <inactive> <inactive> 500 250 0 0 Fa0/4 <inactive> <inactive> 500 250 0 0 Fa0/5 <inactive> <inactive> 500 250 0 0 Fa0/6 <inactive> <inactive> 500 250 0 0 Fa0/7 <inactive> <inactive> 500 250 0 0 Fa0/8 <inactive> <inactive> 500 250 0 0
port storm-control
To disable an interface, use the shutdown interface configuration command. To restart a disabled interface, use the no form of this command.
shutdown
no shutdown
This command has no arguments or keywords.
None
Interface configuration
Use shutdown Vlan1 to disable communication with the switch. The shutdown interface command causes the port to stop forwarding but maintains communication with the switch. For example, you can still enable the port with no shutdown.
The following example shows how to disable a fixed port and how to reenable it:
Switch(config)# interface fa0/8 Switch(config-if)#shutdown Switch(config-if)# no shutdown Switch(config-if)#
To disable the Spanning-Tree Protocol, use the spantree disable interface configuration command. To enable the Spanning-Tree Protocol, use the no form of this command.
spantree disable
no spantree disable
This command has no arguments or keywords.
STP is enabled
Interface configuration
Shutting down the Spanning-Tree Protocol causes the switch to stop participating in STP. Ports that are administratively down remain down. Ports in the blocking state behave as if they are in the forwarding state and could cause a loop. Received BPDUs are forwarded like any other multicast frame.
The following example shows how to disable STP on the switch:
Switch(config)# interface vlan1 Switch(config-if)# spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the spantree forwarding-time interface configuration command to specify the forward delay interval for the switch. Use the no form of this command to return to the default interval.
spantree forwarding-time seconds
no spantree forwarding-time
| seconds | A number from 10 to 200. |
15-second delay
Interface configuration
The forward delay interval is the amount of time the switch spends listening for topology information and learning addresses after an interface activates and before forwarding actually begins.
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge.
The following example shows how to set the forward-delay interval to 60 seconds
Switch(config)# interface vlan1 Switch(config-if)# spantree forward-time 60
spantree disable
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the spantree hello-time interface configuration command to specify the interval between Hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the default interval.
spantree hello-time seconds
no spantree hello-time
| seconds | A number between 1 and 10. |
The default is 2 seconds.
Interface configuration
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge. For this reason, this parameter only applies when this switch is the root switch.
The following example show how to set the interval to 5 seconds:
Switch(config)# interface vlan1 Switch(config-if)# spantree hello-time 5
spantree disable
spantree forwarding-time
spantree max-age
spantree priority
spantree priority
Use the spantree max-age interface configuration command to change the interval the switch waits to hear bridge protocol data units (BPDUs) from the root bridge. If a switch does not hear BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology. Use the no form of this command to return to the default interval.
spantree max-age seconds
no spantree max-age
| seconds | A number from 6 to 200. |
The default is 20 seconds.
Interface configuration
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge.
The following example shows how to increase the maximum idle interval to 20 seconds:
Switch(config)# interface vlan1 Switch(config-if)# spantree max-age 20
spantree disable
spantree forwarding-time
spantree hello-time
spantree priority
spantree priority
Use the spantree cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
spantree cost cost
no spantree cost
| cost | Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies regardless of the Spanning-Tree Protocol that has been specified. |
The default is 1000/interface-speed-Mbps. Thus, a 100-Mbps interface has a default path cost of 10, and a 10-Mbps interface has a default path cost of 100.
Interface configuration
By convention, the path cost is 1000/data rate of the attached LAN (IEEE), or 10000/data rate of the attached LAN (Digital), in Mbps. This parameter is automatically adjusted for, unless overridden by this command.
The following example changes the default path cost for a fixed port:
Switch(config)# interface fa0/1 Switch(config-if)# spantree cost 250
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the spantree portfast interface configuration command to decrease the amount of time it takes STP to bring a port into the forwarding state. Use the no form of this command to disable PortFast.
spantree portfast
no spantree portfast
This command has no parameters.
PortFast is disabled.
Interface configuration
This command should only be used when a port is connected to a workstation or server. If PortFast is enabled on a port connected to another switch or hub, it can prevent STP from detecting and avoiding loops in the network.
The following example shows how to enable PortFast on a fixed port:
Switch(config)# interface fa0/2 Switch(config-if)# spantree portfast
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the spantree priority interface configuration command to configure the priority of an individual bridge.
spantree priority number
| number | A number from 0 through 65535. |
When the IEEE Spanning-Tree Protocol is enabled on the switch: 32768
Interface configuration
When two bridges tie for position as the root bridge, a bridge priority determines which bridge serves as the root bridge. The lower the number, the more likely the bridge is chosen as root. Use the spantree priority interface configuration command to control an interface priority.
The following example establishes this switch as a likely candidate to be the root bridge:
Switch(config)# interface vlan1 Switch(config-if)# spantree priority 100
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the spantree priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie. Use the no form of this command to return to the default priority.
spantree priority number
no spantree priority
| priority | Indicates that the following parameter specifies the new priority for the vlan and interface. |
| number | Priority number ranging from 0 through 255 (Digital) or 0 through 64000 (IEEE). |
32768 - IEEE spanning-tree protocol
Interface configuration
The lower the number, the more likely it is that the bridge on the interface will be chosen as the root. The switch-based version of this command sets the priority for the switch.
The following example increases the likelihood that the root bridge will be the one on FastEthernet interface 0 on port 1:
Switch(config)#interface fastethernet 0/1 Switch(config-if)#spantree priority 100
spantree forwarding-time
spantree hello-time
spantree max-age
spantree disable
spantree priority
Use the protocol interface configuration command to define the type of Spanning-Tree Protocol. Use the no protocol command to set the protocol to its default value of IEEE.
spantree protocol [ieee | dec | ibm]
no spantree protocol
| ieee | IEEE Ethernet Spanning-Tree Protocol |
| dec | Digital Spanning-Tree Protocol |
| ibm | IBM Spanning-Tree Protocol |
The IEEE 802.1d Spanning-Tree Protocol is enabled by default.
Interface configuration
The IEEE 802.1d Spanning-Tree Protocol is the preferred way to run the switch. Use the other protocols only for backward compatibility.
The following example shows how to set the switch (vlan1) to use the IEEE 802.1d Spanning-Tree Protocol:
Switch(config)# interface vlan1 Switch(config-if)# spantree protocol ieee
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
Use the speed interface configuration command to specify the speed of the interface. Use the no form of this command to return the interface to its default value.
speed [10 | 100 | auto]
no speed
| 10 | Specifies that the interface runs at 10 Mbps. |
| 100 | Specifies that the interface runs at 100 Mbps. |
| auto | Specifies that the interface should automatically detect whether it should run at 10 Mbps or 100 Mbps. |
The default is auto.
Interface configuration
Certain interfaces can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent. All fixed ports can be configured for either 10- or 100-Mbps operation.
The following example shows how to set port 1 on module 2 to 100 Mbps:
Switch(config)# interface fastethernet2/1 Switch(config-if)# speed 100
|
|