Вы находитесь на странице: 1из 460
Catalyst 2950 and Catalyst 2955 Switch Command Reference Cisco IOS Release 12.1(12c)EA1 February 2003 Corporate
Catalyst 2950 and Catalyst 2955 Switch Command Reference Cisco IOS Release 12.1(12c)EA1 February 2003 Corporate
Catalyst 2950 and Catalyst 2955 Switch Command Reference Cisco IOS Release 12.1(12c)EA1 February 2003 Corporate

Catalyst 2950 and Catalyst 2955 Switch Command Reference

Cisco IOS Release 12.1(12c)EA1 February 2003

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive

San Jose, CA 95134-1706 USA http://www.cisco.com

Tel:

408 526-4000

Fax:

800 553-NETS (6387) 408 526-4100

Customer Order Number: DOC-7815304= Text Part Number: 78-15304-01

526-4000 Fax: 800 553-NETS (6387) 408 526-4100 Customer Order Number: DOC-7815304= Text Part Number: 78-15304-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Breakthrough, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0301R)

Catalyst 2950 and Catalyst 2955 Switch Command Reference Copyright © 2003, Cisco Systems, Inc. All rights reserved.

CONTENTS
CONTENTS

Preface

xi

Audience xi

Purpose xi

Organization xii

Conventions xii

Related Publications

Obtaining Documentation World Wide Web

xiii

xiv

xiv

Documentation CD-ROM

xiv

Ordering Documentation

xiv

Documentation Feedback

xv

Obtaining Technical Assistance

xv

Cisco.com xv Technical Assistance Center Contacting TAC by Using the Cisco TAC Website

xv

Contacting TAC by Telephone

xvi

xvi

CHAPTER

1

Using the Command-Line Interface

1-1

 

Type of Memory

1-1

Platforms 1-1

CLI Command Modes User EXEC Mode

1-2

1-3

Privileged EXEC Mode

1-3

 

Global Configuration Mode Interface Configuration Mode

1-4

1-4

config-vlan Mode

1-4

 

1-5

 

VLAN Configuration Mode Line Configuration Mode

1-5

Command Summary

1-6

CHAPTER

2

Cisco IOS Commands

2-1

 

aaa authentication dot1x

2-1

 

access-list (IP extended)

2-3

Catalyst 2950 and Catalyst 2955 Switch Command Reference

2-1   access-list (IP extended) 2-3 Catalyst 2950 and Catalyst 2955 Switch Command Reference iii 78-15304-01

iii

78-15304-01

Contents

access-list (IP standard)

2-6

auto qos voip

2-8

boot private-config-file channel-group 2-12 channel-protocol 2-15 class 2-17 class-map 2-19

2-11

clear interface

2-21

clear lacp

2-22

clear mac address-table

2-23

clear pagp

2-25

clear port-security dynamic clear port-security sticky

clear spanning-tree detected-protocols

clear vmps statistics clear vtp counters

2-26

2-27

2-30

2-31

2-29

cluster commander-address

2-32

cluster discovery hop-count

2-34

cluster enable

2-35

cluster holdtime

2-36

cluster management-vlan

cluster member

cluster run

2-38

2-40

2-37

cluster standby-group

2-41

cluster timer

2-43

define interface-range

2-44

delete 2-46 deny (access-list configuration)

deny (MAC access-list configuration)

2-47

dot1x default

2-53

dot1x max-req

2-54

dot1x multiple-hosts

dot1x port-control

dot1x re-authenticate dot1x re-authentication

2-55

2-56

2-58

2-59

2-50

dot1x re-authentication 2-55 2-56 2-58 2-59 2-50 iv Catalyst 2950 and Catalyst 2955 Switch Command Reference

iv

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Contents

dot1x timeout quiet-period

2-60

dot1x timeout re-authperiod

2-61

dot1x timeout tx-period duplex 2-63

2-62

errdisable detect

2-65

errdisable recovery

2-67

flowcontrol 2-69

interface 2-73

interface port-channel

2-75

interface range

2-76

ip access-group

2-78

ip access-list

2-80

ip address

2-82

ip igmp snooping

2-83

ip igmp snooping source-only-learning

2-84

ip igmp snooping vlan

2-86

ip igmp snooping vlan immediate-leave

2-87

ip igmp snooping vlan mrouter ip igmp snooping vlan static

lacp port-priority

2-92

2-88

2-90

lacp system-priority

2-93

mac access-group

2-94

mac access-list extended

2-96

mac address-table aging-time

2-98

mac address-table notification

2-100

mac address-table static match 2-104

2-102

mls qos cos

2-106

mls qos map

2-108

mls qos trust

2-110

monitor session

2-113

mvr

2-116

mvr immediate

2-119

mvr type

2-121

mvr vlan group

2-123

Catalyst 2950 and Catalyst 2955 Switch Command Reference

mvr type 2-121 mvr vlan group 2-123 Catalyst 2950 and Catalyst 2955 Switch Command Reference v

v

78-15304-01

Contents

pagp learn-method

2-125

pagp port-priority

2-127

permit (access-list configuration)

permit (MAC access-list configuration) police 2-133 policy-map 2-135

port-channel load-balance rcommand 2-139 remote-span 2-141

rmon collection stats service-policy 2-145

set

show access-lists show auto qos

show boot

show class-map

show cluster

2-128

2-137

2-143

2-147

2-149

2-151

2-155

2-153

2-157

2-131

show cluster candidates

2-159

show cluster members

2-161

show dot1x

2-163

show env

2-167

show errdisable recovery

2-168

show etherchannel

2-170

show file

2-173

show interfaces

2-176

show interfaces counters

2-182

show ip access-lists show ip igmp snooping

show ip igmp snooping mrouter

show lacp

2-185

2-187

2-191

2-189

show mac access-group

2-193

show mac address-table

2-195

show mac address-table multicast

show mac address-table notification

show mls masks

2-202

2-198

2-200

address-table notification show mls masks 2-202 2-198 2-200 vi Catalyst 2950 and Catalyst 2955 Switch Command

vi

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Contents

show mls qos interface show mls qos maps

show monitor

2-204

2-206

2-208

show mvr

2-210

show mvr interface

2-212

show mvr members

2-214

show pagp

2-216

show policy-map

2-218

show port-security

2-220

show rps

2-223

show running-config vlan

2-225

show spanning-tree

2-227

2-232

2-235

show storm-control

show system mtu

show udld

2-236

show version

2-239

 

show vlan

2-240

show vmps

2-244

show vtp

2-247

show wrr-queue bandwidth

2-252

show wrr-queue cos-map shutdown 2-254

2-253

shutdown vlan

2-255

snmp-server enable traps

2-256

snmp-server host

2-258

snmp trap mac-notification

2-261

spanning-tree backbonefast spanning-tree bpdufilter spanning-tree bpduguard

spanning-tree cost

2-263

2-264

2-266

2-268

spanning-tree extend system-id

2-270

spanning-tree guard

2-272

spanning-tree link-type

2-274

spanning-tree loopguard default

2-275

spanning-tree mode

2-277

Catalyst 2950 and Catalyst 2955 Switch Command Reference

default 2-275 spanning-tree mode 2-277 Catalyst 2950 and Catalyst 2955 Switch Command Reference vii 78-15304-01

vii

78-15304-01

Contents

spanning-tree mst configuration

spanning-tree mst cost

spanning-tree mst forward-time spanning-tree mst hello-time

2-278

2-282

2-280

2-283

spanning-tree mst max-age spanning-tree mst max-hops

spanning-tree mst max-age spanning-tree mst max-hops

2-285

2-287

spanning-tree mst port-priority

spanning-tree mst priority spanning-tree mst root spanning-tree port-priority

spanning-tree portfast (global configuration)

spanning-tree portfast (interface configuration)

2-289

2-291

2-292

2-294

2-296

2-298

spanning-tree stack-port

2-300

spanning-tree uplinkfast

2-302

spanning-tree vlan

2-304

speed 2-307

storm-control 2-309 switchport access

2-311

switchport mode

2-313

switchport nonegotiate

2-315

switchport port-security

2-317

switchport port-security aging switchport priority extend

switchport protected

switchport trunk

switchport voice vlan

system mtu

traceroute mac traceroute mac ip

udld (global configuration)

udld (interface configuration)

udld reset

2-320

2-322

2-323

2-324

2-327

2-329

2-331

2-334

2-337

2-339

2-341

vlan (global configuration) vlan (VLAN configuration)

vlan (global configuration) vlan (VLAN configuration)

2-342

2-348

vlan database

2-354

(VLAN configuration) 2-342 2-348 vlan database 2-354 viii Catalyst 2950 and Catalyst 2955 Switch Command

viii

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Contents

vmps reconfirm (global configuration) vmps reconfirm (privileged EXEC)

2-357

2-358

vmps retry

2-359

vmps server

2-360

vtp (global configuration) vtp (privileged EXEC) vtp (VLAN configuration) wrr-queue bandwidth

2-362

2-366

2-368

2-372

 

wrr-queue cos-map

2-374

APPENDIX

A

Catalyst 2955-Specific Alarm Commands

A-1

 

alarm facility fcs-hysteresis alarm facility power-supply alarm facility temperature

A-2

A-3

A-4

alarm profile (global configuration)

A-6

alarm profile (interface configuration) fcs-threshold A-9

A-8

 

power-supply dual

A-10

show alarm description port

A-11

show alarm profile

A-12

show alarm settings

A-14

show env

A-16

show facility-alarm relay

A-18

 

show facility-alarm status

A-19

show fcs-threshold

A-20

test relay

A-21

APPENDIX

B

Debug Commands

B-1

 
 

debug autoqos

B-2

debug dot1x

B-4

debug etherchannel

B-5

debug pagp

B-6

debug pm

B-7

debug spanning-tree

B-9

debug spanning-tree backbonefast

debug spanning-tree bpdu

B-12

B-11

Catalyst 2950 and Catalyst 2955 Switch Command Reference

backbonefast debug spanning-tree bpdu B-12 B-11 Catalyst 2950 and Catalyst 2955 Switch Command Reference ix 78-15304-01

ix

78-15304-01

Contents

I NDEX

debug spanning-tree bpdu-opt debug spanning-tree mstp debug spanning-tree switch

debug spanning-tree uplinkfast

debug sw-vlan debug sw-vlan ifs

debug sw-vlan notification

debug sw-vlan vtp

debug udld

B-13

B-14

B-16

B-18

B-19

B-21

B-23

B-22

B-25

vtp debug udld B-13 B-14 B-16 B-18 B-19 B-21 B-23 B-22 B-25 x Catalyst 2950 and

x

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Preface Audience This guide is for the networking professional using the Cisco IOS command-line interface

Preface

Audience

This guide is for the networking professional using the Cisco IOS command-line interface (CLI) to manage the Catalyst 2950 and Catalyst 2955 switches, hereafter referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS and be familiar with the concepts and terminology of Ethernet and local area networking.

Purpose

The Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image (EI). The Catalyst 2955 switch uses only the EI. The enhanced software image provides a richer set of features, including access control lists (ACLs), enhanced quality of service (QoS) features, extended-range VLANs, the IEEE 802.1W Rapid Spanning Tree Protocol (RSTP), the IEEE 802.1S Multiple Spanning Tree Protocol (MSTP), and and Remote Switched Port Analyzer (RSPAN).

The software supports the switches listed in the release notes and in this table:

 

Software

Switch

Image

Catalyst 2950-12

SI

Catalyst 2950-24

SI

Catalyst 2950C-24

EI

Catalyst 2950G-12-EI

EI

Catalyst 2950G-24-EI

EI

Catalyst 2950G-24-EI-DC

EI

Catalyst 2950G-48-EI

EI

Catalyst 2950SX-24

SI

Catalyst 2950T-24

EI

Catalyst 2955C-12

EI

Catalyst 2955S-12

EI

Catalyst 2955T-12

EI

Catalyst 2950 and Catalyst 2955 Switch Command Reference

2955S-12 EI Catalyst 2955T-12 EI Catalyst 2950 and Catalyst 2955 Switch Command Reference xi 78-15304-01

xi

78-15304-01

Organization

Preface

Organization Preface Note This software release does not support the Catalyst 2950 LRE switches. For information

Note

This software release does not support the Catalyst 2950 LRE switches. For information about these switches, refer to the Catalyst 2950 LRE switch release notes.

This guide provides the information you need about the CLI commands that have been created or changed for use with the Catalyst 2950 family of switches. For information about the standard IOS Release 12.1 commands, refer to the IOS documentation set available from the Cisco.com home page by selecting Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list.

This guide does not provide procedures for configuring your switch. For detailed configuration procedures, refer to the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide for this release.

This guide does not describe system messages you might encounter. For more information, refer to the Catalyst 2950 and Catalyst 2955 Switch System Message Guide for this release.

Organization

This guide is organized into these chapters:

Chapter 1, Using the Command-Line Interface,describes how to access the command modes and use the switch CLI to configure software features. It also lists the commands that have the same function but different syntax in software releases earlier than Release 12.1(6)EA2 and in Release 12.1(6)EA2 or later.

Chapter 2, Cisco IOS Commands,describes in alphabetical order the IOS commands that you use to configure and monitor your switch.

Appendix A, Catalyst 2955-Specific Alarm Commands,describes the IOS commands that you use to set alarms related to temperature, power supply conditions, and the status of the Ethernet ports.

Appendix B, Debug Commands,describes the debug privileged EXEC commands. Debug commands are helpful in diagnosing and resolving internetworking problems.

Conventions

This guide uses these conventions to convey instructions and information:

Command descriptions use these conventions:

Commands and keywords are in boldface text.

Arguments for which you supply values are in italic.

Square brackets ([ ]) mean optional elements.

Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element.

([{ | }]) mean a required choice within an optional element. xii Catalyst 2950 and Catalyst

xii

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Preface

Related Publications

Interactive examples use these conventions:

Terminal sessions and system displays are in screen font.

Information you enter is in boldface screen font.

Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and tips use these conventions and symbols:

Notes, cautions, and tips use these conventions and symbols: Note Means reader take note . Notes

Note

Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

or references to materials not contained in this manual. Caution Means reader be careful . In

Caution

Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

that could result in equipment damage or loss of data. Timesaver Means the following will help

Timesaver

Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.

Related Publications

These documents provide complete information about the switch and are available from this URL:

You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the Obtaining Documentationsection on page xiv.

Release Notes for the Catalyst 2955 Switch, (not orderable but is available on Cisco.com)

2955 Switch, (not orderable but is available on Cisco.com) Note Switch requirements and procedures for initial

Note

Switch requirements and procedures for initial configurations and software upgrades tend to change and therefore appear only in the release notes. Before installing, configuring, or upgrading the switch, refer to the release notes on Cisco.com for the latest information.

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide (order number

DOC-7815303=)

Catalyst 2950 and Catalyst 2955 Switch Command Reference (order number DOC-7815304=)

Catalyst 2955 Desktop Switch System Message Guide (order number DOC-7815306=)

Catalyst 2955 Hardware Installation Guide (order number DOC-7814944=)

Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide (order number DOC-786460=)

Cluster Management Suite (CMS) online help (available only from the switch CMS software)

CWDM Passive Optical System Installation Note (not orderable but is available on Cisco.com)

1000BASE-T Gigabit Interface Converter Installation Notes (not orderable but is available on Cisco.com)

Catalyst 2950 and Catalyst 2955 Switch Command Reference

(not orderable but is available on Cisco.com) Catalyst 2950 and Catalyst 2955 Switch Command Reference xiii

xiii

78-15304-01

Obtaining Documentation

Preface

Obtaining Documentation Preface Note For information about the Catalyst 2950 LRE switches, refer to these documents:

Note

For information about the Catalyst 2950 LRE switches, refer to these documents:

Catalyst 2950 Desktop Switch Software Configuration Guide, Cisco IOS Release 12.1(11)EA1 and Release 12.1(11)YJ (order number DOC-7814982=)

Catalyst 2950 Desktop Switch Command Reference, Cisco IOS Release 12.1(11)EA1 and Release 12.1(11)YJ (order number DOC-7814984=)

Catalyst 2950 Desktop Switch System Message Guide, Cisco IOS Release 12.1(11)EA1 and Release 12.1(11)YJ (order number DOC-7814981=)

Release Notes for the Catalyst 2950 LRE Switch, Cisco IOS Release 12.1(11)YJ (not orderable but is available on Cisco.com)

Obtaining Documentation

The following sections provide sources for obtaining documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following sites:

http://www.cisco.com

http://www-china.cisco.com

http://www-europe.cisco.com

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Cisco documentation is available in the following ways:

Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Subscription Store: http://www.cisco.com/go/subscription xiv Catalyst 2950 and Catalyst 2955 Switch Command Reference

xiv

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Preface

Obtaining Technical Assistance

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc. Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

To access Cisco.com, go to the following website:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

warranty or covered by a maintenance contract. Catalyst 2950 and Catalyst 2955 Switch Command Reference xv

xv

78-15304-01

Obtaining Technical Assistance

Preface

Contacting TAC by Using the Cisco TAC Website

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:

http://www.cisco.com/tac

P3 and P4 level problems are defined as follows:

P3Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

P4You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.

In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.

To register for Cisco.com, go to the following website:

http://www.cisco.com/register/

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:

http://www.cisco.com/tac/caseopen

Contacting TAC by Telephone

If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

P1 and P2 level problems are defined as follows:

P1Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.

P2Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.

of your business operations. No workaround is available. xvi Catalyst 2950 and Catalyst 2955 Switch Command

xvi

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

1 CHAPTER
1
CHAPTER

Using the Command-Line Interface

The Catalyst 2950 and Catalyst 2955 switches are supported by Cisco IOS software. This chapter describes how to use the switch command-line interface (CLI) to configure the software features.

For a complete description of the commands that support these features, see Chapter 2, Cisco IOS Commands.For Catalyst 2955-specific commands for setting alarms, refer to Appendix A, Catalyst 2955-Specific Alarm Commands.For more information on Cisco IOS Release 12.1, refer to the Cisco IOS Release 12.1 Command Summary.

For task-oriented configuration steps, refer to the software configuration guide for this release.

The switches are preconfigured and begin forwarding packets as soon as they are attached to compatible devices.

By default, all ports belong to virtual LAN (VLAN) 1. Access to the switch itself is also through VLAN 1, which is the default management VLAN. The management VLAN is configurable. You manage the switch by using Telnet, Secure Shell (SSH) Protocol, web-based management, and Simple Network Management Protocol (SNMP) through devices connected to ports assigned to the management VLAN.

Type of Memory

The switch Flash memory stores the Cisco IOS software image, the startup and private configuration files, and helper files.

Platforms

This IOS release runs on a variety of switches. For a complete list, refer to the release notes for this software release.

list, refer to the release notes for this software release. Note This software release does not

Note

This software release does not support the Catalyst 2950 LRE switches. For information about these switches, refer to the Catalyst 2950 LRE switch release notes.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

to the Catalyst 2950 LRE switch release notes. Catalyst 2950 and Catalyst 2955 Switch Command Reference

1-1

78-15304-01

CLI Command Modes

Chapter 1

Using the Command-Line Interface

CLI Command Modes

This section describes the CLI command mode structure. Command modes support specific Cisco IOS commands. For example, the interface type_number command works only when entered in global configuration mode. These are the main command modes:

User EXEC

Privileged EXEC

Global configuration

Interface configuration

Config-vlan

VLAN configuration

Line configuration

Table 1-1 lists the command modes, how to access each mode, the prompt you see in that mode, and how to exit that mode. The prompts listed assume the default name Switch.

Table 1-1

Command Modes Summary

Command Mode

Access Method

Prompt

Exit or Access Next Mode

User EXEC

This is the first level of access.

Switch>

Enter the logout command.

(For the switch) Change terminal settings, perform basic tasks, and list system information.

To enter privileged EXEC mode, enter the enable command.

Privileged EXEC

From user EXEC mode, enter the enable command.

Switch#

To exit to user EXEC mode, enter the disable command.

To enter global configuration mode, enter the configure command.

Global

From privileged EXEC mode, enter the configure command.

Switch(config)#

To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z.

To enter interface configuration mode, enter the interface command.

configuration

 

Interface

From global configuration mode, specify an interface by entering the interface command.

Switch(config-if)#

To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z.

To exit to global configuration mode, enter the exit command.

configuration

 

To enter subinterface configuration mode, specify a subinterface with the interface command.

Config-vlan

In global configuration mode, enter the vlan vlan-id command.

Switch(config-vlan)#

To exit to global configuration mode, enter the exit command.

To return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

EXEC mode, enter the end command, or press Ctrl-Z . 1-2 Catalyst 2950 and Catalyst 2955

1-2

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 1

Using the Command-Line Interface

CLI Command Modes

Table 1-1

Command Modes Summary (continued)

Command Mode

Access Method

Prompt

Exit or Access Next Mode

VLAN

From privileged EXEC mode, enter the vlan database command.

Switch(vlan)#

To exit to privileged EXEC mode, enter the exit command.

configuration

Line configuration

From global configuration mode, specify a line by entering the line command.

Switch(config-line)#

To exit to global configuration mode, enter the exit command.

To return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

User EXEC Mode

After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, use the user EXEC commands to change terminal settings temporarily, to perform basic tests, and to list system information.

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch> ?

Privileged EXEC Mode

Because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which you access the remaining command modes.

If your system administrator has set a password, you are prompted to enter it before being granted access to privileged EXEC mode. The password does not appear on the screen and is case sensitive.

The privileged EXEC mode prompt is the device name followed by the pound sign (#).

Switch#

Enter the enable command to access privileged EXEC mode:

Switch> enable

Switch#

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch# ?

To return to user EXEC mode, enter the disable command.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

to user EXEC mode, enter the disable command. Catalyst 2950 and Catalyst 2955 Switch Command Reference

1-3

78-15304-01

CLI Command Modes

Chapter 1

Using the Command-Line Interface

Global Configuration Mode

Global configuration commands apply to features that affect the device as a whole. Use the configure privileged EXEC command to enter global configuration mode. The default is to enter commands from the management console.

When you enter the configure command, a message prompts you for the source of the configuration commands:

Switch# configure Configuring from terminal, memory, or network [terminal]?

You can specify either the terminal or nonvolatile RAM (NVRAM) as the source of configuration commands.

This example shows you how to access global configuration mode:

Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config)# ?

To exit global configuration command mode and to return to privileged EXEC mode, enter the end or exit command, or press Ctrl-Z.

Interface Configuration Mode

Interface configuration commands modify the operation of the interface. Interface configuration commands always follow a global configuration command, which defines the interface type.

Use the interface type_number.subif command to access interface configuration mode. The new prompt shows interface configuration mode.

Switch(config-if)#

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config-if)# ?

To exit interface configuration mode and to return to global configuration mode, enter the exit command. To exit interface configuration mode and to return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

config-vlan Mode

Use this mode to configure normal-range VLANs (VLAN IDs 1 to 1005) or, when VTP mode is transparent, to configure extended-range VLANs (VLAN IDs 1006 to 4094) when the enhanced software image is installed. When VTP mode is transparent, the VLAN and VTP configuration is saved in the running configuration file, and you can save it to the switch startup configuration file by using the copy running-config startup-config privileged EXEC command. The configurations of VLAN IDs 1 to 1005 are saved in the VLAN database if VTP is in transparent or server mode. The extended-range VLAN configurations are not saved in the VLAN database.

VLAN configurations are not saved in the VLAN database. 1-4 Catalyst 2950 and Catalyst 2955 Switch

1-4

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 1

Using the Command-Line Interface

CLI Command Modes

Enter the vlan vlan-id global configuration command to access config-vlan mode:

Switch(config)# vlan 2000 Switch(config-vlan)#

The supported keywords can vary but are similar to the commands available in VLAN configuration mode. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config-vlan)# ?

For extended-range VLANs, all characteristics except MTU size must remain at the default setting.

To return to global configuration mode, enter exit; to return to privileged EXEC mode, enter end. All commands except shutdown take effect when you exit config-vlan mode.

VLAN Configuration Mode

You can use the VLAN configuration commands to create or modify VLAN parameters for VLANs 1 to 1005. Enter the vlan database privileged EXEC command to access VLAN configuration mode:

Switch# vlan database Switch(vlan)#

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(vlan)# ?

To return to privileged EXEC mode, enter the abort command to abandon the proposed database. Otherwise, enter exit to implement the proposed new VLAN database and to return to privileged EXEC mode.

Line Configuration Mode

Line configuration commands modify the operation of a terminal line. Line configuration commands always follow a line command, which defines a line number. Use these commands to change terminal parameter settings line-by-line or for a range of lines.

Use the line vty line_number [ending_line_number] command to enter line configuration mode. The new prompt indicates line configuration mode.

This example shows how to enter line configuration mode for virtual terminal line 7:

Switch(config)# line vty 0 7

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config-line)# ?

To exit line configuration mode and to return to global configuration mode, use the exit command. To exit line configuration mode and to return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

mode, enter the end command, or press Ctrl-Z . Catalyst 2950 and Catalyst 2955 Switch Command

1-5

78-15304-01

Command Summary

Chapter 1

Using the Command-Line Interface

Command Summary

Table 1-2 lists and describes commands for the Catalyst 2950 switch that have the same function but different syntax in software releases earlier than Release 12.1(6)EA2 and in Release 12.1(6)EA2 or later. It lists the commands supported in releases earlier than Release 12.1(6)EA2, the equivalent commands in Release 12.1(6)EA2 or later, and command descriptions.

If you are running Release 12.1(6)EA2 or later, the switch supports the commands in the left column of Table 1-2 only if they are in a saved configuration file. When you save the switch configuration after modifying it, the commands in Table 1-2 are replaced by equivalent commands supported in Release 12.1(6)EA2 or later.

For information about commands listed in the left column of Table 1-2, refer to the Catalyst 2950 Desktop Switch Command Reference, Cisco IOS Release 12.0(5.2)WC(1) (April 2001). You can access this document at this URL:

Table 1-2

Command Comparison

Command in IOS releases earlier than Release 12.1(6)EA2

Command in Release 12.1(6)EA2 or later

Description

mac-address-table secure

switchport port-security mac-address

Adds secure addresses to the MAC address table.

no negotiation auto

speed nonegotiate

Disables autonegotiation on 1000BASE-X, -LX, and -ZX GBIC 1 ports.

port group

channel-group

Assigns a port to a Fast EtherChannel or Gigabit EtherChannel port group.

port monitor

monitor session

Enables SPAN 2 port monitoring on a port.

port protected

switchport protected

Isolates Layer 2 unicast, multicast, and broadcast traffic from other protected ports on the same switch.

port security

switchport port-security

Enables port security on a port and restricts the use of the port to a user-defined group of stations.

port security action

switchport port-security violation

Specifies the action to take when an address violation occurs on a secure port.

port security

switchport port-security maximum

Specifies the maximum number of secure addresses supported by a secure port.

max-mac-count

port storm-control

storm-control

Enables unicast, multicast, or broadcast storm control on a port, and specifies storm-control parameters on a port.

show mac-address-table secure

show port-security

Displays the port security settings for an interface and the secure addresses in the MAC address table.

interface and the secure addresses in the MAC address table. 1-6 Catalyst 2950 and Catalyst 2955

1-6

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 1

Using the Command-Line Interface

Command Summary

Table 1-2

Command Comparison (continued)

Command in IOS releases earlier than Release 12.1(6)EA2

Command in Release 12.1(6)EA2 or later

Description

show port group

show etherchannel

Displays EtherChannel information for

a

channel.

show port monitor

show monitor

Displays SPAN session information.

show port protected

show interfaces switchport

Displays the port protection settings of

a

port.

show port security

show port-security

Displays the port security settings defined for a port.

show port storm-control

show storm-control

Displays the packet-storm control information.

spanning-tree rootguard

spanning-tree guard

Enables the root guard feature for all VLANs associated with a port.

switchport priority

mls qos cos

Defines the default CoS 3 value of a port.

switchport priority override

mls qos cos override

Assigns the default CoS value to all incoming packets on a port.

1. GBIC = Gigabit Interface Converter

2. SPAN = Switched Port Analyzer

3. CoS = class of service

Table 1-3 lists and describes the commands that are not supported in Release 12.1(6)EA2 or later. These commands are supported only in software releases earlier than Release 12.1(6)EA2. If you are running Release 12.1(6)EA2 or later, the switch supports the commands listed in Table 1-3 only if they are in a saved configuration file.

Table 1-3

Commands Not Supported in Release 12.1(6)EA2 or Later

Command

Description

clear ip address

Deletes an IP address for a switch without disabling the IP processing.

clear mac-address-table static

Deletes static entries from the MAC address table.

management

Shuts down the current management VLAN interface and enables the new management VLAN interface.

show mac-address-table self

Displays the addresses added by the switch itself to the MAC address table.

spanning-tree protocol

Specifies the STP 1 to be used for specified spanning-tree instances.

In Release 12.1(6)EA2 or later, the switch supports only IEEE Ethernet STP.

1. STP = Spanning Tree Protocol

For detailed command syntax and descriptions, see Chapter 2, Cisco IOS Commands.For task-oriented configuration steps, refer to the software configuration guide for this release.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

software configuration guide for this release. Catalyst 2950 and Catalyst 2955 Switch Command Reference 1-7 78-15304-01

1-7

78-15304-01

Command Summary

Chapter 1

Using the Command-Line Interface

Summary Chapter 1 Using the Command-Line Interface 1-8 Catalyst 2950 and Catalyst 2955 Switch Command Reference

1-8

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

2 CHAPTER
2
CHAPTER

Cisco IOS Commands

aaa authentication dot1x

Use the aaa authentication dot1x global configuration command to specify one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Use the no form of this command to disable authentication.

aaa authentication dot1x {default} method1 [method2

]

no aaa authentication dot1x {default} method1 [method2

]

Syntax Description

default

Use the listed authentication methods that follow this argument as the default list of methods when a user logs in.

method1

At least one of these keywords:

[method2

]

enableUse the enable password for authentication.

 

group radiusUse the list of all Remote Authentication Dial-In User Service (RADIUS) servers for authentication.

line—Use the line password for authentication.

local—Use the local username database for authentication.

local-case—Use the case-sensitive local username database for authentication.

none—Use no authentication. The client is automatically authenticated by the switch without using the information supplied by the client.

Defaults

No authentication is performed.

Command Modes

Global configuration

 

Command History

Release

Modification

12.1(6)EA2

This command was first introduced.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

12.1(6)EA2 This command was first introduced. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-1 78-15304-01

2-1

78-15304-01

aaa authentication dot1x

Chapter 2

Cisco IOS Commands

Usage Guidelines

The method argument identifies the list of methods that the authentication algorithm tries in the given sequence to validate the password provided by the client. The only method that is truly 802.1X-compliant is the group radius method, in which the client data is validated against a RADIUS authentication server. The remaining methods enable AAA to authenticate the client by using locally configured data. For example, the local and local-case methods use the username and password that are saved in the IOS configuration file. The enable and line methods use the enable and line passwords for authentication.

If you specify group radius, you must configure the RADIUS server by entering the radius-server host global configuration command.

If you are not using a RADIUS server, you can use the local or local-case methods, which access the local username database to perform authentication. By specifying the enable or line methods, you can supply the clients with a password to provide access to the switch.

Use the show running-config privileged EXEC command to display the configured lists of authentication methods.

Examples

This example shows how to enable AAA and how to create an authentication list for 802.1X. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is allowed access with no authentication.

Switch(config)# aaa new model Switch(config)# aaa authentication dot1x default group radius none

You can verify your settings by entering the show running-config privileged EXEC command.

Related Commands

Command

Description

aaa new-model

Enables the AAA access control model. For syntax information, refer to Cisco IOS Security Command Reference for Release 12.1 > Authentication, Authorization, and Accounting > Authentication Commands.

show running-config

Displays the configuration information running on the switch. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.

Management Commands > Configuration File Commands . 2-2 Catalyst 2950 and Catalyst 2955 Switch Command Reference

2-2

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2

Cisco IOS Commands

access-list (IP extended)

access-list (IP extended)

Use the extended version of the access-list global configuration command to configure an extended IP access control list (ACL). Use the no form of this command to remove an extended IP ACL.

access-list access-list-number {deny | permit | remark} protocol {source source-wildcard | host source | any} [operator port] {destination destination-wildcard | host destination | any} [operator port] [dscp dscp-value] [time-range time-range-name]

no access-list access-list-number

This command is available on physical interfaces only if your switch is running the enhanced software image (EI).

Syntax Description

access-list-number

Number of an ACL, from 100 to 199 or from 2000 to 2699.

protocol

Name of an IP protocol.

 

protocol can be ip, tcp, or udp.

 

deny

Deny access if conditions are matched.

permit

Permit access if conditions are matched.

remark

ACL entry comment up to 100 characters.

source source-wildcard | host source | any

Define a source IP address and wildcard.

The source is the source address of the network or host from which the packet is being sent, specified in one of these ways:

The 32-bit quantity in dotted-decimal format. The source-wildcard applies wildcard bits to the source.

The keyword host, followed by the 32-bit quantity in dotted-decimal

format, as an abbreviation for source and source-wildcard of source

0.0.0.0.

The keyword any as an abbreviation for source and source-wildcard of 0.0.0.0 255.255.255.255. You do not need to enter a source-wildcard.

destination destination-wildcard | host destination | any

Define a destination IP address and wildcard.

The destination is the destination address of the network or host to which the packet is being sent, specified in one of these ways:

The 32-bit quantity in dotted-decimal format. The destination-wildcard applies wildcard bits to the destination.

The keyword host, followed by the 32-bit quantity in dotted-decimal format, as an abbreviation for destination and destination-wildcard of destination 0.0.0.0.

The keyword any as an abbreviation for destination and destination-wildcard of 0.0.0.0 255.255.255.255. You do not need to enter a destination-wildcard.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

You do not need to enter a destination-wildcard. Catalyst 2950 and Catalyst 2955 Switch Command Reference

2-3

78-15304-01

access-list (IP extended)

Chapter 2

Cisco IOS Commands

operator port

(Optional) Define a source or destination port.

The operator can be only eq (equal).

If operator is after the source IP address and wildcard, conditions match when the source port matches the defined port.

If operator is after the destination IP address and wildcard, conditions match when the destination port matches the defined port.

The port is a decimal number or name of a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port. The number can be from 0 to 65535.

Use TCP port names only for TCP traffic.

Use UDP port names only for UDP traffic.

dscp dscp-value

(Optional) Define a Differentiated Services Code Point (DSCP) value to classify traffic.

For the dscp-value, enter any of the 13 supported DSCP values (0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use the question mark (?) to see a list of available values.

time-range

(Optional) For the time-range keyword, enter a meaningful name to identify the time range. For a more detailed explanation of this keyword, refer to the software configuration guide.

time-range-name

Defaults

The default extended ACL is always terminated by an implicit deny statement for all packets.

Command Modes

Global configuration

Command History

Release

Modification

12.1(6)EA2

This command was first introduced.

Usage Guidelines

Plan your access conditions carefully. The ACL is always terminated by an implicit deny statement for all packets.

You can use ACLs to control virtual terminal line access by controlling the transmission of packets on an interface.

Extended ACLs support only the TCP and UDP protocols.

Use the show ip access-lists command to display the contents of IP ACLs.

Use the show access-lists command to display the contents of all ACLs.

access-lists command to display the contents of all ACLs. Note For more information about configuring IP

Note

For more information about configuring IP ACLs, refer to the Configuring Network Security with ACLschapter in the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide for this release.

Chapter 2

Cisco IOS Commands

access-list (IP extended)

Examples

This example shows how to configure an extended IP ACL that allows only TCP traffic to the destination IP address 128.88.1.2 with a TCP port number of 25 and how to apply it to an interface:

Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25 Switch(config)# interface fastethernet0/8 Switch(config-if)# ip access-group 102 in

This is an example of an extended ACL that allows TCP traffic only from two specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the ACL statements is denied.

access-list 104 permit tcp 192.5.0.0 0.0.255.255 any access-list 104 permit tcp 128.88.0.0 0.0.255.255 any

any access-list 104 permit tcp 128.88.0.0 0.0.255.255 any Note In these examples, all other IP access

Note

In these examples, all other IP access is implicitly denied.

You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC command.

Related Commands

Command

Description

access-list (IP standard)

Configures a standard IP ACL.

ip access-group

Controls access to an interface.

show access-lists

Displays ACLs configured on the switch.

show ip access-lists

Displays IP ACLs configured on the switch.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

Displays IP ACLs configured on the switch. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-5

2-5

78-15304-01

access-list (IP standard)

Chapter 2

Cisco IOS Commands

access-list (IP standard)

Use the standard version of the access-list global configuration command to configure a standard IP access control list (ACL). Use the no form of this command to remove a standard IP ACL.

access-list access-list-number {deny | permit | remark} {source source-wildcard | host source | any}

no access-list access-list-number

This command is available on physical interfaces only if your switch is running the enhanced software image (EI).

Syntax Description

access-list-number

Number of an ACL, from 1 to 99 or from 1300 to 1999.

deny

Deny access if conditions are matched.

permit

Permit access if conditions are matched.

remark

ACL entry comment up to 100 characters.

source source-wildcard | host source | any

Define a source IP address and wildcard.

The source is the source address of the network or host from which the packet is being sent, specified in one of these ways:

 

The 32-bit quantity in dotted-decimal format. The source-wildcard applies wildcard bits to the source.

The keyword host, followed by the 32-bit quantity in dotted-decimal format, as an abbreviation for source and source-wildcard of source

0.0.0.0.

The keyword any as an abbreviation for source and source-wildcard of 0.0.0.0 255.255.255.255. You do not need to enter a source-wildcard.

Defaults

The default standard ACL is always terminated by an implicit deny statement for all packets.

Command Modes

Global configuration

Command History

Release

Modification

12.1(6)EA2

This command was first introduced.

Usage Guidelines

Plan your access conditions carefully. The ACL is always terminated by an implicit deny statement for all packets.

You can use ACLs to control virtual terminal line access by controlling the transmission of packets on an interface.

by controlling the transmission of packets on an interface. 2-6 Catalyst 2950 and Catalyst 2955 Switch

2-6

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2

Cisco IOS Commands

access-list (IP standard)

Use the show ip access-lists command to display the contents of IP ACLs.

Use the show access-lists command to display the contents of all ACLs.

access-lists command to display the contents of all ACLs. Note For more information about configuring IP

Note

For more information about configuring IP ACLs, refer to the Configuring Network Security with ACLschapter in the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide for this release.

Examples

This example shows how to configure a standard IP ACL that allows only traffic from the host network 128.88.1.10 and how to apply it to an interface:

Switch(config)# access-list 12 permit host 128.88.1.10 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 12 in

This is an example of an standard ACL that allows traffic only from three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the ACL statements is denied.

access-list 14 permit 192.5.34.0 0.0.0.255 access-list 14 permit 128.88.0.0 0.0.0.255 access-list 14 permit 36.1.1.0 0.0.0.255

0.0.0.255 access-list 14 permit 36.1.1.0 0.0.0.255 Note In these examples, all other IP access is implicitly

Note

In these examples, all other IP access is implicitly denied.

You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC command.

Related Commands

Command

Description

access-list (IP extended)

Configures an extended IP ACL.

ip access-group

Controls access to an interface.

show access-lists

Displays ACLs configured on the switch.

show ip access-lists

Displays IP ACLs configured on the switch.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

Displays IP ACLs configured on the switch. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-7

2-7

78-15304-01

auto qos voip

Chapter 2

Cisco IOS Commands

auto qos voip

Use the auto qos voip interface configuration command to configure automatic quality of service (auto-QoS) for voice over IP (VoIP) within a QoS domain. Use the no form of this command to change the auto-QoS configuration settings to the standard-QoS defaults.

auto qos voip {cisco-phone | trust}

no auto qos voip

This command is available only if your switch is running the enhanced software image (EI).

Syntax Description

cisco-phone

Identify this interface as connected to a Cisco IP phone, and automatically configure QoS for VoIP. The QoS labels of incoming packets are trusted only when the phone is detected.

trust

Identify this interface as connected to a trusted switch or router. The QoS labels of incoming packets are trusted.

Defaults

Auto-QoS is disabled on all interfaces.

When auto-QoS is enabled, it uses the ingress packet label to categorize traffic and to configure the egress queues as summarized in Table 2-1.

Table 2-1

Traffic Types, Ingress Packet Labels, Assigned Packet Labels, and Egress Queues

 

VoIP Data Traffic Only From Cisco IP Phones

VoIP Control Traffic Only From Cisco IP Phones

Routing Protocol

STP 1 BPDU 2 Traffic

All Other

Traffic

Traffic

Ingress DSCP 3

46

26

––

 

Ingress CoS

5

3

6

7

Assigned DSCP

46

26

48

56

0

Assigned CoS

5

3

6

7

0

CoS-to-Queue

5

 

3, 6, 7

0, 1, 2, 4

Map

 

Egress Queue

Expedite

 

80% WRR 4

20% WRR

queue

 

1. STP = Spanning Tree Protocol

2. BPDU = bridge protocol data unit

3. DSCP = Differentiated Services Code Point

4. WRR = weighted round robin

Services Code Point 4. WRR = weighted round robin 2-8 Catalyst 2950 and Catalyst 2955 Switch

2-8

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2

Cisco IOS Commands

auto qos voip

Table 2-2 lists the auto-QoS configuration for the egress queues.

Table 2-2

Auto-QoS Configuration for the Egress Queues

Egress Queue

Queue Number

CoS-to-Queue Map

Queue Weight

Expedite

4

5

80% WRR

3

3, 6, 7

80%

20% WRR

1

0, 1, 2, 4

20%

Command Modes

Interface configuration

Command History

Release

Modification

12.1(12c)EA1

This command was first introduced.

Usage Guidelines

Use this command to configure the QoS that is appropriate for VoIP traffic within the QoS domain. The QoS domain includes the switch, the interior of the network, and the edge devices that can classify incoming traffic for QoS.

Use the cisco-phone keyword on ports connected to Cisco IP phones at the edge of the network. The switch detects the phone through the Cisco Discovery Protocol (CDP) and trusts the QoS labels in packets received from the phone.

Use the trust keyword on ports connected to the interior of the network. Because it is assumed that traffic has already been classified by other edge devices, the QoS labels in these packets from the interior of the network are trusted.

When you enable the auto-QoS feature on the first interface, these automatic actions occur:

When you enter the auto qos voip cisco-phone interface configuration command, the trusted boundary feature is enabled. It uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP phone. When a Cisco IP phone is detected, the ingress classification on the interface is set to trust the QoS label received in the packet. When a Cisco IP phone is absent, the ingress classification is set to not trust the QoS label in the packet. The egress queues on the interface are also reconfigured (see Table 2-2).

When you enter the auto qos voip trust interface configuration command, the ingress classification on the interface is set to trust the QoS label received in the packet, and the egress queues on the interface are reconfigured (see Table 2-2).

You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports.

To display the QoS configuration that is automatically generated when auto-QoS is enabled, enable debugging before you enable auto-QoS. Use the debug autoqos privileged EXEC command to enable auto-QoS debugging.

To disable auto-QoS on an interface, use the no auto qos voip interface configuration command. When you enter this command, the switch changes the auto-QoS settings to the standard-QoS default settings for that interface.

To disable auto-QoS on the switch, use the no auto qos voip interface configuration command on all interfaces on which auto-QoS is enabled. When you enter this command on the last interface on which auto-QoS is enabled, the switch enables pass-through mode.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

is enabled, the switch enables pass-through mode. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-9

2-9

78-15304-01

auto qos voip

Chapter 2

Cisco IOS Commands

Examples

This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to Gigabit Ethernet interface 0/1 is a trusted device:

Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust

This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the device connected to Fast Ethernet interface 0/1 is detected as a Cisco IP phone:

Switch(config)# interface fastethernet0/1 Switch(config-if)# auto qos voip cisco-phone

This example shows how to display the QoS configuration that is automatically generated when auto-QoS is enabled:

Switch# debug autoqos AutoQoS debugging is on Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethernet0/10 Switch(config-if)# auto qos voip cisco-phone 00:02:54:wrr-queue bandwidth 20 1 80 0 00:02:55:no wrr-queue cos-map 00:02:55:wrr-queue cos-map 1 0 1 2 4 00:02:56:wrr-queue cos-map 3 3 6 7 00:02:58:wrr-queue cos-map 4 5 00:02:59:mls qos map cos-dscp 0 8 16 26 32 46 48 56 00:03:00:interface FastEthernet0/10 00:03:00: mls qos trust device cisco-phone 00:03:00: mls qos trust cos Switch(config-if)# interface fastethernet0/12 Switch(config-if)# auto qos voip trust 00:03:15:interface FastEthernet0/12 00:03:15: mls qos trust cos Switch(config-if)#

You can verify your settings by entering the show auto qos interface interface-id privileged EXEC command.

Related Commands

Command

Description

debug autoqos

Enable debugging of the auto-QoS feature.

mls qos map

Defines the CoS-to-DSCP map or the DSCP-to-CoS map.

mls qos trust

Configures the port trust state.

show auto qos

Displays auto-QoS information.

show mls qos maps

Displays QoS mapping information.

show mls qos interface

Displays QoS information at the interface level.

interface Displays QoS information at the interface level. 2-10 Catalyst 2950 and Catalyst 2955 Switch Command

2-10

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2

Cisco IOS Commands

boot private-config-file

boot private-config-file

Use the boot private-config-file global configuration command to specify the filename that IOS uses to read and write a nonvolatile copy of the private configuration. Use the no form of this command to return to the default setting.

boot private-config-file filename

no boot private-config-file

Syntax Description

filename

The name of the private configuration file.

Defaults

The default configuration file is private-config.text.

Command Modesb

Global configuration

Command History

Release

Modification

12.1(11)EA1

This command was first introduced.

Usage Guidelines

Only the IOS software can read and write a copy of the private configuration file. You cannot read, write, delete, or display a copy of this file.

Filenames are case sensitive.

Examples

This example shows how to specify the name of the private configuration file as pconfig:

Switch(config)# boot private-config-file pconfig

Related Commands

Command

Description

show boot

Displays the settings of the boot environment variables.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

the settings of the boot environment variables. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-11

2-11

78-15304-01

channel-group

Chapter 2

Cisco IOS Commands

channel-group

Use the channel-group interface configuration command to assign an Ethernet interface to an EtherChannel group. Use the no form of this command to remove an Ethernet interface from an EtherChannel group.

channel-group channel-group-number mode {auto [non-silent] | desirable [non-silent] | on | active | passive}

no channel-group

Syntax Description

channel-group-number

Specify the channel group number. The range is 1 to 6.

mode

Specify the EtherChannel Port Aggregation Protocol (PAgP) or Link Aggregration Control Protocol (LACP). mode of the interface.

active

Unconditionally enable LACP.

Active mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending LACP packets. A channel is formed with another port group in either the active or passive mode. When active is enabled, silent operation is the default.

auto

Enable PAgP only if a PAgP device is detected.

Auto mode places an interface into a passive negotiating state, in which the interface responds to PAgP packets it receives but does not initiate PAgP packet negotiation. A channel is formed only with another port group in desirable mode. When auto is enabled, silent operation is the default.

desirable

Unconditionally enable PAgP.

Desirable mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending PAgP packets. A channel is formed with another port group in either the desirable or auto mode. When desirable is enabled, silent operation is the default.

non-silent

(Optional) Used with the auto or desirable keyword when PAgP traffic is expected from the other device.

on

Force the interface to channel without PAgP or LACP.

With the on mode, a usable EtherChannel exists only when an interface group in the on mode is connected to another interface group in the on mode.

passive

Enable LACP only if an LACP device is detected.

Passive mode places an interface into a negotiating state in which the interface responds to LACP packets it receives but does not initiate LACP packet negotiation. A channel is formed only with another port group in active mode. When passive is enabled, silent operation is the default.

When passive is enabled, silent operation is the default. 2-12 Catalyst 2950 and Catalyst 2955 Switch

2-12

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2

Cisco IOS Commands

channel-group

Defaults

No channel groups are assigned.

There is no default mode.

Command Modes

Interface configuration

Command History

Release

Modification

12.1(6)EA2

This command was first introduced. It replaced the port group command.

12.1(12c)EA1

The active and passive keywords were added.

Usage Guidelines

You must specify the mode when entering this command. If the mode is not entered, an Ethernet interface is not assigned to an EtherChannel group, and an error message appears.

You do not have to create a port-channel interface before assigning a physical interface to a channel group. A port-channel interface is created automatically when the channel group gets its first physical interface.

You do not have to disable the IP address that is assigned to a physical interface that is part of a channel group, but we highly recommend that you do so.

You can create port channels by entering the interface port-channel global configuration command or when the channel group gets its first physical interface assignment. The port channels are not created at runtime or dynamically.

Any configuration or attribute changes you make to the port-channel interface are propagated to all interfaces within the same channel group as the port channel (for example, configuration changes are also propagated to the physical interfaces that are not part of the port channel, but are part of the channel group).

With the on mode, a usable PAgP EtherChannel exists only when a port group in on mode is connected to another port group in on mode.

If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent mode is used when the switch is connected to a device that is not PAgP-capable and seldom, if ever, sends packets. A example of a silent partner is a file server or a packet analyzer that is not generating traffic. In this case, running PAgP on a physical port prevents that port from ever becoming operational; however, it allows PAgP to operate, to attach the interface to a channel group, and to use the interface for transmission. Both ends of the link cannot be set to silent.

transmission. Both ends of the link cannot be set to silent. Note You cannot enable both

Note

You cannot enable both PAgP and LACP modes on an EtherChannel group.

enable both PAgP and LACP modes on an EtherChannel group. Caution You should exercise care when

Caution

You should exercise care when setting the mode to on (manual configuration). All ports configured in the on mode are bundled in the same group and are forced to have similar characteristics. If the group is misconfigured, packet loss or Spanning Tree Protocol (STP) loops might occur.

Catalyst 2950 and Catalyst 2955 Switch Command Reference

Spanning Tree Protocol (STP) loops might occur. Catalyst 2950 and Catalyst 2955 Switch Command Reference 2-13

2-13

78-15304-01

channel-group

Chapter 2

Cisco IOS Commands

Examples

This example shows how to add an interface to the EtherChannel group specified as channel group 1:

Switch(config)# interface gigabitethernet0/1 Switch(config-if)# channel-group 1 mode on

This example shows how to set an Etherchannel into PAgP mode:

Switch(config-if)# channel-group 1 mode auto Creating a port-channel interface Port-channel 1

This example shows how to set an Etherchannel into LACP mode:

Switch(config-if)# channel-group 1 mode passive Creating a port-channel interface Port-channel 1

You can verify your settings by entering the show etherchannel or show running-config privileged EXEC command.

Related Commands

Command

Description

interface port-channel

Accesses or creates the port channel.