Page 1 Cisco ME 3400 Ethernet Access Switch Command Reference Cisco IOS Release 12.2(50)SE March 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-9640-07...
Page 2 Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
C O N T E N T S Preface xvii Audience xvii Purpose xvii Conventions xviii Related Publications xviii Obtaining Documentation and Submitting a Service Request Using the Command-Line Interface C H A P T E R CLI Command Modes...
Page 4 (IPv6 access-list configuration) 2-65 deny (MAC access-list configuration) 2-70 dot1x default 2-73 dot1x host-mode 2-74 dot1x initialize 2-76 dot1x max-reauth-req 2-77 dot1x max-req 2-78 dot1x port-control 2-79 dot1x re-authenticate 2-81 dot1x reauthentication 2-82 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 5 2-134 ip dhcp snooping 2-136 ip dhcp snooping binding 2-137 ip dhcp snooping database 2-139 ip dhcp snooping information option 2-141 ip dhcp snooping information option allowed-untrusted 2-143 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 6 2-146 ip dhcp snooping trust 2-147 ip dhcp snooping verify mac-address 2-148 ip dhcp snooping vlan 2-149 ip dhcp snooping vlan information option format-type circuit-id string 2-150 ip igmp filter 2-152 ip igmp max-groups 2-154 ip igmp profile 2-156...
Page 7 2-250 mvr (global configuration) 2-254 mvr (interface configuration) 2-257 oam protocol cfm svlan 2-260 pagp learn-method 2-261 pagp port-priority 2-263 permit (ARP access-list configuration) 2-265 permit (IPv6 access-list configuration) 2-267 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 8 2-327 service password-recovery 2-329 service-policy (interface configuration) 2-331 service-policy (policy-map class configuration) 2-333 set cos 2-336 set dscp 2-338 set precedence 2-340 set qos-group 2-342 setup 2-344 shape average 2-347 Cisco ME 3400 Ethernet Access Switch Command Reference viii OL-9640-07...
Page 9 2-419 show ip dhcp snooping binding 2-420 show ip dhcp snooping database 2-422 show ip dhcp snooping statistics 2-424 show ip igmp profile 2-427 show ip igmp snooping 2-428 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 10 2-484 show mvr interface 2-486 show mvr members 2-488 show pagp 2-490 show parser macro 2-492 show policer aggregate 2-494 show policer cpu uni-eni 2-495 show policy-map 2-498 show port-security 2-502 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 11 2-564 spanning-tree link-type 2-566 spanning-tree loopguard default 2-568 spanning-tree mode 2-570 spanning-tree mst configuration 2-572 spanning-tree mst cost 2-574 spanning-tree mst forward-time 2-576 spanning-tree mst hello-time 2-577 spanning-tree mst max-age 2-579 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 12 2-636 table-map 2-639 test cable-diagnostics tdr 2-641 traceroute mac 2-643 traceroute mac ip 2-646 udld 2-648 udld port 2-650 udld reset 2-652 uni count 2-653 uni-vlan 2-655 vlan 2-657 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 13 (privileged EXEC) 2-666 vmps reconfirm (global configuration) 2-667 vmps retry 2-668 vmps server 2-669 Cisco ME 3400 Ethernet Access Switch A P P E N D I X Boot Loader Commands boot copy delete flash_init format A-10 fsck...
Page 14 B-39 debug platform matm B-40 debug platform messaging application B-41 debug platform phy B-42 debug platform pm B-44 debug platform policer cpu uni-eni B-46 debug platform port-asic B-47 Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 15 B-76 debug udld B-78 debug vqpc B-80 Cisco ME 3400 Ethernet Access Switch A P P E N D I X Show Platform Commands show platform acl show platform backup interface show platform cfm show platform configuration show platform dl...
Page 16 C-43 show platform stp-instance C-44 show platform tcam C-45 show platform vlan C-48 Acknowledgments for Open-Source Software A P P E N D I X N D E X Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 17 (multi-VRF-CE) devices, and IP multicast routing. This guide provides the information you need about the Layer 2 and Layer 3 commands that have been created or changed for use with the Cisco ME 3400 Ethernet Access switch. For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation set available from the...
Page 18: Related Publications
• Braces ( ) group required choices, and vertical bars ( | ) separate the alternative elements. • Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional • element. Interactive examples use these conventions: Terminal sessions and system displays are in font.
Page 19: Obtaining Documentation And Submitting A Service Request
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Page 20 Preface Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 21: Cli Command Modes
C H A P T E R Using the Command-Line Interface The Cisco Metro Ethernet (ME) 3400 Series Ethernet Access switch is supported by Cisco IOS software. This chapter describes how to use the switch command-line interface (CLI) to configure software features.
Page 22: C H A P T E R 1 Using The Command-Line Interface
After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, use the user EXEC commands to temporarily change terminal settings, perform basic tests, and list system information.
Page 23: User Exec Mode
EXEC mode, as well as the configure privileged EXEC command through which you access the remaining command modes. If your system administrator has set a password, you are prompted to enter it before being granted access to privileged EXEC mode. The password does not appear on the screen and is case sensitive.
Page 24: Privileged Exec Mode
Use this mode to configure normal-range VLANs (VLAN IDs 1 to 1005) or extended-range VLANs (VLAN IDs 1006 to 4094). The VLAN configuration is saved in the running configuration file, and you can save it to the switch startup configuration file by using the copy running-config startup-config privileged EXEC command.
Page 25: Line Configuration Mode
Using the Command-Line Interface CLI Command Modes To exit line configuration mode and to return to global configuration mode, use the exit command. To exit line configuration mode and to return to privileged EXEC mode, enter the end command, or press Ctrl-Z.
Page 26 Chapter 1 Using the Command-Line Interface CLI Command Modes Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 27: Aaa Accounting Dot1X
IEEE 802.1x accounting. aaa accounting dot1x {name | default} start-stop {broadcast group {name | radius | tacacs+} [group {name | radius | tacacs+}... ] | group {name | radius | tacacs+} [group {name | radius | tacacs+} ... ]} no aaa accounting dot1x {name | default}...
Page 28 This example shows how to configure IEEE 802.1x accounting: Switch(config)# aaa accounting dot1x Switch(config)# aaa accounting dot1x default start-stop group radius Switch(config)# Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client. Related Commands Command Description...
Page 29: Aaa Authentication Dot1X
This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is not allowed access to the network.
Page 30 Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command_ reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 31: Action
The drop and forward parameters are not used in the no form of the command. Examples This example shows how to identify and apply a VLAN access map vmap4 to VLANs 5 and 6 that causes the VLAN to forward an IP packet if the packet matches the conditions defined in access list al2:...
Page 32 Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands. ip access-list Creates a named access list. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
Page 33: Archive Download-Sw
12.2(44)EY This command was introduced. Use the archive download-sw privileged EXEC command to download a new image from a TFTP server to the switch and to overwrite or keep the existing image. archive download-sw {/force-reload | /imageonly | /leave-old-sw | /no-set-boot |...
Page 34 If you specify the command without the /overwrite option, the download algorithm verifies that the new image is not the same as the one on the switch flash device. If the images are the same, the download does not occur. If the images are different, the old image is deleted, and the new one is downloaded.
Page 35 Related Commands Command Description archive tar Creates a tar file, lists the files in a tar file, or extracts the files from a tar file. archive upload-sw Uploads an existing image on the switch to a server. delete Deletes a file or directory on the flash memory device.
Page 36: Archive Tar
Use the archive tar privileged EXEC command to create a tar file, list files in a tar file, or extract the files from a tar file. archive tar {/create destination-url flash:/file-url} | {/table source-url} | {/xtract source-url flash:/file-url [dir/file...]}...
Page 37 TFTP server at 172.20.10.30: Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs This example shows how to display the contents of the file that is in flash memory. The contents of the tar file appear on the screen: Switch# archive tar /table flash:image_name-mz.122-release.tar...
Page 38 (1654 bytes) <output truncated> This example shows how to extract the contents of a tar file on the TFTP server at 172.20.10.30. This command extracts just the new-configs directory into the root directory on the local flash file system.
Page 39: Archive Upload-Sw
Use the upload feature only if the HTML files associated with the embedded device manager have been installed with the existing image. The files are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. After these files are uploaded, the software creates the tar file.
Page 40 Downloads a new image to the switch. archive tar Creates a tar file, lists the files in a tar file, or extracts the files from a tar file. Cisco ME 3400 Ethernet Access Switch Command Reference 2-14 OL-9640-07...
Page 41: Arp Access-List
Use the arp access-list global configuration command to define an Address Resolution Protocol (ARP) access control list (ACL) or to add clauses to the end of a previously defined list. Use the no form of this command to delete the specified ARP access list.
Page 42 Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 00001.0000.abcd...
Page 43: Bandwidth
CBWFQ derives the weight for packets belonging to the class from the bandwidth allocated to the class and uses the weight to ensure that the queue for that class is serviced fairly. Bandwidth settings are not supported in input policy maps.
Page 44 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands bandwidth The total rate of the minimum bandwidth guarantees for each queue of the policy cannot exceed the total speed for the interface. If the percent keyword is used, the sum of the class bandwidth percentages cannot exceed 100 percent.
Page 45 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands bandwidth This example shows how to set outclass1 as a priority queue, with outclass2, and outclass3 getting 50 and 20 percent, respectively, of the bandwidth remaining after the priority queue is serviced. The class class-default gets the remaining 30 percent with no guarantees.
Page 46: Boot Config-File
Use the boot config-file global configuration command to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. Use the no form of this command to return to the default setting.
Page 47: Boot Enable-Break
This command was introduced. Usage Guidelines When you enter this command, you can interrupt the automatic boot process by pressing the break key on the console after the flash file system is initialized. The break key is different for each operating system: •...
Page 48: Boot Helper
Use the boot helper global configuration command to dynamically load files during boot loader initialization to extend or patch the functionality of the boot loader. Use the no form of this command to return to the default. boot helper filesystem:/file-url ...
Page 49: Boot Helper-Config-File
Use the boot helper-config-file global configuration command to specify the name of the configuration file to be used by the Cisco IOS helper image. If this is not set, the file specified by the CONFIG_FILE environment variable is used by all versions of Cisco IOS that are loaded. Use the no form of this command to return to the default setting.
Page 50: Boot Manual
Usage Guidelines The next time you reboot the system, the switch is in boot loader mode, which is shown by the switch: prompt. To boot the system, use the boot boot loader command, and specify the name of the bootable image.
Page 51: Boot Private-Config-File
Use the boot private-config-file global configuration command to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration. Use the no form of this command to return to the default setting.
Page 52: Boot System
The switch attempts to automatically boot the system by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory.
Page 53: Channel-Group
Use the channel-group interface configuration command to assign an Ethernet port to an EtherChannel group. Use the no form of this command to remove an Ethernet port from an EtherChannel group. channel-group channel-group-number mode {active | {auto [non-silent] | desirable [non-silent]...
Page 54 UNIs and ENIs are disabled by default. NNIs are enabled by default. You do not have to disable the IP address that is assigned to a physical port that is part of a channel group, but we strongly recommend that you do so.
Page 55 In this case, running PAgP on a physical port prevents that port from ever becoming operational. However, it allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. Both ends of the link cannot be set to silent.
Page 56 Displays PAgP channel-group information. show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_ command_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command.
Page 57: Channel-Protocol
Note (ENIs). If the port is a user network interface (UNI) or an ENI, you must use the no shutdown interface configuration command to enable it before using the channel-protocol command. UNIs and ENIs are disabled by default. NNIs are enabled by default.
Page 58 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands channel-protocol Related Commands Command Description channel-group Assigns an Ethernet port to an EtherChannel group. show etherchannel protocol Displays protocol information the EtherChannel. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 59: Class
Use the class policy-map configuration command to specify the name of the class whose policy you want to create or to change or to specify the system default class before you configure a policy and to enter policy-map class configuration mode. Use the no form of this command to remove the class from a policy map.
Page 60 (policy-map class configuration) policy-map class commands. priority: sets the strict scheduling priority for this class or, when used with the police keyword, sets • priority with police. For more information, see the priority policy-map class command.
Page 61: Class-Map
This command was introduced. Usage Guidelines Use this command to specify the name of the class for which you want to create or to modify class-map match criteria and to enter class-map configuration mode. The switch supports a maximum of 1024 unique class maps.
Page 62 • no: removes a match statement from a class map. Examples This example shows how to configure the class map called class1. By default, the class map is match-all and therefore can contain no other match criteria. Switch(config)# class-map class1...
Page 63: Clear Ip Arp Inspection Log
Examples This example shows how to clear the contents of the log buffer: Switch# clear ip arp inspection log You can verify that the log was cleared by entering the show ip arp inspection log privileged command. Related Commands Command...
Page 64: Clear Ip Arp Inspection Statistics
This example shows how to clear the statistics for VLAN 1: Switch# clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command.
Page 65: Clear Ip Dhcp Snooping
This example shows how to clear the DHCP snooping statistics counters: Switch# clear ip dhcp snooping statistics You can verify that the statistics were cleared by entering the show ip dhcp snooping statistics user EXEC command. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 66 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands clear ip dhcp snooping Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN. ip dhcp snooping database Configures the DHCP snooping binding database agent or the binding file.
Page 67: Clear Ipc
12.2(25)EX This command was introduced. Usage Guidelines You can clear all statistics by using the clear ipc statistics command, or you can clear only the queue statistics by using the clear ipc queue-statistics command. Examples This example shows how to clear all statistics:...
Page 68: Clear Ipv6 Dhcp Conflict
{* | IPv6-address} Note This command is available only if the switch is running the metro IP access image and you have configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 69: Clear L2Protocol-Tunnel Counters
Use the clear l2protocol-tunnel counters privileged EXEC command to clear the protocol counters in protocol tunnel ports. clear l2protocol-tunnel counters [interface-id] This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description interface-id (Optional) Specify interface (physical interface or port channel) for which protocol counters are to be cleared.
Page 70: Clear Lacp
12.2(25)EX This command was introduced. Usage Guidelines You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command. Examples...
Page 71: Clear Mac Address-Table
Use the clear mac address-table privileged EXEC command to delete from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN. This command also clears the MAC address notification global counters.
Page 72: Clear Mac Address-Table Move Update
Use the clear mac address-table move update privileged EXEC command to clear the mac address-table-move update-related counters. clear mac address-table move update This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description This command has no arguments or keywords.
Page 73: Clear Pagp
12.2(25)EX This command was introduced. Usage Guidelines You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command. Examples...
Page 74: Clear Policer Cpu Uni-Eni Counters
You can use this command to clear statistics maintained per feature or statistics about dropped frames. You can enter the show platform policer cpu classification or show policer cpu uni drop command to view feature statistics or dropped frames before and after you use the clear command.
Page 75: Clear Port-Security
Use the clear port-security privileged EXEC command to delete from the MAC address table all secure addresses or all secure addresses of a specific type (configured, dynamic, or sticky) on the switch or on an interface. clear port-security {all | configured | dynamic | sticky} [[address mac-addr | interface...
Page 76 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands clear port-security You can verify that the information was deleted by entering the show port-security privileged EXEC command. Related Commands Command Description switchport port-security Enables port security on an interface.
Page 77: Clear Rep Counters
This command was introduced. Usage Guidelines You can clear all REP counters by using the clear rep counters command, or you can clear only the counters for the interface by using the clear rep counters interface interface-id command. When you enter the clear rep counters command, only the counters visible in the output of the show interface rep detail command are cleared.
Page 78: Clear Spanning-Tree Counters
Spanning Tree Protocol (STP) is not supported on user network Note interfaces (UNIs). Though visible in the command-line help, the command has no effect on UNIs or on ENIs on which STP is not enabled. Defaults No default is defined.
Page 79: Clear Spanning-Tree Detected-Protocols
IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).
Page 80 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands clear spanning-tree detected-protocols Related Commands Command Description show spanning-tree Displays spanning-tree state information. spanning-tree link-type Overrides the default link-type setting and enables rapid spanning-tree transitions to the forwarding state.
Page 81: Clear Vmps Statistics
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands clear vmps statistics clear vmps statistics Use the clear vmps statistics privileged EXEC command to clear the statistics maintained by the VLAN Query Protocol (VQP) client. clear vmps statistics Syntax Description This command has no arguments or keywords.
Page 82: Conform-Action
Use the conform-action policy-map class police configuration command to set multiple actions for a policy-map class for packets that conform to the committed information rate (CIR). Use the no form of this command to cancel the action or to return to the default action.
Page 83 This example shows how configure multiple conform actions in a policy map that sets a committed information rate of 23000 bits per second (bps) and a conform burst rate of 10000 bps. The policy map includes multiple conform actions (for DSCP and for Layer 2 CoS) and an exceed action.
Page 84: Cpu Traffic Qos
CFM traffic or IP SLA CoS markings. Examples This example shows how to set the CoS value to 5, for the control plane traffic that the CPU generates. Switch(config)# cpu traffic qos cos 5 You can verify your settings by entering the show cpu traffic qos privileged EXEC command.
Page 85 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands cpu traffic qos Related Commands Command Description show cpu traffic qos Displays the QoS output for CPU-generated traffic. Cisco ME 3400 Ethernet Access Switch Command Reference 2-59 OL-9640-07...
Page 86: Define Interface-Range
A macro can contain up to five ranges. All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro.
Page 87 When you define a range, you must enter a space before the hyphen (-), for example: gigabitethernet0/1 - 2 You can also enter multiple ranges. When you define multiple ranges, you must enter a space after the first entry before the comma (,). The space after the comma is optional, for example:...
Page 88: Delete
This command was introduced. Usage Guidelines If you use the /force keyword, you are prompted once at the beginning of the deletion process to confirm the deletion. If you use the /recursive keyword without the /force keyword, you are prompted to confirm the deletion of every file.
Page 89: Deny (Arp Access-List Configuration)
(Optional) Log a packet when it matches the ACE. Defaults There are no default settings. However, at the end of the ARP access list, there is an implicit deny ip any mac any command. Command Modes ARP access-list configuration...
Page 90 You can add deny clauses to drop ARP packets based on matching criteria. Examples This example shows how to define an ARP access list and to deny both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# deny ip host 1.1.1.1 mac host 0000.0000.abcd...
Page 91: Deny (Ipv6 Access-List Configuration)
(IPv6 access-list configuration) deny (IPv6 access-list configuration) Use the deny command in IPv6 access list configuration mode to set deny conditions for an IPv6 access list. Use the no form of this command to remove the deny conditions. deny {protocol} {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator...
Page 92 The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
Page 93 (Optional) Specify an ICMP message type for filtering ICMP packets. ICMP packets can be filtered by an ICMP message type. The type is a number from 0 to 255. icmp-code (Optional) Specify an ICMP message code for filtering ICMP packets.
Page 94 You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement somewhere other than at the end of the list, create a new statement with an appropriate entry number between two existing entry numbers to show where it belongs.
Page 95 This example configures the IPv6 access list named CISCO and applies the access list to outbound traffic on a Layer 3 interface. The first deny entry prevents all packets that have a destination TCP port number greater than 5000 from leaving the interface. The second deny entry prevents all packets that have a source UDP port number less than 5000 from leaving the interface.
Page 96: Deny (Mac Access-List Configuration)
(MAC access-list configuration) Use the deny MAC access-list configuration command to prevent non-IP traffic from being forwarded if the conditions are matched. Use the no form of this command to remove a deny condition from the named MAC access list.
Page 97 Though visible in the command-line help strings, appletalk is not supported as a matching condition. Note To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology...
Page 98 If you use the host keyword, you cannot enter an address mask; if you do not use the host keyword, you must enter an address mask. When an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list.
Page 99: Dot1X Default
Modification 12.2(25)EX This command was introduced. Examples This example shows how to reset the configurable IEEE 802.1x parameters on a port: Switch(config-if)# dot1x default You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC command. Related Commands...
Page 100: Dot1X Host-Mode
This command was introduced. Usage Guidelines Use this command to limit an IEEE 802.1x-enabled port to a single client or to attach multiple clients to an IEEE 802.1x-enabled port. In multiple-hosts mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access.
Page 101 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands dot1x host-mode Related Commands Command Description show dot1x [interface interface-id] Displays IEEE 802.1x status for the specified port. Cisco ME 3400 Ethernet Access Switch Command Reference 2-75 OL-9640-07...
Page 102: Dot1X Initialize
This command was introduced. Usage Guidelines Use this command to initialize the IEEE 802.1x state machines and to set up a fresh environment for authentication. After you enter this command, the port status becomes unauthorized. There is no no form of this command.
Page 103: Dot1X Max-Reauth-Req
Examples This example shows how to set 4 as the number of times that the switch restarts the authentication process before the port transitions to the unauthorized state:...
Page 104: Dot1X Max-Req
Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame from the authentication server before restarting the authentication process:...
Page 105: Dot1X Port-Control
Trunk port—If you try to enable IEEE 802.1x on a trunk port, an error message appears, and • IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to trunk, an error message appears, and the port mode is not changed.
Page 106 IEEE 802.1x on a port that is a SPAN or RSPAN destination port. However, IEEE 802.1x is disabled until the port is removed as a SPAN or RSPAN destination. You can enable IEEE 802.1x on a SPAN or RSPAN source port.
Page 107: Dot1X Re-Authenticate
12.2(25)EX This command was introduced. Usage Guidelines You can use this command to re-authenticate a client without waiting for the configured number of seconds between re-authentication attempts (re-authperiod) and automatic re-authentication. Examples This example shows how to manually re-authenticate the device connected to a port:...
Page 108: Dot1X Reauthentication
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands dot1x reauthentication dot1x reauthentication Use the dot1x reauthentication interface configuration command to enable periodic re-authentication of the client. Use the no form of this command to return to the default setting. dot1x reauthentication no dot1x reauthentication Syntax Description This command has no arguments or keywords.
Page 109: Dot1X System-Auth-Control
Usage Guidelines You must enable authentication, authorization, and accounting (AAA) and specify the authentication method list before globally enabling IEEE 802.1x. A method list describes the sequence and authentication methods to be queried to authenticate a user. Before globally enabling IEEE 802.1x on a switch, remove the EtherChannel configuration from the interfaces on which IEEE 802.1x and EtherChannel are configured.
Page 110: Dot1X Test Eapol-Capable
There is not a no form of this command. Examples This example shows how to enable the IEEE 802.1x readiness check on a switch to query a port. It also shows the response received from the queried port verifying that the device connected to it is IEEE 802.1x-capable:...
Page 111: Dot1X Test Timeout
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands dot1x test timeout dot1x test timeout Use the dot1x test timeout global configuration command to configure the timeout used to wait for EAPOL response from a port being queried for IEEE 802.1x readiness. dot1x test timeout timeout...
Page 112: Dot1X Timeout
Use the dot1x timeout interface configuration command to set IEEE 802.1x timers. Use the no form of this command to return to the default setting. dot1x timeout {quiet-period seconds | reauth-period seconds | server-timeout seconds |...
Page 113 Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as the number of seconds to wait for a response to an EAP-request/identity frame from the client before re-transmitting the request: Switch(config-if)# dot1x timeout tx-period 60 You can verify your settings by entering the show dot1x privileged EXEC command.
Page 114: Dot1X Violation-Mode
Use the dot1x violation-mode interface configuration command to configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
Page 115: Duplex
This command is only available when a 1000BASE-T SFP module or a 100BASE-FX MMF SFP module is in the SFP module slot. All other SFP modules operate only in full-duplex mode. When a 1000BASE-T SFP module is in the SFP module slot, you can configure duplex mode to auto or full.
Page 116 If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
Page 117: Errdisable Detect Cause
Use the errdisable detect cause global configuration command to enable error-disabled detection for a specific cause or all causes. Use the no form of this command to disable the error-disabled detection feature. errdisable detect cause {all | arp-inspection | dhcp-rate-limit | gbic-invalid | l2ptguard |...
Page 118 When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
Page 119: Errdisable Detect Cause Small-Frame
Use the errdisable detect cause small-frame global configuration command to allow any switch port to be error disabled if incoming VLAN-tagged packets are small frames (67 bytes or less) and arrive at the minimum configured rate (the threshold). Use the no form of this command to return to the default setting.
Page 120 Displays the interface settings on the switch, including input and output flow control. small-frame violation rate Configures the rate (threshold) for incoming small frames to cause a port to be put into the error-disabled state. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 121: Errdisable Recovery
Use the errdisable recovery global configuration command to configure the recover mechanism variables. Use the no form of this command to return to the default setting. errdisable recovery {cause {all | arp-inspection | bpduguard | channel-misconfig | dhcp-rate-limit | gbic-invalid | l2ptguard | link-flap | loopback | pagp-flap |...
Page 122 If you enable the recovery for a cause, the interface is brought out of the error-disabled state and allowed to retry the operation again when all the causes have timed out.
Page 123: Errdisable Recovery Cause Small-Frame
Use the errdisable recovery cause small-frame global configuration command to enable the recovery timer for ports to be automatically re-enabled after they are error disabled by the arrival of small frames. Use the no form of this command to return to the default setting.
Page 124: Ethernet Evc
EVC configuration mode. Use the no form of this command to delete the EVC. ethernet evc evc-id no ethernet evc evc-id This command is available only if your switch is running the metro IP access or metro access image. Syntax Description evc-id The EVC identifier.
Page 125: Ethernet Lmi
The ethernet lmi global command enables Ethernet LMI in PE mode on all interfaces for an entire device. The benefit of this command is that you can enable Ethernet LMI on all interfaces with one command instead of enabling Ethernet LMI separately on each interface.
Page 126 6797 To enable the switch as an Ethernet LMI CE device, you must enter both the ethernet lmi global and ethernet lmi ce commands. By default Ethernet LMI is disabled, and, when enabled the switch is in provider-edge mode unless you also enter the ethernet lmi ce command.
Page 127: Ethernet Lmi Ce-Vlan Map
{vlan-id | any | default | untagged} no ethernet lmi ce-vlan map {vlan-id | any | default | untagged} This command is available only if your switch is running the metro IP access or metro access image. Syntax Description vlan-id Enter the customer VLAN ID or VLAN IDs to map to.
Page 128 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ethernet lmi ce-vlan map Examples This example shows how to configure an E-LMI customer VLAN-to-EVC map to map EVC test to customer VLAN 101 in service instance 333 on the interface: Switch(config-if)# service instance 333 ethernet test...
Page 129: Ethernet Oam Remote-Failure
{critical-event | dying-gasp | link-fault} action error-disable-interface no ethernet oam remote-failure {critical-event | dying-gasp | link-fault} action This command is available only if your switch is running the metro IP access or the metro access image. Syntax Description critical-event Configure the switch to put an interface in error-disabled mode when an unspecified critical event has occurred.
Page 130 .html Examples This example shows how to configure an Ethernet OAM template for remote-failure indication when an unrecoverable error has occurred and how to apply it to an interface: Switch(config)# template oam1 Switch(config-template)# ethernet oam remote-failure dying-gasp action error-disable...
Page 131: Ethernet Uni
{bundle [all-to-one] | multiplex} no ethernet uni {bundle | multiplex} This command is available only if your switch is running the metro IP access or metro access image. Syntax Description bundle Configure the UNI to support bundling without multiplexing.
Page 132 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ethernet uni Examples This example shows how to configure bundling without multiplexing: Switch(config-if)# ethernet uni bundle To verify UNI service type, enter the show ethernet service interface detail privileged EXEC command. Related Commands Command Description...
Page 133: Ethernet Uni Id
This command was introduced. Usage Guidelines When you configure a UNI ID on a port, that ID is used as the default name for all maintenance end points (MEPs) configured on the port. You must enter the ethernet uni id name command on all ports that are directly connected to customer-edge (CE) devices.
Page 134: Exceed-Action
Use the exceed-action policy-map class police configuration command to set multiple actions for a policy-map class for packets that do not conform to the committed information rate (CIR). Use the no form of this command to cancel the action or to return to the default action.
Page 135 Enhanced packet marking provides the ability to modify a QoS marking based on any incoming QoS marking and table maps. The switch also supports the ability to mark multiple QoS parameters for the same class, and to simultaneously configure conform-action marking and exceed-action marking.
Page 136: Flowcontrol
When flow control receive is on for a device and it receives a pause frame, it stops sending any data packets. This prevents any loss of data packets during the congestion period.
Page 137 Does not send or receive Does not send or receive Examples This example shows how to configure the local port to not support flow control by the remote port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive off You can verify your settings by entering the show interfaces privileged EXEC command.
Page 138: Interface Port-Channel
Caution ports that are assigned to the channel group. Do not assign bridge groups on the physical ports in a channel group used as a Layer 3 port-channel Caution interface because it creates loops. You must also disable spanning tree.
Page 139 (ENIs). • Do not configure a port that is an active member of an EtherChannel as an IEEE 802.1x port. If IEEE 802.1x is enabled on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.
Page 140: Interface Range
Use the interface range global configuration command to enter interface range configuration mode and to execute a command on multiple ports at the same time. Use the no form of this command to remove an interface range. interface range {port-range | macro name}...
Page 141 Note in the range must be active port channels. When you define a range, you must enter a space between the first entry and the hyphen (-): interface range gigabitethernet0/1 -2 When you define multiple ranges, you must still enter a space after the first entry and before the...
Page 142: Interface Vlan
This command was introduced. Usage Guidelines SVIs are created the first time that you enter the interface vlan vlan-id command for a particular vlan. The vlan-id corresponds to the VLAN-tag associated with data frames on an IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access port.
Page 143 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands interface vlan You can verify your setting by entering the show interfaces and show interfaces vlan vlan-id privileged EXEC commands. Related Commands Command Description show interfaces vlan vlan-id Displays the administrative and operational status of all interfaces or the specified VLAN.
Page 144: Ip Access-Group
To define a numbered access list, use the access list global configuration command. You can used numbered standard access lists ranging from 1 to 99 and 1300 to 1999 or extended access lists ranging from 100 to 199 and 2000 to 2699.
Page 145 ACL applied are filtered by the port ACL. Other packets are filtered by the VLAN map. When an input port ACL is applied to an interface and a VLAN map is applied to a VLAN that the •...
Page 146 IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands ip access-list Configures a named ACL. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
Page 147: Ip Address
Use the ip address interface configuration command to set an IP address for the Layer 2 switch or to set an IP address for each switch virtual interface (SVI) or routed port on the Layer 3 switch. Use the no form of this command to remove an IP address or to disable IP processing.
Page 148 BOOTP or the DHCP server cannot reassign the address. A Layer 3 switch can have an IP address assigned to each routed port and SVI. The number of routed ports and SVIs that you can configure is not limited by software; however, the interrelationship between this number and the number of other features being configured might have an impact on CPU utilization due to hardware limitations.
Page 149: Ip Arp Inspection Filter Vlan
All other packet types are bridged in the ingress VLAN without validation. If the switch denies a packet because of an explicit deny statement in the ACL, the packet is dropped. If the switch denies a packet because of an implicit deny statement, the packet is then compared against the list of DHCP bindings (unless the ACL is static, which means that packets are not compared against the bindings).
Page 150 Examples This example shows how to apply the ARP ACL static-hosts to VLAN 1 for dynamic ARP inspection: Switch(config)# ip arp inspection filter static-hosts vlan 1 You can verify your settings by entering the show ip arp inspection vlan 1 privileged EXEC command.
Page 151: Ip Arp Inspection Limit
After you configure the rate limit, the interface retains the rate limit even when its trust state is changed. If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit.
Page 152 ARP packets on all the channel members. Examples This example shows how to limit the rate of incoming ARP requests on a port to 25 pps and to set the interface monitoring interval to 5 consecutive seconds:...
Page 153: Ip Arp Inspection Log-Buffer
Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. For example, if the logs number is 20 and the interval seconds is 4, the switch generates system messages for five entries every second while there are entries in the log buffer.
Page 154 If the log buffer overflows, it means that a log event does not fit into the log buffer, and the output display for the show ip arp inspection log privileged EXEC command is affected. A -- in the output display appears in place of all data except the packet count and the time.
Page 155: Ip Arp Inspection Trust
The command was supported in the metro base image. Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface; it simply forwards the packets. For untrusted interfaces, the switch intercepts all ARP requests and responses. It verifies that the intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination.
Page 156 Description ip arp inspection log-buffer Configures the dynamic ARP inspection logging buffer. show ip arp inspection Displays the trust state and the rate limit of ARP packets for the interfaces specified interface or all interfaces. show ip arp inspection Displays the configuration and contents of the dynamic ARP inspection log buffer.
Page 157: Ip Arp Inspection Validate
You must specify at least one of the keywords. Each command overrides the configuration of the previous command; that is, if a command enables src-mac and dst-mac validations, and a second command enables IP validation only, the src-mac and dst-mac validations are disabled as a result of the second command.
Page 158 • inspection validate ip command, ARP probes are dropped unless you enter the allow-zeros keyword. The no form of the command disables only the specified checks. If none of the options are enabled, all checks are disabled. Examples This example show how to enable source MAC validation:...
Page 159: Ip Arp Inspection Vlan
Use the ip arp inspection vlan global configuration command to enable dynamic Address Resolution Protocol (ARP) inspection on a per-VLAN basis. Use the no form of this command to return to the default setting. ip arp inspection vlan vlan-range...
Page 160: Ip Arp Inspection Vlan Logging
Use the ip arp inspection vlan logging global configuration command to control the type of packets that are logged per VLAN. Use the no form of this command to disable this logging control.
Page 161 If neither the acl-match or the dhcp-bindings keywords are specified, all denied packets are logged. The implicit deny at the end of an ACL does not include the log keyword. This means that when you use the static keyword in the ip arp inspection filter vlan global configuration command, the ACL overrides the DHCP bindings.
Page 162: Ip Dhcp Snooping
Usage Guidelines For any DHCP snooping configuration to take effect, you must globally enable DHCP snooping. DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan-id global configuration command. Examples...
Page 163: Ip Dhcp Snooping Binding
Use the ip dhcp snooping binding privileged EXEC command to configure the DHCP snooping binding database and to add binding entries to the database. Use the no form of this command to delete entries from the binding database.
Page 164 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip dhcp snooping binding Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN. show ip dhcp snooping binding Displays the dynamically configured bindings in the DHCP snooping binding database and the configuration information.
Page 165: Ip Dhcp Snooping Database
Use the ip dhcp snooping database global configuration command to configure the DHCP snooping binding database agent. Use the no form of this command to disable the agent, to reset the timeout value, or to reset the write-delay value.
Page 166 Use the no ip dhcp snooping database write-delay command to reset the write-delay value. Examples This example shows how to store a binding file at an IP address of 10.1.1.1 that is in a directory called directory. A file named file must be present on the TFTP server.
Page 167: Ip Dhcp Snooping Information Option
ID suboption). The switch forwards the DHCP request that includes the option-82 field to the DHCP server. When the DHCP server receives the packet, it can use the remote ID, the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP addresses that can be assigned to a single remote ID or a circuit ID.
Page 168 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration. show ip dhcp snooping binding Displays the DHCP snooping binding information.
Page 169: Ip Dhcp Snooping Information Option Allowed-Untrusted
DHCP packets with option-82 information that are received on untrusted ports that might be connected to an edge switch. Use the no form of this command to configure the switch to drop these packets from the edge switch.
Page 170 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip dhcp snooping information option allowed-untrusted You can verify your settings by entering the show ip dhcp snooping privileged EXEC command. Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration.
Page 171: Ip Dhcp Snooping Information Option Format Remote-Id
When the option-82 feature is enabled, the default remote-ID suboption is the switch MAC address. This command allows you to configure either the switch hostname or a string of up to 63 ASCII characters (but no spaces) to be the remote ID.
Page 172: Ip Dhcp Snooping Limit Rate
Normally, the rate limit applies to untrusted interfaces. If you want to configure rate limiting for trusted interfaces, keep in mind that trusted interfaces might aggregate DHCP traffic on multiple VLANs (some of which might not be snooped) in the switch, and you will need to adjust the interface rate limits to a higher value.
Page 173: Ip Dhcp Snooping Trust
12.2(25)EX This command was introduced. Usage Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers. Configure as untrusted ports those that are connected to DHCP clients. Examples This example shows how to enable DHCP snooping trust on a port: Switch(config-if)# ip dhcp snooping trust You can verify your settings by entering the show ip dhcp snooping privileged EXEC command.
Page 174: Ip Dhcp Snooping Verify Mac-Address
Use the ip dhcp snooping verify mac-address global configuration command to configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. Use the no form of this command to configure the switch to not verify the MAC addresses.
Page 175: Ip Dhcp Snooping Vlan
Use the ip dhcp snooping vlan global configuration command to enable DHCP snooping on a VLAN. Use the no form of this command to disable DHCP snooping on a VLAN. ip dhcp snooping vlan vlan-range...
Page 176: Ip Dhcp Snooping Vlan Information Option Format-Type Circuit-Id String
DHCP snooping configuration to take effect. When the option-82 feature is enabled, the default circuit-ID suboption is the switch VLAN and the port identifier, in the format vlan-mod-port. This command allows you to configure a string of ASCII characters to be the circuit ID.
Page 177 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip dhcp snooping vlan information option format-type circuit-id string The show ip dhcp snooping user EXEC command only displays the global command output, including Note a remote-ID configuration. It does not display any per-interface, per-VLAN string that you have configured for the circuit ID.
Page 178: Ip Igmp Filter
You cannot apply IGMP filters to routed ports, switch virtual interfaces (SVIs), or ports that belong to an EtherChannel group. An IGMP profile can be applied to one or more switch port interfaces, but one port can have only one profile applied to it.
Page 179 Displays the running configuration on the switch interface, including interface-id the IGMP profile (if any) that is applied to an interface. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands >...
Page 180: Ip Igmp Max-Groups
Use the no form of this command to set the maximum back to the default, which is to have no maximum limit, or to return to the default throttling action, which is to drop the report.
Page 181 • max-groups {deny | replace} command has no effect. Examples This example shows how to limit to 25 the number of IGMP groups that a port can join. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip igmp max-groups 25 This example shows how to configure the switch to replace the existing group with the new group for...
Page 182: Ip Igmp Profile
• permit: specifies that matching addresses are permitted. • range: specifies a range of IP addresses for the profile. This can be a single IP address or a range • with a start and an end address. When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.
Page 183 Command Description ip igmp filter Applies the IGMP profile to the specified interface. show ip dhcp snooping Displays the characteristics of all IGMP profiles or the specified statistics IGMP profile number. Cisco ME 3400 Ethernet Access Switch Command Reference 2-157...
Page 184: Ip Igmp Snooping
When IGMP snooping is enabled globally, it is enabled in all the existing VLAN interfaces. When IGMP snooping is disabled globally, it is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
Page 185 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip igmp snooping Related Commands Command Description ip igmp snooping report-suppression Enables IGMP report suppression. show ip igmp snooping Displays the snooping configuration. show ip igmp snooping groups Displays IGMP snooping multicast information.
Page 186: Ip Igmp Snooping Last-Member-Query-Interval
When IGMP snooping is globally disabled, IGMP snooping is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Configuring the leave timer on a VLAN overrides the global setting.
Page 187 Configures a Layer 2 port as a multicast router port. ip igmp snooping vlan static Configures a Layer 2 port as a member of a group. show ip igmp snooping Displays the IGMP snooping configuration.
Page 188: Ip Igmp Snooping Querier
Use the ip igmp snooping querier global configuration command to globally enable the Internet Group Management Protocol (IGMP) querier function in Layer 2 networks. Use the command with keywords to enable and configure the IGMP querier feature on a VLAN interface. Use the no form of this command to return to the default settings.
Page 189 Usage Guidelines Use this command to enable IGMP snooping to detect the IGMP version and IP address of a device that sends IGMP query messages, which is also called a querier. By default, the IGMP snooping querier is configured to detect devices that use IGMP Version 2 (IGMPv2) but does not detect clients that are using IGMP Version 1 (IGMPv1).
Page 190: Ip Igmp Snooping Report-Suppression
When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.
Page 191 Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN. Cisco ME 3400 Ethernet Access Switch Command Reference 2-165 OL-9640-07...
Page 192: Ip Igmp Snooping Tcn
You can prevent the loss of the multicast traffic that might occur because of a topology change by using this command. If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving one general query.
Page 193: Ip Igmp Snooping Tcn Flood
This command was introduced. Usage Guidelines When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, this flooding behavior might not be desirable because the flooded traffic might exceed the capacity of the link and cause packet loss.
Page 194: Ip Igmp Snooping Vlan Immediate-Leave
This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. You should only configure the Immediate Leave feature when there is a maximum of one receiver on every port in the VLAN.
Page 195: Ip Igmp Snooping Vlan Mrouter
Use the ip igmp snooping vlan vlan-id mrouter global configuration command to add a multicast router port or to configure the multicast learning method. Use the no form of this command to return to the default settings.
Page 196 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip igmp snooping vlan mrouter Related Commands Command Description ip igmp snooping report-suppression Enables IGMP report suppression. show ip igmp snooping Displays the snooping configuration. show ip igmp snooping groups Displays IGMP snooping multicast information.
Page 197: Ip Igmp Snooping Vlan Static
Modification 12.2(25)EX This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. The configuration is saved in NVRAM. Examples This example shows how to statically configure a port as a multicast router port: Switch(config)# ip igmp snooping vlan 1 mrouter interface gigabitethernet0/2 You can verify your settings by entering the show ip igmp snooping privileged EXEC command.
Page 198 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip igmp snooping vlan static Related Commands Command Description ip igmp snooping report-suppression Enables IGMP report suppression. show ip igmp snooping Displays the snooping configuration. show ip igmp snooping groups Displays IGMP snooping multicast information.
Page 199: Ip Source Binding
A static IP source binding entry has an IP address, its associated MAC address, and its associated VLAN number. The entry is based on the MAC address and the VLAN number. If you modify an entry by changing only the IP address, the switch updates the entry instead creating a new one.
Page 200 Enables IP source guard on an interface. show ip source binding Displays the IP source bindings on the switch. show ip verify source Displays the IP source guard configuration on the switch or on a specific interface. Cisco ME 3400 Ethernet Access Switch Command Reference 2-174...
Page 201: Ip Ssh
Usage Guidelines If you do not enter this command or if you do not specify a keyword, the SSH server selects the latest SSH version supported by the SSH client. For example, if the SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2.
Page 202 Features > Secure Shell Commands. show ssh Displays the status of the SSH server. For syntax information, select Cisco IOS Release 12.2 Configuration Guides and Command References > Cisco IOS Security Command Reference, Release 12.2 > Other Security Features >...
Page 203: Ip Sticky-Arp (Global Configuration)
(global configuration) Use the ip sticky-arp global configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) that belongs to a private VLAN. Use the no form of this command to disable sticky ARP.
Page 204 (global configuration) Use the no sticky-arp global configuration command to disable sticky ARP on the switch. • Use the no sticky-arp interface configuration command to disable sticky ARP on an interface when • sticky ARP is disabled on the switch.
Page 205: Ip Sticky-Arp (Interface Configuration)
(interface configuration) Use the ip sticky-arp interface configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) or a Layer 3 interface. Use the no form of this command to disable sticky ARP.
Page 206 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ip sticky-arp (interface configuration) If you disconnect the switch from a device and then connect it to another device with a different • MAC address but with the same IP address, the ARP entry is not created, and this message appears: *Mar 2 00:26:06.967: %IP-3-STCKYARPOVR: Attempt to overwrite Sticky ARP entry:...
Page 207: Ip Verify Source
To enable IP source guard with source IP and MAC address filtering, use the ip verify source port-security interface configuration command. To enable IP source guard with source IP and MAC address filtering, you must enable port security on the interface.
Page 208: Ipv6 Access-List
To disallow ICMPv6 neighbor discovery and to deny icmp any any nd-na or icmp any any nd-ns, there must be an explicit deny entry in the ACL. For the implicit deny ipv6 any any statement to take effect, an IPv6 ACL must contain at least one entry.
Page 209 Use the ipv6 traffic-filter interface configuration command with the access-list-name argument to apply an IPv6 ACL to an IPv6 interface. You can apply inbound and outbound IPv6 ACLs to Layer 3 physical interfaces or to switch virtual interfaces for routed ACLs, but only inbound IPv6 ACLs to Layer 2 interfaces for port ACLs.
Page 210: Ipv6 Address Dhcp
[rapid-commit] no ipv6 address dhcp [rapid-commit] This command is available only if the switch is running the metro IP access image and you have Note configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 211: Ipv6 Dhcp Client Request Vendor
This command is available only if the switch is running the metro IP access image and you have Note configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 212: Ipv6 Dhcp Ping Packets
This command is available only if the switch is running the metro IP access image and you have Note configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 213: Ipv6 Dhcp Pool
16-bit values between colons. • lifetime t1 t2: sets a valid and a preferred time interval (in seconds) for the IPv6 address. The range is 5 to 4294967295 seconds. The valid default is 2 days. The preferred default is 1 day. The valid lifetime must be greater than or equal to the preferred lifetime.
Page 214 After you create the DHCPv6 configuration information pool, use the ipv6 dhcp server interface configuration command to associate the pool with a server on an interface. However, if you do not configure an information pool, you still need to use the ipv6 dhcp server interface configuration command to enable the DHCPv6 server function on an interface.
Page 215: Ipv6 Dhcp Server
When the server receives an IPv6 DHCP packet, the server determines if it was received from a DHCP relay or if it was directly received from the client. If the packet was received from a relay, the server verifies the link-address field inside the packet associated with the first relay that is closest to the client.
Page 216 The prefix address is valid if it is in the associated local prefix address pool and it is not assigned to a device. If the allow-hint keyword is not specified, the server ignores the client hint, and an address is allocated from the free list in the pool.
Page 217: Ipv6 Traffic-Filter
(SVIs). If the switch is running the metro IP access image, you can apply an ACL to outbound or inbound traffic on Layer 3 interfaces (router ACLs), or to inbound traffic on Layer 2 interfaces (port ACLs). If the switch is running the metro base or metro access image, you can apply ACLs only to inbound management traffic on Layer 2 interfaces.
Page 218 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands ipv6 traffic-filter Examples This example filters inbound IPv6 traffic on an IPv6-configured interface as defined by the access list named cisco: Switch (config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64...
Page 219: L2Protocol-Tunnel
Use the l2protocol-tunnel interface configuration command to enable tunneling of Layer 2 protocols on an access port, a trunk port, an IEEE 802.1Q tunnel port, or a port channel. You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets.
Page 220 When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.
Page 221 When no protocol option is specified with a keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a shutdown threshold on the interface, the drop-threshold value must be less than or equal to the shutdown-threshold value.
Page 222: L2Protocol-Tunnel Cos
5. The range is 0 to 7, with 7 being the highest priority. Defaults The default is to use the CoS value configured for data on the interface. If no CoS value is configured, the default is 5 for all tunneled Layer 2 protocol packets.
Page 223: Lacp Port-Priority
The lacp port-priority interface configuration command determines which ports are bundled and which ports are put in hot-standby mode when there are more than eight ports in an LACP channel group. This command takes effect only on EtherChannel ports that are already configured for LACP. If the interface is a user network interface (UNI), you must use the port-type nni or port-type eni interface configuration command to change the interface to an NNI or ENI before configuring lacp port-priority.
Page 224 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands lacp port-priority Examples This example shows how to configure the LACP port priority on a port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# lacp port-priority 1000 You can verify your settings by entering the show lacp [channel-group-number] internal privileged EXEC command.
Page 225: Lacp System-Priority
LACP. An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel group, the switch on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode.
Page 226 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands lacp system-priority Examples This example shows how to set the LACP system priority: Switch(config)# lacp system-priority 20000 You can verify your settings by entering the show lacp sys-id privileged EXEC command. Related Commands Command Description channel-group Assigns an Ethernet port to an EtherChannel group.
Page 227: Link State Group
Use the link state group interface configuration command to configure a port as a member of a link-state group. Use the no form of this command to remove the port from the link-state group.
Page 228 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands link state group Examples This example shows how to configure the interfaces as upstream in group 2: Switch# configure terminal Switch(config)# interface range gigabitethernet0/11 - 14 Switch(config-if-range)# link state group 2 downstream...
Page 229: Link State Track
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands link state track link state track Use the link state track user EXEC command to enable a link-state group. Use the no form of this command to disable a link-state group. link state track [number] no link state track [number] This command is supported only when the switch is running the metro access or metro IP access image.
Page 230: Location (Global Configuration)
Usage Guidelines After entering the location civic-location identifier id global configuration command, you enter civic location configuration mode. In this mode, you can enter the civic location and the postal location information. Use the no lldp med-tlv-select location information interface configuration command to disable the location TLV.
Page 231 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands location (global configuration) This example shows how to configure the emergency location information location on the switch: Switch (config)# location elin-location 14085553881 identifier 1 You can verify your settings by entering the show location elin privileged EXEC command.
Page 232: Location (Interface Configuration)
(interface configuration) location (interface configuration) Use the location interface command to enter location information for an interface. Use the no form of this command to remove the interface location information. location {additional-location-information word | civic-location-id id | elin-location-id id}...
Page 233 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands location (interface configuration) Related Commands Command Description location (global configuration) Configures the location information for an endpoint. show location Displays the location information for an endpoint. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 234: Logging Event
Use the logging event interface configuration command to enable notification of interface link status changes. Use the no form of this command to disable notification. logging event {bundle-status | link-status | spanning-tree | status | trunk status}...
Page 235: Logging File
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands logging file logging file Use the logging file global configuration command to set logging file parameters. Use the no form of this command to return to the default setting. logging file filesystem:filename [max-file-size [min-file-size]] [severity-level-number | type]...
Page 236 Usage Guidelines The log file is stored in ASCII text format in an internal buffer on the switch. You can access logged system messages by using the switch command-line interface (CLI) or by saving them to a properly configured syslog server.
Page 237: Mac Access-Group
ACL replaces the previously configured one. If you apply an ACL to a Layer 2 interface on a switch, and the switch has an input Layer 3 ACL or a VLAN map applied to a VLAN that the interface is a member of, the ACL applied to the Layer 2 interface takes precedence.
Page 238 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands mac access-group Examples This example shows how to apply a MAC extended ACL named macacl2 to an interface: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# mac access-group macacl2 in You can verify your settings by entering the show mac access-group privileged EXEC command. You can see configured ACLs on the switch by entering the show access-lists privileged EXEC command.
Page 239: Mac Access-List Extended
Use the mac access-list extended global configuration command to create an access list based on MAC addresses for non-IP traffic. Using this command puts you in the extended MAC access-list configuration mode. Use the no form of this command to return to the default setting.
Page 240 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands mac access-list extended Examples This example shows how to create a MAC named extended access list named mac1 and to enter extended MAC access-list configuration mode: Switch(config)# mac access-list extended mac1...
Page 241: Mac Address-Table Aging-Time
Use the mac address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. Use the no form of this command to return to the default setting. The aging time applies to all VLANs or a specified VLAN.
Page 242: Mac Address-Table Learning Vlan
Use the mac address-table learning global configuration command to enable MAC address learning on a VLAN. This is the default state. Use the no form of this command to disable MAC address learning on a VLAN to control which VLANs can learn MAC addresses.
Page 243 You cannot disable MAC address learning on an RSPAN VLAN. The configuration is not allowed. If you disable MAC address learning on a VLAN that includes a secure port, MAC address learning is not disabled on the secure port. If you later disable port security on the interface, the disabled MAC address learning state is enabled.
Page 244: Mac Address-Table Move Update
Use the no form of this command to return to the default setting. mac address-table move update {receive | transmit} no mac address-table move update {receive | transmit} This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description receive Specify that the switch processes MAC address-table move update messages.
Page 245 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update global counters. update debug matm move update Debugs the MAC address-table move update message processing.
Page 246: Mac Address-Table Notification
This command was introduced. Usage Guidelines Whenever a new MAC address is added or an old address is deleted from the forwarding tables, the MAC address notification feature sends Simple Network Management Protocol (SNMP) traps to a network management system (NMS). MAC notifications are generated only for dynamic and secure MAC addresses.
Page 247 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands mac address-table notification You can verify your settings by entering the show mac address-table notification privileged EXEC command. Related Commands Command Description clear mac address-table notification Clears the MAC address notification global counters.
Page 248: Mac Address-Table Static
Examples This example shows how to add the static address c2f3.220a.12f4 to the MAC address table. When a packet is received in VLAN 4 with this MAC address as its destination, the packet is forwarded to the specified interface: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 You can verify your setting by entering the show mac address-table privileged EXEC command.
Page 249: Mac Address-Table Static Drop
If you add a unicast MAC address as a static address and configure unicast MAC address filtering, the switch either adds the MAC address as a static address or drops packets with that MAC address, depending on which command was entered last. The second command that you entered overrides the first command.
Page 250 Examples This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop...
Page 251: Macro Apply
If a command fails because of a syntax error or a configuration error when you apply a macro, the macro continues to apply the remaining commands to the interface.
Page 252 Examples After you have created a macro by using the macro name global configuration command, you can apply it to an interface. This example shows how to apply a user-created macro called duplex to an interface: Switch(config-if)# macro apply duplex To debug a macro, use the macro trace interface configuration command to find any syntax or configuration errors in the macro as it is applied to an interface.
Page 253: Macro Description
Use the description keyword to associate comment text, or the macro name, with an interface. When multiple macros are applied on a single interface, the description text will be from the last applied macro. This example shows how to add a description to an interface:...
Page 254: Macro Global
If a command fails because of a syntax error or a configuration error when you apply a macro, the macro continues to apply the remaining commands to the switch.
Page 255 After you have created a new macro by using the macro name global configuration command, you can apply it to a switch. This example shows how see the snmp macro and how to apply the macro and set the hostname to test-server and set the IP precedence value to 7:...
Page 256: Macro Global Description
Use the macro global description global configuration command to enter a description about the macros that are applied to the switch. Use the no form of this command to remove the description. macro global description text no macro global description text...
Page 257: Macro Name
A macro can contain up to 3000 characters. Enter one macro command per line. Use the @ character to end the macro. Use the # character at the beginning of a line to enter comment text within the macro. You can define mandatory keywords within a macro by using a help string to specify the keywords. Enter # macro keywords word to define the keywords that are available for use with the macro.
Page 258 Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX This example shows how to display the mandatory keyword values before you apply the macro to an interface: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# macro apply test ? WORD keyword to replace with a value e.g...
Page 259: Match (Access-Map Configuration)
Examples This example shows how to define and apply a VLAN access map vmap4 to VLANs 5 and 6 that will cause the interface to drop an IP packet if the packet matches the conditions defined in access list al2.
Page 260 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands match (access-map configuration) You can verify your settings by entering the show vlan access-map privileged EXEC command. Related Commands Command Description access-list Configures a standard numbered ACL. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 >...
Page 261: Match Access-Group
Use the match access-group class-map configuration command to configure the match criteria for a class map on the basis of the specified access control list (ACL). Use the no form of this command to remove the ACL match criteria.
Page 262: Match Cos
This command was introduced. Usage Guidelines The match cos command specifies a CoS value to use as the match criteria to determine if packets belong to the class specified by the class map. Before using the match cos command, you must enter the class-map global configuration command to specify the name of the class whose match criteria you want to establish.
Page 263: Match Ip Dscp
You can enter up to eight DSCP values in one match statement. For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7, enter the match ip dscp 0 1 2 3 4 5 6 7 command. The packet must match only one (not all) of the specified IPv4 DSCP values to belong to the class.
Page 264 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands match ip dscp Examples This example shows how to create a class map called inclass, which matches all the incoming traffic with DSCP values of 10, 11, and 12: Switch(config)# class-map match-any in-class...
Page 265: Match Ip Precedence
For example, the precedence value of 2 is not greater than 1, but merely indicates that a packet marked with a value of 2 is different than one marked with a value of 1. You define the treatment of these marked packets by setting QoS policies in policy-map class configuration mode.
Page 266 Related Commands Command Description class-map Creates a class map to be used for matching packets to the class whose name you specify. show class-map Displays quality of service (QoS) class maps. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 267: Match Qos-Group
Use the match qos-group class-map configuration command to ntify a specific quality of service (QoS) group value as a match criterion for a class. Use the no form of this command to remove the match criterion. match qos-group value...
Page 268 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands match qos-group Related Commands Command Description class-map Creates a class map to be used for matching packets to the class whose name you specify. show class-map Displays QoS class maps. Cisco ME 3400 Ethernet Access Switch Command Reference 2-242...
Page 269: Match Vlan
VLANs, and you can apply independent QoS policies to each parent-service class using any child-policy A policy is considered a parent policy map when it has one or more of its classes associated with a child policy-map. Each class within a parent policy map is called a parent class. You can configure only the match vlan command in parent classes.
Page 270 (match ip dscp, match ip precedence, match IP ACL), you must be careful to ensure that these VLANs are not carried on any port other than the one on which this per-port, per-VLAN policy is attached. Not following this restriction could result in improper QoS behavior for traffic ingressing the switch on these VLANs.
Page 271 Related Commands Command Description class-map Creates a class map to be used for matching packets to a specified class name. show class-map Displays quality of service (QoS) class maps. Cisco ME 3400 Ethernet Access Switch Command Reference 2-245...
Page 272: Mdix Auto
This command was introduced. Usage Guidelines When you enable auto-MDIX on an interface, you must also set the speed and duplex on the interface to auto so that the feature operates correctly. If the port is a user network interface (UNI) or enhanced network interfaces (ENI), you must use the no shutdown interface configuration command to enable it before using the mdix auto command.
Page 273 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands mdix auto Related Commands Command Description show controllers Displays general information about internal registers of an interface, ethernet-controller including the operational state of auto-MDIX. interface-id phy Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 274: Media-Type
When you select sfp, the switch disables the RJ-45 interface. If you connect a cable to this port, it cannot attain a linkup even if the SFP module side is down or if the SFP module is not present. Based on the type of installed SFP module, you can configure the speed and duplex settings consistent with this interface type.
Page 275 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands media-type To configure speed or duplex settings on a dual-purpose port, you must first select the media type. If you configure auto-select, you cannot configure the speed and duplex interface configuration commands.
Page 276: Monitor Session
VLANs to or from an existing SPAN or RSPAN session, and to limit (filter) SPAN source traffic to specific VLANs. Use the no form of this command to remove the SPAN or RSPAN session or to remove source or destination interfaces or filters from the SPAN or RSPAN session. For destination interfaces, the encapsulation dot1q or encapsulation replicate keywords are ignored with the no form of the command.
Page 277 This command was introduced. Usage Guidelines Traffic that enters or leaves source ports or source VLANs can be monitored by using SPAN or RSPAN. Traffic routed to source ports or source VLANs cannot be monitored. You can set a combined maximum of two local SPAN sessions and RSPAN source sessions. You can have a total of 66 SPAN and RSPAN sessions on a switch.
Page 278 VSPAN, and only packets with the monitored VLAN ID are sent to the destination port. You can monitor traffic on a single port or VLAN or on a series or range of ports or VLANs. You select a series or range of interfaces or VLANs by using the [, | -] options.
Page 279 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands monitor session Examples This example shows how to create a local SPAN session 1 to monitor both sent and received traffic on source port 1 to destination port 2: Switch(config)# monitor session 1 source interface gigabitethernet0/1 both...
Page 280: Mvr (Global Configuration)
Use the mvr global configuration command without keywords to enable the multicast VLAN registration (MVR) feature on the switch. Use the command with keywords to set the MVR mode for a switch, configure the MVR IP multicast address, set the maximum time to wait for a query reply before removing a port from group membership, and to specify the MVR multicast VLAN.
Page 281 A maximum of 256 MVR multicast groups can be configured on a switch. Use the mvr group command to statically set up all the IP multicast addresses that will take part in MVR. Any multicast data sent to a configured multicast address is sent to all the source ports on the switch and to all receiver ports that have registered to receive data on that IP multicast address.
Page 282 MVR groups of which the interface is a member. show mvr members Displays all ports that are members of an MVR multicast group; if the group has no members, its status is shown as Inactive. Cisco ME 3400 Ethernet Access Switch Command Reference 2-256...
Page 283: Mvr (Interface Configuration)
Use the mvr interface configuration command to configure a Layer 2 port as a multicast VLAN registration (MVR) receiver or source port, to set the Immediate Leave feature, and to statically assign a port to an IP multicast VLAN and IP address. Use the no form of this command to return to the default settings.
Page 284 Receiver ports on a switch can be in different VLANs, but should not belong to the multicast VLAN. A port that is not taking part in MVR should not be configured as an MVR receiver port or a source port.
Page 285 Switch(config)# interface fastethernet0/5 Switch(config-if)# mvr vlan 100 receiver vlan 201 This example shows how to add on port 5 the receiver VLAN 201 as a static member of the IP multicast group 239.1.1.1, with an MVR VLAN of 100: Switch(config)# interface fastethernet0/5 Switch(config-if)# mvr vlan 100 group 239.1.1.1 receiver vlan 201...
Page 286: Oam Protocol Cfm Svlan
(EVC) operation, administration, and maintenance (OAM) protocol as IEEE 801.2ag Connectivity Fault Management (CFM) and to identify the service provider VLAN-ID for a CFM domain level. Use the no form of this command to remove the OAM protocol configuration for the EVC. oam protocol cfm svlan vlan-id domain domain-name no oam protocol This command is available only if your switch is running the metro IP access or metro access image.
Page 287: Pagp Learn-Method
Use the pagp learn-method interface configuration command to learn the source address of incoming packets received from an EtherChannel port. Use the no form of this command to return to the default setting. pagp learn-method {aggregation-port | physical-port} no pagp learn-method PAgP is available only on network node interfaces (NNIs) and enhanced network interfaces (ENIs).
Page 288 Only use the pagp learn-method interface configuration command in this situation. Examples This example shows how to set the learning method to learn the address on the physical port within the EtherChannel: Switch(config-if)# pagp learn-method physical-port...
Page 289: Pagp Port-Priority
This command was introduced. Usage Guidelines If the interface is a user network interface (UNI), you must enter the port-type nni or port-type eni interface configuration command before configuring pagp port-priority. The physical port with the highest operational priority and that has membership in the same EtherChannel is the one selected for PAgP transmission.
Page 290 Examples This example shows how to set the port priority to 200: Switch(config-if)# pagp port-priority 200 You can verify your setting by entering the show running-config privileged EXEC command or the show pagp channel-group-number internal privileged EXEC command. Related Commands...
Page 291: Permit (Arp Access-List Configuration)
Use the permit Address Resolution Protocol (ARP) access-list configuration command to permit an ARP packet based on matches against the Dynamic Host Configuration Protocol (DHCP) bindings. Use the no form of this command to remove the specified access control entry (ACE) from the access control list.
Page 292 You can add permit clauses to forward ARP packets based on some matching criteria. Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 0000.0000.abcd...
Page 293: Permit (Ipv6 Access-List Configuration)
(IPv6 access-list configuration) permit (IPv6 access-list configuration) Use the permit IPv6 access list configuration command to set permit conditions for an IPv6 access list. Use the no form of this command to remove the permit conditions. permit {protocol} {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator...
Page 294 The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
Page 295 (Optional) Specify an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by the ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. icmp-message (Optional) Specify an ICMP message name for filtering ICMP packets.
Page 296 You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement somewhere other than at the end of the list, create a new statement with an appropriate entry number that falls between two existing entry numbers to show where it belongs.
Page 297 Switch(config-if)# ipv6 traffic-filter OUTBOUND out Switch(config-if)# ipv6 traffic-filter INBOUND in Given that a permit any any statement is not included as the last entry in the OUTBOUND or the Note INBOUND access list, only TCP, UDP, and ICMP packets can leave or enter the interface (the implicit deny-all condition at the end of the access list denies all other packet types on the interface).
Page 298: Permit (Mac Access-List Configuration)
[type mask | cos cos | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp]...
Page 299 If you use the host keyword, you cannot enter an address mask; if you do not use the any or host keywords, you must enter an address mask. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 300 After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.
Page 301: Police
A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if a maximum is exceeded. In policy-map class police configuration mode, you can specify multiple actions for a packet.
Page 302 (Optional) Action to be taken for packets that do not conform to the CIR. drop Drop the packet. Defaults No policers are defined. Conform burst (bc) is automatically configured to 250 ms at the configured CIR. Command Modes Policy-map class configuration Command History...
Page 303 Examples This example shows how to configure a policer with a 1-Mbps average rate with a burst size of 20 KB. The policer sets a new DSCP precedence value if the packets conform to the rate and drops the packet if traffic exceeds the rate.
Page 304 This example shows how to configure a policer with default actions. Switch(config)# policy-map policy2 Switch(config-pmap)# class class2 Switch(config-pmap-c)# police 1000000 20000 conform-action transmit exceed-action drop Switch(config-pmap-c)# exit You can verify your settings by entering the show policy-map privileged EXEC command. Related Commands Command Description class Defines a traffic classification match criteria for the specified class-map name.
Page 305: Policer Aggregate (Global Configuration)
Use the policer aggregate global configuration command to create an aggregate policer to police all traffic across multiple classes in an input policy map. An aggregate policer can be shared by multiple classes in the same policy map. A policer defines a maximum permissible rate of transmission or committed information rate, a maximum burst size for transmissions, and an action to take if the maximum is met or exceeded.
Page 306 (Optional) Action to be taken on packets that do not conform to the CIR. drop Drop the packet. Defaults No aggregate policers are defined. When you configure an aggregate policer, conform burst (bc) is automatically configured at 250 ms at the configured CIR. Command Modes Global configuration Command History Release Modification 12.2(25)EX...
Page 307 If burst size (bc) is not specified, the system calculates an appropriate burst size value that equals the number of bytes that can be sent in 250 ms at the CIR rate. In most cases, the automatically calculated value is appropriate; enter a new value only if you are aware of all implications.
Page 308 Defines a traffic classification match criteria for the specified class-map name. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policer aggregate Displays the aggregate policer configuration. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 309: Police Aggregate (Policy-Map Class Configuration)
A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to remove the specified policer.
Page 310 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands police aggregate (policy-map class configuration) You can verify your settings by entering the show aggregate policer privileged EXEC command. Related Commands Command Description class Defines a traffic classification match criteria for the specified class-map name.
Page 311: Policer Cpu Uni
Use the policer cpu uni global configuration command to enable or disable CPU protection and to configure the CPU policing threshold for all user network interfaces (UNIs) and enhanced network interfaces (ENIs) on the switch. Use the no form of this command to return to the default rate or to disable CPU protection.
Page 312 Note processing overload and storm control through software. You can enter the show policer cpu uni-eni {drop | rate} privileged EXEC command to see if CPU protection is enabled. For more information about control-plane security, see the software configuration guide for this release.
Page 313: Policy-Map
If you enter the no policy-map configuration command or the no policy-map policy-map-name global configuration command to delete a policy map that is attached to an interface, a warning message appears that lists any interfaces from which the policy map is being detached. The policy map is then detached and deleted. For example:...
Page 314 You can create input policy maps and output policy maps, and you can assign one input policy map and one output policy map to a port. The input policy map acts on incoming traffic on the port; the output policy map acts on outgoing traffic.
Page 315 Switch(config-pmap-c)# police 20000000 Switch(config-pmap-c)# exit This example shows how to configure an output policy map that provides priority with rate limiting to the gold class and guarantees a minimum remaining bandwidth percent of 20 percent to the silver class and 10 percent to the bronze class:...
Page 316: Port-Channel Load-Balance
Use the port-channel load-balance global configuration command to set the load-distribution method among the ports in the EtherChannel. Use the no form of this command to return to the default setting. port-channel load-balance {dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac}...
Page 317 Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_comman d_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Cisco ME 3400 Ethernet Access Switch Command Reference 2-291...
Page 318: Port-Type
ENI port. A port configured as an ENI has the same defaults as a UNI port, but the you can configure control protocols (CDP, STP, LLDP, LACP and PAgP) on ENIs. These protocols are not supported on UNIs.
Page 319 Every port on the switch can be a UNI or ENI, but when the switch is running the metro base or metro access image, only four ports can be NNIs at the same time. If the switch is running the metro IP access image, you can configure all ports as NNIs.
Page 320: Power-Supply Dual
Use the power-supply dual global configuration command to enable power supply alarm indications (LED state, MIB state, and MIB traps) when a power supply on an ME 3400-12CS switch is not providing power. Use the no form of this command when running the switch on a single power supply to suppress the power-supply alarm for the second power supply.
Page 321 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands power-supply dual Related Commands Command Description show env {all | power} Displays the power-supply alarm setting for the switch. Cisco ME 3400 Ethernet Access Switch Command Reference 2-295 OL-9640-07...
Page 322: Priority
You can use priority with the police {rate-bps | cir cir-bps} policy-map command to reduce the bandwidth used by the priority queue. This is the only form of policing that is supported in output policy maps. Using this combination of commands configures a maximum rate on the priority queue and allows you to use the bandwidth and shape average policy-map commands for other classes to allocate traffic rates on other queues.
Page 323 You cannot configure priority and any other scheduling action (shape average or bandwidth) in the same class. The priority command uses a default queue limit for the class. You can change the queue limit by using the queue-limit policy-map class command, overriding the default set by the priority command.
Page 324 Defines a policer for classified traffic. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays quality of service (QoS) policy maps. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 325: Private-Vlan
This command was introduced. Usage Guidelines You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private-VLAN traffic. You cannot include VLAN 1 or VLANs 1002 to 1005 in the private-VLAN configuration. Extended VLANs (VLAN IDs 1006 to 4094) can be configured as private VLANs.
Page 326 A private VLAN cannot be a user network interface-enhanced network interface (UNI-ENI) VLAN. If the VLAN is a UNI-ENI isolated VLAN (the default), you can change it to a private VLAN by entering the private-vlan VLAN configuration command. If a VLAN has been configured as a UNI-ENI community VLAN, you must first enter the no uni-vlan VLAN configuration command before configuring it as a private VLAN.
Page 327 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands private-vlan You can verify your setting by entering the show vlan private-vlan or show interfaces status privileged EXEC command. Related Commands Command Description show interfaces status Displays the status of interfaces, including the VLANs to which they belong.
Page 328: Private-Vlan Mapping
VLAN. The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs. The list can contain one isolated VLAN and multiple community VLANs.
Page 329 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands private-vlan mapping Examples This example shows how to map the interface of VLAN 20 to the SVI of VLAN 18: Switch# configure terminal Switch# interface vlan 18 Switch(config-if)# private-vlan mapping 20...
Page 330: Queue-Limit
Use the queue-limit policy-map class configuration command to set the queue maximum threshold for Weighted Tail Drop (WTD) in an output policy map. Use the no form of this command to return to the default. queue-limit [cos value | dscp value | precedence value | qos-group value] number-of-packets...
Page 331 When you use the queue-limit command to configure thresholds within a class map, the WTD thresholds must be less than or equal to the maximum threshold of the queue. This means that the queue size configured without a qualifier must be larger than any of the queue sizes configured with a qualifier.
Page 332 The example also shows how if outclass1 matches to dscp 46, 56, 57, 58, 60, 63, a DSCP value of 46 gets a queue size of 32 (256-byte) packets; DSCP values 56, 57, and 58 get queue sizes of 48 (256-byte) packets;...
Page 333: Remote-Span
This command was introduced. Usage Guidelines Valid RSPAN VLAN IDs are 2 to 1001 and 1006 to 4094. The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN IDs 1002 to 1005 (reserved for Token Ring and FDDI VLANs).
Page 334 Switch(config-vlan)# remote-span This example shows how to remove the RSPAN feature from a VLAN. Switch(config)# vlan 901 Switch(config-vlan)# no remote-span You can verify your settings by entering the show vlan remote-span user EXEC command. Related Commands Command Description monitor session Enables Switched Port Analyzer (SPAN) and RSPAN monitoring on a port and configures a port as a source or destination port.
Page 335: Renew Ip Dhcp Snooping Database
This command was introduced. Usage Guidelines If you do not specify a URL, the switch tries to read the file from the configured URL. Examples This example shows how to renew the DHCP snooping binding database without checking CRC values: Switch# renew ip dhcp snooping database validation none You can verify settings by entering the show ip dhcp snooping database privileged EXEC command.
Page 336: Rep Admin Vlan
These messages are flooded to the whole network, not just the REP segment. Switches that do not belong to the segment treat them as data traffic. Configuring an administrative VLAN for the whole domain can control flooding of these messages.
Page 337: Rep Block Port
VLANs at the primary edge port. This behavior remains until you configure the rep block port command. If the primary edge port cannot determine which port is to be the alternate port, the default action is no preemption and no VLAN load balancing.
Page 338 Each port in a segment has a unique port ID. The port ID format is similar to the one used by the spanning tree algorithm: a port number (unique on the bridge) associated to a MAC address (unique in the network).
Page 339 Switch (config-if)# rep block port id 0080001647FB1780 vlan 1-100 Switch (config-if)# exit This example shows how to configure VLAN load balancing by using a neighbor offset number and how to verify the configuration by entering the show interfaces rep detail privileged EXEC command:...
Page 340: Rep Lsl-Age-Timer
Usage Guidelines The LSL hello timer is set to the age timer value divided by 3 so that there should be at least two LSL hellos sent within the LSL age timer period. If no hellos are received within that time, the REP link is brought down.
Page 341: Rep Preempt Delay
Set the number of seconds to delay REP preemption. The range is 15 to 300. Defaults No preemption delay is set. If you do not enter the rep preempt delay command, the default is manual preemption with no delay. Command Modes...
Page 342 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands rep preempt delay Related Commands Command Description rep block port Configures VLAN load balancing. show interfaces rep Displays REP configuration and status for all interfaces or a specified interface. Cisco ME 3400 Ethernet Access Switch Command Reference 2-316 OL-9640-07...
Page 343: Rep Preempt Segment
If you do not configure VLAN load balancing, entering this command results in the default behavior—the primary edge port blocks all VLANs. You configure VLAN load balancing by entering the rep block port {id port-id | neighbor_offset | preferred} vlan {vlan-list | all} interface configuration command on the REP primary edge port before you manually start preemption.
Page 344: Rep Segment
Use the rep segment interface configuration command to enable Resilient Ethernet Protocol (REP) on the interface and to assign a segment ID to it. Use the no form of this command to disable REP on the interface. rep segment segment-id [edge [no-neighbor] [primary]] [preferred]...
Page 345 (UNIs) or enhanced network interfaces (ENIs). You must configure two edge ports on each REP segment, a primary edge port and a port to act as a secondary edge port. If you configure two ports in a segment as the primary edge port, for example ports on different switches, the configuration is allowed, but the REP selects one of them to serve as the segment primary edge port.
Page 346 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands rep segment You can verify your settings by entering the show interfaces rep privileged EXEC command. To verify which port in the segment is the primary edge port, enter the show rep topology privileged EXEC command. Related Commands...
Page 347: Rep Stcn
Enter this command on a segment edge port. You use this command to notify other portions of the Layer 2 network of topology changes that occur in the local REP segment. This removes obsolete entries in the Layer 2 forwarding table in other parts of the network, which allows faster network convergence.
Page 348: Reserved-Only
Entering the reserved-only command restricts assignments from the DHCP pool to preconfigured reservations. Unreserved addresses that are part of the network or on pool ranges are not offered to the client, and other clients are not served by the pool.
Page 349: Rmon Collection Stats
Use the rmon collection stats interface configuration command to collect Ethernet group statistics, which include usage statistics about broadcast and multicast packets, and error statistics about cyclic redundancy check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
Page 350: Sdm Prefer
Layer 2 and Layer 3 functionality, or you can maximize system usage to support only Layer 2 features in hardware. You can also select the dual IPv4 and IPv6 template to support IPv6 forwarding. Use the no form of this command to return to the default template.
Page 351 IP access image. The values in the template are based on eight routed interfaces and approximately 1024 VLANs and represent the approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.
Page 352 Switch(config)# sdm prefer layer-2 Switch(config)# exit Switch# reload This is an example of an output display when you have changed the template to the layer-2 template and have not reloaded the switch: Switch# show sdm prefer The current template is "default" template.
Page 353: Service Instance
[evc-id] no service instance id This command is available only if your switch is running the metro IP access or metro access image. Syntax Description Define a service instance identifier, a per-interface service identifier that does not map to a VLAN.
Page 354 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands service instance Related Commands Command Description show ethernet service Displays information about configured Ethernet service instances. instance Cisco ME 3400 Ethernet Access Switch Command Reference 2-328 OL-9640-07...
Page 355: Service Password-Recovery
(the default). This mechanism allows an end user with physical access to the switch to press the break key on the console terminal to interrupt the boot process while the switch is powering up and to assign a new password.
Page 356 If the user chooses not to reset the system to the default configuration, the normal boot process continues as if the break key had not been pressed. If you choose to reset the system to the default configuration, the configuration file in flash memory is deleted, and the VLAN database file, flash:vlan.dat (if present), is deleted.
Page 357: Service-Policy (Interface Configuration)
QoS: Configuration failed. Maximum number of allowable unique queue-limit configurations exceeded. You can attach input or output policy maps to a Fast Ethernet or Gigabit Ethernet port. You cannot attach policy maps to switch virtual interfaces (SVIs) and EtherChannel interfaces.
Page 358 You can verify your settings by entering the show running-config privileged EXEC command. Related Commands Command Description policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays quality of service (QoS) policy maps. show policy-map...
Page 359: Service-Policy (Policy-Map Class Configuration)
Use the service-policy policy-map class configuration command to configure a quality of service (Q0S) service policy for an input or output policy map or a per-port, per-VLAN policy map. Use the no form of this command to disable a service policy as a QoS policy within a policy map.
Page 360 Examples This example shows how to define the service policy and to attach it to a parent policy map to set the maximum bandwidth (shape) for an output queue at 90000000 bits per second: Switch(config)# policy-map out-policy-parent...
Page 361 Defines a traffic classification match criteria for the specified class-map name. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays quality of service (QoS) policy maps.
Page 362: Set Cos
Use the set cos command if you want to mark a packet that is being sent to a switch. Switches can leverage Layer 2 header information including a CoS value marking.
Page 363 (QoS) based on the CoS markings. You can also configure Layer 2 to Layer 3 mapping by matching on the CoS value because switches can already match and set CoS values.
Page 364: Set Dscp
Use the set [ip] dscp policy-map class configuration command to mark IPv4 traffic by setting a Differentiated Services Code Point (DSCP) value in the type of service (ToS) byte of the packet. Use the no form of this command to remove traffic marking.
Page 365 If you specify a from-field category, but do not specify the table keyword and table-map-name, the default action is to copy the value associated with the from-field category as the DSCP value. For example, if you enter the set dscp cos command, the CoS value is copied and used as the DSCP value. Examples...
Page 366: Set Precedence
Use the set [ip] precedence policy-map class configuration command to mark IPv4 traffic by setting an IP-precedence value in the packet. Use the no form of this command to remove traffic marking. set [ip] precedence {precedence_value | from-field [table table-map-name]} no set [ip] precedence {precedence_value | from-field [table table-map-name]} Entering ip precedence is the same as entering precedence.
Page 367 You can configure set precedence with other marking actions, specifically set cos and set qos-group, for the same class. Support was also added for the ability to configure more than one marking action with enhanced packet marking by using table maps for the same class.
Page 368: Set Qos-Group
Use the set qos-group policy-map class configuration command to set a a quality of service (QoS) group identifier that can be used later to classify packets. Use the no form of this command to remove the group identifier.
Page 369 Description class Defines a traffic classification match criteria for the specified class-map name. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays QoS policy maps. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 370: Setup
EXEC command. Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt. To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
Page 371 Enter virtual terminal password: terminal-password Configure SNMP Network Management? [no]: yes Community string [public]: Current interface summary Any interface listed with OK? value “NO” does not have a valid configuration Interface IP-Address OK? Method Status Protocol Vlan1 172.20.135.202...
Page 372 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands setup Use this configuration? [yes/no]: yes [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit.
Page 373: Shape Average
(PIR) for that class. Configuring traffic shaping for the class class-default when it is the only class in the policy map that is attached to an interface sets the PIR for the interface (port shaping).
Page 374 This example shows how to configure traffic shaping for outgoing traffic on a Fast Ethernet port so that outclass1, outclass2, and outclass3 get a maximum of 50, 20, and 10 Mbps of the buffer size. The class class-default gets the remaining bandwidth.
Page 375: Show Access-Lists
Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch. show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression] Syntax Description name (Optional) Name of the ACL.
Page 376 10 permit 10.10.10.10 Extended IP access list 121 10 permit ahp host 10.10.10.10 host 20.20.10.10 precedence routine This is an example of output from the show access-lists hardware counters command: Switch# show access-lists hardware counters L2 ACL INPUT Statistics Drop:...
Page 377 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show access-lists Bridge Only And Log: All bytes count: 0 Forwarding To CPU: All frame count: 0 Forwarding To CPU: All bytes count: 0 Forwarded: All frame count: 514434...
Page 378: Show Archive Status
Use the show archive status privileged EXEC command to display the status of a new image being downloaded to a switch with the HTTP or the TFTP protocol. show archive status [ |{begin | exclude | include} expression]...
Page 379: Show Arp Access-List
The command was supported in the metro base image. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show arp access-list command: Switch>...
Page 380: Show Boot
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show boot command. Switch#...
Page 381 Enable Break Displays whether a break during booting is enabled or disabled. If it is set to yes, on, or 1, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized.
Page 382: Show Cable-Diagnostics Tdr
This command was introduced. Usage Guidelines TDR is supported only on copper Ethernet 10/100 ports on the Cisco ME switch. It is not supported on small form-factor pluggable (SFP)-module ports. For more information about TDR, see the software configuration guide for this release.
Page 383 The cable has a short. • Remote pair Name of the pair of wires to which the local pair is connected. TDR can learn about the remote pair only when the cable is properly connected and the link is up. Pair status The status of the pair of wires on which TDR is running: Normal—The pair of wires is properly connected.
Page 384: Show Class-Map
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show class-map command: Switch>...
Page 385: Show Controllers Cpu-Interface
This display provides information that might be useful for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 386 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show controllers cpu-interface Supervisor ASIC receive-queue parameters ---------------------------------------- queue 0 maxrecevsize 5EE pakhead 1419A20 paktail 13EAED4 queue 1 maxrecevsize 5EE pakhead 15828E0 paktail 157FBFC queue 2 maxrecevsize 5EE pakhead 1470D40 paktail 1470FE4 queue 3 maxrecevsize 5EE pakhead 19CDDD0 paktail 19D02C8 <output truncated>...
Page 387: Show Controllers Ethernet-Controller
When you enter the phy or port-asic keywords, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 388 Deferred frames The number of frames that are not sent after the time exceeds 2*maximum-packet time. MTU exceeded frames The number of frames that are larger than the maximum allowed frame size. 1 collision frames The number of frames that are successfully sent on an interface after one collision occurs.
Page 389 The number of frames that could not be sent on an interface after 16 collisions occur. Late collisions After a frame is sent, the number of frames dropped because late collisions were detected while the frame was sent. VLAN discard frames The number of frames dropped on an interface because the CFI bit is set.
Page 390 The total number of frames received on an interface that have alignment errors. FCS errors The total number of frames received on an interface that have a valid length (in bytes) but do not have the correct FCS values. Oversize frames The number of frames received on an interface that are larger than the maximum allowed frame size.
Page 391 Field Description System FCS error frames The total number of frames received on an interface that have a valid length (in bytes) but that do not have the correct FCS values. RxPortFifoFull drop The total number of frames received on an interface that are dropped because the ingress queue frames is full.
Page 392 SneakPortFifoInfo : 00000000 MacInfo : 0EC0801C 00000001 0EC0801B 00000001 00C0001D 00000001 00C0001E 00000001 <output truncated> This is an example of output from the show controllers ethernet-controller port-asic statistics command: Switch# show controllers ethernet-controller port-asic statistics =========================================================================== PortASIC 0 Statistics ---------------------------------------------------------------------------...
Page 393 <output truncated> Related Commands Command Description show controllers Displays the state of the CPU network ASIC and send and receive statistics cpu-interface for packets reaching the CPU. show controllers tcam Displays the state of registers for all ternary content addressable memory (TCAM) in the system and for TCAM interface ASICs that are CAM controllers.
Page 394: Show Controllers Tcam
Use the show controllers tcam privileged EXEC command to display the state of the registers for all ternary content addressable memory (TCAM) in the system and for all TCAM interface ASICs that are CAM controllers.
Page 395 00000000 00012800 00012900 Related Commands Command Description show controllers Displays the state of the CPU network ASIC and send and receive statistics cpu-interface for packets reaching the CPU. show controllers Displays per-interface send and receive statistics read from the hardware or ethernet-controller the interface internal registers.
Page 396: Show Controllers Utilization
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show controllers utilization command.
Page 397 Transmit Bandwidth Displays the transmitted bandwidth usage of the switch, which is the Percentage Utilization sum of the transmitted traffic on all the ports divided it by the switch transmit capacity. Fabric Percentage Utilization Displays the average of the transmitted and received bandwidth usage of the switch.
Page 398: Show Cpu Traffic Qos
Use the show cpu traffic qos user EXEC command to display the Quality of Service (QoS) marking parameters for CPU-generated traffic. show cpu traffic qos [ | {begin | exclude | include} expression]...
Page 399: Show Dot1Q-Tunnel
Use the show dot1q-tunnel user EXEC command to display information about IEEE 802.1Q tunnel ports. show dot1q-tunnel [interface interface-id] [ | {begin | exclude | include} expression] This command is visible only when the switch is running the metro IP access or metro access image. Syntax Description interface interface-id (Optional) Specify the interface for which to display IEEE 802.1Q tunneling...
Page 400: Show Dot1X
This command was introduced. Usage Guidelines If you do not specify a port, global parameters and a summary appear. If you specify a port, details for that port appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output appear.
Page 401 = 30 Seconds SuppTimeout = 30 Seconds TxPeriod = 30 Seconds Guest-Vlan This is an example of output from the show dot1x interface interface-id privileged EXEC command: Switch# show dot1x interface gigabitethernet0/1 Supplicant MAC 00d0.b71b.35de AuthSM State = AUTHENTICATED BendSM State...
Page 402 Number of EAPOL frames that have been received and have an unrecognized frame type. RxLenError Number of EAPOL frames that have been received in which the packet body length field is invalid. RxTotal Number of valid EAPOL frames of any type that have been received.
Page 403: Show Env
The command output shows the green and yellow states as OK and the red state as FAULTY. If you enter the show env all command on this switch, the command output is the same as the show env temperature status command output.
Page 404 Output are displayed. Examples Displays for the Cisco ME 3400G-12CS or ME 3400 2CS switch are different than those for other Cisco ME 3400 switches. This is an example of output from the show env all command for the Cisco ME 3400G-12CS switch: Switch>...
Page 405 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show env These are examples of output from the show env temperature command for the Cisco ME 3400G-12CS or ME-3400-2CS switch: Switch> show env temperature TEMPERATURE is OK Switch> show env temperature status...
Page 406: Show Errdisable Detect
Reason (SFP) interface. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show errdisable detect command: Switch>...
Page 407 Enabled port vmps Enabled port Though visible in the output, the dtp-flap, ilpower, storm-control, and unicast-flood fields are not valid. Note Related Commands Command Description errdisable detect cause Enables error-disable detection for a specific cause or all causes.
Page 408: Show Errdisable Flap-Values
The Flaps column in the display shows how many changes to the state within the specified time interval will cause an error to be detected and a port to be disabled. For example, the display shows that an error will be assumed and the port shut down if three Dynamic Trunking Protocol (DTP)-state (port mode access/trunk) or Port Aggregation Protocol (PAgP) flap changes occur during a 30-second interval, or if 5 link-state (link up/down) changes occur during a 10-second interval.
Page 409 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show errdisable flap-values Related Commands Command Description errdisable detect cause Enables error-disable detection for a specific cause or all causes. show errdisable detect Displays error-disable detection status. show errdisable recovery Displays error-disable recovery timer information.
Page 410: Show Errdisable Recovery
This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. A gbic-invalid error-disable reason refers to an invalid small form-factor pluggable (SFP) module interface.
Page 411 Interface Errdisable reason Time left(sec) --------- ----------------- -------------- Gi0/2 link-flap Though visible in the output, the unicast-flood and DTP fields are not valid. Note Related Commands Command Description errdisable recovery Configures the recover mechanism variables. show errdisable detect Displays error-disabled detection status.
Page 412: Show Etherchannel
In the output, the Passive port list field is displayed only for Layer 3 port channels. This field means that the physical port, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).
Page 413 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show etherchannel Examples This is an example of output from the show etherchannel 1 detail command: Switch> show etherchannel 1 detail Group state = L2 Ports: 2 Maxports = 16...
Page 414 Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------- Po1(SU) LACP Gi0/1(P) Gi0/2(P) This is an example of output from the show etherchannel 1 port-channel command: Switch> show etherchannel 1 port-channel Port-channels in the group: ---------------------- Port-channel: Po1 (Primary Aggregator) ------------ Age of the Port-channel...
Page 415: Show Ethernet Service Evc
[id evc-id | interface interface-id] [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the metro IP access or metro access image. Syntax Description id evc-id (Optional) Display EVC information for the specified service.
Page 416 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ethernet service evc Related Commands Command Description ethernet evc evc-id Defines an EVC and enters EVC configuration mode. Cisco ME 3400 Ethernet Access Switch Command Reference 2-390 OL-9640-07...
Page 417: Show Ethernet Service Instance
Ethernet customer-service instances. show ethernet service instance [id id] [interface interface-id] [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the metro IP access or metro access image. Syntax Description id id (Optional) Display information for the specified service-instance identifier, a per-interface service identifier that does not map to a VLAN.
Page 418: Configuration Mode
Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ethernet service instance FastEthernet0/11 100-200,1000,1999-4094 FastEthernet0/12 FastEthernet0/12 FastEthernet0/13 FastEthernet0/13 FastEthernet0/13 FastEthernet0/13 FastEthernet0/14 200,222 FastEthernet0/14 FastEthernet0/14 Related Commands Command Description service instance id ethernet Defines an Ethernet service instance and enters Ethernet service configuration mode.
Page 419: Show Ethernet Service Interface
Ethernet customer-service instances for all interfaces or a specified interface. show ethernet service interface [interface-id] [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the metro IP access or metro access image. Syntax Description interface-id (Optional) Display service-instance information for the specified interface.
Page 420 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ethernet service interface Interface: GigabitEthernet0/1 ID: PE2-G101 CE-VLANS: 10,20,30 EVC Map Type: Bundling-Multiplexing Associated EVCs: EVC-ID CE-VLAN WHITE 30 RED 20 BLUE 10 Associated Service Instances: Service-Instance-ID CE-VLAN...
Page 421: Show Flowcontrol
This command was introduced. Usage Guidelines Use this command to display the flow control status and statistics on the switch or for a specific interface. Use the show flowcontrol command to display information about all the switch interfaces. The output from the show flowcontrol command is the same as the output from the show flowcontrol module number command.
Page 422 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show flowcontrol This is an example of output from the show flowcontrol interface interface-id command: Switch> show flowcontrol interface gigabitethernet0/2 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper...
Page 423: Show Idprom
This command applies only to Gigabit Ethernet interfaces and displays information about SFPs inserted in the SFP module slot. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 424 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show idprom Embedded PHY : not present SFP presence index SFP iter cnt : 697918 SFP failed oper flag : 0x0 IIC error cnt IIC error dsb cnt IIC max sts cnt...
Page 425: Show Interfaces
[interface-id | vlan vlan-id] [accounting | capabilities [module number] | counters | description | etherchannel | flowcontrol | private-vlan mapping | rep | stats | status [err-disabled] | switchport [backup | module number] | trunk] [ | {begin | exclude | include} expression]...
Page 426 • interfaces on the switch. Entering any other number is invalid. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples...
Page 427 Chars In Pkts Out Chars Out No traffic sent or received on this interface. <output truncated> This is an example of output from the show interfaces capabilities command for an interface. Switch# show interfaces gigabitethernet0/2 capabilities GigabitEthernet0/2 Model: modell-ic Type:...
Page 428 570800 91731594 Route cache Total 1165354 136205310 570800 91731594 This is an example of partial output from the show interfaces status command. It displays the status of all interfaces. Switch# show interfaces status Port Name Status Vlan Duplex Speed Type...
Page 429 These are examples of output from the show interfaces status command for a specific interface when private VLANs are configured. Port 22 is configured as a private-VLAN host port. It is associated with primary VLAN 20 and secondary VLAN 25.
Page 430 Displays the VLAN ID to which the port is configured. Trunking Native Mode VLAN Lists the VLAN ID of the trunk that is in native mode. Administrative Native VLAN tagging Displays whether or not VLAN tagging is enabled. Administrative private-vlan...
Page 431 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show interfaces This is an example of output from the show interfaces switchport command for a port configured as a private VLAN promiscuous port. The primary VLAN 20 is mapped to secondary VLANs 25, 30 and 35:...
Page 432 When a Flex Link interface goes down (LINK_DOWN), VLANs preferred on this interface are moved to the peer interface of the Flex Link pair. In this example, if interface Gi0/6 goes down, Gi0/8 carries all VLANs of the Flex Link pair.
Page 433: Show Interfaces Counters
If you do not enter any keywords, all counters for all interfaces are included. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 434 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show interfaces counters This is an example of partial output from the show interfaces counters protocol status command for all interfaces. Switch# show interfaces counters protocol status Protocols allocated:...
Page 435: Show Interfaces Rep
This command was introduced. Usage Guidelines In the output for the show interface rep [detail] command, in addition to an Open, Fail, or AP (alternate port) state, the Port Role might show as Fail Logical Open (FailLogOpen) or Fail No Ext Neighbor (FailNoNbr).
Page 436 Open FastEthernet 0/4 INIT_DOWN Fail This is sample output from the show interface rep command when the edge port is configured to have no REP neighbor. Note the asterisk (*) next to Primary Edge. Switch# show interface rep Interface Seg-id Type...
Page 437: Show Interfaces Transceivers
12.2(44)SE The dom-supported-list and threshold-table keywords were added. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show interfaces interface-id transceiver properties command:...
Page 438 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show interfaces transceivers This is an example of output from the show interfaces interface-id transceiver detail command: Switch# show interfaces gigabitethernet0/3 transceiver detail ITU Channel not available (Wavelength not available), Transceiver is externally calibrated.
Page 439 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show interfaces transceivers This is an example of output from the show interfaces transceiver threshold-table command: Optical Tx Optical Rx Temp Laser Bias Voltage current ------------- ------------- ------ ------------...
Page 440: Show Inventory
If there is no PID, no output appears when you enter the show inventory command. Note Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 441: Show Ip Arp Inspection
Use the show ip arp inspection privileged EXEC command to display the configuration and the operating state of dynamic Address Resolution Protocol (ARP) inspection or the status of this feature for all VLANs or for the specified interface or VLAN.
Page 442 -------------- Gi0/1 Untrusted This is an example of output from the show ip arp inspection log command. It shows the contents of the log buffer before the buffers are cleared: Switch# show ip arp inspection log Total Log Buffer Size : 32 Syslog rate : 10 entries per 300 seconds.
Page 443 Mon Mar 1 1993 If the log buffer overflows, it means that a log event does not fit into the log buffer, and the display for the show ip arp inspection log privileged EXEC command is affected. A -- in the display appears in place of all data except the packet count and the time.
Page 444 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ip arp inspection This is an example of output from the show ip arp inspection vlan 5 command. It shows the configuration and the operating state of dynamic ARP inspection for VLAN 5.
Page 445: Show Ip Dhcp Snooping
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show ip dhcp snooping command.
Page 446: Show Ip Dhcp Snooping Binding
Use the show ip source binding privileged EXEC command to display the dynamically and statically configured bindings in the DHCP snooping binding database. If DHCP snooping is enabled and an interface changes to the down state, the switch does not delete the statically configured bindings.
Page 447 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ip dhcp snooping binding This example shows how to display the DHCP snooping binding entries for a specific IP address: Switch> show ip dhcp snooping binding 10.1.2.150 MacAddress...
Page 448: Show Ip Dhcp Snooping Database
Use the show ip dhcp snooping database user EXEC command to display the status of the DHCP snooping binding database agent. show ip dhcp snooping database [detail] [ | {begin | exclude | include} expression]...
Page 449 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ip dhcp snooping database Last Succeded Time : None Last Failed Time : 17:14:25 UTC Sat Jul 7 2001 Last Failed Reason : Unable to access URL. Total Attempts...
Page 450: Show Ip Dhcp Snooping Statistics
12.2(37)SE This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show ip dhcp snooping statistics command: Switch>...
Page 451 Interface is in errdisabled Number of times a packet was received on a port that has been marked as error disabled. This might happen if packets are in the processing queue when a port is put into the error-disabled state and those packets are subsequently processed.
Page 452 DHCP Snooping Statistic Description Interface Down Number of times the packet is a reply to the DHCP relay agent, but the SVI interface for the relay agent is down. This is an unlikely error that occurs if the SVI goes down between sending the client request to the DHCP server and receiving the response.
Page 453: Show Ip Igmp Profile
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples These are examples of output from the show ip igmp profile privileged EXEC command, with and without specifying a profile number.
Page 454: Show Ip Igmp Snooping
Usage Guidelines Use this command to display snooping configuration for the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Although visible in the output display, output lines for source-only learning are not valid.
Page 455 Source-only learning are not supported, and information appearing for this feature is not valid. Note This is an example of output from the show ip igmp snooping command. It displays snooping characteristics for all VLANs on the switch. Switch> show ip igmp snooping...
Page 456: Show Ip Igmp Snooping Groups
Usage Guidelines Use this command to display multicast information or the multicast table. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 457 224.1.4.3 igmp Gi0/1, Gi0/2 This is an example of output from the show ip igmp snooping groups count command. It displays the total number of multicast groups on the switch. Switch# show ip igmp snooping groups count Total number of multicast groups: 2 This is an example of output from the show ip igmp snooping groups dynamic command.
Page 458: Show Ip Igmp Snooping Mrouter
Usage Guidelines Use this command to display multicast router ports on the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. When multicast VLAN registration (MVR) is enabled, the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information.
Page 459 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ip igmp snooping mrouter Related Commands Command Description ip igmp snooping Enables and configures IGMP snooping on the switch or a VLAN. ip igmp snooping vlan mrouter Adds a multicast router port to a multicast VLAN.
Page 460: Show Ip Igmp Snooping Querier
The show ip igmp snooping querier command output also shows the VLAN and interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.
Page 461 IP Address IGMP Version Port --------------------------------------------------- 172.20.50.11 Gi0/1 172.20.40.20 Router This is an example of output from the show ip igmp snooping querier detail command: Switch> show ip igmp snooping querier detail Vlan IP Address IGMP Version Port ------------------------------------------------------------- 1.1.1.1...
Page 462: Show Ip Source Binding
Use the show ip source binding user EXEC command to display the IP source bindings on the switch. show ip source binding [ip-address] [mac-address] [dhcp-snooping | static] [vlan vlan-id] [interface interface-id] [ | {begin | exclude | include} expression]...
Page 463: Show Ip Verify Source
VLANs 10 to 20. For VLAN 10, IP source guard with IP address filtering is configured on the interface, and a binding is on the interface. For VLANs 11 to 20, the second entry shows that a default port access control list (ACL) is applied on the interface for the VLANs on which IP source guard is not configured.
Page 464 • enabled, and static IP source bindings are configured on VLANs 10 and 11. For VLANs 12 to 20, the default port ACL is applied on the interface for the VLANs on which IP source guard is not configured. On the Fast Ethernet 0/5 interface, IP source guard with source IP and MAC address filtering is •...
Page 465: Show Ipc
{mcast {appclass | groups | status} | nodes | ports [open] | queue | rpc | session {all | rx | tx} [verbose] | status [cumlulative] | zones} [ | {begin | exclude | include} expression] This command is available only if your switch is running the metro IP access image.
Page 466 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ipc Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This example shows how to display the IPC routing status: Switch>...
Page 467 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ipc This example shows how to display the contents of the IPC retransmission queue: Switch> show ipc queue There are 0 IPC messages waiting for acknowledgement in the transmit queue.
Page 468 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ipc Total via Unreliable Connection-Less Service 12783 Total via Unreliable Sequenced Connection-Less Svc Total via Reliable Connection-Oriented Service <output truncated> Related Commands Command Description clear ipc Clears the IPC multicast routing statistics.
Page 469: Show Ipv6 Access-List
Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ipv6 access-list show ipv6 access-list Use the show ipv6 access-list user EXEC command to display the contents of all current IPv6 access lists. show ipv6 access-list [access-list-name] Note This command is available only if you have configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 470 Table 2-15 show ipv6 access-list Field Descriptions (continued) Field Description bgp (matches) Border Gateway Protocol. The protocol type that the packet is equal to and the number of matches. sequence 10 Sequence in which an incoming packet is compared to lines in an access list.
Page 471: Show Ipv6 Dhcp Conflict
DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address cannot be assigned until it is removed from the conflict list.
Page 472: Show Ipv6 Route Updated
Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show ipv6 route updated show ipv6 route updated Use the show ipv6 route updated user EXEC command to display the current contents of the IPv6 routing table. show ipv6 route [protocol] updated [boot-up] {hh:mm | day{month [hh:mm]} [{hh:mm |...
Page 473 B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2...
Page 474: Show L2Protocol-Tunnel
This command was introduced. Usage Guidelines After enabling Layer 2 protocol tunneling on an access port, a trunk port, or an IEEE 802.1Q tunnel port by using the l2protocol-tunnel interface configuration command, you can configure some or all of these...
Page 475 242500 lacp ---- 485320 udld ---- 44899 448980 This is an example of output from the show l2protocol-tunnel summary command: Switch> show l2protocol-tunnel summary COS for Encapsulated Packets: 5 Drop Threshold for Encapsulated Packets: 0 Port Protocol Shutdown Drop Status...
Page 476: Show Lacp
You can enter the channel-group-number option to specify a channel group for all keywords except sys-id. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 477 • LACP Port Priority Port priority setting. LACP uses the port priority to put ports s in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 478 The administrative key defines the ability of a port to aggregate with other ports. A port’s ability to aggregate with other ports is determined by the port physical characteristics (for example, data rate and duplex capability) and configuration restrictions that you establish.
Page 479 Switch> show lacp sys-id 32765,0002.4b29.3a00 The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.
Page 480: Show Link State Group
Use the show link state group global configuration command to display the link-state group information. show link state group [number] [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the metro IP access or metro access image. Syntax Description number (Optional) Number of the link-state group.
Page 481 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show link state group This is an example of output from the show link state group detail command: Switch> show link state group detail (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled...
Page 482: Show Location
Usage Guidelines Use the show location command to display location information for an endpoint. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 483 City : San Jose State : CA Country : US This is an example of output from the show location civic-location command that displays all the civic location information: Switch> show location civic-location static Civic location information -------------------------- Identifier County...
Page 484 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show location This is an example of output from the show location elin static command that displays all emergency location information: Switch> show location elin static Elin location information...
Page 485: Show Mac Access-Group
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac-access group user EXEC command. In this display, Fast Ethernet interface 0/2 has the MAC access list macl_e1 applied to inbound traffic;...
Page 486 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac access-group This is an example of output from the show mac access-group interface fastethernet0/1 command: Switch# show mac access-group interface fastethernet0/1 Interface FastEthernet0/1: Inbound access-list is macl_e1...
Page 487: Show Mac Address-Table
Use the show mac address-table user EXEC command to display a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN. show mac address-table [ | {begin | exclude | include} expression]...
Page 488 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table Related Commands Command Description clear mac address-table dynamic Deletes from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN.
Page 489: Show Mac Address-Table Address
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table address command: Switch# show mac address-table address 0002.4b28.c482...
Page 490 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table address Related Commands Command Description show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
Page 491: Show Mac Address-Table Aging-Time
Use the show mac address-table aging-time user EXEC command to display the aging time of a specific address table instance, all address table instances on a specified VLAN or, if a specific VLAN is not specified, on all VLANs.
Page 492 Command Description mac address-table aging-time Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. show mac address-table address Displays MAC address table information for the specified MAC address.
Page 493: Show Mac Address-Table Count
If no VLAN number is specified, the address count for all VLANs appears. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 494 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table count Related Commands Command Description show mac address-table address Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN.
Page 495: Show Mac Address-Table Dynamic
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table dynamic command: Switch>...
Page 496 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table dynamic Related Commands Command Description clear mac address-table dynamic Deletes from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN.
Page 497: Show Mac Address-Table Interface
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table interface command: Switch>...
Page 498 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table interface Related Commands Command Description show mac address-table address Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN.
Page 499: Show Mac Address-Table Learning
VLANs or the specified VLAN. show mac address-table learning [vlan vlan-id] [ | {begin | exclude | include} expression] This command is available only when the switch is running the metro IP access or metro access image. Syntax Description vlan vlan-id (Optional) Display information for a specific VLAN.
Page 500: Show Mac Address-Table Move Update
[ | {begin | exclude | include} expression] This command is available only when the switch is running the metro IP access or metro access image. Syntax Description | begin (Optional) Display begins with the line that matches the expression.
Page 501 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update counters. update mac address-table move update Configures MAC address-table move update on the switch.
Page 502: Show Mac Address-Table Notification
MAC notification interval, the maximum number of entries allowed in the history table, and the history table contents. Use the interface keyword to display the flags for all interfaces. If the interface-id is included, only the flags for that interface appear.
Page 503 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table notification Operation: Added Vlan: 2 MAC Addr: 0000.0000.0001 Module: 0 Port: 1 History Index 1, Entry Timestamp 1038254, Despatch Timestamp 1038254 MAC Changed Message : Operation: Added Vlan: 2 MAC Addr: 0000.0000.0000 Module: 0...
Page 504: Show Mac Address-Table Static
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table static command: Switch>...
Page 505 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table static Related Commands Command Description mac address-table static Adds static addresses to the MAC address table. mac address-table static drop Enables unicast MAC address filtering and configures the switch to drop traffic with a specific source or destination MAC address.
Page 506: Show Mac Address-Table Vlan
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table vlan 1 command: Switch>...
Page 507 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mac address-table vlan Related Commands Command Description show mac address-table address Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN.
Page 508: Show Monitor
(SPAN) and Remote SPAN (RSPAN) sessions on the switch. Use the command with keywords to show a specific session, all sessions, all local sessions, or all remote sessions. show monitor [session {session_number | all | local | range list | remote} [detail]] [ | {begin | exclude | include} expression]...
Page 509 :Remote Source Session Source Ports: Source VLANs: TX Only: Both: Dest RSPAN VLAN: This is an example of output for the show monitor user EXEC command for RSPAN source session 1: Switch# show monitor session 1 Session 1 --------- Type :Local Session...
Page 510: Show Mvr
MVR Global query response time: 5 (tenths of sec) MVR Mode: compatible In the preceding display, the maximum number of multicast groups is fixed at 256. The MVR mode is either compatible (for interoperability with Catalyst 2900 XL and Catalyst 3500 XL switches) or dynamic (where operation is consistent with IGMP snooping operation and dynamic MVR membership on source ports is supported).
Page 511 Displays all ports that are members of an MVR multicast group or, if there are no members, means the group is inactive. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 512: Show Mvr Interface
The Mode and VLAN fields were added to the output display. Usage Guidelines If the entered port identification is a non-MVR port or a source port, the command returns an error message. For receiver ports, it displays the port type, per port status, and Immediate-Leave setting.
Page 513 ------- --------------- Fa0/10 RECEIVER Trunk ACTIVE/DOWN DISABLED This is an example of output from the show mvr interface fastethernet0/1 command. In this example, the port is not an MVR member: switch# show mvr interface fa0/1 Port Type Mode VLAN Status...
Page 514: Show Mvr Members
Use the show mvr members privileged EXEC command to display all receiver and source ports that are currently members of an IP multicast group. show mvr members [ip-address] [ | {begin | exclude | include} expression]...
Page 515 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show mvr members This is an example of output from the show mvr members 239.255.0.2 command. It shows how to view the members of the IP multicast group 239.255.0.2: Switch# show mvr members 239.255.0.2...
Page 516: Show Pagp
You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output are appear.
Page 517 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show pagp This is an example of output from the show pagp 1 internal command: Switch> show pagp 1 internal Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
Page 518: Show Parser Macro
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is a partial output example from the show parser macro command:...
Page 519 Related Commands Command Description macro apply Applies a macro on an interface or applies and traces a macro on an interface. macro description Adds a description about the macros that are applied to an interface. macro global Applies a macro on a switch or applies and traces a macro on a switch.
Page 520: Show Policer Aggregate
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show policer aggregate command: Switch>...
Page 521: Show Policer Cpu Uni-Eni
This command displays policer information that applies to UNIs and ENIs on the switch. Rate-limiting and policers are the same on both port types, except on ENIs on which a Layer 2 control protocol (CDP, STP, LLDP, LACP, or PAgP) has been enabled.
Page 522 Policer rate: 160000 bps In frames: 48014 Drop frames: 28630 This is an example of output from the show policer cpu uni-eni rate command when the default rate is used. Switch> show policer cpu uni-eni rate CPU UNI/ENI port police rate = 160000 bps This is an example of the show command output when CPU protection is disabled.
Page 523 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show policer cpu uni-eni Related Commands Command Description policer cpu uni Configures a CPU policer threshold rate for the switch or enables or disables CPU protection. show platform policer cpu Displays allocated policer indexes and the corresponding features for all ports or the specified port.
Page 524: Show Policy-Map
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show policy-map command: Switch>...
Page 525 Class ip1 police cir 20000000 bc 625000 conform-action transmit exceed-action drop This is an example of output from the show policy-map interface command for an interface with a two-level output policy map applied: Switch> show policy-map interface fastethernet0/3 FastEthernet0/3 Service-policy output: top2...
Page 526 200562 packets Match: any 56 packets Output Queue: Tail Packets Drop: 191028 This is an example of output from the show policy-map interface command for an interface with an input policy applied: Switch> show policy-map interface gigabitethernet0/1 GigabitEthernet0/1 Service-policy input: pin-police...
Page 527 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show policy-map Table 2-18 describes the fields in the show policy-map interface display. The fields in the table are grouped according to the relevant QoS feature. Table 2-18 show policy-map interface Field Descriptions...
Page 528: Show Port-Security
If you enter the vlan keyword, the command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface. This option is visible only on interfaces that have the switchport mode set to trunk.
Page 529 ---- ----- ------------- 0006.0700.0800 SecureConfigured Gi0/2 ------------------------------------------------------------------- Total Addresses: 1 This is an example of output from the show port-security interface interface-id vlan command: Switch# show port-security interface gigabitethernet0/2 vlan Default maximum:not set, using 5120 VLAN Maximum Current default default...
Page 530 Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface. switchport port-security Enables port security on a port, restricts the use of the port to a user-defined group of stations, and configures secure MAC addresses.
Page 531: Show Port-Type
Usage Guidelines If you enter the command without keywords, the output includes the interface type information for all ports on the switch. If you specify the port type (eni, nni, or uni), the output includes information for the specified port type.
Page 532 Fa0/24 User Network Interface (uni) Gi0/1 Network Node Interface (nni) Gi0/2 Network Node Interface (nni) This is an example of output from the show port-type command using keywords: Switch# show port-type nni | exclude Gigabitethernet0/1 Port Name Vlan Port Type...
Page 533: Show Rep Topology
Usage Guidelines In the show rep topology command output, ports configured as edge no-neighbor are designated with an asterisk (*) in front of Pri or Sec. In the output of the show rep topology detail command, No-Neighbor is spelled out.
Page 534 Gi1/1/2 Open sw2_multseg_3750 Gi1/1/1 Open sw1_multseg_3750 Gi1/1/2 Open This is a sample output from the show rep topology command when the edge ports are configured to have no REP neighbor: Switch # show rep topology REP Segment 2 BridgeName PortName...
Page 535 Enables REP on an interface and assigns a segment ID. This command is also used to configure a port as an edge port, a primary edge port, or a preferred port. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 536: Show Sdm Prefer
When you change the SDM template by using the sdm prefer global configuration command, you must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
Page 537 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show sdm prefer Examples This is an example of output from the show sdm prefer command, displaying the template in use: Switch# show sdm prefer The current template is ''layer-2'' template.
Page 538: Show Spanning-Tree
{vlan vlan-id | bridge-group} bridge [address | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol] [ | {begin | exclude | include} expression] show spanning-tree {vlan vlan-id | bridge-group} root [address | cost | detail | forward-time |...
Page 539 • instance-id—You can specify a single instance ID, a range of IDs separated by a hyphen, or a series of IDs separated by a comma. The range is 1 to 4094. The display shows the number of currently configured instances.
Page 540 If the vlan-id variable is omitted, the command applies to the spanning-tree instance for all VLANs. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 541 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 0, received 72364 <output truncated> This is an example of output from the show spanning-tree interface interface-id command: Switch# show spanning-tree interface gigabitethernet0/1 Vlan Role Sts Cost Prio.Nbr Type...
Page 542 Instance Vlans Mapped -------- ------------------ 1-9,21-4094 10-20 ---------------------------- This is an example of output from the show spanning-tree mst configuration digest command: Switch# show spanning-tree mst configuration % Switch is not in mst mode Name Revision Instances configured 1 Digest...
Page 543 Sets the path cost for spanning-tree calculations. spanning-tree extend system-id Enables the extended system ID feature. spanning-tree guard Enables the root guard or the loop guard feature for all the VLANs associated with the selected interface. spanning-tree link-type Overrides the default link-type setting for rapid spanning-tree transitions to the forwarding state.
Page 544: Show Storm-Control
When you enter an interface-id, the storm control thresholds appear for the specified interface. If you do not enter an interface-id, settings appear for one traffic type for all ports on the switch. If you do not enter a traffic type, settings appear for broadcast storm control.
Page 545 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show storm-control This is an example of output from the show storm-control command for a specified interface. Because no traffic-type keyword was entered, the broadcast storm control settings appear.
Page 546: Show System Mtu
This command was introduced. Usage Guidelines If you have used the system mtu or system mtu jumbo global configuration command to change the MTU setting, the new setting does not take effect until you reset the switch. The system MTU refers to ports operating at 10/100 Mbps; the system jumbo MTU refers to Gigabit ports;...
Page 547: Show Table-Map
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show table-map command: Switch>...
Page 548 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show table-map This is an example of output from the show table-map command for a specific table map name: Switch> show table-map tm Table Map tm from 1 to 62...
Page 549: Show Udld
If you do not enter an interface-id, administrative and operational UDLD status for all interfaces appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 550 Operational state that shows whether UDLD is actually running on this port. Current bidirectional state The bidirectional state of the link. An unknown state appears if the link is down or if it is connected to an UDLD-incapable device. A bidirectional state appears if the link is a normal two-way connection to a UDLD-capable device.
Page 551 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show udld Related Commands Command Description udld Enables aggressive or normal mode in UDLD or sets the configurable message timer time. udld port Enables UDLD on an individual interface or prevents a fiber-optic interface from being enabled by the udld global configuration command.
Page 552: Show Version
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show version command:...
Page 553 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands show version The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:0B:FC:FF:32:80 Power supply part number : 341-0149-01 Motherboard serial number...
Page 554: Show Vlan
VLAN (if the VLAN ID or name is specified) on the switch. show vlan [access-map | brief | dot1q tag native | filter | id vlan-id | internal usage | mtu | name vlan-name | private-vlan [type] | remote-span | summary | uni-vlan [type]] [ | {begin |...
Page 555 VLAN have the same MTU. When yes appears in this column, it means that the VLAN has ports with different MTUs. Packets that are switched from a port with a larger MTU to a port with a smaller MTU might be dropped. If the VLAN does not have a switch virtual interface (SVI), the hyphen (-) symbol appears in the SVI_MTU column.
Page 556 Displays any configured UNI-ENI VLANs, the type (community or isolated), and the ports that belong to it. This is an example of output from the show vlan dot1q tag native command: Switch> show vlan dot1q tag native dot1q native vlan tagging is disabled...
Page 557 Fa0/13, Fa0/20, Fa0/21, Gi0/1, community Fa0/13, Fa0/20, Fa0/23, Fa0/33. Gi0/1, non-operational 2000 2500 isolated Fa0/5, Fa0/10, Fa0/15 This is an example of output from the show vlan private-vlan type command: Switch> show vlan private-vlan type Vlan Type ---- ----------------- primary isolated community normal This is an example of output from the show vlan uni-vlan type command: Switch>...
Page 558 This is an example of output from the show vlan internal usage command. It shows that VLANs 1025 and 1026 are being used as internal VLANs for Fast Ethernet routed ports 23 and 24. If you want to use one of these VLAN IDs, you must first shut down the routed port, which releases the internal VLAN, and then create the extended-range VLAN.
Page 559: Show Vlan Access-Map
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan access-map command: Switch# show vlan access-map Vlan access-map "SecWiz"...
Page 560: Show Vlan Filter
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan filter command:...
Page 561: Show Vmps
12.2(25)EX This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vmps statistics command.
Page 562 Number of times the VMPS is unable to answer the request because of a resource availability problem. Resource If the retry limit has not yet been reached, the client repeats the request with the same server or with the next alternate server, depending on whether the per-server retry count has been reached.
Page 563: Shutdown
Network node interfaces (NNIs) are enabled by default. The no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shut down. The port must first be a member of an active VLAN before it can be re-enabled.
Page 564: Shutdown Vlan
Syntax Description vlan-id ID of the VLAN to be locally shut down. The range is 2 to 1001. VLANs defined as default VLANs (1 and 1002 to 1005), as well as extended-range VLANs (greater than 1005) cannot be shut down.
Page 565: Small-Frame Violation Rate
Use the small-frame violation rate pps interface configuration command to configure the rate (threshold) for an interface to be error disabled when it receives VLAN-tagged packets that are small frames (67 bytes or less) at the specified rate. Use the no form of this command to return to the default setting.
Page 566 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands small-frame violation rate Related Commands Command Description errdisable detect cause small-frame Allows any switch port to be put into the error-disabled state if an incoming frame is smaller than the minimum size and arrives at the specified rate (threshold).
Page 567: Snmp Mib Rep Trap-Rate
Use the snmp mib rep trap-rate global configuration command to configure the sending of Resilient Ethernet Protocol (REP) SNMP traps when there is a link operational status or port role change. Use the no version of the command to disable sending of the REP trap.
Page 568: Snmp-Server Enable Traps
| {dot1x [auth-fail-vlan | guest-vlan | no-auth-fail-vlan | no-guest-vlan]} | entity | envmon [fan | shutdown | status | supply | temperature] | ethernet | flash | hsrp | ipmulticast | mac-notification | msdp | ospf [cisco-specific | errors | lsa | rate-limit | retransmit |...
Page 569 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands snmp-server enable traps dot1x [auth-fail-vlan | (Optional) Enable IEEE 802.1x traps. The keywords have these meanings: guest-vlan | auth-fail-vlan—(Optional) Generate a trap when the port moves to the •...
Page 570 (Optional) Enable storm-control traps. Use the trap-rate keyword to set the trap-rate value maximum number of storm-control traps sent per minute. The range is from 0 to 1000; the default is 0 (no limit is imposed; a trap is sent at every storm-control occurrence). stpx [inconsistency] (Optional) Enable SNMP STPX MIB traps.
Page 571 When supported, use the snmp-server enable traps command to enable sending of traps or informs. Informs are not supported in SNMPv1. Note To enable more than one type of trap, you must enter a separate snmp-server enable traps command for each trap type. Examples...
Page 572: Snmp-Server Host
[informs | traps] [version {1 | 2c | 3 {auth | noauth| priv}] [vrf vrf-instance] {community-string [notification-type]} no snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}] [vrf vrf-instance] community-string...
Page 573 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands snmp-server host notification-type (Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the these keywords:...
Page 574 Defaults This command is disabled by default. No notifications are sent. If you enter this command with no keywords, the default is to send all trap types to the host. No informs are sent to this host. If no version keyword is present, the default is Version 1.
Page 575 The community string is defined as comaccess: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 576: Snmp Trap Mac-Notification
Examples This example shows how to enable the MAC notification trap when a MAC address is added to a port: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# snmp trap mac-notification added You can verify your settings by entering the show mac address-table notification interface privileged EXEC command.
Page 577 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands snmp trap mac-notification Related Commands Command Description clear mac address-table notification Clears the MAC address notification global counters. mac address-table notification Enables the MAC address notification feature. show mac address-table notification...
Page 578: Spanning-Tree
This command is supported only on ENIs and on EtherChannel port channels that contain ENIs. STP is not supported on user network interfaces (UNIs) and it is disabled by default on ENIs. Use this command to enable SPT on an ENI. To set a port as an ENI, enter the port-type eni interface configuration command.
Page 579 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree Related Commands Command Description show spanning-tree interface Display spanning-tree information for the specified interface. interface-id Cisco ME 3400 Ethernet Access Switch Command Reference 2-553 OL-9640-07...
Page 580: Spanning-Tree Bpdufilter
Spanning Tree Protocol (STP) is not supported on user network interfaces (UNIs). You can configure BPDU filtering only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {nni | eni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 581 Port Fast-enabled STP ports or enables the Port Fast feature on all nontrunking STP ports. spanning-tree portfast (interface Enables the Port Fast feature on an STP port and all its associated configuration) VLANs. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 582: Spanning-Tree Bpduguard
Spanning Tree Protocol (STP) is not supported on user network interfaces (UNIs). You can configure BPDU guard only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {nni | eni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 583 Port Fast-enabled STP ports or enables the Port Fast feature on all nontrunking STP ports. spanning-tree portfast (interface Enables the Port Fast feature on an STP port and all its associated configuration) VLANs. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 584: Spanning-Tree Cost
(ENI) with STP enabled to set the path cost for spanning-tree calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to place in the forwarding state. Use the no form of this command to return to the default setting.
Page 585 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree cost This example shows how to set a path cost to 300 for VLANs 10, 12 to 15, and 20: Switch(config-if)# spanning-tree vlan 10,12-15,20 cost 300 You can verify your settings by entering the show spanning-tree interface interface-id privileged EXEC command.
Page 586: Spanning-Tree Etherchannel Guard Misconfig
(NNIs) or enhanced network interfaces (ENIs) on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {nni | eni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 587 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree etherchannel guard misconfig Related Commands Command Description errdisable recovery cause Enables the timer to recover from the EtherChannel channel-misconfig misconfiguration error-disable state. show etherchannel summary Displays EtherChannel information for a channel as a one-line summary per channel-group.
Page 588: Spanning-Tree Extend System-Id
If your network consists of switches that do not support the extended system ID and switches that do support it, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches.
Page 589 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree extend system-id Related Commands Command Description show spanning-tree summary Displays a summary of spanning-tree interface states. spanning-tree mst root Configures the MST root switch priority and timers based on the network diameter.
Page 590: Spanning-Tree Guard
(blocked) state to prevent the customer’s switch from becoming the root switch or being in the path to the root. The root port provides the best path from the switch to the root switch.
Page 591 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree guard ports. When the switch is operating in MST mode, BPDUs are not sent on nonboundary interfaces if the interface is blocked by loop guard in all MST instances. On a boundary interface, loop guard blocks the interface in all MST instances.
Page 592: Spanning-Tree Link-Type
Spanning Tree Protocol (STP) is not supported on user network interfaces (UNIs). You can configure spanning-tree link type only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 593 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree link-type Related Commands Command Description clear spanning-tree detected-protocols Restarts the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. show spanning-tree...
Page 594: Spanning-Tree Loopguard Default
Spanning Tree Protocol (STP) is supported only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 595 Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. spanning-tree guard loop Enables the loop guard feature on all the VLANs associated with the specified STP port. Cisco ME 3400 Ethernet Access Switch Command Reference 2-569...
Page 596: Spanning-Tree Mode
Spanning Tree Protocol (STP) is supported on the switch only on network node interfaces (NNIs) or on enhanced network interfaces (ENIs) on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 597 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree mode You can verify your setting by entering the show running-config privileged EXEC command. Related Commands Command Description show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page:...
Page 598: Spanning-Tree Mst Configuration
On the Cisco ME switch, spanning-tree MST configuration is supported only on network node interfaces (NNIs) or on enhanced network interfaces (ENIs) on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 599 VLANs that were previously mapped. To specify a range, use a hyphen; for example, instance 1 vlan 1-63 maps VLANs 1 to 63 to MST instance 1. To specify a series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.
Page 600: Spanning-Tree Mst Cost
Spanning Tree Protocol (STP) is not supported on user network interfaces (UNIs). You can configure path cost only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 601 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree mst cost Related Commands Command Description show spanning-tree Displays MST information for the specified interface. interface interface-id spanning-tree mst Configures an interface priority. port-priority spanning-tree mst priority Configures the switch priority for the specified spanning-tree instance.
Page 602: Spanning-Tree Mst Forward-Time
(NNIs) or on enhanced network interfaces (ENIs) on which Spanning-Tree Protocol (STP) has been enabled. To set a port as an NNI or ENI, enter the port-type {nni | eni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 603: Spanning-Tree Mst Hello-Time
(NNIs) or on enhanced network interfaces (ENIs) on which Spanning-Tree Protocol (STP) has been enabled. To set a port as an NNI or ENI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 604 Sets the interval between messages that the spanning tree receives from the root switch. spanning-tree mst max-hops Sets the number of hops in a region before the BPDU is discarded. Cisco ME 3400 Ethernet Access Switch Command Reference 2-578 OL-9640-07...
Page 605: Spanning-Tree Mst Max-Age
Use the spanning-tree mst max-age global configuration command to set the interval between messages that the spanning tree receives from the root switch. If a switch does not receive a bridge protocol data unit (BPDU) message from the root switch within this interval, it recomputes the spanning-tree topology.
Page 606 Sets the interval between hello BPDUs sent by root switch configuration messages. spanning-tree mst max-hops Sets the number of hops in a region before the BPDU is discarded. Cisco ME 3400 Ethernet Access Switch Command Reference 2-580...
Page 607: Spanning-Tree Mst Max-Hops
User network interfaces (UNIs) do not participate in STP. The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M-records.
Page 608 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree mst max-hops Related Commands Command Description show spanning-tree Displays MST information. spanning-tree mst forward-time Sets the forward-delay time for all MST instances. spanning-tree mst hello-time Sets the interval between hello BPDUs sent by root switch configuration messages.
Page 609: Spanning-Tree Mst Port-Priority
Spanning Tree Protocol (STP) is not supported on user network interfaces (UNIs). You can configure spanning-tree MST port priority only on NNIs or on ENIs on which STP has been enabled. To set a port as an ENI or NNI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 610 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree mst port-priority Related Commands Command Description show spanning-tree mst interface Displays MST information for the specified interface. interface-id spanning-tree mst cost Sets the path cost for MST calculations.
Page 611: Spanning-Tree Mst Pre-Standard
The port can accept both prestandard and standard BPDUs. If the neighbor types are mismatched, only the common and internal spanning tree (CIST) runs on this interface. If a switch port is connected to a switch running prestandard Cisco IOS software, you must use the Note spanning-tree mst pre-standard interface configuration command on the port.
Page 612: Spanning-Tree Mst Priority
(NNIs) or on enhanced network interfaces (ENIs) on which STP has been enabled. To set a port as an ENI or NNI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 613 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree mst priority Related Commands Command Description show spanning-tree mst instance-id Displays MST information for the specified interface. spanning-tree mst cost Sets the path cost for MST calculations. spanning-tree mst port-priority Configures an interface priority.
Page 614: Spanning-Tree Mst Root
Because of the extended system ID support, the switch sets the switch priority for the instance to 24576 if this value will cause Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 615 If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority.
Page 616: Spanning-Tree Port-Priority
STP is not supported on user network interfaces (UNIs). You can configure spanning-tree port priority only on NNIs or on ENIs on which STP has been enabled. To set a port as an ENI or NNI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 617 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree port-priority This example shows how to set the port-priority value on VLANs 20 to 25: Switch(config-if)# spanning-tree vlan 20-25 port-priority 0 You can verify your settings by entering the show spanning-tree interface interface-id privileged EXEC command.
Page 618: Spanning-Tree Portfast (Global Configuration)
STP is not supported on user network interfaces (UNIs) on the switch. Spanning-tree configuration affects only NNIs or ENIs on which STP has been enabled. To set a port as an ENI or NNI, enter the port-type {eni | nni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 619 BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to switch STP ports do not receive BPDUs. If a BPDU is received on a Port Fast-enabled STP port, the interface loses its Port Fast-operational status and BPDU filtering is disabled.
Page 620 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree portfast (global configuration) You can verify your settings by entering the show running-config privileged EXEC command. Related Commands Command Description show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference...
Page 621: Spanning-Tree Portfast (Interface Configuration)
STP is not supported on user network interfaces (UNIs). You can enable the spanning-tree Port Fast feature only on NNIs or on ENIs on which STP has been enabled. To set a port as an NNI or ENI, enter the port-type {nni | eni} interface configuration command. To enable STP on an ENI, enter the spanning-tree interface configuration command.
Page 622 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree portfast (interface configuration) If you configure the spanning-tree portfast default global configuration command, you can disable Port Fast on an STP port that is not a trunk interface by using the spanning-tree portfast disable interface configuration command. Examples...
Page 623: Spanning-Tree Vlan
VLAN range associated with a spanning-tree instance. You can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
Page 624 The VLAN does not detect and prevent loops when STP is disabled. You can disable the STP on a VLAN that is not currently active and verify the change by using the show running-config or the show spanning-tree vlan vlan-id privileged EXEC command. The setting takes effect when the VLAN is activated.
Page 625 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands spanning-tree vlan This example shows how to set the spanning-tree hello-delay time to 3 seconds for VLANs 20 to 24: Switch(config)# spanning-tree vlan 20-24 hello-time 3 This example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:...
Page 626: Speed
Use the speed interface configuration command to specify the speed of a 10/100 Mbps or 10/100/1000 Mbps port. Use the no or default form of this command to return the port to its default value. speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate} no speed For speed configurations restrictions on small form-factor pluggable (SFP) module ports, see the “Usage...
Page 627 (nonegotiate). If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
Page 628: Storm-Control
Use the storm-control interface configuration command to enable broadcast, multicast, or unicast storm control and to set threshold levels on an interface. Use the no form of this command to return to the default setting. storm-control {{broadcast | multicast | unicast} level {level [level-low] | bps bps [bps-low] | pps...
Page 629 The storm-control suppression level can be entered as a percentage of total bandwidth of the port, as a rate in packets per second at which traffic is received, or as a rate in bits per second at which traffic is received.
Page 630 When a storm occurs and the action is to filter traffic, if the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. If the falling suppression level is specified, the switch blocks traffic until the traffic rate drops below this level.
Page 631: Switchport
Use the switchport interface configuration command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. Use the no form of this command to put an interface in Layer 3 mode.
Page 632 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page:...
Page 633: Switchport Access Vlan
If the switchport mode is set to access (by using the switchport mode interface configuration command), use this command to set the port to operate as a member of the specified VLAN or to specify that the port uses VLAN Membership Policy Server (VMPS) protocol where VLAN assignment based on the incoming packets it receives.
Page 634 – Monitor ports. Examples This example shows how to change a Layer 2 interface in access mode to operate in VLAN 2 instead of the default VLAN. Switch(config-if)# switchport access vlan 2 You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
Page 635: Switchport Backup Interface
Use the switchport backup interface interface configuration command on a Layer 2 interface on the switch stack or on a standalone switch to configure Flex Links, a pair of interfaces that provide backup to each other. Use the no form of this command to remove the Flex Links configuration.
Page 636 • interface from the active interface. • An interface can belong to only one Flex Link pair. An interface can be a backup link for only one active link. An active link cannot belong to another Flex Link pair. •...
Page 637 When a Flex Link interface goes down (LINK_DOWN), VLANs preferred on this interface are moved to the peer interface of the Flex Link pair. In this example, if interface Gi0/6 goes down, Gi0/8 carries all VLANs of the Flex Link pair.
Page 638 Switch(config)# interface gigabitEthernet 0/11 Switch(config-if)# switchport backup interface gigabitEthernet 0/12 multicast fast-convergence Switch(config-if)# end You can verify your setting by entering the show interfaces switchport backup detail privileged EXEC command. Switch# show interfaces switchport backup detail Switch Backup Interface Pairs:...
Page 639: Switchport Block
If the port is a user network interface (UNI) or enhanced network interface (ENI), you must use the no shutdown interface configuration command to enable it before using the switchport block command.
Page 640 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport block Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 641: Switchport Host
This command was introduced. Usage Guidelines To optimize the port for a host connection, the switchport host command sets switch port mode to access, enables spanning tree Port Fast, and disables channel grouping. Only an end station can accept this configuration.
Page 642: Switchport Mode
When you enter trunk mode, the interface changes to permanent trunking mode and negotiates to convert the link into a trunk link even if the interface connecting to it does not agree to the change. If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.
Page 643 • If an IP ACL is applied to a trunk port in a VLAN that includes tunnel ports, or if a VLAN map is applied to a VLAN that includes tunnel ports, packets received from the tunnel port are treated as non-IP packets and are filtered with MAC access lists.
Page 644 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport mode Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. switchport access vlan Configures a port as a static-access or dynamic-access port.
Page 645: Switchport Mode Private-Vlan
This command was introduced. Usage Guidelines A private-VLAN promiscuous port must be an NNI. To configure a UNI or an ENI as an NNI, enter the port-type nni interface configuration command. A private-VLAN host or promiscuous port cannot be a Switched Port Analyzer (SPAN) destination port.
Page 646 This example shows how to configure an interface as a private-VLAN host port and associate it to primary VLAN 20. The interface is a member of secondary isolated VLAN 501 and primary VLAN 20. When you configure an NNI as a private VLAN host port, you should also enable BPDU guard and Port Note Fast by using the spanning-tree portfast bpduguard default global configuration command and the spanning-tree portfast interface configuration command.
Page 647 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport mode private-vlan Related Commands Command Description private-vlan Configures a VLAN as a community, isolated, or primary VLAN or associates a primary VLAN with secondary VLANs. show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including private VLAN configuration.
Page 648: Switchport Port-Security
Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode. Use the no form of this command to disable port security or to set the parameters to their default states.
Page 649 This command was introduced. Usage Guidelines If the port is a user network interface (UNI) or enhanced network interface (ENI), you must use the no shutdown interface configuration command to enable it before using the switchport port-security command. UNIs and ENIs are disabled by default. Network node interfaces (NNIs) are enabled by default.
Page 650 A security violation occurs when the maximum number of secure MAC addresses are in the address table and a station whose MAC address is not in the address table attempts to access the interface or when a station whose MAC address is configured as a secure MAC address on another secure port attempts to access the interface.
Page 651 MAC address is not added to the running configuration. Examples This example shows how to enable port security on a port and to set the maximum number of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
Page 652: Switchport Port-Security Aging
Usage Guidelines To enable secure address aging for a particular port, set the aging time to a value other than 0 for that port. If the port is a user network interface (UNI) or enhanced network interface (ENI), you must use the no shutdown interface configuration command to enable it before using the switchport port-security aging command.
Page 653 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport port-security aging Examples This example sets the aging time as 2 hours for absolute aging for all the secure addresses on the port. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport port-security aging time 120 This example sets the aging time as 2 minutes for inactivity aging type with aging enabled for configured secure addresses on the port.
Page 654: Switchport Private-Vlan
Use the switchport private-vlan interface configuration command to define a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of this command to remove the private-VLAN association or mapping from the port.
Page 655 A promiscuous port must be an NNI; UNIs or ENIs cannot be configured as promiscuous ports. To configure a port as a UNI, enter the port-type uni interface configuration command. If the port is in private-VLAN host or promiscuous mode but the VLANs do not exist, the command is allowed, but the port is made inactive.
Page 656: Switchport Protected
Use the switchport protected interface configuration command to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch. Use the no form of this command to disable protection on the port.
Page 657 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands switchport protected Related Commands Command Description show interfaces Displays the administrative and operational status of a switching (nonrouting) switchport port, including port blocking and port protection settings. switchport block Prevents unknown multicast or unicast traffic on the interface.
Page 658: Switchport Trunk
Use the switchport trunk interface configuration command to set the trunk characteristics when the interface is in trunking mode. Use the no form of this command to reset a trunking characteristic to the default. switchport trunk {allowed vlan vlan-list | native vlan vlan-id}...
Page 659 All untagged traffic received on an IEEE 802.1Q trunk port is forwarded with the native VLAN • configured for the port. If a packet has a VLAN ID that is the same as the sending-port native VLAN ID, the packet is sent • without a tag; otherwise, the switch sends the packet with a tag.
Page 660: System Env Temperature Threshold Yellow
For example, if the red threshold is 66 degrees C and you want to configure the yellow threshold as 51 degrees C, set the difference between the thresholds as 15 by using the system env temperature threshold yellow 15 command.
Page 661 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands system env temperature threshold yellow Related Commands Command Description show env temperature status Displays the switch temperature status and thresholds. Cisco ME 3400 Ethernet Access Switch Command Reference 2-635...
Page 662: System Mtu
OSPF. Defaults The default MTU size for all ports is 1500 bytes. However, if you configure a different value for the system MTU, that configured value becomes the default MTU size for routed ports when it is applied following a switch reset.
Page 663 When the configuration change takes effect, the routing MTU size defaults to the new system MTU size. If you enter a value that is outside the range for the specific type of switch, the value is not accepted. Note The switch does not support setting the MTU on a per-interface basis.
Page 664 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands system mtu Related Commands Command Description show system mtu Displays the packet size set for Fast Ethernet and Gigabit Ethernet ports. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 665: Table-Map
This command was introduced. Usage Guidelines Use this command to specify the name of the table map that you want to create or to modify and to enter table-map configuration mode. You use the table-map command to create a mapping table, which is a type of conversion chart used for establishing a to-from relationship between packet-marking types or categories.
Page 666 You cannot use table maps in output policy maps. Examples This example shows how to create a table map to map DSCP to CoS values, setting those DSCP values that are not mapped to a CoS value of 4: Switch(config)# table-map dscp-to-cos...
Page 667: Test Cable-Diagnostics Tdr
Note TDR is supported only on the copper Ethernet 10/100 or 10/100/100 ports on the Cisco ME switch. This includes dual-purpose ports on the ME 3400-12CS or ME 3400-2CS switches that are configured as 10/100/1000 ports by using the RJ-45 connector.
Page 668 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands test cable-diagnostics tdr Related Commands Command Description show cable-diagnostics tdr Displays the TDR results. Cisco ME 3400 Ethernet Access Switch Command Reference 2-642 OL-9640-07...
Page 669: Traceroute Mac
Layer 2 traceroute is available only on NNIs. Note When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
Page 670 If the source or destination MAC address belongs to multiple VLANs, you must specify the VLAN to which both the source and destination MAC addresses belong. If the VLAN is not specified, the path is not identified, and an error message appears.
Page 671 Gi0/2 [auto, auto] => Fa0/1 [auto, auto] Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2) Layer 2 trace completed. This example shows the Layer 2 path when the switch cannot find the destination port for the source MAC address: Switch# traceroute mac 0000.0011.1111 0000.0201.0201 Error:Source Mac address not found.
Page 672: Traceroute Mac Ip
Layer 2 traceroute is available only on network node interfaces (NNIs). Note When the switch detects an device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
Page 673 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands traceroute mac ip If an ARP entry does not exist, the switch sends an ARP query and tries to resolve the IP address. • The IP addresses must be in the same subnet. If the IP address is not resolved, the path is not identified, and an error message appears.
Page 674: Udld
Use the udld global configuration command to enable aggressive or normal mode in the UniDirectional Link Detection (UDLD) and to set the configurable message timer time. Use the no form of the command to disable aggressive or normal mode UDLD on all fiber-optic ports.
Page 675 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands udld The no udld port interface configuration command followed by the udld port or udld port • aggressive interface configuration command to re-enable UDLD on the specified interface •...
Page 676: Udld Port
To enable UDLD in normal mode, use the udld port interface configuration command. To enable UDLD in aggressive mode, use the udld port aggressive interface configuration command. Use the no udld port command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on nonfiber-optic ports.
Page 677 This example shows how to enable UDLD on an port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# udld port This example shows how to disable UDLD on a fiber-optic interface despite the setting of the udld global configuration command: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no udld port You can verify your settings by entering the show running-config or the show udld interface privileged EXEC command.
Page 678: Udld Reset
12.2(25)EX This command was introduced. Usage Guidelines If the interface configuration is still enabled for UDLD, these ports begin to run UDLD again and are disabled for the same reason if the problem has not been corrected. Examples This example shows how to reset all interfaces disabled by UDLD: Switch# udld reset 1 ports shutdown by UDLD were reset.
Page 679: Uni Count
UNI count value greater than the actual number of endpoints, the UNI status shows as partially active even if all endpoints are up. If you enter a UNI count less than the actual number of endpoints, UNI status shows as active, even if all endpoints are not up.
Page 680 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands uni count Examples This example shows how to a UNI count of two with point-to-multipoint service: Switch(config)# ethernet evc test1 Switch(config-evc)# uni count 2 multipoint Related Commands Command Description...
Page 681: Uni-Vlan
VLAN can exchange packets with one another; UNIs and ENIs in an isolated VLAN cannot exchange packets. Use the no form of this command to return the VLAN to the default UNI-ENI isolated VLAN.
Page 682 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands uni-vlan To change a UNI-ENI isolated VLAN to an RSPAN VLAN or a private VLAN, enter the rspan-vlan or private-vlan VLAN configuration command. This overwrites the default isolated VLAN configuration.
Page 683: Vlan
VLAN ID, you receive an error message and do not enter VLAN configuration mode. When you enter the VLAN ID of an existing VLAN, you do not create a new VLAN, but you can modify VLAN parameters for that VLAN. The specified VLANs are added or modified when you exit VLAN configuration mode.
Page 684 1500 to 18190. The default is 1500 bytes. • name vlan-name: names the VLAN with an ASCII string from 1 to 32 characters that must be unique within the administrative domain. The default is VLANxxxx where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number.
Page 685 VLAN is translationally bridged. Translational VLANs translate FDDI or Token Ring to Ethernet, for example. The range is 0 to 1005. If no value is specified, 0 (no transitional bridging) is assumed. uni-vlan {community | isolated}: configures the VLAN as a user network interface-enhanced •...
Page 686: Vlan Access-Map
VLAN access-map configuration, where you can use the match access-map configuration command to specify the access lists for IP or non-IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped.
Page 687 For more information about VLAN map entries, see the software configuration guide for this release. Note Examples This example shows how to create a VLAN map named vac1 and apply matching conditions and actions to it. If no other entries already exist in the map, this will be entry 10. Switch(config)# vlan access-map vac1...
Page 688: Vlan Dot1Q Tag Native
Use the vlan dot1q tag native global configuration command to enable tagging of native VLAN frames on all IEEE 802.1Q trunk ports. Use the no form of this command to return to the default setting. vlan dot1q tag native...
Page 689 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands vlan dot1q tag native Related Commands Command Description show vlan dot1q tag native Displays 802.1Q native VLAN tagging status. Cisco ME 3400 Ethernet Access Switch Command Reference 2-663 OL-9640-07...
Page 690: Vlan Filter
Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands vlan filter vlan filter Use the vlan filter global configuration command to apply a VLAN map to one or more VLANs. Use the no form of this command to remove the map. vlan filter mapname vlan-list {list | all}...
Page 691 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands vlan filter Related Commands Command Description show vlan access-map Displays information about a particular VLAN access map or all VLAN access maps. show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map.
Page 692: Vmps Reconfirm (Privileged Exec)
This example shows how to immediately send VQP queries to the VMPS: Switch# vmps reconfirm You can verify your setting by entering the show vmps privileged EXEC command and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time the assignments were reconfirmed either because the reconfirmation timer expired or because the vmps reconfirm command was entered.
Page 693: Vmps Reconfirm (Global Configuration)
(global configuration) Use the vmps reconfirm global configuration command to change the reconfirmation interval for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting. vmps reconfirm interval no vmps reconfirm...
Page 694: Vmps Retry
Use the vmps retry global configuration command to configure the per-server retry count for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting. vmps retry count no vmps retry...
Page 695: Vmps Server
Use the vmps server global configuration command to configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers. Use the no form of this command to remove a VMPS server. vmps server ipaddress [primary]...
Page 696 Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands vmps server Related Commands Command Description show vmps Displays VQP and VMPS information. Cisco ME 3400 Ethernet Access Switch Command Reference 2-670 OL-9640-07...
Page 697: Appendix
During normal boot loader operation, you are not presented with the boot loader command-line prompt. You gain access to the boot loader command line if the switch is set to manually boot, if an error occurs during power-on self-test (POST) DRAM testing, or if an error occurs while loading the operating system (a corrupted Cisco IOS image).
Page 698: Boot
The switch attempts to automatically boot the system by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory.
Page 699 Cisco ME 3400 Ethernet Access Switch Boot Loader Commands boot Related Commands Command Description Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command. Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 700: Cat
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands Use the cat boot loader command to display the contents of one or more files. cat filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 701: Copy
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands copy copy Use the copy boot loader command to copy a file from a source to a destination. copy [-b block-size] filesystem:/source-file-url filesystem:/destination-file-url Syntax Description -b block-size (Optional) This option is used only for internal development and testing.
Page 702 Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands delete delete Use the delete boot loader command to delete one or more files from the specified file system. delete filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 703: Dir
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands Use the dir boot loader command to display a list of files and directories on the specified file system. dir filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 704 Cisco ME 3400 Ethernet Access Switch Boot Loader Commands Table A-1 dir Field Descriptions Field Description Index number of the file. -rwx File permission, which can be any or all of the following: d—directory • r—readable • w—writable • x—executable •...
Page 705: Flash_Init
Usage Guidelines During the normal boot process, the flash file system is automatically initialized. Use this command to manually initialize the flash file system. For example, you use this command during the recovery procedure for a lost or forgotten password.
Page 706: Format
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands format format Use the format boot loader command to format the specified file system and destroy all data in that file system. format filesystem: Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 707: Fsck
Modification 12.2(25)EX This command was introduced. Usage Guidelines To stop an in-progress file system consistency check, disconnect the switch power and then reconnect the power. Examples This example shows how to perform an extensive file system check on flash memory:...
Page 708: Help
Boot loader Command History Release Modification 12.2(25)EX This command was introduced. Usage Guidelines You can also use the question mark (?) to display a list of available boot loader commands. Cisco ME 3400 Ethernet Access Switch Command Reference A-12 OL-9640-07...
Page 709: Memory
Text Beginning and ending address of the text storage area. Rotext Beginning and ending address of the read-only text storage area. This part of the data segment is grouped with the Text entry. Data Beginning and ending address of the data segment storage area.
Page 710: Mkdir
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands mkdir mkdir Use the mkdir boot loader command to create one or more new directories on the specified file system. mkdir filesystem:/directory-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 711: More
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands more more Use the more boot loader command to display the contents of one or more files. more filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 712: Rename
Usage Guidelines Filenames and directory names are case sensitive. Directory names are limited to 45 characters between the slashes (/); the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons. Filenames are limited to 45 characters; the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons.
Page 713: Reset
Cisco ME 3400 Ethernet Access Switch Boot Loader Commands reset reset Use the reset boot loader command to perform a hard reset on the system. A hard reset is similar to power-cycling the switch, clearing the processor, registers, and memory. reset Syntax Description This command has no arguments or keywords.
Page 714: Rmdir
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands rmdir rmdir Use the rmdir boot loader command to remove one or more empty directories from the specified file system. rmdir filesystem:/directory-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 715: Set
Break key on the console. Valid values are 1, yes, on, 0, no, and off. If it is set to 1, yes, or on, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system has initialized.
Page 716 A variable has no value if it is not listed in this file; it has a value if it is listed in the file even if the value is a null string.
Page 717: Unset
The HELPER_CONFIG_FILE environment variable can also be set by using the boot helper-config-file filesystem:/file-url global configuration command. The boot loader prompt string (PS1) can be up to 120 printable characters except the equal sign (=). Examples This example shows how to change the boot loader prompt:...
Page 718 Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands type type Use the type boot loader command to display the contents of one or more files. type filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 719 HELPER_CONFIG_FILE—Resets the name of the configuration file to be used by the Cisco IOS helper image. If this is not set, the file specified by the CONFIG_FILE environment variable is used by all versions of Cisco IOS that are loaded, including the helper image. This variable is used only for internal development and testing.
Page 720 The MANUAL_BOOT environment variable can also be reset by using the no boot manual global configuration command. The BOOT environment variable can also be reset by using the no boot system global configuration command. The ENABLE_BREAK environment variable can also be reset by using the no boot enable-break global configuration command.
Page 721: Version
Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands version version Use the version boot loader command to display the boot loader version. version Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
Page 722 Appendix A Cisco ME 3400 Ethernet Access Switch Boot Loader Commands version Cisco ME 3400 Ethernet Access Switch Command Reference A-26 OL-9640-07...
Page 723: Appendix
This appendix describes the debug privileged EXEC commands that have been created or changed for use with the Cisco ME 3400 Ethernet Access switch. These commands are helpful in diagnosing and resolving internetworking problems and should be enabled only under the guidance of Cisco technical support staff.
Page 724: Debug Backup
{all | errors | events | vlan-load-balancing} no debug backup {all | errors | events | vlan-load-balancing} This command is available only when the switch is running the metro access or metro IP access image. Syntax Description Display all backup interface debug messages.
Page 725: Debug Dot1X
Use the debug dot1x privileged EXEC command to enable debugging of the IEEE 802.1x feature. Use the no form of this command to disable debugging. debug dot1x {all | errors | events | packets | registry | state-machine}...
Page 726: Debug Etherchannel
Use the debug etherchannel privileged EXEC command to enable debugging of the EtherChannel/PAgP shim. This shim is the software module that is the interface between the Port Aggregation Protocol (PAgP) software module and the port manager software module. Use the no form of this command to disable debugging.
Page 727: Debug Ethernet Service
{all | api | error | evc [id evc-id] | instance [id id interface-id | interface interface-id] | interface [interface-id] | oam-mgr} no debug ethernet service {all | api | error | evc [id evc-id] | instance [id id interface-id | interface interface-id] | interface [interface-id] | oam-mgr} This command is available only if your switch is running the metro IP access or metro access image.
Page 728 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug ethernet service Related Commands Command Description show debugging Displays information about the types of debugging that are enabled. Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 729: Debug Ip Dhcp Snooping
{mac-address | agent | event | packet} no debug ip dhcp snooping {mac-address | agent | event | packet} This command is available only when the switch is running the metro access or metro IP access image. Syntax Description mac-address Display debug messages for a DHCP packet with the specified MAC address.
Page 730: Debug Ip Verify Source Packet
Use the no form of this command to disable debugging. debug ip verify source packet no debug ip verify source packet This command is available only when the switch is running the metro access or metro IP access image. Syntax Description This command has no arguments or keywords.
Page 731: Debug Interface
Cisco ME 3400 Ethernet Access Switch Debug Commands debug interface debug interface Use the debug interface privileged EXEC command to enable debugging of interface-related activities. Use the no form of this command to disable debugging. debug interface {interface-id | null interface-number | port-channel port-channel-number |...
Page 732: Debug Ip Igmp Filter
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug ip igmp filter command is the same as the no debug ip igmp filter command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 733: Debug Ip Igmp Max-Groups
Command History Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug ip igmp max-groups command is the same as the no debug ip igmp max-groups command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 734: Debug Ip Igmp Snooping
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug ip igmp snooping command is the same as the no debug ip igmp snooping command. Related Commands Command Description debug platform ip Displays information about platform-dependent IGMP snooping activity.
Page 735: Debug Lacp
Use the debug lacp privileged EXEC command to enable debugging of Link Aggregation Control Protocol (LACP) activity. Use the no form of this command to disable debugging. debug lacp [all | event | fsm | misc | packet] no debug lacp [all | event | fsm | misc | packet] LACP is available only on network node interfaces (NNIs) and enhanced network interfaces (ENIs).
Page 736: Debug Mac-Notification
Cisco ME 3400 Ethernet Access Switch Debug Commands debug mac-notification debug mac-notification Use the debug mac-notification privileged EXEC command to enable debugging of MAC notification events. Use the no form of this command to disable debugging. debug mac-notification no debug mac-notification Syntax Description This command has no arguments or keywords.
Page 737: Debug Matm
Cisco ME 3400 Ethernet Access Switch Debug Commands debug matm debug matm Use the debug matm privileged EXEC command to enable debugging of platform-independent MAC address management. Use the no form of this command to disable debugging. debug matm no debug matm Syntax Description This command has no arguments or keywords.
Page 738: Debug Matm Move Update
This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description This command has no arguments or keywords.
Page 739: Debug Monitor
{all | errors | idb-update | info | list | notifications | platform | requests | snmp} no debug monitor {all | errors | idb-update | info | list | notifications | platform | requests | snmp} Syntax Description Display all SPAN debug messages.
Page 740: Debug Mvrdbg
Use the debug mvrdbg privileged EXEC command to enable debugging of Multicast VLAN Registration (MVR). Use the no form of this command to disable debugging. debug mvrdbg {all | events | igmpsn | management | ports}...
Page 741: Debug Nvram
Cisco ME 3400 Ethernet Access Switch Debug Commands debug nvram debug nvram Use the debug nvram privileged EXEC command to enable debugging of NVRAM activity. Use the no form of this command to disable debugging. debug nvram no debug nvram Syntax Description This command has no arguments or keywords.
Page 742: Debug Pagp
Use the debug pagp privileged EXEC command to enable debugging of Port Aggregation Protocol (PAgP) activity. Use the no form of this command to disable debugging. debug pagp [all | event | fsm | misc | packet] no debug pagp [all | event | fsm | misc | packet] PAgP is available only on network node interfaces (NNIs) and enhanced network interfaces (ENIs).
Page 743: Debug Platform Acl
(ACL) manager. Use the no form of this command to disable debugging. debug platform acl {all | exit | label | main | racl | vacl | vlmap | warn} no debug platform acl {all | exit | label | main | racl | vacl | vlmap | warn} Syntax Description Display all ACL manager debug messages.
Page 744: Debug Platform Cfm
Connectivity Fault Management (CFM) service. Use the no form of this command to disable debugging. debug platform cfm no debug platform cfm This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description This command has no arguments or keywords.
Page 745: Debug Platform Backup Interface
Links platform backup interface. Use the no form of this command to disable debugging. debug platform backup interface no debug platform backup interface This command is supported only when the switch is running the metro access or metro IP access image. Syntax Description This command has no arguments or keywords.
Page 746: Debug Platform Cpu-Queues
Use the debug platform cpu-queues privileged EXEC command to enable debugging of platform central processing unit (CPU) receive queues. Use the no form of this command to disable debugging. debug platform cpu-queues {broadcast-q | cbt-to-spt-q | cpuhub-q | host-q | icmp-q |...
Page 747 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug platform cpu-queues Related Commands Command Description show debugging Displays information about the types of debugging that are enabled. Cisco ME 3400 Ethernet Access Switch Command Reference B-25 OL-9640-07...
Page 748: Debug Platform Dot1X
Cisco ME 3400 Ethernet Access Switch Debug Commands debug platform dot1x debug platform dot1x Use the debug platform dot1x privileged EXEC command to enable debugging of IEEE 802.1x events. Use the no form of this command to disable debugging. debug platform dot1x {initialization | interface-configuration | rpc}...
Page 749: Debug Platform Etherchannel
Command History Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform etherchannel command is the same as the no debug platform etherchannel command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 750: Debug Platform Forw-Tcam
(TCAM) manager. Use the no form of this command to disable debugging. debug platform forw-tcam [adjustment | allocate | audit | error | move | read | write] no debug platform forw-tcam [adjustment | allocate | audit | error | move | read | write] Syntax Description adjustment (Optional) Display TCAM manager adjustment debug messages.
Page 751: Debug Platform Ip Arp Inspection
12.2(25)EX This command was introduced. 12.2(50)SE The command was supported in the metro base image. Usage Guidelines The undebug platform ip arp inspection command is the same as the no debug platform ip arp inspection command. Related Commands Command Description show ip arp inspection Displays the dynamic ARP inspection configuration and operating state.
Page 752: Debug Platform Ip Dhcp
Use the debug platform ip dhcp privileged EXEC command to debug DHCP events. Use the no form of this command to disable debugging. debug platform ip dhcp [all | error | event | packet | rpc]...
Page 753: Debug Platform Ip Igmp Snooping
{all | di | error | event | group | mgmt | pak | retry | rpc | warn} debug platform ip igmp snooping pak {ip-address | error | ipopt | leave| query | report | rx | svi...
Page 754 Command History Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform ip igmp snooping command is the same as the no debug platform ip igmp snooping command. Related Commands Command Description debug ip igmp Displays information about platform-independent IGMP snooping activity.
Page 755: Debug Platform Ip Multicast
{acl-full-events | all | mdb | mdfs-rp-retry | midb | mroute-rp | resources | retry | rpf-throttle | snoop-events | software-forward | swidb-events | vlan-locks} This command is available only when the switch is running the metro access or metro IP access image Syntax Description acl-full-events Display IP-multicast output ACL full debug messages.
Page 756 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug platform ip multicast Related Commands Command Description show debugging Displays information about the types of debugging that are enabled. Cisco ME 3400 Ethernet Access Switch Command Reference B-34 OL-9640-07...
Page 757: Debug Platform Ip Source-Guard
Use the debug platform ip source-guard privileged EXEC command to debug IP source guard events. Use the no form of this command to disable debugging. debug platform ip source-guard {all | error | event}...
Page 758: Debug Platform Ip Unicast
| retry | route | rpc | standby | statistics} no debug platform ip unicast {adjacency | all | arp | dhcp | errors | events | interface | mpath | registries | retry | route | rpc | standby | statistics} This command is available only when the switch is running the metro access or metro IP access image.
Page 759 Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform ip unicast command is the same as the no debug platform ip unicast command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 760: Debug Platform Ipc
{all | init | receive | send | trace} no debug platform {all | init | receive | send | trace} This command is available only when the switch is running the metro access or metro IP access image. Syntax Description Display all platform IPC debug messages.
Page 761: Debug Platform Led
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform led command is the same as the no debug platform led command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 762: Debug Platform Matm
MAC address management. Use the no form of this command to disable debugging. debug platform matm {aging | all | ec-aging | errors | learning | rpc | secure-address | warnings} no debug platform matm {aging | all | ec-aging | errors | learning | rpc | secure-address |...
Page 763: Debug Platform Messaging Application
Use the debug platform messaging application privileged EXEC command to enable debugging of application messaging activity. Use the no form of this command to disable debugging. debug platform messaging application {all | badpak | cleanup | events | memerr | messages | usererr}...
Page 764: Debug Platform Phy
| forced | init-seq | link-status | read | sfp | show-controller | speed | write} no debug platform phy {automdix | cablediag | dual-purpose | flcd {configure | ipc | iter | trace} flowcontrol | forced | init-seq | link-status | read | sfp | show-controller | speed | write}...
Page 765 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug platform phy Usage Guidelines The undebug platform phy command is the same as the no debug platform phy command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 766: Debug Platform Pm
{all | counters | errdisable | etherchnl | exceptions | hpm-events | idb-events | if-numbers | ios-events | link-status | platform | pm-events | pm-vectors [detail] | rpc [general | oper-info | state | vectors | vp-events] | soutput | sync | vlans} Syntax Description Display all port-manager debug messages.
Page 767 Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform pm command is the same as the no debug platform pm command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 768: Debug Platform Policer Cpu Uni-Eni
The command was changed from debug platform policer cpu uni to debug platform policer cpu uni-eni. Usage Guidelines The undebug platform policer cpu uni-eni command is the same as the no debug platform policer cpu uni-eni command. Related Commands Command...
Page 769: Debug Platform Port-Asic
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform port-asic command is the same as the no debug platform port-asic command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 770: Debug Platform Port-Security
Use the no form of this command to disable debugging. debug platform port-security {add | aging | all | delete | errors | rpc | warnings} no debug platform port-security {add | aging | all | delete | errors | rpc | warnings} Syntax Description Display secure address addition debug messages.
Page 771: Debug Platform Qos-Acl-Tcam
Use the no form of this command to disable debugging. debug platform qos-acl-tcam {all | ctcam | errors | labels | rpc | tcam} no debug platform qos-acl-tcam {all | ctcam | errors | labels | rpc | tcam} Syntax Description Display all QoS and ACL TCAM (QATM) manager debug messages.
Page 772: Debug Platform Remote-Commands
Cisco ME 3400 Ethernet Access Switch Debug Commands debug platform remote-commands debug platform remote-commands Use the debug platform remote-commands privileged EXEC command to enable debugging of remote commands. Use the no form of this command to disable debugging. debug platform remote-commands...
Page 773: Debug Platform Rep
Release Modification 12.2(40)SE This command was introduced. Usage Guidelines The undebug platform rep command is the same as the no debug platform rep command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 774: Debug Platform Resource-Manager
Use the no form of this command to disable debugging. debug platform resource-manager {all | dm | erd | errors | madmed | sd | stats | vld} no debug platform resource-manager {all | dm | erd | errors | madmed | sd | stats | vld} Syntax Description Display all resource manager debug messages.
Page 775: Debug Platform Snmp
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform snmp command is the same as the no debug platform snmp command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 776: Debug Platform Span
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform span command is the same as the no debug platform span command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 777: Debug Platform Supervisor-Asic
Use the debug platform supervisor-asic privileged EXEC command to enable debugging of the supervisor application-specific integrated circuit (ASIC). Use the no form of this command to disable debugging. debug platform supervisor-asic {all | errors | receive | send}...
Page 778: Debug Platform Sw-Bridge
Use the debug platform sw-bridge privileged EXEC command to enable debugging of the software bridging function. Use the no form of this command to disable debugging. debug platform sw-bridge {broadcast | control | multicast | packet | unicast}...
Page 779: Debug Platform Tcam
{acl {input | output} | local | qos} no debug platform tcam log l3 {acl {input | output} | local | qos | secondary} no debug platform tcam read {reg | ssram | tcam}...
Page 780 TCAM-register write debug messages. tcam—Display TCAM-write debug messages. Though visible in the command-line help strings, the log l3 ipv6 {acl {input | output} | local | qos | Note secondary} keywords are not supported.
Page 781: Debug Platform Udld
Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug platform udld command is the same as the no debug platform udld command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 782: Debug Platform Vlan
Use the debug platform vlan privileged EXEC command to enable debugging of the VLAN manager software. Use the no form of this command to disable debugging. debug platform vlan {errors | mvid | rpc}...
Page 783: Debug Pm
Use the no form of this command to disable debugging. debug pm {all | assert | card | cookies | etherchnl | hatable | messages | port | registry | sm | span | split | vlan | vp}...
Page 784 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug pm Related Commands Command Description show debugging Displays information about the types of debugging that are enabled. Cisco ME 3400 Ethernet Access Switch Command Reference B-62 OL-9640-07...
Page 785: Debug Port-Security
Use the debug port-security privileged EXEC command to enable debugging of the allocation and states of the port security subsystem. Use the no form of this command to disable debugging. debug port-security no debug port-security Syntax Description This command has no arguments or keywords.
Page 786: Debug Rep
{all | bpa-event | bpasm | epasm | error | failure-recovery | lslsm | packet | prsm} no debug rep {all | bpa-event | bpasm | epasm | error | failure-recovery | lslsm | packet | prsm} Syntax Description Display all REP debug messages.
Page 787: Debug Qos-Manager
Cisco ME 3400 Ethernet Access Switch Debug Commands debug qos-manager debug qos-manager Use the debug qos-manager privileged EXEC command to enable debugging of the quality of service (QoS) manager software. Use the no form of this command to disable debugging. debug qos-manager {all | event | verbose}...
Page 788: Debug Spanning-Tree
Use the no form of this command to disable debugging. debug spanning-tree {all | bpdu | bpdu-opt | config | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | switch | synchronization}...
Page 789 Command History Release Modification 12.2(25)EX This command was introduced. Usage Guidelines The undebug spanning-tree command is the same as the no debug spanning-tree command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 790: Debug Spanning-Tree Bpdu
Use the debug spanning-tree bpdu privileged EXEC command to enable debugging of sent and received spanning-tree bridge protocol data units (BPDUs). Use the no form of this command to disable debugging. debug spanning-tree bpdu [receive | transmit]...
Page 791: Debug Spanning-Tree Bpdu-Opt
Use the debug spanning-tree bpdu-opt privileged EXEC command to enable debugging of optimized spanning-tree bridge protocol data units (BPDUs) handling. Use the no form of this command to disable debugging. debug spanning-tree bpdu-opt [detail | packet]...
Page 792: Debug Spanning-Tree Mstp
Spanning Tree Protocol (MSTP) software. Use the no form of this command to disable debugging. debug spanning-tree mstp {all | boundary | bpdu-rx | bpdu-tx | errors | flush | init | migration | pm | proposals | region | roles | sanity_check | sync | tc | timers}...
Page 793 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug spanning-tree mstp Usage Guidelines The undebug spanning-tree mstp command is the same as the no debug spanning-tree mstp command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 794: Debug Spanning-Tree Switch
{all | errors | flush | general | helper | pm | rx {decode | errors | interrupt | process} | state | tx [decode]} no debug spanning-tree switch {all | errors | flush | general | helper | pm | rx {decode | errors | interrupt | process} | state | tx [decode]} Syntax Description Display all spanning-tree switch debug messages.
Page 795 Appendix B Cisco ME 3400 Ethernet Access Switch Debug Commands debug spanning-tree switch Usage Guidelines The undebug spanning-tree switch command is the same as the no debug spanning-tree switch command. Related Commands Command Description show debugging Displays information about the types of debugging that are enabled.
Page 796: Debug Sw-Vlan
Use the debug sw-vlan privileged EXEC command to enable debugging of VLAN manager activities. Use the no form of this command to disable debugging. debug sw-vlan {badpmcookies | cfg-vlan {bootup | cli} | events | ifs | management | notification | packets | registries}...
Page 797: Debug Sw-Vlan Ifs
(IFS) error tests. Use the no form of this command to disable debugging. debug sw-vlan ifs {open {read | write} | read {1 | 2 | 3 | 4} | write} no debug sw-vlan ifs {open {read | write} | read {1 | 2 | 3 | 4} | write} Syntax Description open {read | write} Display VLAN manager IFS file-open operation debug messages.
Page 798: Debug Sw-Vlan Notification
Use the debug sw-vlan notification privileged EXEC command to enable debugging of the activation and deactivation of VLAN IDs. Use the no form of this command to disable debugging. debug sw-vlan notification {accfwdchange | allowedvlancfgchange | fwdchange | linkchange |...
Page 799 Displays information about the types of debugging that are enabled. show vlan Displays the parameters for all configured VLANs or one VLAN (if the VLAN name or ID is specified) in the administrative domain. Cisco ME 3400 Ethernet Access Switch Command Reference...
Page 800: Debug Udld
For debug udld packets, these debugging messages appear: General packet processing program flow on receipt of an incoming packet • Indications of the contents of the various pieces of packets received (such as type length versions • [TLVs]) as they are examined by the packet reception code Packet transmission attempts and the outcome •...
Page 801: Debug Udld B
Related Commands Command Description show debugging Displays information about the types of debugging that are enabled. show udld Displays UDLD administrative and operational status for all ports or the specified port. Cisco ME 3400 Ethernet Access Switch Command Reference B-79 OL-9640-07...
Page 802: Debug Vqpc
Use the debug vqpc privileged EXEC command to enable debugging of the VLAN Query Protocol (VQP) client. Use the no form of this command to disable debugging. debug vqpc [all | cli | events | learn | packet]...
Page 803: Appendix
This appendix describes the show platform privileged EXEC commands that have been created or changed for use with the Cisco ME 3400 Ethernet Access switch. These commands display information helpful in diagnosing and resolving internetworking problems and should be used only under the guidance of Cisco technical support staff.
Page 804: Show Platform Acl
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 805: Show Platform Backup Interface
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 806: Show Platform Cfm
Ethernet networks. show platform cfm [ | {begin | exclude | include} expression] This command is supported only when the switch is running the metro IP access or metro access image. Syntax Description | begin (Optional) Display begins with the line that matches the expression.
Page 807: Show Platform Configuration
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 808: Show Platform Dl
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 809: Show Platform Etherchannel
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 810: Show Platform Forward
[vlan vlan-id] src-mac dst-mac [l3protocol-id] [sap | snap] [cos cos] [ip src-ip dst-ip [frag field] [dscp dscp] {l4protocol-id | icmp icmp-type icmp-code | igmp igmp-version igmp-type | tcp src-port dst-port flags | udp src-port dst-port} [ | {begin | exclude | include} expression]...
Page 811: Show Platform Forward C
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 812: Show Platform Frontend-Controller
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 813: Show Platform Ip Igmp Snooping
Internet Group Management Protocol (IGMP) snooping information. show platform ip igmp snooping {all | control [di] | counters | flood [vlan vlan-id] | group ip-address | hardware | retry [count | local [count] | remote [count]]} [ | {begin | exclude | include} expression] Syntax Description Display all IGMP snooping platform IP multicast information.
Page 814 Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 815: Show Platform Ip Multicast
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 816: Show Platform Ip Unicast
{adjacency | cef-idb | counts | dhcp | failed {adjacency | arp [A.B.C.D] | route} | loadbalance | mpaths | route | standby | statistics | trace} [ | {begin | exclude | include} expression]...
Page 817 Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 818: Show Platform Ipc Trace
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 819: Show Platform Ipv6 Unicast
| route [ipv6-prefix/prefix length | tcam] [detail] | statistics | table [detail] | trace} [| {begin | exclude | include} expression] This command is available only if the switch is running the metro IP access image and you have Note configured a dual IPv4 and IPv6 Switch Database Management (SDM) template on the switch.
Page 820 Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 821: Show Platform L2Pt Dm
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 822: Show Platform Layer4Op
Use the show platform layer4op privileged EXEC command to display platform-dependent Layer 4 operator information. show platform layer4op {acl | qos [port-asic]} {and-or | map | or-and | vcu} [ | {begin | exclude | include} expression] Syntax Description Display access control list (ACL) Layer 4 operators information.
Page 823: Show Platform Mac-Address-Table
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 824: Show Platform Messaging
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 825: Show Platform Monitor
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 826: Show Platform Mvr Table
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 827: Show Platform Pm
Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 828: Show Platform Policer Cpu
27 CPU protection policers, numbered 0 to 26. A policer of 26 means a drop policer; any traffic type shown as 26 on any port is dropped. A policer of a value of 0 to 25 means that a rate-limiting policer is assigned to the port for the control protocol.
Page 829 UNI. Because the port is Fast Ethernet 1, the identifier for rate-limited protocols is 0; a display for Fast Ethernet port 5 would display an identifier of 4. The Policer Index refers to the specific protocol. The ASIC number indicates when the policer is on a different ASIC.
Page 830 This example shows the policers assigned to a ENI when control protocols are enabled on the interface. A value of 22 indicates that protocol packets are rate-limited for that protocol. When the protocol is not enabled, the defaults are the same as for a UNI.
Page 831 Appendix C Cisco ME 3400 Ethernet Access Switch Show Platform Commands show platform policer cpu Related CommandsS Command Description show policer cpu uni-eni Displays control-plane policer information for the switch. Cisco ME 3400 Ethernet Access Switch Command Reference C-29 OL-9640-07...
Page 832: Show Platform Port-Asic
[asic number | port number [asic number]] | global-status [asic number | port number [asic number]] | learning [asic number | port number [asic number]] | mac-info [asic number | port number [asic number]] | mvid [asic number] |...
Page 833 ASIC. The number is always 0. port number—(Optional) Display information for the • specified port and ASIC number. The range is 0 to 27, where 0 is the supervisor and 1 to 25 are the ports. learning [asic number | port Display entries in the learning cache.
Page 834 ASIC. The number is always 0. port number—(Optional) Display information for the • specified port and ASIC number. The range is 0 to 27, where 0 is the supervisor and 1 to 25 are the ports. prog-parser [asic number | port Display the programmable parser tables.
Page 835 Expression in the output to use as a reference point. Though visible in the command-line help strings, the stack {control | dest-map | learning | messages | Note mvid | prog-parser | span | stats [asic number | port number [asic number]] keywords are not supported.
Page 836: Show Platform Port-Security
Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 837: Show Platform Qos
Cisco ME 3400 Ethernet Access Switch Show Platform Commands show platform qos show platform qos Use the show platform qos privileged EXEC command to display platform-dependent quality of service (QoS) information. show platform qos debug [aggregate-policer aggregate-policer-name | global-config |...
Page 838 (Optional) Display excludes lines that match the expression. | include (Optional) Display includes lines that match the specified expression. expression Expression in the output to use as a reference point. Command Modes Privileged EXEC Cisco ME 3400 Ethernet Access Switch Command Reference C-36...
Page 839 Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 840: Show Platform Resource-Manager
{dm [index number] | erd [index number] | mad [index number] | med [index number] | mod | msm {hash-table [vlan vlan-id] | mac-address mac-address [vlan vlan-id]} | sd [index number] | vld [index number]} [ | {begin...
Page 841 Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 842: Show Platform Snmp Counters
Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 843: Show Platform Spanning-Tree Synchronization
Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 844: Show Platform Status
Do not use this command unless a technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 845: Show Platform Stp-Instance
Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 846: Show Platform Tcam
Use the show platform tcam privileged EXEC command to display platform-dependent ternary content addressable memory (TCAM) driver information. show platform tcam {handle number | log-results | table {acl | all | equal-cost-route | local | mac-address | multicast-expansion | qos | secondary | station | vlan-list} | usage} [asic...
Page 847 (Optional) Display includes lines that match the specified expression. expression Expression in the output to use as a reference point. Though visible in the command-line help strings, the ipv6, multicast-expansion and usage keywords Note are not supported. Command Modes Privileged EXEC...
Page 848 Do not use this command unless your technical support representative asks you to do so. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 849: Show Platform Vlan
Use the show platform vlan privileged EXEC command to display platform-dependent VLAN information. show platform vlan {misc | mvid | refcount | rpc {receive | transmit}} [ | {begin | exclude | include} expression] Syntax Description misc Display miscellaneous VLAN module information.
Page 850 Appendix C Cisco ME 3400 Ethernet Access Switch Show Platform Commands show platform vlan Cisco ME 3400 Ethernet Access Switch Command Reference C-48 OL-9640-07...
Page 851: Appendix
All rights reserved. This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions: The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it.
Page 852: A P P E N D I X D Acknowledgments For Open-Source Software
Appendix D Acknowledgments for Open-Source Software Cisco ME 3400 Ethernet Access Switch Command Reference OL-9640-07...
Page 853: I N D E X
2-21 action command manually 2-24 address aliasing 2-255 boot loader aggregate policers accessing applying 2-283 booting creating 2-279 Cisco IOS image displaying 2-494 helper image 2-22 2-280 aggregate-port learner 2-261 Cisco ME 3400 Ethernet Access Switch Command Reference IN-1 OL-9640-07...
Page 854 QoS policers committed information rate in QoS policers 2-275, 2-279 2-275, 2-279 configuration files password recovery disable considerations specifying the name 2-20, 2-25 configuring multiple interfaces 2-114 cat (boot loader) command Cisco ME 3400 Ethernet Access Switch Command Reference IN-2 OL-9640-07...
Page 855 B-39 setting value in policy maps debug platform matm command 2-336 B-40 CoS value, assigning to Layer 2 protocol packets debug platform messaging application command 2-196 B-41 CPU ASIC statistics, displaying debug platform phy command 2-359...
Page 856 2-63 differentiated service code point display 2-353 See DSCP permit packets 2-265 Digital Optical Monitoring clear see DoM log buffer 2-37 dir (boot loader) command statistics 2-38 directories, deleting 2-62 Cisco ME 3400 Ethernet Access Switch Command Reference IN-4 OL-9640-07...
Page 857 2-99 errdisable recovery cause small-frame 2-97 ethernet lmi ce-vlan map command 2-101, 2-103 errdisable recovery command 2-95 ethernet lmi command 2-99 error conditions, displaying 2-382 error disable detection 2-91 Cisco ME 3400 Ethernet Access Switch Command Reference IN-5 OL-9640-07...
Page 858 IGMP maximum groups, debugging B-11 configuring preferred VLAN 2-611 IGMP profiles displaying 2-399 creating 2-156 flowcontrol command 2-110 displaying 2-427 format (boot loader) command A-10 forwarding packets, with ACL matches forwarding results, display Cisco ME 3400 Ethernet Access Switch Command Reference IN-6 OL-9640-07...
Page 859 Index IGMP snooping Internet Group Management Protocol adding ports as a static member of a group See IGMP 2-171 displaying invalid GBIC 2-428, 2-432, 2-434 enabling error detection for 2-158 2-91 enabling the configurable-leave timer 2-160 error recovery timer 2-95...
Page 860 Layer 2 protocol ports, displaying 2-171 2-448 IP multicast addresses 2-254 Layer 2 protocol-tunnel IP precedence, as match criteria for QoS groups error detection for 2-239 2-91 ip source binding command error recovery timer 2-173...
Page 861 2-223 monitor session command 2-250 macro description command more (boot loader) command 2-227 A-15 macro global command 2-228 macro global description command 2-230 macro name command 2-231 Cisco ME 3400 Ethernet Access Switch Command Reference IN-9 OL-9640-07...
Page 862 2-588 displaying 2-484 switch priority 2-586 displaying interface information 2-486 members, displaying 2-488 mvr (global configuration) command 2-254 mvr (interface configuration) command 2-257 mvr vlan group command 2-258 Cisco ME 3400 Ethernet Access Switch Command Reference IN-10 OL-9640-07...
Page 863 2-277 See EtherChannel applying 2-331 pagp learn-method command 2-261 applying to an interface 2-288, 2-331, 2-344 pagp port-priority command 2-263 child 2-333 parent policy maps 2-334 creating 2-287 Cisco ME 3400 Ethernet Access Switch Command Reference IN-11 OL-9640-07...
Page 864 802.1x parameters 2-73 configuring 2-628 switch-to-authentication server retransmission displaying 2-399 time 2-86 promiscuous ports 2-619 switch-to-client frame-retransmission privileged EXEC mode 1-2, 1-3 number 2-77 to 2-78 product identification information, displaying 2-414 Cisco ME 3400 Ethernet Access Switch Command Reference IN-12 OL-9640-07...
Page 865 2-311 setting in policy maps 2-342 rep lsl-age-timer command 2-314 rep preempt delay command 2-315 rep preempt segment command 2-317 rep segment command 2-318 rep stcn command 2-321 Cisco ME 3400 Ethernet Access Switch Command Reference IN-13 OL-9640-07...
Page 866 2-336 show ip dhcp snooping binding command 2-420 set dscp command 2-338 show ip dhcp snooping command 2-419 set precedence command 2-340 show ip dhcp snooping database command 2-422, 2-424 Cisco ME 3400 Ethernet Access Switch Command Reference IN-14 OL-9640-07...
Page 867 2-490 2-507 show parser macro command show sdm prefer command 2-492 2-510 show platform acl command show spanning-tree command 2-512 show platform backup interface command show storm-control command 2-518 Cisco ME 3400 Ethernet Access Switch Command Reference IN-15 OL-9640-07...
Page 868 2-250 storm-control command 2-602 debug messages, display B-17 displaying 2-482 filter SPAN traffic 2-250 sessions add interfaces to 2-250 displaying 2-482 start new 2-250 spanning-tree bpdufilter command 2-552, 2-554 Cisco ME 3400 Ethernet Access Switch Command Reference IN-16 OL-9640-07...
Page 869 2-377 shutting down Port Fast-enabled ports 2-592 templates, system resources 2-324 state information display 2-512 test cable-diagnostics tdr command 2-641 VLAN options 2-586, 2-597 traceroute mac command 2-643 Cisco ME 3400 Ethernet Access Switch Command Reference IN-17 OL-9640-07...
Page 870 VLAN IOS file system error tests 2-613 B-75 unset (boot loader) command VLAN manager activity A-23 B-74 upgrading displaying configurations 2-528 software images extended-range 2-657 monitoring status of 2-352 Cisco ME 3400 Ethernet Access Switch Command Reference IN-18 OL-9640-07...
Page 871 2-669 and dynamic-access ports 2-608 clearing client statistics 2-55 displaying information 2-535 per-server retry count 2-668 reconfirmation interval 2-667 reconfirming dynamic VLAN assignments 2-666 VTP, enabling tunneling for 2-193 Cisco ME 3400 Ethernet Access Switch Command Reference IN-19 OL-9640-07...
Page 872 Index Cisco ME 3400 Ethernet Access Switch Command Reference IN-20 OL-9640-07...

Cisco ME 3400 Command Reference Manual

CHAPTER 1 Using the Command-Line Interface

CHAPTER 2 Cisco ME 3400 Ethernet Access Switch

Class

Delete

Duplex

Ip Ssh

Match Cos

MDIX Auto

Police

Port-Type

Priority

Rep Stcn

Set Cos

Set Dscp

Setup

Show Boot

Show Env

Show Ipc

Show Lacp

Show Mvr

Show Pagp

Show Udld

Show Vlan

Show Vmps

Shutdown

Quick Links

Related Manuals for Cisco ME 3400

Summary of Contents for Cisco ME 3400