Table Of Contents
show controllers cpu-interface
show controllers ethernet-controller
show mac address-table address
show mac address-table aging-time
show mac address-table dynamic
show mac address-table interface
show mac address-table multicast
show mac address-table notification
show mls qos aggregate-policer
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree loopguard default
spanning-tree mst configuration
spanning-tree mst forward-time
spanning-tree mst port-priority
spanning-tree portfast (global configuration)
spanning-tree portfast (interface configuration)
switchport port-security aging
2sdm prefer
Use the sdm prefer global configuration command to configure the template used in Switch Database Management (SDM) resource allocation. You use a template to allocate system memory to best support the features being used in your application. Use a template to approximate the maximum number of unicast MAC addresses, Internet Group Management Protocol (IGMP) groups, quality of service (QoS) access control entries (ACEs), security ACEs, unicast routes, multicast routes, subnet VLANs (routed interfaces), and Layer 2 VLANs that can be configured on the switch. Use the no form of this command to return to the default template.
sdm prefer {access [extended-match] | extended-match | routing [extended-match] | vlan}
no sdm prefer
Syntax Description
Defaults
The default template provides a balance to all features.
Command Modes
Global configuration
Command History
Usage Guidelines
You must reload the switch for the configuration to take effect.
The sdm prefer vlan command disables routing capability in the switch. Any routing configurations are rejected after the reload, and any previously configured routing options might be lost. Use the sdm prefer vlan command only on switches intended for Layer 2 switching with no routing.
Do not use the routing template if you do not have routing enabled on your switch. Entering the sdm prefer routing global configuration command prevents other features from using the memory allocated to unicast and multicast routing in the routing template (approximately 17 K for Fast Ethernet switches and 30 K for Gigabit Ethernet switches).
When running the Web Cache Communication Protocol (WCCP) or multiple Virtual Private Network (VPN) routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE), extra fields are required in the routing tables stored in TCAM. You must use the extended-match keyword with the default, access, or routing templates to enable the switch to support 144-bit Layer 3 TCAM when using these features. The keyword reformats the memory space allocated for routing, reducing the number of allowed unicast routes by half.
Table 2-12 lists the approximate number of each resource supported in each of the four templates for a Gigabit Ethernet switch. Table 2-13 lists the approximate number supported for a switch with mostly Fast Ethernet ports. The first six rows in the tables (unicast MAC addresses through multicast routes) represent approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.
The last two rows, the total number of routed ports and SVIs and the number of Layer 2 VLANs, are guidelines used to calculate hardware resource consumption related to the other resource parameters.
The number of subnet VLANs (routed ports and SVIs) are not limited by software and can be set to a number higher than indicated in the tables. If the number of subnet VLANs configured is lower or equal to the number in the tables, the number of entries in each category (Unicast addresses, IGMP groups, and so on) for each template will be as indicated. As the number of subnet VLANs is increased, CPU utilization will typically increase. If the number of subnet VLANs is increased beyond the number indicated in the tables, the number of supported entries in each category may decrease depending on features that are enabled. For example, if PIM-DVMRP is enabled with more than 16 subnet VLANs, the number of entries for multicast routes will be in the range of 1K-5K entries for the access template.
Table 2-12 Approximate Number of Feature Resources Allowed by Each Template for Gigabit Ethernet Switches
Unicast MAC addresses
6 K
2 K
6 K
12 K
IGMP groups (managed by Layer 2 multicast features such as MVR or IGMP snooping)
6 K
8 K
6 K
6 K
QoS classification ACEs
2K
2 K
1 K
2 K
Security ACEs
2 K
4 K
1 K
2 K
Unicast routes
12 K or 6 K1
4 K or 2 K1
24 K or 12 K1
0
Multicast routes
6 K
8 K
6 K
0
Routed interfaces (routed ports and SVIs)
16
16
16
16
Layer 2 VLANs
1 K
1 K
1 K
1 K
1 When the extended-match keyword is used with the indicated template. This keyword affects only the number of unicast routes allowed.
Table 2-13 Approximate Number of Feature Resources Allowed by Each Template for Fast Ethernet Switches
Unicast MAC addresses
5 K
1 K
5 K
8 K
IGMP groups (managed by Layer 2 multicast features such as MVR and IGMP snooping)
1 K
2 K
1 K
1 K
QoS ACEs
1 K
1 K
512
1 K
Security ACEs
1 K
2 K
512
1 K
Unicast routes
8 K or 4K1
2 K or 1K1
16 K or 8K1
0
Multicast routes
1 K
2 K
1 K
0
Routed interfaces (routed ports and SVIs)
8
8
8
8
Layer 2 VLANs
1 K
1 K
1 K
1 K
1 When the extended-match keyword is used with the indicated template. This keyword affects only the number of unicast routes allowed.
Examples
This example shows how to configure the routing template on the switch:
Switch(config)# sdm prefer routingSwitch(config)# exitSwitch# reloadThis example shows how to configure the routing template with a 144-bit routing table allocation:
Switch(config)# sdm prefer routing extended-matchSwitch(config)# exitSwitch# reloadThis example shows how to remove the routing template and to use the default template with the standard 72-bit routing table allocation:
Switch(config)# no sdm prefer routingSwitch(config)# exitSwitch# reloadYou can verify your settings by entering the show sdm prefer privileged EXEC command.
Related Commands
Displays the current SDM template in use or displays the templates that can be used, with approximate resource allocation per feature.
service password-recovery
Use the service password-recovery global configuration command to enable the password-recovery mechanism (the default). This mechanism allows a user with physical access to the switch to hold down the Mode button and interrupt the boot process while the switch is powering up and to assign a new password. Use the no form of this command to disable part of the password-recovery functionality. When the password-recovery mechanism is disabled, interrupting the boot process is allowed only if the user agrees to set the system back to the default configuration.
service password-recovery
no service password-recovery
Syntax Description
This command has no arguments or keywords.
Defaults
The default action is for the password-recovery mechanism to be enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is valid only on Catalyst 3550 Fast Ethernet switches; it is not available for Gigabit Ethernet switches.
As a system administrator, you can use the no service password-recovery command to disable some of the functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration.
The password-recovery mechanism has been triggered, butis currently disabled. Access to the boot loader promptthrough the password-recovery mechanism is disallowed atthis point. However, if you agree to let the system bereset back to the default system configuration, accessto the boot loader prompt can still be allowed.Would you like to reset the system back to the default configuration (y/n)?If the user chooses not to reset the system back to the default configuration, the normal boot process continues, as if the Mode button had not been pressed. If you choose to reset the system back to the default configuration, the configuration file in flash memory is deleted and the VLAN database file, flash:vlan.dat (if present) is deleted.
Note
If you use the no service password-recovery command to control end user access to passwords, we recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to defaults. Do not keep a backup copy of the config file on the switch.
If the switch is operating in VTP transparent mode, we recommend that you also save a copy of the vlan.dat file in a location away from the switch.You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command.
Examples
This is an example of the output from the show version privileged EXEC command when password-recovery is disabled.
Switch# show version1w6d: %SYS-5-CONFIG_I: Configured from console by consoleCisco Internetwork Operating System SoftwareIOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(8)EA1, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2001 by cisco Systems, Inc.Compiled Wed 24-Oct-01 06:20 by antoninoImage text-base: 0x00003000, data-base: 0x004C1864ROM: Bootstrap program is C3550 boot loaderflam-1-6 uptime is 1 week, 6 days, 3 hours, 59 minutesSystem returned to ROM by power-onSystem image file is "flash:c3550--i9q3l2-mz.121-8EA1.bin"cisco WS-C3550-48 (PowerPC) processor with 65526K/8192K bytes of memory.Last reset from warm-resetRunning Layer2 Switching Only ImageEthernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfacesEthernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfacesEthernet-controller 3 has 12 Fast Ethernet/IEEE 802.3 interfacesEthernet-controller 4 has 12 Fast Ethernet/IEEE 802.3 interfacesEthernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interfaceEthernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interface48 FastEthernet/IEEE 802.3 interface(s)2 Gigabit Ethernet/IEEE 802.3 interface(s)The password-recovery mechanism is disabled.32K bytes of flash-simulated non-volatile configuration memory.Base ethernet MAC Address: AA:00:0B:2B:02:00Configuration register is 0x10FRelated Commands
service-policy
Use the service-policy interface configuration command to apply a policy map defined by the policy-map command to the input or output of a particular interface. Use the no form of this command to remove the policy map and interface association.
service-policy {input policy-map-name | output policy-map-name}
no service-policy {input policy-map-name | output policy-map-name}
Syntax Description
input policy-map-name
Apply the specified policy-map to the input of an interface.
output policy-map-name
Apply the specified policy-map to the output of an interface.
Note
Defaults
No policy maps are attached to the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
Only one policy map per interface per direction is supported.
You cannot use the service-policy interface configuration command to attach policy maps that contain these elements to an egress interface:
•
•
•
The only match criterion in a policy map that can be attached to an egress interface is the match ip dscp dscp-list class-map configuration command.
A classification that uses a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and classification that uses a policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last setting configured overwrites the previous configuration.
Examples
This example shows how to apply plcmap1 to an ingress interface:
Switch(config)# interface gigabitethernet0/1Switch(config-if)# service-policy input plcmap1This example shows how to apply plcmap2 to an egress interface:
Switch(config)# interface gigabitethernet0/2Switch(config-if)# service-policy output plcmap2This example shows how to detach plcmap2 from an interface2:
Switch(config)# interface gigabitethernet0/2Switch(config-if)# no service-policy input plcmap2You can verify your settings by entering the show running-config privileged EXEC command.
Related Commands
Creates or modifies a policy map that can be attached to multiple interfaces to specify a service policy.
Displays quality of service (QoS) policy maps.
set
Use the set policy-map class configuration command to classify IP traffic by setting a class of service (CoS), Differentiated Services Code Point (DSCP), or IP-precedence value in the packet. Use the no form of this command to remove traffic classification.
set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence}
no set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence}
Syntax Description
Note
Defaults
No traffic classification is defined.
Command Modes
Policy-map class configuration
Command History
12.1(4)EA1
This command was first introduced.
12.1(12c)EA1
The cos keyword was added.
Usage Guidelines
Within the same policy map, you should not use the set command with the trust policy-map class configuration command unless you also use the mls qos cos policy-map global configuration command. For information about using this command, see the "mls qos cos policy-map" section.
You cannot use the service-policy interface configuration command to attach policy maps that contain these elements to an egress interface:
•
•
•
The only match criterion in a policy map that can be attached to an egress interface is the match ip dscp dscp-list class-map configuration command.
For the set ip dscp new-dscp or the set ip precedence new-precedence command, you can enter a mnemonic name for a commonly-used value. For example, you can enter the set ip dscp af11 command, which is the as same entering the set ip dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set ip dscp ? or the set ip precedence ? command to see the command-line help strings.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
Examples
This example shows how to assign DSCP 10 to all FTP traffic without any policers:
Switch(config)# policy-map policy_ftpSwitch(config-pmap)# class ftp_classSwitch(config-pmap-c)# set ip dscp 10Switch(config-pmap)# exitThis example shows how to assign a CoS value in a policy map:
Switch(config)# mls qos cos policy-mapSwitch(config)# policy-map policy2Switch(config-pmap)# class class1Switch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# set cos 3Switch(config-pmap-c)# exitYou can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
setup
Use the setup privileged EXEC command to configure the switch with its initial configuration.
setup
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
When you use the setup command, make sure that you have this information:
•
•
•
When you enter the setup command, an interactive dialog, called the System Configuration Dialog, appears. It guides you through the configuration process and prompts you for information. The values shown in brackets next to each prompt are the default values last set by using either the setup command facility or the configure privileged EXEC command.
Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt.
To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
When you complete your changes, the setup program shows you the configuration command script that was created during the setup session. You can save the configuration in nonvolatile RAM (NVRAM), return to the setup program without saving, or return to the command-line prompt without saving the configuration.
Examples
This is an example of output from the setup command:
Switch# setup--- System Configuration Dialog ---Continue with configuration dialog? [yes/no]: yesAt any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Basic management setup configures only enough connectivityfor management of the system, extended setup will ask youto configure each interface on the system.Would you like to enter basic management setup? [yes/no]: yesConfiguring global parameters:Enter host name [Switch]:host-nameThe enable secret is a password used to protect access toprivileged EXEC and configuration modes. This password, afterentered, becomes encrypted in the configuration.Enter enable secret: enable-secret-passwordThe enable password is used when you do not specify anenable secret password, with some older software versions, andsome boot images.Enter enable password: enable-passwordThe virtual terminal password is used to protectaccess to the router over a network interface.Enter virtual terminal password: terminal-passwordConfigure SNMP Network Management? [no]: yesCommunity string [public]:Current interface summaryAny interface listed with OK? value "NO" does not have a valid configurationInterface IP-Address OK? Method Status ProtocolVlan1 172.20.135.202 YES NVRAM up upGigabitEthernet0/1 unassigned YES unset up upGigabitEthernet0/2 unassigned YES unset up downGigabitEthernet0/3 unassigned YES unset administratively down downGigabitEthernet0/4 unassigned YES unset up downGigabitEthernet0/5 unassigned YES NVRAM up downGigabitEthernet0/6 unassigned YES NVRAM up downGigabitEthernet0/7 unassigned YES unset up downGigabitEthernet0/8 unassigned YES unset up downGigabitEthernet0/9 unassigned YES unset administratively down downGigabitEthernet0/10 10.1.2.3 YES NVRAM up downGigabitEthernet0/11 unassigned YES unset up downGigabitEthernet0/12 unassigned YES unset up downPort-channel1 unassigned YES unset up downEnter interface name used to connect to themanagement network from the above interface summary: vlan1Configuring interface vlan1:Configure IP on this interface? [yes]: yesIP address for this interface: ip_addressSubnet mask for this interface [255.0.0.0]: subnet_maskWould you like to enable as a cluster command switch? [yes/no]: yesEnter cluster name: cluster-nameThe following configuration command script was created:hostname host-nameenable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0enable password enable-passwordline vty 0 15password terminal-passwordsnmp-server community public!no ip routing!interface GigabitEthernet0/1no ip address!interface GigabitEthernet0/2no ip address!...interface GigabitEthernet0/12no ip addresscluster enable cluster-name!endUse this configuration? [yes/no]: yes![0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]:Related Commands
show access-lists
Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch.
show access-lists [name | number | hardware counters] [ | {begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The Catalyst 3550 multilayer switch supports only IP standard and extended access lists. Therefore, the allowed numbers are only 1 to 199 and 1300 to 2699.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
This is an example of output from the show access-lists command:
Switch# show access-listsStandard IP access list 13permit anyStandard IP access list permit Anypermit anyExtended IP access list 101permit icmp any any conversion-errorpermit 234 host 172.30.40.1 host 123.23.23.2Extended IP access list 102permit esp any anypermit eigrp any any tos min-monetary-costExtended IP access list 103permit icmp any any 40 60Extended IP access list CMP-NAT-ACLDynamic Cluster-NAT permit ip any anyExtended MAC access list abc2permit host 1100.bb00.00cc host 2234.0123.2345This is an example of output from the show access-lists hardware counters command:
Switch# show access-lists hardware countersInput Drops: 0 matches (0 bytes)Output Drops: 0 matches (0 bytes)Input Forwarded: 234781 matches (19942889 bytes)Output Forwarded: 0 matches (0 bytes)Input Bridge Only: 0 matches (0 bytes)Bridge and Route in CPU: 0 matches (0 bytes)Route in CPU: 160 matches (10344 bytes)Related Commands
show auto qos
Use the show auto qos user EXEC command to display the automatic quality of service (auto-QoS) configuration that is applied.
show auto qos [interface [interface-id]] [ | {begin | exclude | include} expression]
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
The show auto qos [interface [interface-id]] command displays the auto-QoS configuration; it does not display any user changes to the configuration that might be in effect.
To display information about the QoS configuration that might be affected by auto-QoS, use one of these commands:
•
•
•
•
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Examples
This is an example of output from the show auto qos command when auto-QoS is enabled:
Switch# show auto qosshow auto qosInitial configuration applied by AutoQoS:mls qos map cos-dscp 0 8 16 26 32 46 48 56mls qos min-reserve 5 170 ! (only if 10/100 ports exist)mls qos min-reserve 6 10 ! (only if 10/100 ports exist)mls qos min-reserve 7 65 ! (only if 10/100 ports exist)mls qos min-reserve 8 26 ! (only if 10/100 ports exist)mls qos!This is an example of output from the show auto qos interface command when the auto qos voip cisco-phone interface configuration command is entered:Switch# show auto qos interfaceInitial configuration applied by AutoQoS:!interface FastEthernet0/2mls qos trust device cisco-phonemls qos trust coswrr-queue bandwidth 20 1 80 0wrr-queue min-reserve 1 5wrr-queue min-reserve 2 6wrr-queue min-reserve 3 7wrr-queue min-reserve 4 8no wrr-queue cos-mapwrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5priority-queue out!interface GigabitEthernet0/1mls qos trust device cisco-phonemls qos trust coswrr-queue bandwidth 20 1 80 0wrr-queue queue-limit 80 1 20 1no wrr-queue cos-mapwrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5priority-queue outThis is an example of output from the show auto qos interface gigabitethernet0/3 command when the auto qos voip cisco-phone interface configuration command is entered:
Switch# show auto qos interface gigabitethernet0/3Initial configuration applied by AutoQoS:!interface GigabitEthernet0/3mls qos trust device cisco-phonemls qos trust coswrr-queue bandwidth 20 1 80 0wrr-queue queue-limit 80 1 20 1no wrr-queue cos-mapwrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5priority-queue outThis is an example from the show auto qos command when auto-QoS is disabled:
Switch# show auto qosAutoQoS is disabledRelated Commands
show boot
Use the show boot privileged EXEC command to display the settings of the boot environment variables.
show boot [ | {begin | exclude | include} expression]
Syntax Description
Command Modes
Privileged EXEC
Command History
12.1(4)EA1
This command was first introduced.
12.1(11)EA1
The Private Config file field description was added.
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Note
Examples
This is an example of output from the show boot command. Table 2-14 describes each field in the display.
Switch# show bootBOOT path-list: flash:c3550-i5q3l2-mz-121.4.EA1/c3550-i5q3l2-mz-121.4.EA1.binConfig file: flash:config.textPrivate Config file: flash:private-config.textEnable Break: noManual Boot: yesHELPER path-list:NVRAM/Config filebuffer size: 32768
Related Commands
show class-map
Use the show class-map user EXEC command to display quality of service (QoS) class maps, which define the match criteria to classify traffic.
show class-map [class-map-name] [ | {begin | exclude | include} expression]
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Examples
This is an example of output from the show class-map command:
Switch> show class-mapClass Map match-any dscp_classMatch ip dscp 9Class Map match-all vlan_classMatch vlan 10 20-30 40Match class-map dscp_classRelated Commands
Creates a class map to be used for matching packets to the class whose name you specify.
Defines the match criteria to classify traffic.
show cluster
Use the show cluster user EXEC command to display the cluster status and a summary of the cluster to which the switch belongs. This command can be entered on command and member switches.
show cluster [ | {begin | exclude | include} expression]
Syntax Description
Command Modes
User EXEC
Command History
Usage Guidelines
If the switch is not a command switch or a member switch, the command displays an empty line at the prompt.
On a member switch, this command displays the identity of the command switch, the switch member number, and the state of its connectivity with the command switch.
On a command switch, this command displays the cluster name, and the total number of members. It also shows the cluster status and time since the status changed. If redundancy is enabled, it displays the primary and secondary command-switch information.
If you enter this command on a switch that is not a cluster member, the error message Not a management cluster member is displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
