Table Of Contents

sdm prefer

service password-recovery

service-policy

set

setup

setup express

show access-lists

show auto qos

show boot

show class-map

show cluster

show cluster candidates

show cluster members

show controllers cpu-interface

show controllers ethernet-controller

show controllers switch

show controllers tcam

show dot1q-tunnel

show dot1x

show env

show errdisable detect

show errdisable flap-values

show errdisable recovery

show etherchannel

show flowcontrol

show fm

show fm interface

show fm vlan

show forward

show interfaces

show interfaces counters

show ip dhcp snooping

show ip dhcp snooping binding

show ip igmp profile

show ip igmp snooping

show l2protocol-tunnel

show l2tcam

show l3tcam

show lacp

show mac access-group

show mac address-table

show mac address-table address

show mac address-table aging-time

show mac address-table count

show mac address-table dynamic

show mac address-table interface

show mac address-table multicast

show mac address-table notification

show mac address-table static

show mac address-table vlan

show mls qos

show mls qos aggregate-policer

show mls qos interface

show mls qos maps

show monitor

show mvr

show mvr interface

show mvr members

show pagp

show parser macro

show policy-map

show port-security

show power inline

show running-config vlan

show sdm prefer

show setup express

show spanning-tree

show storm-control

show system mtu

show tcam

show tcam pbr

show tcam qos

show udld

show version

show vlan

show vlan access-map

show vlan filter

show vmps

show vtp

shutdown

shutdown vlan

snmp-server enable traps

snmp-server host

snmp-server ip

snmp trap mac-notification

spanning-tree backbonefast

spanning-tree bpdufilter

spanning-tree bpduguard

spanning-tree cost

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree guard

spanning-tree link-type

spanning-tree loopguard default

spanning-tree mode

spanning-tree mst configuration

spanning-tree mst cost

spanning-tree mst forward-time

spanning-tree mst hello-time

spanning-tree mst max-age

spanning-tree mst max-hops

spanning-tree mst port-priority

spanning-tree mst priority

spanning-tree mst root

spanning-tree port-priority

spanning-tree portfast (global configuration)

spanning-tree portfast (interface configuration)

spanning-tree stack-port

spanning-tree uplinkfast

spanning-tree vlan

speed

storm-control

switchcore

switchport

switchport access

switchport block

switchport broadcast

switchport host

switchport mode

switchport multicast

switchport nonegotiate

switchport port-security

switchport port-security aging

switchport priority extend

switchport protected

switchport trunk

switchport unicast

switchport voice vlan

system mtu

2

sdm prefer

Use the sdm prefer global configuration command to configure the template used in Switch Database Management (SDM) resource allocation. You use a template to allocate system memory to best support the features being used in your application. Use a template to approximate the maximum number of unicast MAC addresses, Internet Group Management Protocol (IGMP) groups, quality of service (QoS) access control entries (ACEs), security ACEs, unicast routes, multicast routes, subnet VLANs (routed interfaces), and Layer 2 VLANs that can be configured on the switch. Use the no form of this command to return to the default template.

sdm prefer {access [extended-match] | extended-match | routing [extended-match] | vlan}

no sdm prefer

Syntax Description

access	Provide maximum system utilization for multicast traffic, QoS classification ACEs, and security ACEs. You would typically use this template for an access switch at the network edge.
extended-match	Reformat routing-table memory allocation to allow 144-bit Layer 3 ternary content addressable memory (TCAM) with the default template, the access template, or the routing template. Reformatting routing table memory space reduces the number of allowed unicast routes by one half.
routing	Provide maximum system utilization for unicast routing, minimizing QoS classification ACLs and security ACLs. You would typically use this template for a router or aggregator in the middle of a network.
vlan	Provide maximum system utilization for VLANs, with routing disabled. This template maximizes system memory for use as a Layer 2 switch with no routing.

Defaults

The default template provides a balance to all features.

Command Modes

Global configuration

Command History

Release	Modification
12.1(4)EA1	This command was introduced.
12.1(6)EA1	Template values revised. Templates for Fast Ethernet switches were added.
12.1(8)EA1	Template values for Gigabit Ethernet switches were revised.
12.1(11)EA1	The extended-match keyword was added.

Usage Guidelines

You must reload the switch for the configuration to take effect.

The sdm prefer vlan command disables routing capability in the switch. Any routing configurations are rejected after the reload, and any previously configured routing options might be lost. Use the sdm prefer vlan command only on switches intended for Layer 2 switching with no routing.

Do not use the routing template if you do not have routing enabled on your switch. Entering the sdm prefer routing global configuration command prevents other features from using the memory allocated to unicast and multicast routing in the routing template (approximately 17 K for Fast Ethernet switches and 30 K for Gigabit Ethernet switches).

When running the Web Cache Communication Protocol (WCCP) or multiple Virtual Private Network (VPN) routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE), extra fields are required in the routing tables stored in TCAM. You must use the extended-match keyword with the default, access, or routing templates to enable the switch to support 144-bit Layer 3 TCAM when using these features. The keyword reformats the memory space allocated for routing, reducing the number of allowed unicast routes by half.

Table 2-12 lists the approximate number of each resource supported in each of the four templates for a Gigabit Ethernet switch. Table 2-13 lists the approximate number supported for a switch with mostly Fast Ethernet ports. The first six rows in the tables (unicast MAC addresses through multicast routes) represent approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.

The last two rows, the total number of routed ports and SVIs and the number of Layer 2 VLANs, are guidelines used to calculate hardware resource consumption related to the other resource parameters.

The number of subnet VLANs (routed ports and SVIs) are not limited by software and can be set to a number higher than indicated in the tables. If the number of subnet VLANs configured is lower or equal to the number in the tables, the number of entries in each category (Unicast addresses, IGMP groups, and so on) for each template will be as indicated. As the number of subnet VLANs is increased, CPU utilization will typically increase. If the number of subnet VLANs is increased beyond the number indicated in the tables, the number of supported entries in each category may decrease depending on features that are enabled. For example, if PIM-DVMRP is enabled with more than 16 subnet VLANs, the number of entries for multicast routes will be in the range of 1K-5K entries for the access template.

Table 2-12 Approximate Number of Feature Resources Allowed by Each Template for Gigabit Ethernet Switches

Resource	Default Template	Access Template	Routing Template	VLAN Template
Unicast MAC addresses	6 K	2 K	6 K	12 K
IGMP groups (managed by Layer 2 multicast features such as MVR or IGMP snooping)	6 K	8 K	6 K	6 K
QoS classification ACEs	2K	2 K	1 K	2 K
Security ACEs	2 K	4 K	1 K	2 K
Unicast routes	12 K or 6 K1	4 K or 2 K1	24 K or 12 K1	0
Multicast routes	6 K	8 K	6 K	0
Routed interfaces (routed ports and SVIs)	16	16	16	16
Layer 2 VLANs	1 K	1 K	1 K	1 K

1 When the extended-match keyword is used with the indicated template. This keyword affects only the number of unicast routes allowed.

Table 2-13 Approximate Number of Feature Resources Allowed by Each Template for Fast Ethernet Switches

Resource	Default Template	Access Template	Routing Template	VLAN Template
Unicast MAC addresses	5 K	1 K	5 K	8 K
IGMP groups (managed by Layer 2 multicast features such as MVR and IGMP snooping)	1 K	2 K	1 K	1 K
QoS ACEs	1 K	1 K	512	1 K
Security ACEs	1 K	2 K	512	1 K
Unicast routes	8 K or 4K1	2 K or 1K1	16 K or 8K1	0
Multicast routes	1 K	2 K	1 K	0
Routed interfaces (routed ports and SVIs)	8	8	8	8
Layer 2 VLANs	1 K	1 K	1 K	1 K

1 When the extended-match keyword is used with the indicated template. This keyword affects only the number of unicast routes allowed.

Examples

This example shows how to configure the routing template on the switch:

Switch(config)# sdm prefer routing

Switch(config)# exit

Switch# reload

This example shows how to configure the routing template with a 144-bit routing table allocation:

Switch(config)# sdm prefer routing extended-match

Switch(config)# exit

Switch# reload

This example shows how to remove the routing template and to use the default template with the standard 72-bit routing table allocation:

Switch(config)# no sdm prefer routing

Switch(config)# exit

Switch# reload

You can verify your settings by entering the show sdm prefer privileged EXEC command.

Related Commands

Command	Description
show sdm prefer	Displays the current SDM template in use or displays the templates that can be used, with approximate resource allocation per feature.

service password-recovery

Use the service password-recovery global configuration command to enable the password-recovery mechanism (the default). Use the no form of this command to disable part of the password-recovery functionality. When the password-recovery mechanism is disabled, interrupting the boot process is allowed only if the user agrees to set the system back to the default configuration.

service password-recovery

no service password-recovery

Syntax Description

This command has no arguments or keywords.

Defaults

The password-recovery mechanism is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(6)EA1a	This command was introduced.

Usage Guidelines

This command is valid only on Catalyst 3550 Fast Ethernet switches; it is not available for Gigabit Ethernet switches.

As a system administrator, you can use the no service password-recovery command to disable some of the functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration.

The password-recovery mechanism has been triggered, but

is currently disabled.  Access to the boot loader prompt

through the password-recovery mechanism is disallowed at

this point.  However, if you agree to let the system be

reset back to the default system configuration, access

to the boot loader prompt can still be allowed.

Would you like to reset the system back to the default configuration (y/n)?

If the user chooses not to reset the system back to the default configuration, the normal boot process continues, as if the Mode button had not been pressed. If you choose to reset the system back to the default configuration, the configuration file in flash memory is deleted, and the VLAN database file, flash:vlan.dat (if present), is deleted.

---

Note If you use the no service password-recovery command to control end user access to passwords, we recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to default values. Do not keep a backup copy of the config file on the switch.

If the switch is operating in VTP transparent mode, we recommend that you also save a copy of the vlan.dat file in a location away from the switch.

---

You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command.

Examples

This example shows how to disable password recovery on a switch so that a user can only reset a password by agreeing to return to the default configuration:

Switch(config)# no service-password recovery

Switch(config)# exit

This is an example of the output from the show version privileged EXEC command when password-recovery is disable:

Switch# show version

1w6d: %SYS-5-CONFIG_I: Configured from console by console

Cisco Internetwork Operating System Software

IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(8)EA1, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2001 by cisco Systems, Inc.

Compiled Wed 24-Oct-01 06:20 by antonino

Image text-base: 0x00003000, data-base: 0x004C1864

ROM: Bootstrap program is C3550 boot loader

flam-1-6 uptime is 1 week, 6 days, 3 hours, 59 minutes

System returned to ROM by power-on

System image file is "flash:c3550--i9q3l2-mz.121-8EA1.bin"

cisco WS-C3550-48 (PowerPC) processor with 65526K/8192K bytes of memory.

Last reset from warm-reset

Running Layer2 Switching Only Image

Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 3 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 4 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interface

48 FastEthernet/IEEE 802.3 interface(s)

2 Gigabit Ethernet/IEEE 802.3 interface(s)

The password-recovery mechanism is disabled.

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: AA:00:0B:2B:02:00

Configuration register is 0x10F

Related Commands

Command	Description
show version	Displays version information for the hardware and firmware.

service-policy

Use the service-policy interface configuration command to apply a policy map defined by the policy-map command to the input or output of a particular interface. Use the no form of this command to remove the policy map and interface association.

service-policy {input policy-map-name | output policy-map-name}

no service-policy {input policy-map-name | output policy-map-name}

Syntax Description

input policy-map-name	Apply the specified policy-map to the input of an interface.
output policy-map-name	Apply the specified policy-map to the output of an interface.

---

Note Though visible in the command-line help strings, the history keyword is not supported, and you should ignore the statistics it gathers.

---

Defaults

No policy maps are attached to the interface.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(4)EA1	This command was introduced.

Usage Guidelines

Only one policy map per interface per direction is supported.

You cannot use the service-policy interface configuration command to attach policy maps that contain these elements to an egress interface:

•set or trust policy-map class configuration commands. Instead, you can use the police policy-map class configuration command to mark down (reduce) the DSCP value at the egress interface.

•Access control list (ACL) classification.

•Per-port per-VLAN classification.

The only match criterion in a policy map that can be attached to an egress interface is the match ip dscp dscp-list class-map configuration command.

A classification that uses a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and classification that uses a policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last setting configured overwrites the previous configuration.

Examples

This example shows how to apply plcmap1 to an ingress interface:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# service-policy input plcmap1

This example shows how to apply plcmap2 to an egress interface:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# service-policy output plcmap2

This example shows how to detach plcmap2 from an interface:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# no service-policy input plcmap2

You can verify your settings by entering the show running-config privileged EXEC command.

Related Commands

Command	Description
policy-map	Creates or modifies a policy map that can be attached to multiple interfaces to specify a service policy.
show policy-map	Displays quality of service (QoS) policy maps.

set

Use the set policy-map class configuration command to classify IP traffic by setting a class of service (CoS), Differentiated Services Code Point (DSCP), or IP-precedence value in the packet. Use the no form of this command to remove the traffic classification.

set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence}

no set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence}

Syntax Description

cos new-cos	New CoS value assigned to the classified traffic. The range is from 0 to 7.
ip dscp new-dscp	New DSCP value assigned to the classified traffic. The range is 0 to 63. You also can enter a mnemonic name for a commonly used value.
ip precedence new-precedence	New IP-precedence value assigned to the classified traffic. The range is 0 to 7. You also can enter a mnemonic name for a commonly used value.

---

Note Though visible in the command-line help strings, the mpls keyword is not supported.

---

Defaults

No traffic classification is defined.

Command Modes

Policy-map class configuration

Command History

Release	Modification
12.1(4)EA1	This command was introduced.
12.1(12c)EA1	The cos keyword was added.

Usage Guidelines

Within the same policy map, you should not use the set command with the trust policy-map class configuration command unless you also use the mls qos cos policy-map global configuration command. For information about using this command, see the "mls qos cos policy-map" section.

You cannot use the service-policy interface configuration command to attach policy maps that contain these elements to an egress interface:

•set or trust policy-map class configuration commands. Instead, you can use the police policy-map class configuration command to mark down (reduce) the DSCP value at the egress interface.

•Access control list (ACL) classification.

•Per-port per-VLAN classification.

The only match criterion in a policy map that can be attached to an egress interface is the match ip dscp dscp-list class-map configuration command.

For the set ip dscp new-dscp or the set ip precedence new-precedence command, you can enter a mnemonic name for a commonly used value. For example, you can enter the set ip dscp af11 command, which is the as same entering the set ip dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set ip dscp ? or the set ip precedence ? command to see the command-line help strings.

To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.

Examples

This example shows how to assign DSCP 10 to all FTP traffic without any policers:

Switch(config)# policy-map policy_ftp

Switch(config-pmap)# class ftp_class

Switch(config-pmap-c)# set ip dscp 10

Switch(config-pmap)# exit

This example shows how to assign a CoS value in a policy map:

Switch(config)# mls qos cos policy-map

Switch(config)# policy-map policy2

Switch(config-pmap)# class class1

Switch(config-pmap-c)# trust dscp

Switch(config-pmap-c)# set cos 3

Switch(config-pmap-c)# exit

You can verify your settings by entering the show policy-map privileged EXEC command.

Related Commands

Command	Description
police	Defines a policer for classified traffic.
policy-map	Creates or modifies a policy map that can be attached to multiple interfaces to specify a service policy.
show policy-map	Displays quality of service (QoS) policy maps.
trust	Defines a trust state for traffic classified by the class policy-map configuration command or the class-map global configuration command.

setup

Use the setup privileged EXEC command to configure the switch with its initial configuration.

setup

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(4)EA1	This command was introduced.

Usage Guidelines

When you use the setup command, make sure that you have this information:

•IP address and network mask

•Password strategy for your environment

•Whether the switch will be used as the command switch in a cluster and the cluster name

When you enter the setup command, an interactive dialog, called the System Configuration Dialog, appears. It guides you through the configuration process and prompts you for information. The values shown in brackets next to each prompt are the default values last set by using either the setup command facility or the configure privileged EXEC command.

Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt.

To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.

When you complete your changes, the setup program shows you the configuration command script that was created during the setup session. You can save the configuration in NVRAM, return to the setup program without saving, or return to the command-line prompt without saving the configuration.

Examples

This is an example of output from the setup command:

Switch# setup

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity

for management of the system, extended setup will ask you

to configure each interface on the system.

Would you like to enter basic management setup? [yes/no]: yes

Configuring global parameters:

Enter host name [Switch]:host-name

  The enable secret is a password used to protect access to

  privileged EXEC and configuration modes. This password, after

  entered, becomes encrypted in the configuration.

  Enter enable secret: enable-secret-password

  The enable password is used when you do not specify an

  enable secret password, with some older software versions, and

  some boot images.

  Enter enable password: enable-password

  The virtual terminal password is used to protect

  access to the router over a network interface.

  Enter virtual terminal password: terminal-password

  Configure SNMP Network Management? [no]: yes

  Community string [public]: 

Current interface summary

Any interface listed with OK? value "NO" does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Protocol

Vlan1                      172.20.135.202  YES NVRAM  up                    up

GigabitEthernet0/1         unassigned      YES unset  up                    up

GigabitEthernet0/2         unassigned      YES unset  up                    down

<output truncated>

Port-channel1              unassigned      YES unset  up                    down

Enter interface name used to connect to the

management network from the above interface summary: vlan1

Configuring interface vlan1:

Configure IP on this interface? [yes]: yes 

IP address for this interface: ip_address

Subnet mask for this interface [255.0.0.0]: subnet_mask

Would you like to enable as a cluster command switch? [yes/no]: yes

Enter cluster name: cluster-name

The following configuration command script was created:

hostname host-name

enable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0

enable password enable-password

line vty 0 15

password terminal-password

snmp-server community public

!

no ip routing

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

! 

<output truncated>

cluster enable cluster-name

!

end

Use this configuration? [yes/no]: yes

!

[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.

[2] Save this configuration to nvram and exit.

Enter your selection [2]:

Related Commands

Command	Description
show running-config	Displays the running configuration on the switch. For syntax information, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.
show version	Displays version information for the hardware and firmware.

setup express

Use the setup express global configuration command to enable Express Setup mode on the switch. This is the default setting. Use the no form of this command to disable Express Setup mode.

setup express

no setup express

Syntax Description

This command has no arguments or keywords.

Defaults

Express Setup is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.1(14)EA1	This command was introduced.

Usage Guidelines

When Express Setup is enabled on a new (unconfigured) switch, pressing the Mode button for 2 seconds activates Express Setup. You can access the switch through an Ethernet port by using the IP address 10.0.0.1 and then can configure the switch with the web-based Express Setup program or the command-line interface (CLI)-based setup program.

When you press the Mode button for 2 seconds on a configured switch, the mode LEDs start blinking. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots. The switch can then be configured like a new switch, either through the web-based Express Setup program or the CLI-based setup program.

---

Note As soon as you make any change to the switch configuration (including entering no at the beginning of the CLI-based setup program), configuration by Express Setup is no longer available. You can only run Express Setup again by pressing the Mode button for 10 seconds. This deletes the switch configuration and reboots the switch.

---

If Express Setup is active on the switch, entering the write memory or copy running-configuration startup-configuration privileged EXEC commands deactivates Express Setup. The IP address 10.0.0.1 is no longer valid on the switch, and your connection using this IP address ends.

The primary purpose of the no setup express command is to prevent someone from deleting the switch configuration by pressing the Mode button for 10 seconds.

Examples

This example shows how to enable Express Setup mode:

Switch(config)# setup express

You can verify that Express Setup mode is enabled by pressing the Mode button:

•On an unconfigured switch, the mode LEDs begin blinking green after 2 seconds.

•On a configured switch, the mode LEDs turn solid green after a total of 10 seconds.

---

Caution If you hold the Mode button down for a total of 10 seconds, the configuration is deleted, and the switch reboots.

---

This example shows how to disable Express Setup mode:

Switch(config)# no setup express

You can verify that Express Setup mode is disabled by pressing the Mode button. The mode LEDs only turn solid green or begin blinking green if Express Setup mode is enabled on the switch.

Related Commands

Command	Description
clear setup express	Exits Express Setup mode without saving the configuration.
show setup express	Displays if Express Setup mode is active on the switch.

show access-lists

Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch.

show access-lists [name | number | hardware counters] [ | {begin | exclude | include} expression]

Syntax Description

name	(Optional) Name of the ACL.
number	(Optional) ACL number. The range is from 1 to 2699.
hardware counters	(Optional) Display global hardware ACL statistics for switched and routed packets.
| begin	(Optional) Display begins with the line that matches the expression.
| exclude	(Optional) Display excludes lines that match the expression.
| include	(Optional) Display includes lines that match the specified expression.
expression	Expression in the output to use as a reference point.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(4)EA1	This command was introduced.

Usage Guidelines

The Catalyst 3550 multilayer switch supports only IP standard and extended access lists. Therefore, the allowed numbers are only 1 to 199 and 1300 to 2699.

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

Examples

This is an example of output from the show access-lists command:

Switch# show access-lists

Standard IP access list 13

    permit any

Standard IP access list permit Any

    permit any

Extended IP access list 101

    permit icmp any any conversion-error

    permit 234 host 172.30.40.1 host 123.23.23.2

Extended IP access list 102

    permit esp any any

    permit eigrp any any tos min-monetary-cost

Extended IP access list 103

    permit icmp any any 40 60

Extended IP access list CMP-NAT-ACL

    Dynamic Cluster-NAT permit ip any any

Extended MAC access list abc2

    permit host 1100.bb00.00cc host 2234.0123.2345     

This is an example of output from the show access-lists hardware counters command:

Switch# show access-lists hardware counters

Input Drops:             0 matches (0 bytes)

Output Drops:            0 matches (0 bytes)

Input Forwarded:         234781 matches (19942889 bytes)

Output Forwarded:        0 matches (0 bytes)

Input Bridge Only:       0 matches (0 bytes)

Bridge and Route in CPU: 0 matches (0 bytes)

Route in CPU:            160 matches (10344 bytes)

Related Commands

Command	Description
access-list	Configures a standard or extended numbered access list on the switch. For syntax information, refer to the Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1 > IP Addressing and Services > IP Services Commands.
ip access list	Configures a named IP access list on the switch. For syntax information, refer to the Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1 > IP Addressing and Services > IP Services Commands.
mac access-list extended	Configures a named or numbered MAC access list on the switch.

show auto qos

Use the show auto qos user EXEC command to display the quality of service (QoS) commands entered on the interfaces on which automatic QoS (auto-QoS) configuration is enabled.

show auto qos [interface [interface-id]

Syntax Description

interface [interface-id]

(Optional) Display auto-QoS information for the specified interface or for all interfaces. Valid interfaces include physical ports.

Command Modes

User EXEC

Command History

Release	Modification
12.1(12c)EA1	This command was introduced.
12.1(20)EA2	The information in the command output changed, and the user guidelines were updated.

Usage Guidelines

In releases earlier than Cisco IOS Release 12.1(20)EA2, the show auto qos [interface [interface-id]] command output shows the initial generated auto-QoS configuration.

In Cisco IOS Release 12.1(20)EA2 or later, the show auto qos command output shows only the auto-QoS commands entered on each interface. The show auto qos interface interface-id command output shows the auto-QoS command entered on a specific interface.

Use the show running-config privileged EXEC command to display the auto-QoS configuration and the user modifications.

To display information about the QoS configuration that might be affected by auto-QoS, use one of these commands:

•show mls qos

•show mls qos map cos-dscp

•show mls qos interface [interface-id] [buffers | queueing]

•show running-config

Examples

This is an example of output from the show auto qos command after the auto qos voip cisco-phone and the auto qos voip cisco-softphone interface configuration commands are entered:

Switch> show auto qos 

FastEthernet0/1

auto qos voip cisco-softphone

FastEthernet0/2

auto qos voip cisco-phone

FastEthernet0/4

auto qos voip cisco-softphone

This is an example of output from the show auto qos interface interface-id command when the auto 
qos voip cisco-phone interface configuration command is entered:

Switch> show auto qos interface fastethernet0/2

FastEthernet0/2

auto qos voip cisco-phone

This is an example of output from the show running-config privileged EXEC command when the auto qos voip cisco-phone and the auto qos voip cisco-softphone interface configuration commands are entered on 10/100 Ethernet interfaces:

Switch# show running-config

Building configuration...

...

mls qos map policed-dscp  24 26 46 to 0

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos min-reserve 5 170

mls qos min-reserve 6 85

mls qos min-reserve 7 51

mls qos min-reserve 8 34

mls qos

!

class-map match-all AutoQoS-VoIP-RTP-Trust

  match ip dscp 46

class-map match-all AutoQoS-VoIP-Control-Trust

  match ip dscp 24 26

!

!

policy-map AutoQoS-Police-SoftPhone

  class AutoQoS-VoIP-RTP-Trust

    set ip dscp 46

    police 320000 8000 exceed-action policed-dscp-transmit

  class AutoQoS-VoIP-Control-Trust

    set ip dscp 24

    police 32000 8000 exceed-action policed-dscp-transmit

!

...

interface FastEthernet0/6

 switchport mode dynamic desirable

 mls qos trust device cisco-phone

 mls qos trust cos

 auto qos voip cisco-phone

 wrr-queue bandwidth 10 20 70 1

 wrr-queue min-reserve 1 5

 wrr-queue min-reserve 2 6

 wrr-queue min-reserve 3 7

 wrr-queue min-reserve 4 8

 wrr-queue cos-map 1 0 1

 wrr-queue cos-map 2 2 4

 wrr-queue cos-map 3 3 6 7

 wrr-queue cos-map 4 5

 priority-queue out

!

interface FastEthernet0/7

 switchport mode dynamic desirable

!

interface FastEthernet0/8

 switchport mode dynamic desirable

 mls qos trust device cisco-phone

 mls qos trust cos

 auto qos voip cisco-phone

 wrr-queue bandwidth 10 20 70 1

 wrr-queue min-reserve 1 5

 wrr-queue min-reserve 2 6

 wrr-queue min-reserve 3 7

 wrr-queue min-reserve 4 8

 wrr-queue cos-map 1 0 1

 wrr-queue cos-map 2 2 4

 wrr-queue cos-map 3 3 6 7

 wrr-queue cos-map 4 5

 priority-queue out

!

<output truncated>

These are examples of output from the show auto qos command when auto-QoS is disabled on the switch:

Switch> show auto qos

AutoQoS not enabled on any interface

These are examples of output from the show auto qos interface interface-id command when auto-QoS is disabled on an interface:

Switch> show auto qos interface fastethernet0/1

AutoQoS is disabled

Related Commands

Command	Description
auto qos voip	Automatically configures QoS for VoIP within a QoS domain.

show boot

Use the show boot privileged EXEC command to display the settings of the boot environment variables.

show boot [ | {begin | exclude | include} expression]

Syntax Description

| begin	(Optional) Display begins with the line that matches the expression.
| exclude	(Optional) Display excludes lines that match the expression.
| include	(Optional) Display includes lines that match the specified expression.
expression	Expression in the output to use as a reference point.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.1(4)EA1	This command was introduced.
12.1(11)EA1	The Private Config file field description was added.

Usage Guidelines

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

---

Note Only the Cisco IOS software can read and write a copy of the private configuration file. You cannot read, write, delete, or display a copy of this file.

---

Examples

This is an example of output from the show boot command. Table 2-14 describes each field in the display.

Switch# show boot

BOOT path-list:      flash:c3550-i5q3l2-mz-121.4.EA1/c3550-i5q3l2-mz-121.4.EA1.bin

Config file:         flash:config.text

Private Config file: flash:private-config.text

Enable Break:        no

Manual Boot:         yes

HELPER path-list:

NVRAM/Config file

      buffer size:   32768 

Table 2-14 show boot Field Descriptions

Field	Description
BOOT path-list	Displays a semicolon separated list of executable files to try to load and execute when automatically booting. If the BOOT environment variable is not set, the system attempts to load and execute the first executable image it can find by using a recursive, depth-first search through the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. If the BOOT variable is set but the specified images cannot be loaded, the system attempts to boot the first bootable file that it can find in the flash file system.
Config file	Displays the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration.
Private Config file	Displays the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration. Note Only the Cisco IOS software can read and write a copy of the private configuration file. You cannot read, write, delete, or display a copy of this file.
Enable Break	Displays whether a break during booting is enabled or disabled. If it is set to yes, on, or 1, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized.
Manual Boot	Displays whether the switch automatically or manually boots. If it is set to no or 0, the boot loader attempts to automatically boot the system. If it is set to anything else, you must manually boot the switch from the boot loader mode.
Helper path-list	Displays a semicolon separated list of loadable files to dynamically load during the boot loader initialization. Helper files extend or patch the functionality of the boot loader.
NVRAM/Config file buffer size	Displays the buffer size that Cisco IOS uses to hold a copy of the configuration file in memory. The configuration file cannot be larger than the buffer size allocation.

Related Commands

Command	Description
boot buffersize	Specifies the size of the file system-simulated NVRAM in flash memory.
boot config-file	Specifies the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration.
boot enable-break	Enables interrupting the automatic boot process.
boot manual	Enables manually booting the switch during the next boot cycle.
boot private-config-file	Specifies the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration.
boot system	Specifies the Cisco IOS image to load during the next boot cycle.

show class-map

Use the show class-map user EXEC command to display quality of service (QoS) class maps, which define the match criteria to classify traffic.

show class-map [class-map-name] [ | {begin | exclude | include} expression]

Syntax Description

class-map-name	(Optional) Display the contents of the specified class map.
| begin	(Optional) Display begins with the line that matches the expression.