Command Line Interface Guide
Page 8
... and Image Files 141 copy 141 delete 144 delete startup-config 144 dir 145 more 146 rename 147 boot system 148 show running-config 149 show startup-config 150 show bootvar 152 9 DHCP Snooping 153 ip dhcp snooping 153 ip dhcp snooping vlan 153 ip dhcp snooping trust 154 ip dhcp snooping information option...
... and Image Files 141 copy 141 delete 144 delete startup-config 144 dir 145 more 146 rename 147 boot system 148 show running-config 149 show startup-config 150 show bootvar 152 9 DHCP Snooping 153 ip dhcp snooping 153 ip dhcp snooping vlan 153 ip dhcp snooping trust 154 ip dhcp snooping information option...
Command Line Interface Guide
Page 28
...Global Configuration mode and return to the Privileged EXEC mode, the user can use one of the device host name followed by (config) and #. Contains commands to manage port configuration. The interface ethernet Global Configuration mode command is displayed. The Global Configuration mode...of these commands are used to enter the Port Channel Interface Configuration mode. 28 Using the CLI The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode. • Management Access List - These include commands such as a whole. ...
...Global Configuration mode and return to the Privileged EXEC mode, the user can use one of the device host name followed by (config) and #. Contains commands to manage port configuration. The interface ethernet Global Configuration mode command is displayed. The Global Configuration mode...of these commands are used to enter the Port Channel Interface Configuration mode. 28 Using the CLI The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode. • Management Access List - These include commands such as a whole. ...
Command Line Interface Guide
Page 39
...the DHCP snooping configuration. Configures the update frequency of the currently running -config show startup-config show ip dhcp snooping binding Configures a port as trusted for all interfaces on a VLAN. Displays the DHCP snooping binding database and configuration information for DHCP snooping ...EXEC Privileged EXEC Privileged EXEC DHCP Snooping Commands Command Group ip dhcp snooping Description Globally enables DHCP snooping ip dhcp snooping vlan Enables DHCP snooping on a switch. Configures the DHCP snooping binding file. Configures the update frequency of the DHCP ...
...the DHCP snooping configuration. Configures the update frequency of the currently running -config show startup-config show ip dhcp snooping binding Configures a port as trusted for all interfaces on a VLAN. Displays the DHCP snooping binding database and configuration information for DHCP snooping ...EXEC Privileged EXEC Privileged EXEC DHCP Snooping Commands Command Group ip dhcp snooping Description Globally enables DHCP snooping ip dhcp snooping vlan Enables DHCP snooping on a switch. Configures the DHCP snooping binding file. Configures the update frequency of the DHCP ...
Command Line Interface Guide
Page 73
clear spanning-tree detected- delete Deletes a file from the internal logging buffer. delete startup-config Deletes the startup-config file. dir Displays a list of files on an interface. Defines the configuration revision number. PE (Privileged EXEC) Mode ...to-address mapping received from the host name-to the MST instance. instance (mst) name (mst) revision (mst) show (mst) Maps VLANs to -address cache. Displays the current or pending MST region configuration. crypto certificate request Generates and displays certificate requests for HTTPS. clear host...
clear spanning-tree detected- delete Deletes a file from the internal logging buffer. delete startup-config Deletes the startup-config file. dir Displays a list of files on an interface. Defines the configuration revision number. PE (Privileged EXEC) Mode ...to-address mapping received from the host name-to the MST instance. instance (mst) name (mst) revision (mst) show (mst) Maps VLANs to -address cache. Displays the current or pending MST region configuration. crypto certificate request Generates and displays certificate requests for HTTPS. clear host...
Command Line Interface Guide
Page 76
...show sntp configuration show sntp status show spanning-tree show startup-config show syslog-servers show tacacs show users accounts show users login-history show vlan show vlan internal usage show vlan mac-to-vlan show vlan protocols-groups stack reload test copper-port tdr Displays the ... (SNTP). Shows the status of SNMP filters. Displays the syslog servers settings. Displays configuration and statistics for a TACACS+ servers. Displays VLAN information. SP (SSH Public Key) Mode Command Group key-string user-key Description Manually specifies a SSH public key. UE (User EXEC...
...show sntp configuration show sntp status show spanning-tree show startup-config show syslog-servers show tacacs show users accounts show users login-history show vlan show vlan internal usage show vlan mac-to-vlan show vlan protocols-groups stack reload test copper-port tdr Displays the ... (SNTP). Shows the status of SNMP filters. Displays the syslog servers settings. Displays configuration and statistics for a TACACS+ servers. Displays VLAN information. SP (SSH Public Key) Mode Command Group key-string user-key Description Manually specifies a SSH public key. UE (User EXEC...
Command Line Interface Guide
Page 96
...and those packets that do not match the conditions defined in bit positions to be ignored. • any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type] • source - Specifies wildcard bits to be applied to the source MAC ...address by placing 1s in the permit statement are permitted. Specifies wildcard bits to be ignored. • vlan-id - Console(config)# mac access-list macl-1 Console(config-mac-al)# permit (MAC) The permit MAC-Access List Configuration mode command sets permit conditions for the packet. (Range:...
...and those packets that do not match the conditions defined in bit positions to be ignored. • any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type] • source - Specifies wildcard bits to be applied to the source MAC ...address by placing 1s in the permit statement are permitted. Specifies wildcard bits to be ignored. • vlan-id - Console(config)# mac access-list macl-1 Console(config-mac-al)# permit (MAC) The permit MAC-Access List Configuration mode command sets permit conditions for the packet. (Range:...
Command Line Interface Guide
Page 97
... cos-wildcard] [ethtype eth-type] • disable-port - Specify a MAC address and mask. Specifies wildcard bits to be ignored. • vlan-id - Console(config)# mac access-list macl-acl1 Console(config-mac-al)# permit 06:a6 00:00:00:00:00:00 any |{ destination destination- Specifies the packets's Class of the packet...:10:XX use the Mac address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF. • destination - wildcard} {any vlan 6 deny (MAC) The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the ACL is being sent. • destination-...
... cos-wildcard] [ethtype eth-type] • disable-port - Specify a MAC address and mask. Specifies wildcard bits to be ignored. • vlan-id - Console(config)# mac access-list macl-acl1 Console(config-mac-al)# permit 06:a6 00:00:00:00:00:00 any |{ destination destination- Specifies the packets's Class of the packet...:10:XX use the Mac address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF. • destination - wildcard} {any vlan 6 deny (MAC) The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the ACL is being sent. • destination-...
Command Line Interface Guide
Page 98
...; no user guidelines for this command to detach an ACL from an input interface. Console(config)# mac access-list macl-1 Console (config-mac-acl)# deny 66:66:66:66:66:66 Console(config-mac-acl)# exit Console(config)# service-acl The service-acl Interface (VLAN) Configuration mode command applies an ACL to the input interface.
...; no user guidelines for this command to detach an ACL from an input interface. Console(config)# mac access-list macl-1 Console (config-mac-acl)# deny 66:66:66:66:66:66 Console(config-mac-acl)# exit Console(config)# service-acl The service-acl Interface (VLAN) Configuration mode command applies an ACL to the input interface.
Command Line Interface Guide
Page 102
Command Mode Global Configuration mode. Console(config)# bridge multicast filtering bridge multicast address The bridge multicast address Interface Configuration (VLAN) mode command registers a MAC-layer Multicast address in the bridge table and statically adds ports to ...Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on the VLAN and IGMP-snooping is disabled. Console(config)# interface vlan 2 Console(config-if)# bridge address 3aa2.64b3.a245 ethernet 1/e16 permanent bridge multicast filtering The bridge multicast filtering Global...
Command Mode Global Configuration mode. Console(config)# bridge multicast filtering bridge multicast address The bridge multicast address Interface Configuration (VLAN) mode command registers a MAC-layer Multicast address in the bridge table and statically adds ports to ...Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on the VLAN and IGMP-snooping is disabled. Console(config)# interface vlan 2 Console(config-if)# bridge address 3aa2.64b3.a245 ethernet 1/e16 permanent bridge multicast filtering The bridge multicast filtering Global...
Command Line Interface Guide
Page 103
... a range of ports. Default Configuration No Multicast addresses are defined. Examples The following example registers the MAC address: Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 The following example registers the MAC address and adds ports statically....designate a range of ports. • port-channel-number-list - multicast-address - a hyphen is used to the group. Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet 1/e1-e9, 2/e2 Address Table Commands 103 Removes ports ...
... a range of ports. Default Configuration No Multicast addresses are defined. Examples The following example registers the MAC address: Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 The following example registers the MAC address and adds ports statically....designate a range of ports. • port-channel-number-list - multicast-address - a hyphen is used to the group. Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet 1/e1-e9, 2/e2 Address Table Commands 103 Removes ports ...
Command Line Interface Guide
Page 104
... the group. • mac-multicast-address - Examples The following example forbids MAC address 0100.5e02.0203 on port 2/e9 within VLAN 8. Separate non-consecutive Ethernet ports with a comma and no spaces; A valid MAC Multicast address. • ip- Separate non...list - hyphen is used to the default configuration. Command Modes Interface Configuration (VLAN) mode. multicast-address - Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 0100.5e.02.0203 Console(config-if)# bridge multicast forbidden address 0100.5e02.0203 add ethernet 2/e9 104 Address...
... the group. • mac-multicast-address - Examples The following example forbids MAC address 0100.5e02.0203 on port 2/e9 within VLAN 8. Separate non-consecutive Ethernet ports with a comma and no spaces; A valid MAC Multicast address. • ip- Separate non...list - hyphen is used to the default configuration. Command Modes Interface Configuration (VLAN) mode. multicast-address - Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 0100.5e.02.0203 Console(config-if)# bridge multicast forbidden address 0100.5e02.0203 add ethernet 2/e9 104 Address...
Command Line Interface Guide
Page 105
.... Filter unregistered multicast packets. Address Table Commands 105 Use the no bridge multicast unregistered • forwarding - Console (config)# bridge multicast unregistered forwarding bridge multicast forward-all The bridge multicast forward-all Interface Configuration (VLAN) mode command enables forwarding all Multicast packets on ports that are connected to routers, because the 224.0.0.x address...
.... Filter unregistered multicast packets. Address Table Commands 105 Use the no bridge multicast unregistered • forwarding - Console (config)# bridge multicast unregistered forwarding bridge multicast forward-all The bridge multicast forward-all Interface Configuration (VLAN) mode command enables forwarding all Multicast packets on ports that are connected to routers, because the 224.0.0.x address...
Command Line Interface Guide
Page 106
... - a hyphen is used to designate a range of ports. • port-channel-number-list - Syntax • bridge multicast forward-all -Multicast port. Command Mode Interface Configuration (VLAN) mode. Console(config)# interface vlan 2 Console(config-if)# bridge multicast forward-all add ethernet 1/e8 bridge multicast forbidden forward-all The bridge multicast forbidden forward-all Interface Configuration...
... - a hyphen is used to designate a range of ports. • port-channel-number-list - Syntax • bridge multicast forward-all -Multicast port. Command Mode Interface Configuration (VLAN) mode. Console(config)# interface vlan 2 Console(config-if)# bridge multicast forward-all add ethernet 1/e8 bridge multicast forbidden forward-all The bridge multicast forbidden forward-all Interface Configuration...
Command Line Interface Guide
Page 107
.... • port-channel-number-list - When a Multicast router port is used to designate a range of port-channels. Console(config)# interface vlan 2 Console(config-if)# bridge multicast forbidden forward-all Multicast packets. • remove - Syntax • bridge aging-time seconds • no ... Does not forbid forwarding all {add | remove} {ethernet interface-list | port-channel port- Separates non-consecutive Ethernet ports with VLAN 2. Example The following example forbids forwarding all the Multicast packets are forwarded to 1/e1 with a comma and no spaces; Syntax ...
.... • port-channel-number-list - When a Multicast router port is used to designate a range of port-channels. Console(config)# interface vlan 2 Console(config-if)# bridge multicast forbidden forward-all Multicast packets. • remove - Syntax • bridge aging-time seconds • no ... Does not forbid forwarding all {add | remove} {ethernet interface-list | port-channel port- Separates non-consecutive Ethernet ports with VLAN 2. Example The following example forbids forwarding all the Multicast packets are forwarded to 1/e1 with a comma and no spaces; Syntax ...
Command Line Interface Guide
Page 112
...table Privileged EXEC mode command displays all entries in ACLs. 112 Address Table Commands A valid port-channel number. Console(config)# interface ethernet 1/e1 Console(config-if)# port security routed secure-address 66:66:66:66:66:66 show bridge address-table The show bridge address-...table [vlan vlan] [ethernet interface | port-channel port-channel-number] • vlan - A valid Ethernet port. • port-channel-number - Command Mode Privileged...
...table Privileged EXEC mode command displays all entries in ACLs. 112 Address Table Commands A valid port-channel number. Console(config)# interface ethernet 1/e1 Console(config-if)# port security routed secure-address 66:66:66:66:66:66 show bridge address-table The show bridge address-...table [vlan vlan] [ethernet interface | port-channel port-channel-number] • vlan - A valid Ethernet port. • port-channel-number - Command Mode Privileged...
Command Line Interface Guide
Page 133
... interface. Console (config)# sntp client enable sntp client enable (Interface) The sntp client enable Interface Configuration (Ethernet, port-channel, VLAN) mode command enables the Simple Network Time Protocol (SNTP) client on the interface. Ethernet port number. • vlan vlan-id - Command Mode...SNTP client is disabled on an interface. Syntax • sntp client enable • no sntp client enable {ethernet interface-number | vlan vlan-id | port-channel number} • ethernet interface-number - This applies to enable Anycast clients globally. Port channel number. Default...
... interface. Console (config)# sntp client enable sntp client enable (Interface) The sntp client enable Interface Configuration (Ethernet, port-channel, VLAN) mode command enables the Simple Network Time Protocol (SNTP) client on the interface. Ethernet port number. • vlan vlan-id - Command Mode...SNTP client is disabled on an interface. Syntax • sntp client enable • no sntp client enable {ethernet interface-number | vlan vlan-id | port-channel number} • ethernet interface-number - This applies to enable Anycast clients globally. Port channel number. Default...
Command Line Interface Guide
Page 149
... configuration file contents. console# show running -config voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone voice vlan oui-table add 000fe2 H3C_Aolynk voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone interface...
... configuration file contents. console# show running -config voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone voice vlan oui-table add 000fe2 H3C_Aolynk voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone interface...
Command Line Interface Guide
Page 153
... the no form of this command to return to the default settings. console(config)# ip dhcp snooping ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. User Guidelines • For any DHCP snooping configuration to disable DHCP snooping ...on a VLAN. Use the no form of this command to take effect, you enable snooping on a VLAN by using the ip dhcp snooping vlan global configuration command. Command Mode Global Configuration mode. DHCP Snooping ip dhcp...
... the no form of this command to return to the default settings. console(config)# ip dhcp snooping ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. User Guidelines • For any DHCP snooping configuration to disable DHCP snooping ...on a VLAN. Use the no form of this command to take effect, you enable snooping on a VLAN by using the ip dhcp snooping vlan global configuration command. Command Mode Global Configuration mode. DHCP Snooping ip dhcp...
Command Line Interface Guide
Page 154
...Global Configuration mode. User Guidelines • You must first globally enable DHCP snooping before enabling DHCP snooping on VLAN 1000: console(config)# ip dhcp snooping vlan 1000 ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command ...clients. 154 DHCP Snooping Example The following example enables DHCP snooping on a VLAN. Specifies the VLAN ID. Syntax • ip dhcp snooping vlan vlan-id • no ip dhcp snooping vlan vlan-id • vlan-id - Configure as trusted ports those that are connected to other switches ...
...Global Configuration mode. User Guidelines • You must first globally enable DHCP snooping before enabling DHCP snooping on VLAN 1000: console(config)# ip dhcp snooping vlan 1000 ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command ...clients. 154 DHCP Snooping Example The following example enables DHCP snooping on a VLAN. Specifies the VLAN ID. Syntax • ip dhcp snooping vlan vlan-id • no ip dhcp snooping vlan vlan-id • vlan-id - Configure as trusted ports those that are connected to other switches ...
Command Line Interface Guide
Page 183
...; no form of this command. Console(config)# gvrp enable gvrp enable (Interface) The gvrp enable Interface Configuration (Ethernet, port-channel) mode command enables GVRP on the network learn these VLANs dynamically. GVRP Commands gvrp enable (Global) GARP VLAN Registration Protocol (GVRP) is an industry-...standard protocol designed to propagate VLAN information from device to disable GVRP on the device. Use the...
...; no form of this command. Console(config)# gvrp enable gvrp enable (Interface) The gvrp enable Interface Configuration (Ethernet, port-channel) mode command enables GVRP on the network learn these VLANs dynamically. GVRP Commands gvrp enable (Global) GARP VLAN Registration Protocol (GVRP) is an industry-...standard protocol designed to propagate VLAN information from device to disable GVRP on the device. Use the...