Command Reference
Page 2
... United States and certain other company. (0502R) Catalyst 3560 Switch Command Reference Copyright © 2004-2005 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California...
... United States and certain other company. (0502R) Catalyst 3560 Switch Command Reference Copyright © 2004-2005 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California...
Command Reference
Page 27
In this release. Command modes support specific Cisco IOS commands. For information on the debug commands, see Appendix A, "Catalyst 3560 Switch Boot Loader Commands." For information on the boot loader commands, see Appendix... A P T E R 1 Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For a complete description of the commands that support these features, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." For information on Cisco IOS Release 12.2, see the software configuration guide for the switch: •...
In this release. Command modes support specific Cisco IOS commands. For information on the debug commands, see Appendix A, "Catalyst 3560 Switch Boot Loader Commands." For information on the boot loader commands, see Appendix... A P T E R 1 Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For a complete description of the commands that support these features, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." For information on Cisco IOS Release 12.2, see the software configuration guide for the switch: •...
Command Reference
Page 33
... after the broadcast group and group keywords. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services...
... after the broadcast group and group keywords. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services...
Command Reference
Page 45
...sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. Image names are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. After these files are supported: • The...location]/directory]/image-name.tar The image-name.tar is the name of the image to a server. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command to upload an existing switch image to...
...sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. Image names are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. After these files are supported: • The...location]/directory]/image-name.tar The image-name.tar is the name of the image to a server. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command to upload an existing switch image to...
Command Reference
Page 76
...command also clears the MAC address notification global counters. The range is defined. clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table:... EXEC command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical port or ...
...command also clears the MAC address notification global counters. The range is defined. clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table:... EXEC command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical port or ...
Command Reference
Page 77
... all interfaces or the specified interface. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
... all interfaces or the specified interface. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
Command Reference
Page 80
...12.2(25)SEB Modification This command was introduced. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to remove a specific configured secure address from the specified VLAN. Note The voice keyword is available only if .... Enter one of these options after you enter the vlan keyword: • vlan-id-On a trunk port, specify the VLAN ID of a specific type (configured, dynamic, or sticky) on the switch or on a port and if that port is defined. Delete secure MAC addresses, either auto...
...12.2(25)SEB Modification This command was introduced. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to remove a specific configured secure address from the specified VLAN. Note The voice keyword is available only if .... Enter one of these options after you enter the vlan keyword: • vlan-id-On a trunk port, specify the VLAN ID of a specific type (configured, dynamic, or sticky) on the switch or on a port and if that port is defined. Delete secure MAC addresses, either auto...
Command Reference
Page 81
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the dynamic secure addresses from the address table: Switch# clear ...
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the dynamic secure addresses from the address table: Switch# clear ...
Command Reference
Page 102
Syntax Description request ip any IP or MAC address. Deny the specified sender IP address. Deny a specific sender MAC address. Define the IP address values for the ARP request. Defaults There are no deny {[request] ip {any | host sender-ip | ...MAC address values for the ARP responses. Deny the specified range of sender IP addresses. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified access control entry...
Syntax Description request ip any IP or MAC address. Deny the specified sender IP address. Deny a specific sender MAC address. Define the IP address values for the ARP request. Defaults There are no deny {[request] ip {any | host sender-ip | ...MAC address values for the ARP responses. Deny the specified range of sender IP addresses. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified access control entry...
Command Reference
Page 107
...access list is equivalent to be sent and received on an interface. By default, the first statement in an access list is IPv6-specific. Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are numbered in increments of the packet. Chapter 2... Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and ...
...access list is equivalent to be sent and received on an interface. By default, the first statement in an access list is IPv6-specific. Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are numbered in increments of the packet. Chapter 2... Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and ...
Command Reference
Page 128
... Reference 78-16405-05 The count range was introduced. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. The range is 2 times.
... Reference 78-16405-05 The count range was introduced. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. The range is 2 times.
Command Reference
Page 129
... Extensible Authentication Protocol (EAP) frame from the client before resending the request. The range is 2 times. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers.
... Extensible Authentication Protocol (EAP) frame from the client before resending the request. The range is 2 times. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers.
Command Reference
Page 131
...If you try to the authorized or unauthorized state based on a trunk port, an error message appears, and IEEE 802.1x is supported on a specific port. dot1x port-control {auto | force-authorized | force-unauthorized} no form of this port by forcing the port to change to the unauthorized ...state, ignoring all access through the port. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the authorized state without IEEE 802.1x-...
...If you try to the authorized or unauthorized state based on a trunk port, an error message appears, and IEEE 802.1x is supported on a specific port. dot1x port-control {auto | force-authorized | force-unauthorized} no form of this port by forcing the port to change to the unauthorized ...state, ignoring all access through the port. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the authorized state without IEEE 802.1x-...
Command Reference
Page 132
However, IEEE 802.1x is disabled until the port is not enabled. To disable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. You can enable IEEE 802.1x on a port that is a SPAN or RSPAN ...system-auth-control global configuration command. Related Commands Command show dot1x [interface interface-id] privileged EXEC command. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, the port does...
However, IEEE 802.1x is disabled until the port is not enabled. To disable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. You can enable IEEE 802.1x on a port that is a SPAN or RSPAN ...system-auth-control global configuration command. Related Commands Command show dot1x [interface interface-id] privileged EXEC command. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, the port does...
Command Reference
Page 137
...the EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. During the quiet period, the switch does not accept or initiate any authentication requests. ... wait for a response to adjust for all ports. 78-16405-05 Catalyst 3560 Switch Command Reference 2-105 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to an EAP-request/identity frame from the...
...the EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. During the quiet period, the switch does not accept or initiate any authentication requests. ... wait for a response to adjust for all ports. 78-16405-05 Catalyst 3560 Switch Command Reference 2-105 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to an EAP-request/identity frame from the...
Command Reference
Page 140
... Release 12.1(19)EA1 12.2(20)SE 12.2(25)SE Modification This command was introduced. Enable error detection for a specific cause or all causes. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to enable error-disabled detection for a Layer...
... Release 12.1(19)EA1 12.2(20)SE 12.2(25)SE Modification This command was introduced. Enable error detection for a specific cause or all causes. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to enable error-disabled detection for a Layer...
Command Reference
Page 142
errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from the link-flap error-disabled state. Enable the timer...-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap psecure-violation security-violation udld Enable the error-disabled mechanism to recover from a specific cause. Use the no errdisable recovery {cause {all | arp-inspection | bpduguard | channel-misconfig | dhcp-rate-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | ...
errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from the link-flap error-disabled state. Enable the timer...-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap psecure-violation security-violation udld Enable the error-disabled mechanism to recover from a specific cause. Use the no errdisable recovery {cause {all | arp-inspection | bpduguard | channel-misconfig | dhcp-rate-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | ...
Command Reference
Page 167
.... The no form of the command disables only the specified checks. Use the no form of this command to return to perform specific checks for ARP responses. If none of the second command. This check is performed for dynamic Address Resolution Protocol (ARP) inspection.... dropped. Command Modes Global configuration Command History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default ...
.... The no form of the command disables only the specified checks. Use the no form of this command to return to perform specific checks for ARP responses. If none of the second command. This check is performed for dynamic Address Resolution Protocol (ARP) inspection.... dropped. Command Modes Global configuration Command History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default ...
Command Reference
Page 208
ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on the switch. Displays the IP source bindings on an interface. Displays the IP source guard configuration on the switch or on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05
ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on the switch. Displays the IP source bindings on an interface. Displays the IP source guard configuration on the switch or on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05
Command Reference
Page 211
...Command Modes Interface configuration Command History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source ... This example shows how to disable IP source guard. Defaults IP source guard is enabled. If you must enable port security on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Related Commands Command ip source binding show ip source binding privileged EXEC command....
...Command Modes Interface configuration Command History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source ... This example shows how to disable IP source guard. Defaults IP source guard is enabled. If you must enable port security on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Related Commands Command ip source binding show ip source binding privileged EXEC command....