Command Reference
Page 2
..., Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare..., The Fastest Way to Increase Your Internet Quotient, and TransPath are the property of Cisco Systems, Inc.; The use of Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL...
..., Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare..., The Fastest Way to Increase Your Internet Quotient, and TransPath are the property of Cisco Systems, Inc.; The use of Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL...
Command Reference
Page 27
...-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For information on Cisco IOS Release 12.2, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." For more information on the show platform commands, see the Cisco IOS Release 12.2 Command Summary. For a ... debug commands, see Chapter 2, "Catalyst 3560 Switch Cisco IOS Commands." This chapter describes how to use the switch command-line interface (CLI) to IP version 4 (IPv4) unless there is supported by Cisco IOS software. Command modes support specific Cisco IOS commands.
...-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For information on Cisco IOS Release 12.2, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." For more information on the show platform commands, see the Cisco IOS Release 12.2 Command Summary. For a ... debug commands, see Chapter 2, "Catalyst 3560 Switch Cisco IOS Commands." This chapter describes how to use the switch command-line interface (CLI) to IP version 4 (IPv4) unless there is supported by Cisco IOS software. Command modes support specific Cisco IOS commands.
Command Reference
Page 33
... after the broadcast group and group keywords. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services...
... after the broadcast group and group keywords. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services...
Command Reference
Page 45
...Reference 2-13 Image names are uploaded, the software creates the tar file. These options are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. Usage Guidelines Use the upload feature only if the HTML files associated with the...installed with the existing image. archive upload-sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to a server. Defaults Uploads the currently running image from the flash: file system. The files are supported...
...Reference 2-13 Image names are uploaded, the software creates the tar file. These options are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. Usage Guidelines Use the upload feature only if the HTML files associated with the...installed with the existing image. archive upload-sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to a server. Defaults Uploads the currently running image from the flash: file system. The files are supported...
Command Reference
Page 76
...table privileged EXEC command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table: ... table and reset the counters. Examples This example shows how to 4094. Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical port or port...
...table privileged EXEC command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table: ... table and reset the counters. Examples This example shows how to 4094. Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical port or port...
Command Reference
Page 77
... all interfaces or the specified interface. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
... all interfaces or the specified interface. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
Command Reference
Page 80
... auto-learned or configured. (Optional) Delete the specified dynamic secure MAC address. (Optional) Delete all This example shows how to remove a specific configured secure address from the specified VLAN. Note The voice keyword is available only if voice VLAN is configured on the voice VLAN. Enter one..., clear the specified secure MAC address on a port and if that port is defined. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to delete from the MAC address table all secure addresses or ...
... auto-learned or configured. (Optional) Delete the specified dynamic secure MAC address. (Optional) Delete all This example shows how to remove a specific configured secure address from the specified VLAN. Note The voice keyword is available only if voice VLAN is configured on the voice VLAN. Enter one..., clear the specified secure MAC address on a port and if that port is defined. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to delete from the MAC address table all secure addresses or ...
Command Reference
Page 81
... mac-address Configures secure MAC addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on an interface. Related Commands Command Description switchport port-security Enables port security on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This...
... mac-address Configures secure MAC addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on an interface. Related Commands Command Description switchport port-security Enables port security on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This...
Command Reference
Page 102
... command is available only if your switch is running the IP services image, formerly known as the enhanced multilayer image (EMI). Deny a specific sender MAC address. Deny the specified range of target IP addresses. Deny the specified target IP address. Deny the specified range of sender ... of the ARP access list, there is performed against the DHCP bindings. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified ...
... command is available only if your switch is running the IP services image, formerly known as the enhanced multilayer image (EMI). Deny a specific sender MAC address. Deny the specified range of target IP addresses. Deny the specified target IP address. Deny the specified range of sender ... of the ARP access list, there is performed against the DHCP bindings. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified ...
Command Reference
Page 107
...-ipv6-prefix/prefix-length arguments are numbered in increments of 10. The fragments keyword is an option only if the protocol is IPv6-specific. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and undetermined-transport...
...-ipv6-prefix/prefix-length arguments are numbered in increments of 10. The fragments keyword is an option only if the protocol is IPv6-specific. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and undetermined-transport...
Command Reference
Page 128
... command only to the default setting. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. Command Modes Interface configuration Command History Release...
... command only to the default setting. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. Command Modes Interface configuration Command History Release...
Command Reference
Page 129
... History Release 12.1(19)EA1 Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. dot1x max-req count no response...
... History Release 12.1(19)EA1 Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. dot1x max-req count no response...
Command Reference
Page 131
... to change the mode of this port by using the dot1x system-auth-control global configuration command before enabling IEEE 802.1x on a specific port. dot1x port-control {auto | force-authorized | force-unauthorized} no form of an IEEE 802.1x-enabled port to trunk, an... trunk port. Command Modes Interface configuration Command History Release 12.1(19)EA1 Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to enable manual control of the authorization ...
... to change the mode of this port by using the dot1x system-auth-control global configuration command before enabling IEEE 802.1x on a specific port. dot1x port-control {auto | force-authorized | force-unauthorized} no form of an IEEE 802.1x-enabled port to trunk, an... trunk port. Command Modes Interface configuration Command History Release 12.1(19)EA1 Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to enable manual control of the authorization ...
Command Reference
Page 132
...or RSPAN source port. Note In software releases earlier than Cisco IOS Release 12.2(20)SE, if IEEE 802.1x is enabled on a not-yet active port of an EtherChannel as a SPAN or RSPAN destination. To disable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration ... IEEE 802.1x on an EtherChannel port, an error message appears, and IEEE 802.1x is not enabled. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, the port does...
...or RSPAN source port. Note In software releases earlier than Cisco IOS Release 12.2(20)SE, if IEEE 802.1x is enabled on a not-yet active port of an EtherChannel as a SPAN or RSPAN destination. To disable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration ... IEEE 802.1x on an EtherChannel port, an error message appears, and IEEE 802.1x is not enabled. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, the port does...
Command Reference
Page 137
... show dot1x Description Sets the maximum number of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples This example shows how to enable periodic re-authentication and to set... Command Reference 2-105 Related Commands Command dot1x max-req dot1x reauthentication show dot1x privileged EXEC command. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of times that the switch sends an EAP-request/identity...
... show dot1x Description Sets the maximum number of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples This example shows how to enable periodic re-authentication and to set... Command Reference 2-105 Related Commands Command dot1x max-req dot1x reauthentication show dot1x privileged EXEC command. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of times that the switch sends an EAP-request/identity...
Command Reference
Page 140
... all causes. Note On the Catalyst 3560 switch, this command to disable the error-disabled detection feature. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to an invalid small form-factor pluggable (SFP) module. Enable error detection... | pagp-flap} Syntax Description all arp-inspection dhcp-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap Enable error detection for a specific cause or all causes. Enable error detection for DHCP snooping.
... all causes. Note On the Catalyst 3560 switch, this command to disable the error-disabled detection feature. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to an invalid small form-factor pluggable (SFP) module. Enable error detection... | pagp-flap} Syntax Description all arp-inspection dhcp-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap Enable error detection for a specific cause or all causes. Enable error detection for DHCP snooping.
Command Reference
Page 142
... switch, this command to return to recover from a loopback error-disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from a specific cause. Enable the timer to the default setting. Enable the timer to recover from the Address Resolution Protocol...
... switch, this command to return to recover from a loopback error-disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from a specific cause. Enable the timer to the default setting. Enable the timer to recover from the Address Resolution Protocol...
Command Reference
Page 167
...only if your switch is performed for invalid and unexpected IP addresses. Use the no form of this command to return to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Usage Guidelines You must specify at least one of the previous command; that... MAC address in the Ethernet header against the sender MAC address in all ARP requests and responses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings...
...only if your switch is performed for invalid and unexpected IP addresses. Use the no form of this command to return to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Usage Guidelines You must specify at least one of the previous command; that... MAC address in the Ethernet header against the sender MAC address in all ARP requests and responses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings...
Command Reference
Page 208
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Command Reference
Page 211
... History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Related Commands Command ip...
... History Release 12.2(20)SE Modification This command was introduced. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Related Commands Command ip...