Cisco IE-3000-8TC, IE 3000 Command Reference Manual
Cisco IE 3000 Switch Command Reference
Cisco IOS Release 12.2(44)EX
June 2008
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-13019-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way
We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA,
CCNP, CCSP, CCVP, Cisco, the Cisco
Cisco
Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient,
IOS, iPhone, iQ Expertise, the iQ logo, iQ
Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The
Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx
States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0805R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco IE 3000 Switch Command Reference
© 2008 Cisco Systems, Inc. All rights reserved.
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,
Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX,
logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United
IMPLIED, INCLUDING, WITHOUT
CONTENTS
Preface xvii
Audience xvii
Purpose xvii
Conventions xvii
Related Publications xviii
Obtaining Documentation and Submitting a Service Request xix
CHAPTER
CHAPTER
1 Using the Command-Line Interface 1-1
CLI Command Modes 1-1
User EXEC Mode 1-3
Privileged EXEC Mode 1-3
Global Configuration Mode 1-3
Interface Configuration Mode 1-4
config-vlan Mode 1-4
VLAN Configuration Mode 1-5
Line Configuration Mode 1-5
2 IE 3000 Switch Cisco IOS Commands 2-1
aaa accounting dot1x 2-1
aaa authentication dot1x 2-3
aaa authorization network 2-5
alarm facility fcs-hysteresis 2-6
alarm facility power-supply 2-7
alarm facility temperature 2-8
alarm profile (global configuration) 2-10
alarm profile (interface configuration) 2-12
alarm relay-mode 2-13
archive download-sw 2-14
archive tar 2-17
archive upload-sw 2-20
auto qos voip 2-22
boot config-file 2-26
OL-13019-01
Cisco IE 3000 Switch Command Reference
iii
Contents
boot enable-break 2-27
boot helper 2-28
boot helper-config-file 2-29
boot manual 2-30
boot private-config-file 2-31
boot system 2-32
channel-group 2-33
channel-protocol 2-36
cip 2-37
class 2-38
class-map 2-40
clear dot1x 2-42
clear eap sessions 2-43
clear errdisable interface 2-44
clear ip dhcp snooping 2-45
clear lacp 2-47
clear mac address-table 2-48
clear mac address-table move update 2-49
clear pagp 2-50
clear port-security 2-51
clear spanning-tree counters 2-53
clear spanning-tree detected-protocols 2-54
clear vmps statistics 2-55
clear vtp counters 2-56
cluster commander-address 2-57
cluster discovery hop-count 2-59
cluster enable 2-60
cluster holdtime 2-62
cluster member 2-63
cluster outside-interface 2-65
cluster run 2-66
cluster standby-group 2-67
cluster timer 2-69
define interface-range 2-70
delete 2-72
Cisco IE 3000 Switch Command Reference
iv
OL-13019-01
deny (MAC access-list configuration) 2-73
dot1x 2-76
dot1x auth-fail max-attempts 2-78
dot1x auth-fail vlan 2-80
dot1x control-direction 2-82
dot1x critical (global configuration) 2-84
dot1x critical (interface configuration) 2-86
dot1x default 2-88
dot1x fallback 2-89
dot1x guest-vlan 2-90
dot1x host-mode 2-92
dot1x initialize 2-93
dot1x mac-auth-bypass 2-94
Contents
dot1x max-reauth-req 2-96
dot1x max-req 2-97
dot1x pae 2-98
dot1x port-control 2-99
dot1x re-authenticate 2-101
dot1x reauthentication 2-102
dot1x test eapol-capable 2-103
dot1x test timeout 2-104
dot1x timeout 2-105
duplex 2-107
errdisable detect cause 2-109
errdisable detect cause small-frame 2-111
errdisable recovery cause small-frame 2-113
errdisable recovery 2-114
exception crashinfo 2-116
fallback profile 2-117
fcs-threshold 2-119
flowcontrol 2-120
interface port-channel 2-122
interface range 2-124
interface vlan 2-126
ip access-group 2-127
OL-13019-01
Cisco IE 3000 Switch Command Reference
v
Contents
ip address 2-129
ip admission 2-131
ip admission name proxy http 2-132
ip dhcp snooping 2-134
ip dhcp snooping binding 2-135
ip dhcp snooping database 2-137
ip dhcp snooping information option 2-139
ip dhcp snooping information option allow-untrusted 2-141
ip dhcp snooping limit rate 2-143
ip dhcp snooping trust 2-144
ip dhcp snooping verify 2-145
ip dhcp snooping vlan 2-146
ip igmp filter 2-147
ip igmp max-groups 2-149
ip igmp profile 2-151
ip igmp snooping 2-153
ip igmp snooping last-member-query-interval 2-155
ip igmp snooping querier 2-157
ip igmp snooping report-suppression 2-159
ip igmp snooping tcn 2-161
ip igmp snooping tcn flood 2-163
ip igmp snooping vlan immediate-leave 2-164
ip igmp snooping vlan mrouter 2-165
ip igmp snooping vlan static 2-167
ip ssh 2-169
lacp port-priority 2-171
lacp system-priority 2-173
location (global configuration) 2-175
location (interface configuration) 2-177
link state group 2-179
link state track 2-181
logging event 2-182
logging file 2-183
mac access-group 2-185
mac access-list extended 2-187
Cisco IE 3000 Switch Command Reference
vi
OL-13019-01
mac address-table aging-time 2-189
mac address-table move update 2-190
mac address-table notification 2-192
mac address-table static 2-194
mac address-table static drop 2-195
macro apply 2-197
macro description 2-200
macro global 2-201
macro global description 2-204
macro name 2-205
match (class-map configuration) 2-207
mdix auto 2-209
media-type 2-211
Contents
mls qos 2-213
mls qos aggregate-policer 2-215
mls qos cos 2-217
mls qos dscp-mutation 2-219
mls qos map 2-221
mls qos queue-set output buffers 2-225
mls qos queue-set output threshold 2-227
mls qos rewrite ip dscp 2-229
mls qos srr-queue input bandwidth 2-231
mls qos srr-queue input buffers 2-233
mls qos srr-queue input cos-map 2-235
mls qos srr-queue input dscp-map 2-237
mls qos srr-queue input priority-queue 2-239
mls qos srr-queue input threshold 2-241
mls qos srr-queue output cos-map 2-243
mls qos srr-queue output dscp-map 2-245
mls qos trust 2-247
monitor session 2-249
mvr (global configuration) 2-254
mvr (interface configuration) 2-257
pagp learn-method 2-260
pagp port-priority 2-262
OL-13019-01
Cisco IE 3000 Switch Command Reference
vii
Contents
permit (MAC access-list configuration) 2-264
police 2-267
police aggregate 2-269
policy-map 2-271
port-channel load-balance 2-273
power-supply dual 2-275
priority-queue 2-276
queue-set 2-278
radius-server dead-criteria 2-279
radius-server host 2-281
rcommand 2-283
remote-span 2-285
renew ip dhcp snooping database 2-287
rmon collection stats 2-289
sdm prefer 2-290
service password-recovery 2-292
service-policy 2-294
set 2-296
setup 2-298
setup express 2-301
show access-lists 2-303
show alarm description port 2-306
show alarm profile 2-307
show alarm settings 2-309
show archive status 2-311
show auto qos 2-312
show boot 2-316
show cable-diagnostics tdr 2-318
show cip 2-320
show class-map 2-321
show cluster 2-322
show cluster candidates 2-324
show cluster members 2-326
show controllers cpu-interface 2-328
show controllers ethernet-controller 2-330
Cisco IE 3000 Switch Command Reference
viii
OL-13019-01
show controllers tcam 2-337
show controllers utilization 2-339
show dot1x 2-341
show dtp 2-345
show eap 2-347
show env 2-350
show errdisable detect 2-351
show errdisable flap-values 2-353
show errdisable recovery 2-355
show etherchannel 2-357
show facility-alarm relay 2-360
show facility-alarm status 2-361
show fallback profile 2-362
Contents
show fcs-threshold 2-364
show flowcontrol 2-366
show interfaces 2-368
show interfaces counters 2-377
show inventory 2-379
show ip dhcp snooping 2-380
show ip dhcp snooping binding 2-381
show ip dhcp snooping database 2-383
show ip dhcp snooping statistics 2-385
show ip igmp profile 2-388
show ip igmp snooping 2-389
show ip igmp snooping groups 2-392
show ip igmp snooping mrouter 2-394
show ip igmp snooping querier 2-396
show lacp 2-398
show location 2-402
show link state group 2-405
show mac access-group 2-407
show mac address-table 2-409
show mac address-table address 2-411
show mac address-table aging-time 2-413
show mac address-table count 2-415
OL-13019-01
Cisco IE 3000 Switch Command Reference
ix
Contents
show mac address-table dynamic 2-417
show mac address-table interface 2-419
show mac address-table move update 2-421
show mac address-table notification 2-423
show mac address-table static 2-425
show mac address-table vlan 2-427
show mls qos 2-429
show mls qos aggregate-policer 2-430
show mls qos input-queue 2-431
show mls qos interface 2-433
show mls qos maps 2-437
show mls qos queue-set 2-440
show mls qos vlan 2-442
show monitor 2-443
show mvr 2-445
show mvr interface 2-447
show mvr members 2-449
show pagp 2-451
show parser macro 2-453
show policy-map 2-456
show port-security 2-458
show sdm prefer 2-461
show setup express 2-463
show spanning-tree 2-464
show storm-control 2-470
show system mtu 2-472
show udld 2-473
show version 2-476
show vlan 2-478
show vmps 2-482
show vtp 2-484
shutdown 2-489
shutdown vlan 2-490
small-frame violation rate 2-491
snmp-server enable traps 2-493
Cisco IE 3000 Switch Command Reference
x
OL-13019-01
snmp-server host 2-496
snmp trap mac-notification 2-500
spanning-tree backbonefast 2-502
spanning-tree bpdufilter 2-503
spanning-tree bpduguard 2-505
spanning-tree cost 2-507
spanning-tree etherchannel guard misconfig 2-509
spanning-tree extend system-id 2-511
spanning-tree guard 2-512
spanning-tree link-type 2-514
spanning-tree loopguard default 2-516
spanning-tree mode 2-518
spanning-tree mst configuration 2-520
Contents
spanning-tree mst cost 2-522
spanning-tree mst forward-time 2-524
spanning-tree mst hello-time 2-525
spanning-tree mst max-age 2-526
spanning-tree mst max-hops 2-527
spanning-tree mst port-priority 2-528
spanning-tree mst pre-standard 2-530
spanning-tree mst priority 2-531
spanning-tree mst root 2-532
spanning-tree port-priority 2-534
spanning-tree portfast (global configuration) 2-536
spanning-tree portfast (interface configuration) 2-538
spanning-tree transmit hold-count 2-540
spanning-tree uplinkfast 2-541
spanning-tree vlan 2-543
speed 2-546
srr-queue bandwidth limit 2-548
srr-queue bandwidth shape 2-550
srr-queue bandwidth share 2-552
storm-control 2-554
switchport access 2-557
switchport backup interface 2-559
OL-13019-01
Cisco IE 3000 Switch Command Reference
xi
Contents
switchport block 2-563
switchport host 2-564
switchport mode 2-565
switchport nonegotiate 2-567
switchport port-security 2-569
switchport port-security aging 2-574
switchport priority extend 2-576
switchport protected 2-578
switchport trunk 2-579
switchport voice vlan 2-582
system mtu 2-584
test cable-diagnostics tdr 2-586
test relay 2-587
APPENDIX
traceroute mac 2-588
traceroute mac ip 2-591
trust 2-593
udld 2-595
udld port 2-597
udld reset 2-599
vlan (global configuration) 2-600
vlan (VLAN configuration) 2-605
vlan database 2-611
vmps reconfirm (privileged EXEC) 2-614
vmps reconfirm (global configuration) 2-615
vmps retry 2-616
vmps server 2-617
vtp (global configuration) 2-619
vtp (VLAN configuration) 2-623
A IE 3000 Switch Bootloader Commands A-1
boot A-2
cat A-4
copy A-5
delete A-6
dir A-7
flash_init A-9
Cisco IE 3000 Switch Command Reference
xii
OL-13019-01
format A-10
fsck A-11
help A-12
memory A-13
mkdir A-14
more A-15
rename A-16
reset A-17
rmdir A-18
set A-19
type A-22
unset A-23
version A-25
Contents
APPENDIX
B IE 3000 Switch Debug Commands B-1
debug auto qos B-2
debug backup B-4
debug cip B-5
debug cluster B-6
debug dot1x B-8
debug dtp B-9
debug eap B-10
debug etherchannel B-11
debug interface B-12
debug ip dhcp snooping B-13
debug ip igmp filter B-14
debug ip igmp max-groups B-15
debug ip igmp snooping B-16
debug lacp B-17
debug mac-notification B-18
debug matm B-19
debug matm move update B-20
debug monitor B-21
debug mvrdbg B-22
debug nvram B-23
debug pagp B-24
OL-13019-01
Cisco IE 3000 Switch Command Reference
xiii
Contents
debug platform acl B-25
debug platform backup interface B-26
debug platform cpu-queues B-27
debug platform dot1x B-29
debug platform etherchannel B-30
debug platform forw-tcam B-31
debug platform ip dhcp B-32
debug platform ip igmp snooping B-33
debug platform led B-35
debug platform matm B-36
debug platform messaging application B-37
debug platform phy B-38
debug platform pm B-40
debug platform port-asic B-42
debug platform port-security B-43
debug platform qos-acl-tcam B-44
debug platform resource-manager B-45
debug platform snmp B-46
debug platform span B-47
debug platform supervisor-asic B-48
debug platform sw-bridge B-49
debug platform tcam B-50
debug platform udld B-52
debug platform vlan B-53
debug pm B-54
debug port-security B-56
debug qos-manager B-57
debug spanning-tree B-58
debug spanning-tree backbonefast B-60
debug spanning-tree bpdu B-61
debug spanning-tree bpdu-opt B-62
debug spanning-tree mstp B-63
debug spanning-tree switch B-65
debug spanning-tree uplinkfast B-67
debug sw-vlan B-68
Cisco IE 3000 Switch Command Reference
xiv
OL-13019-01
debug sw-vlan ifs B-70
debug sw-vlan notification B-71
debug sw-vlan vtp B-72
debug udld B-74
debug vqpc B-76
Contents
APPENDIX
C IE 3000 Switch Show Platform Commands C-1
show platform acl C-2
show platform backup interface C-3
show platform etherchannel C-4
show platform forward C-5
show platform ip igmp snooping C-7
show platform layer4op C-9
show platform mac-address-table C-10
show platform messaging C-11
show platform monitor C-12
show platform mvr table C-13
show platform pm C-14
show platform port-asic C-15
show platform port-security C-20
show platform qos C-21
show platform resource-manager C-22
show platform snmp counters C-24
show platform spanning-tree C-25
show platform stp-instance C-26
show platform tcam C-27
show platform vlan C-29
I
NDEX
OL-13019-01
Cisco IE 3000 Switch Command Reference
xv
Contents
Cisco IE 3000 Switch Command Reference
xvi
OL-13019-01
Audience
Preface
This guide is for the networking professional using the Cisco IOS command-line interface (CLI) to
manage the Cisco IE 3000 switch, hereafter referred to as the switch. Before using this guide, you should
have experience working with the Cisco IOS commands and the switch software features. Before using
this guide, you should have experience working with the concepts and terminology of Ethernet and local
area networking.
Purpose
This guide provides the information that you need about the Layer 2 commands that have been created
or changed for use with the IE 3000 switches. For information about the standard Cisco IOS Release 12.2
commands, see the Cisco IOS documentation set available from the Cisco.com home page by selecting
Technical Support & Documentation > Cisco IOS Software.
This guide does not provide procedures for configuring your switch. For detailed configuration
procedures, see the software configuration guide for this release.
This guide does not describe system messages you might encounter. For more information, see the
system message guide for this release.
For documentation updates, see the release notes for this release.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) means optional elements.
• Braces ({}) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
OL-13019-01
Cisco IE 3000 Switch Command Reference
xvii
Interactive examples use these conventions:
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and warnings use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
Preface
These documents provide complete information about the switch and are available from this Cisco.com
site:
http://www.cisco.com/en/US/products/ps9703/tsd_products_support_series_home.html
Note Before installing, configuring, or upgrading the switch, see these documents:
• For initial configuration information, see the “Using Express Setup” section in the getting started
guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
• For device manager requirements, see the “System Requirements” section in the release notes (not
orderable but available on Cisco.com).
• For Network Assistant requirements, see the Getting Started with Cisco Network Assistant (not
orderable but available on Cisco.com).
• For cluster requirements, see the Release Notes for Cisco Network Assistant (not orderable but
available on Cisco.com).
• For upgrade information, see the “Downloading Software” section in the release notes.
See these documents for other information about the switches:
• Release Notes for the Cisco IE 3000 Switch
• Cisco IE 3000 Switch Software Configuration Guide
• Cisco IE 3000 Switch Command Reference
• Cisco IE 3000 Switch System Message Guide
• Device manager online help (available on the switch)
• Cisco IE 3000 Switch Hardware Installation Guide
• Cisco IE 3000 Switch Getting Started Guide
• Regulatory Compliance and Safety Information for the Cisco IE 3000 Switch
Cisco IE 3000 Switch Command Reference
xviii
OL-13019-01
Preface
• Getting Started with Cisco Network Assistant
• Release Notes for Cisco Network Assistant
• Cisco Small Form-Factor Pluggable Modules Installation Notes
• For information about the Network Admission Control (NAC) features, see the Network Admission
Control Software Configuration Guide (not orderable but available on Cisco.com)
• This compatibility matrix document is available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
–
Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s
revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
New in Cisco Product Documentation, which also lists all new and
OL-13019-01
Cisco IE 3000 Switch Command Reference
xix
Preface
Cisco IE 3000 Switch Command Reference
xx
OL-13019-01
CHAPTER
1
Using the Command-Line Interface
The IE 3000 switch is supported by Cisco IOS software. This chapter describes how to use the switch
command-line interface (CLI) to configure software features.
• For a complete description of the commands that support these features, see Chapter 2, “IE 3000
Switch Cisco IOS Commands.”
• For information on the bootloader commands, see Appendix A, “IE 3000 Switch Bootloader
Commands.”
• For information on the debug commands, see Appendix B, “IE 3000 Switch Debug Commands.”
• For information on the show platform commands, see Appendix C, “IE 3000 Switch Show Platform
Commands.”
• For more information on Cisco IOS Release 12.2, see the Cisco IOS Release 12.2 Command
Summary.
• For task-oriented configuration steps, see the software configuration guide for this release.
In this document, IP refers to IP version 4 (IPv4).
CLI Command Modes
This section describes the CLI command mode structure. Command modes support specific Cisco IOS
commands. For example, the interface interface-id command only works when entered in global
configuration mode.
These are the main command modes for the switch:
• User EXEC
• Privileged EXEC
• Global configuration
• Interface configuration
• Config-vlan
• VLAN configuration
• Line configuration
OL-13019-01
Cisco IE 3000 Switch Command Reference
1-1
Chapter 1 Using the Command-Line Interface
CLI Command Modes
Table 1-1 lists the main command modes, how to access each mode, the prompt you see in that mode,
and how to exit that mode. The prompts listed use the default name Switch.
Ta b l e 1-1 Command Modes Summary
Command Mode Access Method Prompt Exit or Access Next Mode
User EXEC This is the first level of access.
Switch>
Enter the logout command.
(For the switch) Change terminal
settings, perform basic tasks, and
list system information.
Privileged EXEC From user EXEC mode, enter the
enable command.
Global
configuration
Interface
configuration
From privileged EXEC mode,
enter the configure command.
From global configuration mode,
specify an interface by entering
the interface command followed
by an interface identification.
Config-vlan In global configuration mode,
enter the vlan vlan-id command.
VLAN
configuration
From privileged EXEC mode,
enter the vlan database
command.
Line configuration From global configuration mode,
specify a line by entering the line
command.
Switch#
Switch(config)#
Switch(config-if)#
Switch(config-vlan)#
Switch(vlan)#
Switch(config-line)#
To enter privileged EXEC mode, enter
the enable command.
To exit to user EXEC mode, enter the
disable command.
To enter global configuration mode,
enter the configure command.
To exit to privileged EXEC mode,
enter the exit or end command, or
press Ctrl-Z.
To enter interface configuration mode,
enter the interface configuration
command.
To exit to privileged EXEC mode,
enter the end command, or press
Ctrl-Z.
To exit to global configuration mode,
enter the exit command.
To exit to global configuration mode,
enter the exit command.
To return to privileged EXEC mode,
enter the end command, or press
Ctrl-Z.
To exit to privileged EXEC mode,
enter the exit command.
To exit to global configuration mode,
enter the exit command.
To return to privileged EXEC mode,
enter the end command, or press
Ctrl-Z.
Cisco IE 3000 Switch Command Reference
1-2
OL-13019-01
Chapter 1 Using the Command-Line Interface
User EXEC Mode
After you access the device, you are automatically in user EXEC command mode. The EXEC commands
available at the user level are a subset of those available at the privileged level. In general, use the user
EXEC commands to temporarily change terminal settings, perform basic tests, and list system
information.
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch> ?
Privileged EXEC Mode
Because many of the privileged commands configure operating parameters, privileged access should be
password-protected to prevent unauthorized use. The privileged command set includes those commands
contained in user EXEC mode, as well as the configure privileged EXEC command through which you
access the remaining command modes.
If your system administrator has set a password, you are prompted to enter it before being granted access
to privileged EXEC mode. The password does not appear on the screen and is case sensitive.
The privileged EXEC mode prompt is the device name followed by the pound sign (#).
Switch#
CLI Command Modes
Enter the enable command to access privileged EXEC mode:
Switch> enable
Switch#
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch# ?
To return to user EXEC mode, enter the disable privileged EXEC command.
Global Configuration Mode
Global configuration commands apply to features that affect the device as a whole. Use the configure
privileged EXEC command to enter global configuration mode. The default is to enter commands from
the management console.
When you enter the configure command, a message prompts you for the source of the configuration
commands:
Switch# configure
Configuring from terminal, memory, or network [terminal]?
You can specify either the terminal or NVRAM as the source of configuration commands.
This example shows you how to access global configuration mode:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
OL-13019-01
Cisco IE 3000 Switch Command Reference
1-3
CLI Command Modes
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch(config)# ?
To exit global configuration command mode and to return to privileged EXEC mode, enter the end or
exit command, or press Ctrl-Z.
Interface Configuration Mode
Interface configuration commands modify the operation of the interface. Interface configuration
commands always follow a global configuration command, which defines the interface type.
Use the interface interface-id command to access interface configuration mode. The new prompt means
interface configuration mode.
Switch(config-if)#
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch(config-if)# ?
Chapter 1 Using the Command-Line Interface
To exit interface configuration mode and to return to global configuration mode, enter the exit command.
To exit interface configuration mode and to return to privileged EXEC mode, enter the end command,
or press Ctrl-Z.
config-vlan Mode
Use this mode to configure normal-range VLANs (VLAN IDs 1 to 1005) or, when VTP mode is
transparent, to configure extended-range VLANs (VLAN IDs 1006 to 4094). When VTP mode is
transparent, the VLAN and VTP configuration is saved in the running configuration file, and you can
save it to the switch startup configuration file by using the copy running-config startup-config
privileged EXEC command. The configurations of VLAN IDs 1 to 1005 are saved in the VLAN database
if VTP is in transparent or server mode. The extended-range VLAN configurations are not saved in the
VLAN database.
Enter the vlan vlan-id global configuration command to access config-vlan mode:
Switch(config)# vlan 2000
Switch(config-vlan)#
The supported keywords can vary but are similar to the commands available in VLAN configuration
mode. To display a comprehensive list of commands, enter a question mark (?) at the prompt.
Switch(config-vlan)# ?
For extended-range VLANs, all characteristics except the MTU size must remain at the default setting.
To return to global configuration mode, enter exit; to return to privileged EXEC mode, enter end. All
the commands except shutdown take effect when you exit config-vlan mode.
Cisco IE 3000 Switch Command Reference
1-4
OL-13019-01
Chapter 1 Using the Command-Line Interface
VLAN Configuration Mode
You can use the VLAN configuration commands to create or modify VLAN parameters for VLAN IDs
1 to 1005.
Enter the vlan database privileged EXEC command to access VLAN configuration mode:
Switch# vlan database
Switch(vlan)#
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch(vlan)# ?
To return to privileged EXEC mode, enter the abort VLAN configuration command to abandon the
proposed database. Otherwise, enter exit to implement the proposed new VLAN database and to return
to privileged EXEC mode. When you enter exit or apply, the configuration is saved in the VLAN
database; configuration from VLAN configuration mode cannot be saved in the switch configuration file.
Line Configuration Mode
CLI Command Modes
Line configuration commands modify the operation of a terminal line. Line configuration commands
always follow a line command, which defines a line number. Use these commands to change terminal
parameter settings line-by-line or for a range of lines.
Use the line vty line_number [ending_line_number] command to enter line configuration mode. The
new prompt means line configuration mode. The following example shows how to enter line
configuration mode for virtual terminal line
Switch(config)# line vty 0 7
7:
The supported commands can vary depending on the version of software in use. To display a
comprehensive list of commands, enter a question mark (?) at the prompt.
Switch(config-line)# ?
To exit line configuration mode and to return to global configuration mode, use the exit command. To
exit line configuration mode and to return to privileged EXEC mode, enter the end command, or press
Ctrl-Z.
OL-13019-01
Cisco IE 3000 Switch Command Reference
1-5
CLI Command Modes
Chapter 1 Using the Command-Line Interface
Cisco IE 3000 Switch Command Reference
1-6
OL-13019-01
CHAPTER
2
IE 3000 Switch Cisco IOS Commands
aaa accounting dot1x
Use the aaa accounting dot1x global configuration command to enable authentication, authorization,
and accounting (AAA) accounting and to create method lists defining specific accounting methods on a
per-line or per-interface basis for IEEE 802.1x sessions. Use the no form of this command to disable
IEEE
802.1x accounting.
aaa accounting dot1x {name | default} start-stop {broadcast group {name | radius | tacacs+}
[group {name | radius | tacacs+} ... ] | group {name | radius | tacacs+} [group { name | radius
| tacacs+} ... ]}
no aaa accounting dot1x {name | default}
Syntax Description name Name of a server group. This is optional when you enter it after the
broadcast group and group keywords.
default Use the accounting methods that follow as the default list for accounting
services.
start-stop Send a start accounting notice at the beginning of a process and a stop
accounting notice at the end of a process. The start accounting record is sent
in the background. The requested-user process begins regardless of whether
or not the start accounting notice was received by the accounting server.
broadcast Enable accounting records to be sent to multiple AAA servers and send
accounting records to the first server in each group. If the first server is
unavailable, the switch uses the list of backup servers to identify the first
server.
group Specify the server group to be used for accounting services. These are valid
server group names:
radius (Optional) Enable RADIUS authorization.
tacacs+ (Optional) Enable TACACS+ accounting.
OL-13019-01
• name—Name of a server group.
• radius—List of all RADIUS hosts.
• tacacs+—List of all TACACS+ hosts.
The group keyword is optional when you enter it after the broadcast group
and group keywords. You can enter more than optional group keyword.
Cisco IE 3000 Switch Command Reference
2-1
aaa accounting dot1x
Defaults AAA accounting is disabled.
Command Modes Global configuration
Chapter 2 IE 3000 Switch Cisco IOS Commands
Command History
Release Modification
12.2(44)EX This command was introduced.
Usage Guidelines This command requires access to a RADIUS server.
We recommend that you enter the dot1x reauthentication interface configuration command before
configuring IEEE 802.1x RADIUS accounting on an interface.
Examples This example shows how to configure IEEE 802.1x accounting:
Switch(config)# aaa new-model
Switch(config)# aaa accounting dot1x default start-stop group radius
Note The RADIUS authentication server must be properly configured to accept and log update or watchdog
packets from the AAA client.
Related Commands
Command Description
aaa authentication
dot1x
Specifies one or more AAA methods for use on interfaces running
IEEE
802.1x.
aaa new-model Enables the AAA access control model. For syntax information, see the
Cisco IOS Security Command Reference, Release 12.2 > Authentication,
Authorization, and Accounting > Authentication Commands.
dot1x reauthentication Enables or disables periodic reauthentication.
dot1x timeout
Sets the number of seconds between re-authentication attempts.
reauth-period
Cisco IE 3000 Switch Command Reference
2-2
OL-13019-01
Chapter 2 IE 3000 Switch Cisco IOS Commands
aaa authentication dot1x
Use the aaa authentication dot1x global configuration command to specify the authentication,
authorization, and accounting (AAA) method to use on ports complying with the IEEE 802.1x
authentication. Use the no form of this command to disable authentication.
aaa authentication dot1x {default} method1
no aaa authentication dot1x {default}
aaa authentication dot1x
Syntax Description
default Use the listed authentication method that follows this argument as the default
method when a user logs in.
method1 Enter the group radius keywords to use the list of all RADIUS servers for
authentication.
Note Though other keywords are visible in the command-line help strings, only the default and group radius
keywords are supported.
Defaults No authentication is performed.
Command Modes Global configuration
Command History
Release Modification
12.2(44)EX This command was introduced.
Usage Guidelines The method argument identifies the method that the authentication algorithm tries in the given sequence
to validate the password provided by the client. The only method that is truly IEEE 802.1x-compliant is
the group radius method, in which the client data is validated against a RADIUS authentication server.
If you specify group radius, you must configure the RADIUS server by entering the radius-server host
global configuration command.
Use the show running-config privileged EXEC command to display the configured lists of
authentication methods.
Examples This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication
list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is
not allowed access to the network.
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
You can verify your settings by entering the show running-config privileged EXEC command.
OL-13019-01
Cisco IE 3000 Switch Command Reference
2-3
aaa authentication dot1x
Related Commands Command Description
aaa new-model Enables the AAA access control model. For syntax information, see the
Cisco IOS Security Command Reference, Release 12.2 > Authentication,
Authorization, and Accounting > Authentication Commands.
show running-config Displays the current operating configuration. For syntax information, select
Cisco IOS Configuration Fundamentals Command Reference, Release
12.2 > File Management Commands > Configuration File Management
Commands.
Chapter 2 IE 3000 Switch Cisco IOS Commands
Cisco IE 3000 Switch Command Reference
2-4
OL-13019-01
Loading...