Consolidated Platform Command Reference, Cisco IOS Release … · showdying-gasp 471 showmacaddress-table 472 showmacaddress-tableaddress 473 showmacaddress-tableaging-time 474 showmacaddress-tablecount

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex(Catalyst 1000 Switches)First Published: 2019-12-25

Last Modified: 2020-09-15

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version ofthe UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHERWARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.comgo trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and anyother company. (1721R)

© 2020 Cisco Systems, Inc. All rights reserved.

www.cisco.com/go/trademarkswww.cisco.com/go/trademarks

C O N T E N T S

Using the Command-Line Interface 1C H A P T E R 1

Using the Command-Line Interface 2

Understanding Command Modes 2

Understanding the Help System 3

Understanding Abbreviated Commands 4

Understanding no and default Forms of Commands 4

Understanding CLI Error Messages 4

Using Configuration Logging 5

Using Command History 5

Changing the Command History Buffer Size 5

Recalling Commands 6

Disabling the Command History Feature 6

Using Editing Features 6

Enabling and Disabling Editing Features 7

Editing Commands through Keystrokes 7

Editing Command Lines that Wrap 9

Searching and Filtering Output of show and more Commands 10

Accessing the CLI 10

Accessing the CLI through a Console Connection or through Telnet 11

Interface and Hardware 13P A R T I

Interface and Hardware Commands 15C H A P T E R 2

debug ilpower 17

debug interface 18

debug lldp packets 19

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)iii

debug nmsp 20

duplex 21

errdisable detect cause 23

errdisable detect cause small-frame 25

errdisable recovery cause 26

errdisable recovery interval 29

lldp (interface configuration) 30

mdix auto 31

network-policy 32

network-policy profile (global configuration) 33

nmsp attachment suppress 34

power efficient-ethernet auto 35

power inline 36

power inline consumption 39

power inline police 42

show eee 44

show env 47

show errdisable detect 50

show errdisable recovery 52

show hardware led 54

show interfaces 57

show interfaces counters 61

show interfaces switchport 63

show interfaces transceiver 65

show ip ports all 68

show network-policy profile 69

show power inline 70

show system mtu 75

speed 76

switchport block 78

system mtu 79

voice-signaling vlan (network-policy configuration) 81

voice vlan (network-policy configuration) 83

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)iv

Contents

Layer 2 85P A R T I I

Layer 2 Commands 87C H A P T E R 3

channel-group 89

channel-protocol 92

clear lacp 93

clear pagp 94

clear spanning-tree counters 95

clear spanning-tree detected-protocols 96

debug etherchannel 97

debug lacp 98

debug pagp 99

debug platform etherchannel 100

debug platform pm 101

debug spanning-tree 103

interface port-channel 105

lacp port-priority 107

lacp system-priority 108

link state group 109

link state track 110

pagp learn-method 111

pagp port-priority 113

pagp timer 114

rep admin vlan 115

rep block port 116

rep lsl-age-timer 118

rep preempt delay 119

rep preempt segment 120

rep preempt segment 121

rep stcn 122

show etherchannel 123

show interfaces rep detail 126

show lacp 127

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)v

Contents

show link state group 131

show pagp 132

show platform etherchannel 134

show platform pm 135

show platform spanning-tree 137

show rep topology 138

show spanning-tree 140

show udld 144

spanning-tree backbonefast 147

spanning-tree bpdufilter 148

spanning-tree bpduguard 149

spanning-tree bridge assurance 150

spanning-tree cost 152

spanning-tree etherchannel guard misconfig 153

spanning-tree extend system-id 154

spanning-tree guard 155

spanning-tree link-type 157

spanning-tree loopguard default 158

spanning-tree mode 159

spanning-tree mst configuration 160

spanning-tree mst cost 162

spanning-tree mst forward-time 163

spanning-tree mst hello-time 164

spanning-tree mst max-age 165

spanning-tree mst max-hops 166

spanning-tree mst port-priority 167

spanning-tree mst pre-standard 168

spanning-tree mst priority 169

spanning-tree mst root 170

spanning-tree mst simulate pvst (global configuration) 171

spanning-tree mst simulate pvst (interface configuration) 173

spanning-tree pathcost method 175

spanning-tree mst port-priority 176

spanning-tree portfast edge (global configuration) 177

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)vi

Contents

spanning-tree portfast edge (interface configuration) 179

spanning-tree transmit hold-count 180

spanning-tree uplinkfast 181

spanning-tree vlan 183

switchport access vlan 185

switchport mode 187

switchport nonegotiate 189

udld 190

udld port 192

udld reset 194

Network Management 195P A R T I I I

Network Management 197C H A P T E R 4

monitor session destination 198

monitor session source 201

show monitor 203

snmp-server enable traps 205

snmp-server enable traps bridge 208

snmp-server enable traps cpu 209

snmp-server enable traps envmon 210

snmp-server enable traps errdisable 211

snmp-server enable traps flash 212

snmp-server enable traps mac-notification 213

snmp-server enable traps port-security 214

snmp-server enable traps snmp 215

snmp-server enable snmp traps storm-control 216

snmp-server enable traps stpx 217

QoS 219P A R T I V

Auto-QoS 221C H A P T E R 5

auto qos classify 222

auto qos trust 225

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)vii

Contents

auto qos video 229

auto qos voip 234

debug auto qos 239

show auto qos 242

QoS 247C H A P T E R 6

class 248

class-map 250

debug qos 252

match (class-map configuration) 253

mls qos 255

mls qos cos 257

mls qos map 259

mls qos rewrite ip dscp 260

mls qos srr-queue output cos-map 262

mls qos srr-queue output dscp-map 264

mls qos trust 266

police 268

policy map 270

priority-queue out 272

service-policy 273

set 274

show class-map 276

show mls qos 277

show mls qos interface 278

show mls qos maps 282

show policy-map 285

srr-queue bandwidth limit 286

srr-queue bandwidth shape 287

srr-queue bandwidth share 289

Security 291P A R T V

Security 293C H A P T E R 7

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)viii

Contents

aaa accounting dot1x 295

aaa accounting identity 297

aaa authentication dot1x 299

aaa authorization network 300

aaa new-model 301

authentication host-mode 303

authentication logging verbose 305

authentication mac-move permit 306

authentication priority 307

authentication violation 310

auto security 312

auto security-port 313

cisp enable 314

clear errdisable interface vlan 315

clear mac address-table 316

debug ip rip 318

deny (MAC access-list configuration) 320

dot1x critical (global configuration) 324

dot1x logging verbose 325

dot1x pae 326

dot1x supplicant force-multicast 327

dot1x test eapol-capable 328

dot1x test timeout 329

dot1x timeout 330

epm access-control open 332

ip access-group 333

ip admission 334

ip admission name 335

ip device tracking maximum 337

ip device tracking probe 338

ip dhcp snooping database 339

ip dhcp snooping information option format remote-id 341

ip dhcp snooping verify no-relay-agent-address 342

ip source binding 343

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)ix

Contents

ip ssh source-interface 344

ip verify source 345

ipv6 snooping policy 346

limit address-count 347

mab request format attribute 32 348

match (access-map configuration) 350

mab logging verbose 352

permit (MAC access-list configuration) 353

radius server 357

router rip 359

show aaa clients 360

show aaa command handler 361

show aaa local 362

show aaa servers 363

show aaa sessions 364

show authentication sessions 365

show auto security 368

show cisp 370

show dot1x 372

show eap pac peer 374

show ip dhcp snooping statistics 375

show ip rip database 378

show ip ssh 380

show radius server-group 381

show vlan group 383

switchport port-security aging 384

switchport port-security mac-address 386

switchport port-security maximum 388

switchport port-security violation 390

trusted-port 392

username name masked-secret 393

vlan group 394

Single IP Management 395P A R T V I

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)x

Contents

Single IP Management 397C H A P T E R 8

reload 398

show switch hstack-ports 400

show switch 402

stack-mac persistent timer 405

switch stack port 407

switch priority 408

switch provision 409

switch renumber 411

System Management 413P A R T V I I

System Management Commands 415C H A P T E R 9

archive download-sw 417

archive tar 420

archive upload-sw 424

boot 426

boot buffersize 427

boot enable-break 428

boot host dhcp 429

boot host retry timeout 430

boot manual 431

boot system 432

cat 433

clear logging onboard 434

clear mac address-table 435

clear mac address-table move update 436

copy 437

debug matm move update 438

delete 439

dir 440

dying-gasp 442

help 443

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)xi

Contents

hw-module 444

ip name-server 446

logging 448

logging buffered 449

logging console 450

logging file flash 451

logging history 452

logging history size 453

logging monitor 454

logging trap 455

mac address-table aging-time 456

mac address-table learning vlan 457

mac address-table notification 459

mac address-table static 460

mkdir 461

more 462

nmsp notification interval 463

rename 465

reset 466

rmdir 467

service sequence-numbers 468

set 469

show archive sw-upgrade history 472

show boot 473

show cable-diagnostics tdr 475

show dying-gasp 477

show mac address-table 478

show mac address-table address 479

show mac address-table aging-time 480

show mac address-table count 481

show mac address-table dynamic 482

show mac address-table interface 483

show mac address-table learning 484

show mac address-table move update 485

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)xii

Contents

show mac address-table multicast 486

show mac address-table notification 487

show mac address-table static 489

show mac address-table vlan 490

show nmsp 491

show logging onboard 492

shutdown 494

test cable-diagnostics tdr 495

traceroute mac 496

traceroute mac ip 499

type 501

unset 502

version 504

VLANs 505P A R T V I I I

VLAN 507C H A P T E R 1 0

clear vtp counters 508

debug platform vlan 509

debug sw-vlan 510

debug sw-vlan ifs 511

debug sw-vlan notification 512

debug sw-vlan vtp 513

interface vlan 514

show platform vlan 516

show vlan 517

show vtp 520

switchport priority extend 526

switchport trunk 527

switchport voice vlan 530

vlan 533

vtp (global configuration) 539

vtp (interface configuration) 544

vtp primary 545

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)xiii

Contents

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)xiv

Contents

Using the Command-Line Interface

This chapter contains the following topics:

• Using the Command-Line Interface, on page 2

Consolidated Platform Command Reference, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)1

Using the Command-Line InterfaceThis chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch.

Understanding Command ModesThe Cisco IOS user interface is divided into many different modes. The commands available to you dependon whichmode you are currently in. Enter a questionmark (?) at the system prompt to obtain a list of commandsavailable for each command mode.

When you start a session on the switch, you begin in user mode, often called user EXECmode. Only a limitedsubset of the commands are available in user EXEC mode. For example, most of the user EXEC commandsare one-time commands, such as show commands, which show the current configuration status, and clearcommands, which clear counters or interfaces. The user EXEC commands are not saved when the switchreboots.

To have access to all commands, youmust enter privileged EXECmode. Normally, youmust enter a passwordto enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enterglobal configuration mode.

Using the configurationmodes (global, interface, and line), you canmake changes to the running configuration.If you save the configuration, these commands are stored and used when the switch reboots. To access thevarious configuration modes, you must start at global configuration mode. From global configuration mode,you can enter interface configuration mode and line configuration mode.

This table describes the main command modes, how to access each one, the prompt you see in that mode, andhow to exit the mode. The examples in the table use the hostname Switch.

Table 1: Command Mode Summary

About This ModeExit MethodPromptAccess MethodMode

Use this mode to

• Change terminalsettings.

• Perform basic tests.

• Display systeminformation.

Enter logout or quit.Switch>

Begin a session withyour switch.

User EXEC

Use this mode to verifycommands that you haveentered. Use a password toprotect access to this mode.

Enter disable to exit.#

While in user EXECmode, enter the enablecommand.

PrivilegedEXEC

Use this mode to configureparameters that apply to theentire switch.

To exit to privilegedEXEC mode, enter exitor end, or press Ctrl-Z.

(config)#While in privilegedEXECmode, enter theconfigure command.

Globalconfiguration


Using the Command-Line InterfaceUsing the Command-Line Interface

About This ModeExit MethodPromptAccess MethodMode

Use this mode to configureVLAN parameters. WhenVTP mode is transparent,you can createextended-range VLANs(VLAN IDs greater than1005) and saveconfigurations in the switchstartup configuration file.

To exit to globalconfiguration mode,enter the exit command.

To return to privilegedEXEC mode, pressCtrl-Z or enter end.

(config-vlan)#While in globalconfiguration mode,enter the vlan vlan-idcommand.

VLANconfiguration

Use this mode to configureparameters for the Ethernetports.

To exit to globalconfiguration mode,enter exit.


(config-if)#While in globalconfiguration mode,enter the interfacecommand (with aspecific interface).

Interfaceconfiguration

Use this mode to configureparameters for the terminalline.

To exit to globalconfiguration mode,enter exit.


(config-line)#While in globalconfiguration mode,specify a line with theline vty or lineconsole command.

Lineconfiguration

For more detailed information on the command modes, see the command reference guide for this release.

Understanding the Help SystemYou can enter a question mark (?) at the system prompt to display a list of commands available for eachcommand mode. You can also obtain a list of associated keywords and arguments for any command.

Table 2: Help Summary

PurposeCommand

Obtains a brief description of the help system in anycommand mode.

help

Obtains a list of commands that begin with a particularcharacter string.

abbreviated-command-entry ?

# di?dir disable disconnect

Completes a partial command name.abbreviated-command-entry

# sh conf# show configuration


Using the Command-Line InterfaceUnderstanding the Help System

PurposeCommand

Lists all commands available for a particular commandmode.

?

Switch> ?

Lists the associated keywords for a command.command ?

Switch> show ?

Lists the associated arguments for a keyword.command keyword ?

(config)# cdp holdtime ? Length of time (in sec) that

receiver must keep this packet

Understanding Abbreviated CommandsYou need to enter only enough characters for the switch to recognize the command as unique.

This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:

# show conf

Understanding no and default Forms of CommandsAlmost every configuration command also has a no form. In general, use the no form to disable a feature orfunction or reverse the action of a command. For example, the no shutdown interface configuration commandreverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabledfeature or to enable a feature that is disabled by default.

Configuration commands can also have a default form. The default form of a command returns the commandsetting to its default. Most commands are disabled by default, so the default form is the same as the no form.However, some commands are enabled by default and have variables set to certain default values. In thesecases, the default command enables the command and sets variables to their default values.

Understanding CLI Error MessagesThis table lists some error messages that you might encounter while using the CLI to configure your switch.


Using the Command-Line InterfaceUnderstanding Abbreviated Commands

Table 3: Common CLI Error Messages

How to Get HelpMeaningError Message

Re-enter the command followed by a questionmark(?) with a space between the command and thequestion mark.

The possible keywords that you can enter with thecommand appear.

You did not enter enoughcharacters for your switch torecognize the command.

% Ambiguouscommand: "showcon"

Re-enter the command followed by a questionmark(?) with a space between the command and thequestion mark.


You did not enter all thekeywords or values required bythis command.

% Incompletecommand.

Enter a question mark (?) to display all thecommands that are available in this commandmode.


You entered the commandincorrectly. The caret (^) marksthe point of the error.

% Invalid inputdetected at ‘^’marker.

Using Configuration LoggingYou can log and view changes to the switch configuration. You can use the Configuration Change Loggingand Notification feature to track changes on a per-session and per-user basis. The logger tracks eachconfiguration command that is applied, the user who entered the command, the time that the command wasentered, and the parser return code for the command. This feature includes a mechanism for asynchronousnotification to registered applications whenever the configuration changes. You can choose to have thenotifications sent to the syslog.

Only CLI or HTTP changes are logged.Note

Using Command HistoryThe software provides a history or record of commands that you have entered. The command history featureis particularly useful for recalling long or complex commands or entries, including access lists. You cancustomize this feature to suit your needs.

Changing the Command History Buffer SizeBy default, the switch records ten command lines in its history buffer. You can alter this number for a currentterminal session or for all sessions on a particular line. These procedures are optional.

Beginning in privileged EXEC mode, enter this command to change the number of command lines that theswitch records during the current terminal session:


Using the Command-Line InterfaceUsing Configuration Logging

# terminal history [size number-of-lines]

The range is from 0 to 256.

Beginning in line configuration mode, enter this command to configure the number of command lines theswitch records for all sessions on a particular line:

(config-line)# history [size number-of-lines]

The range is from 0 to 256.

Recalling CommandsTo recall commands from the history buffer, perform one of the actions listed in this table. These actions areoptional.

The arrow keys function only on ANSI-compatible terminals such as VT100s.Note

Table 4: Recalling Commands

ResultAction

Recalls commands in the history buffer, beginning with the most recentcommand. Repeat the key sequence to recall successively older commands.

Press Ctrl-P or the up arrowkey.

Returns to more recent commands in the history buffer after recallingcommands with Ctrl-P or the up arrow key. Repeat the key sequence torecall successively more recent commands.

PressCtrl-N or the down arrowkey.

While in privileged EXEC mode, lists the last several commands that youjust entered. The number of commands that appear is controlled by thesetting of the terminal history global configuration command and thehistory line configuration command.

show history

(config)# help

Disabling the Command History FeatureThe command history feature is automatically enabled. You can disable it for the current terminal session orfor the command line. These procedures are optional.

To disable the feature during the current terminal session, enter the terminal no history privileged EXECcommand.

To disable command history for the line, enter the no history line configuration command.

Using Editing FeaturesThis section describes the editing features that can help you manipulate the command line.


Using the Command-Line InterfaceRecalling Commands

Enabling and Disabling Editing FeaturesAlthough enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure aspecific line to have enhanced editing. These procedures are optional.

To globally disable enhanced editing mode, enter this command in line configuration mode:

Switch (config-line)# no editing

To re-enable the enhanced editing mode for the current terminal session, enter this command in privilegedEXEC mode:

# terminal editing

To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode:

(config-line)# editing

Editing Commands through KeystrokesThis table shows the keystrokes that you need to edit command lines. These keystrokes are optional.


Table 5: Editing Commands through Keystrokes

PurposeKeystrokeCapability

Moves the cursor back one character.Press Ctrl-B, or press theleft arrow key.

Move around the command line tomake changes or corrections.

Moves the cursor forward one character.Press Ctrl-F, or press theright arrow key.

Moves the cursor to the beginning of thecommand line.

Press Ctrl-A.

Moves the cursor to the end of thecommand line.

Press Ctrl-E.

Moves the cursor back one word.Press Esc B.

Moves the cursor forward one word.Press Esc F.

Transposes the character to the left of thecursor with the character located at thecursor.

Press Ctrl-T.


Using the Command-Line InterfaceEnabling and Disabling Editing Features


Recalls the most recent entry in the buffer.Press Ctrl-Y.Recall commands from the bufferand paste them in the command line.The switch provides a buffer withthe last ten items that you deleted.

Recalls the next buffer entry.

The buffer contains only the last 10 itemsthat you have deleted or cut. If you pressEsc Y more than ten times, you cycle tothe first buffer entry.

Press Esc Y.

Erases the character to the left of thecursor.

Press the Delete orBackspace key.

Delete entries if you make a mistakeor change your mind.

Deletes the character at the cursor.Press Ctrl-D.

Deletes all characters from the cursor tothe end of the command line.

Press Ctrl-K.

Deletes all characters from the cursor tothe beginning of the command line.

Press Ctrl-U or Ctrl-X.

Deletes the word to the left of the cursor.Press Ctrl-W.

Deletes from the cursor to the end of theword.

Press Esc D.

Capitalizes at the cursor.Press Esc C.Capitalize or lowercase words orcapitalize a set of letters.

Changes the word at the cursor tolowercase.

Press Esc L.

Capitalizes letters from the cursor to theend of the word.

Press Esc U.

Press Ctrl-V or Esc Q.Designate a particular keystroke asan executable command, perhaps asa shortcut.


Using the Command-Line InterfaceEditing Commands through Keystrokes


Scrolls down one line.Press the Return key.Scroll down a line or screen ondisplays that are longer than theterminal screen can display.

The More prompt is usedfor any output that hasmore lines than can bedisplayed on the terminalscreen, including showcommand output. Youcan use the Return andSpace bar keystrokeswhenever you see theMore prompt.

Note

Scrolls down one screen.Press the Space bar.

Redisplays the current command line.Press Ctrl-L or Ctrl-R.Redisplay the current command lineif the switch suddenly sends amessage to your screen.

Editing Command Lines that WrapYou can use a wraparound feature for commands that extend beyond a single line on the screen. When thecursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first tencharacters of the line, but you can scroll back and check the syntax at the beginning of the command. Thekeystroke actions are optional.

To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You canalso press Ctrl-A to immediately move to the beginning of the line.


In this example, the access-list global configuration command entry extends beyond one line.When the cursorfirst reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($)shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line isagain shifted ten spaces to the left.

(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key toexecute the command. The dollar sign ($) appears at the end of the line to show that the line has been scrolledto the right:


Using the Command-Line InterfaceEditing Command Lines that Wrap

(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

The software assumes that you have a terminal screen that is 80 columns wide. If you have a width other thanthat, use the terminal width privileged EXEC command to set the width of your terminal.

Use line wrapping with the command history feature to recall and modify previous complex command entries.

Searching and Filtering Output of show and more CommandsYou can search and filter the output for show and more commands. This is useful when you need to sortthrough large amounts of output or if you want to exclude output that you do not need to see. Using thesecommands is optional.

To use this functionality, enter a show or more command followed by the pipe character (|), one of thekeywords begin, include, or exclude, and an expression that you want to search for or filter out:

command | {begin | include | exclude} regular-expression

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output arenot displayed, but the lines that contain Output appear.

This example shows how to include in the output display only lines where the expression protocol appears:

# show interfaces | include protocolVlan1 is up, line protocol is upVlan10 is up, line protocol is downGigabitEthernet1/0/1 is up, line protocol is downGigabitEthernet1/0/2 is up, line protocol is up

Accessing the CLIYou can access the CLI through a console connection, through Telnet, or by using the browser.

You manage the switch stack and the switch member interfaces through the active switch. You cannot manageswitch stack members on an individual switch basis. You can connect to the active switch through the consoleport or the Ethernet management port of one or more switch members. Be careful with using multiple CLIsessions to the active switch. Commands you enter in one session are not displayed in the other sessions.Therefore, it is possible to lose track of the session from which you entered commands.

We recommend using one CLI session when managing the switch stack.Note

If you want to configure a specific switch member port, you must include the switch member number in theCLI command interface notation.

To debug a specific switch member, you can access it from the active switch by using the sessionstack-member-number privileged EXEC command. The switch member number is appended to the systemprompt. For example, Switch-2# is the prompt in privileged EXEC mode for switch member 2, and where thesystem prompt for the active switch is Switch. Only the show and debug commands are available in a CLIsession to a specific switch member.


Using the Command-Line InterfaceSearching and Filtering Output of show and more Commands

Accessing the CLI through a Console Connection or through TelnetBefore you can access the CLI, you must connect a terminal or a PC to the switch console or connect a PC tothe Ethernet management port and then power on the switch, as described in the hardware installation guidethat shipped with your switch.

CLI access is available before switch setup. After your switch is configured, you can access the CLI througha remote Telnet session or SSH client.

You can use one of these methods to establish a connection with the switch:

• Connect the switch console port to a management station or dial-up modem, or connect the Ethernetmanagement port to a PC. For information about connecting to the console or Ethernet management port,see the switch hardware installation guide.

• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management station.The switch must have network connectivity with the Telnet or SSH client, and the switch must have anenable secret password configured.

The switch supports up to 16 simultaneous Telnet sessions. Changes made by one Telnet user are reflectedin all other Telnet sessions.

The switch supports up to five simultaneous secure SSH sessions.

After you connect through the console port, through the Ethernet management port, through a Telnet sessionor through an SSH session, the user EXEC prompt appears on the management station.


Using the Command-Line InterfaceAccessing the CLI through a Console Connection or through Telnet


Using the Command-Line InterfaceAccessing the CLI through a Console Connection or through Telnet

P A R T IInterface and Hardware

• Interface and Hardware Commands, on page 15

Interface and Hardware Commands

• debug ilpower, on page 17• debug interface, on page 18• debug lldp packets, on page 19• debug nmsp, on page 20• duplex, on page 21• errdisable detect cause, on page 23• errdisable detect cause small-frame, on page 25• errdisable recovery cause, on page 26• errdisable recovery interval, on page 29• lldp (interface configuration), on page 30• mdix auto, on page 31• network-policy, on page 32• network-policy profile (global configuration), on page 33• nmsp attachment suppress, on page 34• power efficient-ethernet auto, on page 35• power inline, on page 36• power inline consumption, on page 39• power inline police, on page 42• show eee, on page 44• show env, on page 47• show errdisable detect, on page 50• show errdisable recovery, on page 52• show hardware led, on page 54• show interfaces, on page 57• show interfaces counters, on page 61• show interfaces switchport, on page 63• show interfaces transceiver, on page 65• show ip ports all, on page 68• show network-policy profile, on page 69• show power inline, on page 70• show system mtu, on page 75• speed, on page 76• switchport block, on page 78


• system mtu, on page 79• voice-signaling vlan (network-policy configuration), on page 81• voice vlan (network-policy configuration), on page 83


Interface and Hardware

debug ilpowerTo enable debugging of the power controller and Power over Ethernet (PoE) system, use the debug ilpowercommand in privileged EXEC mode. To disable debugging, use the no form of this command.

debug ilpower {cdp | event | ha | port | powerman | registries | scp | sense}no debug ilpower {cdp | event | ha | port | powerman | registries | scp | sense}

Syntax Description Displays PoE Cisco Discovery Protocol (CDP) debug messages.cdp

Displays PoE event debug messages.event

Displays PoE high-availability messages.ha

Displays PoE port manager debug messages.port

Displays PoE power management debug messages.powerman

Displays PoE registries debug messages.registries

Displays PoE SCP debug messages.scp

Displays PoE sense debug messages.sense

Command Default Debugging is disabled.

Command Modes Privileged EXEC

Command History ModificationRelease

This command was introduced.Cisco IOS Release 15.2(7)E1

Usage Guidelines This command is supported only on PoE-capable switches.

When you enable debugging on a switch stack, it is enabled only on the active switch. To enable debuggingon a member switch, you can start a session from the active switch by using the session switch-number EXECcommand. Then enter the debug command at the command-line prompt of the member switch. You also canuse the remote command stack-member-number LINE EXEC command on the active switch to enabledebugging on a member switch without first starting a session.


Interface and Hardwaredebug ilpower

debug interfaceTo enable debugging of interface-related activities, use the debug interface command in privileged EXECmode. To disable debugging, use the no form of this command.

no debug interface {interface-id | counters {exceptions | protocol memory} | null interface-number| port-channel port-channel-number | states|vlan vlan-id}

Syntax Description ID of the physical interface. Displays debug messages for the specified physical port,identified by type switch number/module number/port, for example, gigabitethernet 1/0/2.

interface-id

Displays counters debugging information.counters

Displays debug messages when a recoverable exceptional condition occurs during thecomputation of the interface packet and data rate statistics.

exceptions

Displays debug messages for memory operations of protocol counters.protocol memory

Displays intermediary debug messages when an interface's state transitions.states





Usage Guidelines If you do not specify a keyword, all debug messages appear.

The undebug interface command is the same as the no debug interface command.



Interface and Hardwaredebug interface

debug lldp packetsTo enable debugging of Link Layer Discovery Protocol (LLDP) packets, use the debug lldp packets commandin privileged EXEC mode. To disable debugging, use the no form of this command.

debug lldp packetsno debug lldp packets

Syntax Description This command has no arguments or keywords.





Usage Guidelines The undebug lldp packets command is the same as the no debug lldp packets command.

When you enable debugging on a switch stack, it is enabled only on the active switch. To enable debuggingon a member switch, you can start a session from the active switch by using the session switch-numberprivileged EXEC command.


Interface and Hardwaredebug lldp packets

debug nmspTo enable debugging of the Network Mobility Services Protocol (NMSP) on the switch, use the debug nmspcommand in privileged EXEC mode. To disable debugging, use the no form of this command.

debug nmsp {all | connection | error | event | packet | rx | tx}no debug nmsp

Syntax Description Displays all NMSP debug messages.all

Displays debug messages for NMSP connection events.connection

Displays debugging information for NMSP error messages.error

Displays debug messages for NMSP events.event

Displays debugging information for NMSP receive messages.rx

Displays debugging information for NMSP transmit messages.tx

Displays debug messages for NMSP packet events.packet





Usage Guidelines

Attachment information is not supported in Cisco IOS XE Denali 16.1.1 and later releases.Note

The undebug nmsp command is the same as the no debug nmsp command.



Interface and Hardwaredebug nmsp

duplexTo specify the duplex mode of operation for a port, use the duplex command in interface configuration mode.To return to the default value, use the no form of this command.

duplex {auto | full | half}no duplex {auto | full | half}

Syntax Description Enables automatic duplex configuration. The port automatically detects whether it should run in full-or half-duplex mode, depending on the attached device mode.

auto

Enables full-duplex mode.full

Enables half-duplex mode (only for interfaces operating at 10 or 100 Mb/s). You cannot configurehalf-duplex mode for interfaces operating at 1000 or 10,000 Mb/s.

half

Command Default The default is auto for Fast Ethernet and Gigabit Ethernet ports.

The default is half for 100BASE-x (where -x is -BX, -FX, -FX-FE, or -LX) SFP modules.

Duplex options are not supported on the 1000BASE-x or 10GBASE-x (where -x is -BX, -CWDM, -LX, -SX,or -ZX) small form-factor pluggable (SFP) modules.

Command Modes Interface configuration



Usage Guidelines For Fast Ethernet and Gigabit Ethernet ports, setting the port to auto has the same effect as specifying full ifthe attached device does not autonegotiate the duplex parameter.

Half-duplex mode is supported on Fast Ethernet and Gigabit Ethernet interfaces if the duplex mode is autoand the connected device is operating at half duplex. However, you cannot configure these interfaces to operatein half-duplex mode.

Note

Certain ports can be configured to be either full duplex or half duplex. How this command is applied dependson the device to which the switch is attached.

If both ends of the line support autonegotiation, we highly recommend using the default autonegotiationsettings. If one interface supports autonegotiation and the other end does not, configure duplex and speed onboth interfaces, and use the auto setting on the supported side.

If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed settingand then forces the speed setting to the negotiated value. The duplex setting remains as configured on eachend of the link, which could result in a duplex setting mismatch.

You can configure the duplex setting when the speed is set to auto.


Interface and Hardwareduplex

Changing the interface speed and duplex mode configuration might shut down and reenable the interfaceduring the reconfiguration.

Caution

You can verify your setting by entering the show interfaces privileged EXEC command.

Examples This example shows how to configure an interface for full-duplex operation:

Device(config)# interface gigabitethernet1/0/1Device(config-if)# duplex full


Interface and Hardwareduplex

errdisable detect causeTo enable error-disable detection for a specific cause or for all causes, use the errdisable detect causecommand in global configuration mode. To disable the error-disable detection feature, use the no form of thiscommand.

errdisable detect cause {all | arp-inspection | bpduguard shutdown vlan | dhcp-rate-limit | dtp-flap| gbic-invalid | inline-power | link-flap | loopback | pagp-flap | pppoe-ia-rate-limit | psp shutdownvlan | security-violation shutdown vlan | sfp-config-mismatch}no errdisable detect cause {all | arp-inspection | bpduguard shutdown vlan | dhcp-rate-limit | dtp-flap| gbic-invalid | inline-power | link-flap | loopback | pagp-flap | pppoe-ia-rate-limit | psp shutdownvlan | security-violation shutdown vlan | sfp-config-mismatch}

Syntax Description Enables error detection for all error-disabled causes.all

Enables error detection for dynamic Address Resolution Protocol (ARP)inspection.

arp-inspection

Enables per-VLAN error-disable for BPDU guard.bpduguard shutdown vlan

Enables error detection for DHCP snooping.dhcp-rate-limit

Enables error detection for the Dynamic Trunking Protocol (DTP)flapping.

dtp-flap

Enables error detection for an invalid Gigabit Interface Converter (GBIC)module.

This error refers to an invalid small form-factor pluggable(SFP) module.

Note

gbic-invalid

Enables error detection for the Power over Ethernet (PoE) error-disabledcause.

This keyword is supported only on switches with PoE ports.Note

inline-power

Enables error detection for link-state flapping.link-flap

Enables error detection for detected loopbacks.loopback

Enables error detection for the Port Aggregation Protocol (PAgP) flaperror-disabled cause.

pagp-flap

Enables error detection for the PPPoE Intermediate Agent rate-limiterror-disabled cause.

pppoe-ia-rate-limit

Enables error detection for protocol storm protection (PSP).psp shutdown vlan

Enables voice aware 802.1x security.security-violation shutdownvlan

Enables error detection on an SFP configuration mismatch.sfp-config-mismatch


Interface and Hardwareerrdisable detect cause

Command Default Detection is enabled for all causes. All causes, except per-VLAN error disabling, are configured to shut downthe entire port.

Command Modes Global configuration



Usage Guidelines A cause (such as a link-flap or dhcp-rate-limit) is the reason for the error-disabled state. When a cause isdetected on an interface, the interface is placed in an error-disabled state, an operational state that is similarto a link-down state.

When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. Forthe bridge protocol data unit (BPDU) guard, voice-aware 802.1x security, and port-security features, you canconfigure the switch to shut down only the offending VLAN on the port when a violation occurs, instead ofshutting down the entire port.

If you set a recovery mechanism for the cause by entering the errdisable recovery global configurationcommand, the interface is brought out of the error-disabled state and allowed to retry the operation when allcauses have timed out. If you do not set a recovery mechanism, you must enter the shutdown and then theno shutdown commands to manually recover an interface from the error-disabled state.

For protocol storm protection, excess packets are dropped for a maximum of two virtual ports. Virtual porterror disabling using the psp keyword is not supported for EtherChannel and Flexlink interfaces.

To verify your settings, enter the show errdisable detect privileged EXEC command.

This example shows how to enable error-disabled detection for the link-flap error-disabled cause:Device(config)# errdisable detect cause link-flap

This command shows how to globally configure BPDU guard for a per-VLAN error-disabled state:Device(config)# errdisable detect cause bpduguard shutdown vlan

This command shows how to globally configure voice-aware 802.1x security for a per-VLANerror-disabled state:Device(config)# errdisable detect cause security-violation shutdown vlan

You can verify your setting by entering the show errdisable detect privileged EXEC command.


Interface and Hardwareerrdisable detect cause

errdisable detect cause small-frameTo allow any switch port to be error disabled if incoming VLAN-tagged packets are small frames (67 bytesor less) and arrive at the minimum configured rate (the threshold), use the errdisable detect cause small-frameglobal configuration command on the switch stack or on a standalone switch. Use the no form of this commandto return to the default setting.

errdisable detect cause small-frameno errdisable detect cause small-frame


Command Default This feature is disabled.




Usage Guidelines This command globally enables the small-frame arrival feature. Use the small violation-rate interfaceconfiguration command to set the threshold for each port.

You can configure the port to be automatically re-enabled by using the errdisable recovery cause small-frameglobal configuration command. You configure the recovery time by using the errdisable recovery intervalinterval global configuration command.

Examples

This example shows how to enable the switch ports to be put into the error-disabled mode if incomingsmall frames arrive at the configured threshold:

Device(config)# errdisable detect cause small-frame

You can verify your setting by entering the show interfaces privileged EXEC command.


Interface and Hardwareerrdisable detect cause small-frame

errdisable recovery causeTo enable the error-disabled mechanism to recover from a specific cause, use the errdisable recovery causecommand in global configuration mode. To return to the default setting, use the no form of this command.

errdisable recovery cause {all | arp-inspection | bpduguard | channel-misconfig | dhcp-rate-limit |dtp-flap | gbic-invalid | inline-power | link-flap | loopback | mac-limit | pagp-flap | port-mode-failure |pppoe-ia-rate-limit | psecure-violation | psp | security-violation | sfp-config-mismatch | storm-control |udld | vmps}no errdisable recovery cause {all | arp-inspection | bpduguard | channel-misconfig | dhcp-rate-limit| dtp-flap | gbic-invalid | inline-power | link-flap | loopback | mac-limit | pagp-flap | port-mode-failure |pppoe-ia-rate-limit | psecure-violation | psp | security-violation | sfp-config-mismatch | storm-control |udld | vmps}

Syntax Description Enables the timer to recover from all error-disabled causes.all

Enables the timer to recover from the Address Resolution Protocol(ARP) inspection error-disabled state.

arp-inspection

Enables the timer to recover from the bridge protocol data unit(BPDU) guard error-disabled state.

bpduguard

Enables the timer to recover from the EtherChannel misconfigurationerror-disabled state.

channel-misconfig

Enables the timer to recover from the DHCP snooping error-disabledstate.

dhcp-rate-limit

Enables the timer to recover from the Dynamic Trunking Protocol(DTP) flap error-disabled state.

dtp-flap

Enables the timer to recover from an invalid Gigabit InterfaceConverter (GBIC) module error-disabled state.

This error refers to an invalid small form-factor pluggable(SFP) error-disabled state.

Note

gbic-invalid

Enables the timer to recover from the Power over Ethernet (PoE)error-disabled state.

This keyword is supported only on switches with PoE ports.

inline-power

Enables the timer to recover from the link-flap error-disabled state.link-flap

Enables the timer to recover from a loopback error-disabled state.loopback

Enables the timer to recover from the mac limit error-disabled state.mac-limit

Enables the timer to recover from the Port Aggregation Protocol(PAgP)-flap error-disabled state.

pagp-flap


Interface and Hardwareerrdisable recovery cause

Enables the timer to recover from the port mode change failureerror-disabled state.

port-mode-failure

Enables the timer to recover from the PPPoE IA rate limiterror-disabled state.

pppoe-ia-rate-limit

Enables the timer to recover from a port security violation disablestate.

psecure-violation

Enables the timer to recover from the protocol storm protection (PSP)error-disabled state.

psp

Enables the timer to recover from an IEEE 802.1x-violation disabledstate.

security-violation

Enables error detection on an SFP configuration mismatch.sfp-config-mismatch

Enables the timer to recover from a storm control error.storm-control

Enables the timer to recover from the UniDirectional Link Detection(UDLD) error-disabled state.

udld

Enables the timer to recover from the VLAN Membership PolicyServer (VMPS) error-disabled state.

vmps

Command Default Recovery is disabled for all causes.




Usage Guidelines A cause (such as all or BDPU guard) is defined as the reason that the error-disabled state occurred. When acause is detected on an interface, the interface is placed in the error-disabled state, an operational state similarto link-down state.

When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. Forthe BPDU guard and port-security features, you can configure the switch to shut down only the offendingVLAN on the port when a violation occurs, instead of shutting down the entire port.

If you do not enable the recovery for the cause, the interface stays in the error-disabled state until you enterthe shutdown and the no shutdown interface configuration commands. If you enable the recovery for a cause,the interface is brought out of the error-disabled state and allowed to retry the operation again when all thecauses have timed out.

Otherwise, you must enter the shutdown and then the no shutdown commands to manually recover aninterface from the error-disabled state.

You can verify your settings by entering the show errdisable recovery privileged EXEC command.

Examples This example shows how to enable the recovery timer for the BPDU guard error-disabled cause:



Device(config)# errdisable recovery cause bpduguard



errdisable recovery intervalTo specify the time to recover from an error-disabled state, use the errdisable recovery interval commandin global configuration mode. To return to the default setting, use the no form of this command.

errdisable recovery interval timer-intervalno errdisable recovery interval timer-interval

Syntax Description Time to recover from the error-disabled state. The range is 30 to 86400 seconds. The sameinterval is applied to all causes. The default interval is 300 seconds.

timer-interval

Command Default The default recovery interval is 300 seconds.




Usage Guidelines The error-disabled recovery timer is initialized at a random differential from the configured interval value.The difference between the actual timeout value and the configured value can be up to 15 percent of theconfigured interval.

You can verify your settings by entering the show errdisable recovery privileged EXEC command.

Examples This example shows how to set the timer to 500 seconds:Device(config)# errdisable recovery interval 500


Interface and Hardwareerrdisable recovery interval

lldp (interface configuration)To enable Link Layer Discovery Protocol (LLDP) on an interface, use the lldp command in interfaceconfiguration mode. To disable LLDP on an interface, use the no form of this command.

lldp {med-tlv-select tlv | receive | tlv-select {power-management} | transmit}no lldp {med-tlv-select tlv | receive | tlv-select {power-management} | transmit}

Syntax Description Selects an LLDP Media Endpoint Discovery (MED) time-length-value(TLV) element to send.

med-tlv-select

String that identifies the TLV element. Valid values are the following:

• inventory-management— LLDP MED Inventory ManagementTLV.

• location— LLDP MED Location TLV.

• network-policy— LLDP MED Network Policy TLV.

tlv

Enables the interface to receive LLDP transmissions.receive

Selects the LLDP TLVs to send.tlv-select

Sends the LLDP Power Management TLV.power-management

Enables LLDP transmission on the interface.transmit

Command Default LLDP is disabled.




Usage Guidelines This command is supported on 802.1 media types.

If the interface is configured as a tunnel port, LLDP is automatically disabled.

The following example shows how to disable LLDP transmission on an interface:

Device(config)# interface gigabitethernet1/0/1Device(config-if)# no lldp transmit

The following example shows how to enable LLDP transmission on an interface:

Device(config)# interface gigabitethernet1/0/1Device(config-if)# lldp transmit


Interface and Hardwarelldp (interface configuration)

mdix autoTo enable the automatic medium-dependent interface crossover (auto-MDIX) feature on the interface, usethe mdix auto command in interface configuration mode. To disable auto-MDIX, use the no form of thiscommand.

mdix autono mdix auto


Command Default Auto-MDIX is enabled.




Usage Guidelines When auto-MDIX is enabled, the interface automatically detects the required cable connection type(straight-through or crossover) and configures the connection appropriately.

When you enable auto-MDIX on an interface, you must also set the interface speed and duplex to auto sothat the feature operates correctly.

When auto-MDIX (and autonegotiation of speed and duplex) is enabled on one or both of the connectedinterfaces, link up occurs, even if the cable type (straight-through or crossover) is incorrect.

Auto-MDIX is supported on all 10/100 and 10/100/1000Mb/s interfaces and on 10/100/1000BASE-TX smallform-factor pluggable (SFP) module interfaces. It is not supported on 1000BASE-SX or -LX SFP moduleinterfaces.

This example shows how to enable auto-MDIX on a port:Device# configure terminalDevice(config)# interface gigabitethernet1/0/1Device(config-if)# speed autoDevice(config-if)# duplex autoDevice(config-if)# mdix autoDevice(config-if)# end


Interface and Hardwaremdix auto

network-policyTo apply a network-policy profile to an interface, use the network-policy command in interface configurationmode. To remove the policy, use the no form of this command.

network-policy profile-numberno network-policy

Syntax Description The network-policy profile number to apply to the interface.profile-number

Command Default No network-policy profiles are applied.




Usage Guidelines Use the network-policy profile number interface configuration command to apply a profile to an interface.

You cannot apply the switchport voice vlan command on an interface if you first configure a network-policyprofile on it. However, if switchport voice vlan vlan-id is already configured on the interface, you can applya network-policy profile on the interface. The interface then has the voice or voice-signaling VLANnetwork-policy profile applied.

This example shows how to apply network-policy profile 60 to an interface:Device(config)# interface gigabitethernet1/0/1Device(config-if)# network-policy 60


Interface and Hardwarenetwork-policy

network-policy profile (global configuration)To create a network-policy profile and to enter network-policy configuration mode, use the network-policyprofile command in global configuration mode. To delete the policy and to return to global configurationmode, use the no form of this command.

network-policy profile profile-numberno network-policy profile profile-number

Syntax Description Network-policy profile number. The range is 1 to 4294967295.profile-number

Command Default No network-policy profiles are defined.




Usage Guidelines Use the network-policy profile global configuration command to create a profile and to enter network-policyprofile configuration mode.

To return to privileged EXEC mode from the network-policy profile configuration mode, enter the exitcommand.

When you are in network-policy profile configuration mode, you can create the profile for voice and voicesignaling by specifying the values for VLAN, class of service (CoS), differentiated services code point (DSCP),and tagging mode.

These profile attributes are contained in the Link Layer Discovery Protocol for Media Endpoint Devices(LLDP-MED) network-policy time-length-value (TLV).

This example shows how to create network-policy profile 60:

Device(config)# network-policy profile 60Device(config-network-policy)#


Interface and Hardwarenetwork-policy profile (global configuration)

nmsp attachment suppressTo suppress the reporting of attachment information from a specified interface, use the nmsp attachmentsuppress command in interface configuration mode. To return to the default setting, use the no form of thiscommand.

nmsp attachment suppressno nmsp attachment suppress

Syntax Description This command has no argments or keywords.

Command Default None

Command Modes Interface configuration (config-if)



Usage Guidelines Use the nmsp attachment suppress interface configuration command to configure an interface to not sendlocation and attachment notifications to a Cisco Mobility Services Engine (MSE).

Attachment information is not supported in Cisco IOS XE Denali 16.1.1 and later releases.Note

This example shows how to configure an interface to not send attachment information to the MSE:Device(config)# interface gigabitethernet1/0/1Device(config-if)# nmsp attachment suppress


Interface and Hardwarenmsp attachment suppress

power efficient-ethernet autoTo enable Energy Efficient Ethernet (EEE) for an interface, use the power efficient-ethernet auto commandin interface configuration mode. To disable EEE on an interface, use the no form of this command.

power efficient-ethernet autono power efficient-ethernet auto


Command Default EEE is enabled




Usage Guidelines You can enable EEE on devices that support low power idle (LPI) mode. Such devices can save power byentering LPI mode during periods of low utilization. In LPI mode, systems on both ends of the link can savepower by shutting down certain services. EEE provides the protocol needed to transition into and out of LPImode in a way that is transparent to upper layer protocols and applications.

The power efficient-ethernet auto command is available only if the interface is EEE capable. To check ifan interface is EEE capable, use the show eee capabilities EXEC command.

When EEE is enabled, the device advertises and autonegotiates EEE to its link partner. To view the currentEEE status for an interface, use the show eee status EXEC command.

This command does not require a license.

This example shows how to enable EEE for an interface:Device(config-if)# power efficient-ethernet autoDevice(config-if)#

This example shows how to disable EEE for an interface:Device(config-if)# no power efficient-ethernet autoDevice(config-if)#


Interface and Hardwarepower efficient-ethernet auto

power inlineTo configure the power management mode on Power over Ethernet (PoE) ports, use the power inline commandin interface configuration mode. To return to the default settings, use the no form of this command.

power inline {auto [max max-wattage] | consumption wattage | never | police [action ]{errdisable |log } | port {2-event | poe-ha} | static [max max-wattage ]}power inline {auto | consumption | never | police | port {2-event | poe-ha} | static }

Syntax Description Enables powered-device detection.If enough power is available,automatically allocates power tothe PoE port after device detection.Allocation is first-come, first-serve.

auto

(Optional) Limits the powerallowed on the port. The range is4000 to 30000 mW. If no value isspecified, the maximum is allowed.

max max-wattage

Configures the inline device powerconsumption.

consumption wattage

Disables device detection, anddisables power to the port.

never

Polices the power drawn on theport.

police

(Optional) Specifies the action tobe taken when the power isoverdrawn on the port.

• errdisable: error-disables theport.

• log: logs a message.

action {errdisable | log }

Configures the power level of theport.

• 2-event: enables 2-eventclassification.

• poe-ha: applies poe-ha to theport.

port {2-event|poe-ha}


Interface and Hardwarepower inline

Enables powered-device detection.Pre-allocates (reserves) power fora port before the switch discoversthe powered device. This actionguarantees that the deviceconnected to the interface receivesenough power.

static

(Optional) Specifies the maximumpower allowed on the interface.

max max-wattage

Command Default The default is auto (enabled).

The maximum wattage is 30,000 mW.

The default port priority is low.

Command Default Interface configuration



Usage Guidelines This command is supported only on PoE-capable ports. If you enter this command on a port that does notsupport PoE, this error message appears:

Device(config)# interface gigabitethernet1/0/1Device(config-if)# power inline auto

^% Invalid input detected at '^' marker.

In a switch stack, this command is supported on all ports in the stack that support PoE.

Use the max max-wattage option to disallow higher-power powered devices. With this configuration, whenthe powered device sends CiscoDiscovery Protocol (CDP)messages requestingmore power than themaximumwattage, the switch removes power from the port. If the powered-device IEEE class maximum is greater thanthe maximum wattage, the switch does not power the device. The power is reclaimed into the global powerbudget.

The switch never powers any class 0 or class 3 device if the power inline max max-wattage command isconfigured for less than 30 W.

Note

If the switch denies power to a powered device (the powered device requests more power through CDPmessages or if the IEEE class maximum is greater than the maximumwattage), the PoE port is in a power-denystate. The switch generates a system message, and the Oper column in the show power inline privilegedEXEC command output shows power-deny.

Use the power inline static max max-wattage command to give a port high priority. The switch allocatesPoE to a port configured in static mode before allocating power to a port configured in auto mode. The switchreserves power for the static port when it is configured rather than upon device discovery. The switch reserves



the power on a static port even when there is no connected device and whether or not the port is in a shutdownor in a no shutdown state. The switch allocates the configured maximum wattage to the port, and the amountis never adjusted through the IEEE class or by CDP messages from the powered device. Because power ispre-allocated, any powered device that uses less than or equal to the maximum wattage is guaranteed powerwhen it is connected to a static port. However, if the powered device IEEE class is greater than the maximumwattage, the switch does not supply power to it. If the switch learns through CDP messages that the powereddevice needs more than the maximum wattage, the powered device is shut down.

If the switch cannot pre-allocate power when a port is in static mode (for example, because the entire powerbudget is already allocated to other auto or static ports), this message appears: Command rejected: powerinline static: pwr not available. The port configuration remains unchanged.

When you configure a port by using the power inline auto or the power inline static interface configurationcommand, the port autonegotiates by using the configured speed and duplex settings. This is necessary todetermine the power requirements of the connected device (whether or not it is a powered device). After thepower requirements have been determined, the switch hardcodes the interface by using the configured speedand duplex settings without resetting the interface.

When you configure a port by using the power inline never command, the port reverts to the configuredspeed and duplex settings.

If a port has a Cisco powered device connected to it, you should not use the power inline never commandto configure the port. A false link-up can occur, placing the port in an error-disabled state.

You can verify your settings by entering the show power inline EXEC command.

Examples This example shows how to enable detection of a powered device and to automatically power a PoEport on a switch:

Device(config)# interface gigabitethernet1/0/2Device(config-if)# power inline auto

This example shows how to configure a PoE port on a switch to allow a class 1 or a class 2 powereddevice:

Device(config)# interface gigabitethernet1/0/2Device(config-if)# power inline auto max 7000

This example shows how to disable powered-device detection and to not power a PoE port on aswitch:

Device(config)# interface gigabitethernet1/0/2Device(config-if)# power inline never



power inline consumptionTo override the amount of power specified by the IEEE classification for a powered device, use the powerinline consumption command in global or interface configuration to specify the wattage used by each device.To return to the default power setting, use the no form of this command.

power inline consumption [default] wattageno power inline consumption [default]

Syntax Description The default keyword appears only in the global configuration. The command has the same effectwith or without the keyword.

default

Specifies the power that the switch budgets for the port. The range is 4000 to 15400 mW.wattage

Command Default The default power on each Power over Ethernet (PoE) port is15400 mW.


Interface configuration



Usage Guidelines When Cisco powered devices are connected to PoE ports, the switch uses Cisco Discovery Protocol (CDP)to determine the CDP-specific power consumption of the devices, which is the amount of power to allocatebased on the CDP messages. The switch adjusts the power budget accordingly. This does not apply to IEEEthird-party powered devices. For these devices, when the switch grants a power request, the switch adjuststhe power budget according to the powered-device IEEE classification. If the powered device is a class 0(class status unknown) or a class 3, the switch budgets 15400mW for the device, regardless of the CDP-specificamount of power needed.

If the powered device reports a higher class than its CDP-specific consumption or does not support powerclassification (defaults to class 0), the switch can power fewer devices because it uses the IEEE class informationto track the global power budget.

With PoE+, powered devices use IEEE 802.3at and LLDP power with media dependent interface (MDI) type,length, and value descriptions (TLVs), Power-via-MDA TLVs, for negotiating power up to 30 W. Ciscopre-standard devices and Cisco IEEE powered devices can use CDP or the IEEE 802.3at power-via-MDIpower negotiation mechanism to request power levels up to 30 W.

The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts upand uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum of 30W.

Note

By using the power inline consumption wattage configuration command, you can override the default powerrequirement of the IEEE classification. The difference between what is mandated by the IEEE classification


Interface and Hardwarepower inline consumption

and what is actually needed by the device is reclaimed into the global power budget for use by additionaldevices. You can then extend the switch power budget and use it more effectively.

Before entering the power inline consumption wattage configuration command, we recommend that youenable policing of the real-time power consumption by using the power inline police [action log] interfaceconfiguration command.

You should carefully plan your switch power budget and make certain not to oversubscribe the power supply.Caution

When you enter the power inline consumption default wattage or the no power inline consumption defaultglobal configuration command, or the power inline consumption wattage or the no power inline consumptioninterface configuration command, this caution message appears.

%CAUTION: Interface Gi1/0/1: Misconfiguring the 'power inline consumption/allocation'command may cause damage to the switch and void your warranty. Take precaution not tooversubscribe the power supply.It is recommended to enable power policing if the switch supports it.Refer to documentation.

When youmanually configure the power budget, you must also consider the power loss over the cable betweenthe switch and the powered device.

Note

For more information about the IEEE power classifications, see the “Configuring Interface Characteristics”chapter in the software configuration guide for this release.

This command is supported only on PoE-capable ports. If you enter this command on a switch or port thatdoes not support PoE, an error message appears.

In a switch stack, this command is supported on all switches or ports in the stack that support PoE.

You can verify your settings by entering the show power inline consumption privileged EXEC command.

Examples This example shows how to use the command in global configuration mode to configure the switchto budget 5000 mW to each PoE port:

Device(config)# power inline consumption default 5000%CAUTION: Interface Gi1/0/1: Misconfiguring the 'power inline consumption/allocation'command may cause damage to the switch and void your warranty. Take precaution not tooversubscribe the power supply.It is recommended to enable power policing if the switch supports it.Refer to documentation.

This example shows how to use the command in interface configuration mode to configure the switchto budget 12000 mW to the powered device connected to a specific PoE port:

Device(config)# interface gigabitethernet1/0/2Device(config-if)# power inline consumption 12000%CAUTION: Interface Gi1/0/2: Misconfiguring the 'power inline consumption/allocation'command may cause damage to the switch and void your warranty. Take precaution not tooversubscribe the power supply.It is recommended to enable power policing if the switch supports it.



Refer to documentation.



power inline policeTo enable policing of real-time power consumption on a powered device, use the power inline police commandin interface configuration mode. To disable this feature, use the no form of this command

power inline police [action {errdisable | log}]no power inline police

Syntax Description (Optional) Configures the device to turn off power to the port if the real-time powerconsumption exceeds the maximum power allocation on the port. This is the default action.

actionerrdisable

(Optional) Configures the device to generate a syslog message while still providing powerto a connected device if the real-time power consumption exceeds the maximum powerallocation on the port.

action log

Command Default Policing of the real-time power consumption of the powered device is disabled.




Usage Guidelines This command is supported only on Power over Ethernet (PoE)-capable ports. If you enter this command ona device or port that does not support PoE, an error message appears.

In a switch stack, this command is supported on all switches or ports in the stack that support PoE and real-timepower-consumption monitoring.

When policing of the real-time power consumption is enabled, the device takes action when a powered deviceconsumes more power than the allocated maximum amount.

When PoE is enabled, the device senses the real-time power consumption of the powered device. This featureis called power monitoring or power sensing. The device also polices the power usage with the power policingfeature.

When power policing is enabled, the device uses one of the these values as the cutoff power on the PoE portin this order:

1. The user-defined power level that limits the power allowed on the port when you enter the power inlineauto max max-wattage or the power inline static max max-wattage interface configuration command

2. The device automatically sets the power usage of the device by using CDP power negotiation or by theIEEE classification and LLPD power negotiation.

If you do not manually configure the cutoff-power value, the device automatically determines it by using CDPpower negotiation or the device IEEE classification and LLDP power negotiation. If CDP or LLDP are notenabled, the default value of 30 W is applied. However without CDP or LLDP, the device does not allowdevices to consume more than 15.4 W of power because values from 15400 to 30000 mW are only allocatedbased on CDP or LLDP requests. If a powered device consumes more than 15.4 W without CDP or LLDPnegotiation, the device might be in violation of the maximum current Imax limitation and might experience


Interface and Hardwarepower inline police

an Icut fault for drawing more current than the maximum. The port remains in the fault state for a time beforeattempting to power on again. If the port continuously draws more than 15.4 W, the cycle repeats.

When a powered device connected to a PoE+ port restarts and sends a CDP or LLDP packet with a powerTLV, the device locks to the power-negotiation protocol of that first packet and does not respond to powerrequests from the other protocol. For example, if the device is locked to CDP, it does not provide power todevices that send LLDP requests. If CDP is disabled after the device has locked on it, the device does notrespond to LLDP power requests and can no longer power on any accessories. In this case, you should restartthe powered device.

If power policing is enabled, the device polices power usage by comparing the real-time power consumptionto the maximum power allocated on the PoE port. If the device uses more than the maximum power allocation(or cutoff power) on the port, the device either turns power off to the port, or the device generates a syslogmessage and updates the LEDs (the port LEDs are blinking amber) while still providing power to the device.

• To configure the device to turn off power to the port and put the port in the error-disabled state, use thepower inline police interface configuration command.

• To configure the device to generate a syslog message while still providing power to the device, use thepower inline police action log command.

If you do not enter the action log keywords, the default action is to shut down the port, turn off power to it,and put the port in the PoE error-disabled state. To configure the PoE port to automatically recover from theerror-disabled state, use the errdisable detect cause inline-power global configuration command to enableerror-disabled detection for the PoE cause and the errdisable recovery cause inline-power interval intervalglobal configuration command to enable the recovery timer for the PoE error-disabled cause.

If policing is disabled, no action occurs when the powered device consumes more than the maximum powerallocation on the port, which could adversely affect the device.

Caution

You can verify your settings by entering the show power inline police privileged EXEC command.

Examples This example shows ho

Documents

Consolidated Platform Command Reference, Cisco IOS Release … · showdying-gasp 471 showmacaddress-table 472 showmacaddress-tableaddress 473 showmacaddress-tableaging-time 474 showmacaddress-tablecount