Command Reference
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL ...Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, ...
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL ...Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, ...
Command Reference
Page 27
... configuration steps, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." Command modes support specific Cisco IOS commands. For more information on the boot loader commands, see the Cisco IOS Release 12.2 Command Summary. For a complete description of the commands that support these... T E R 1 Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For information on the debug commands, see Chapter 2, "Catalyst 3560 Switch Cisco IOS Commands." This chapter describes how to use the switch command-line interface (CLI)...
... configuration steps, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." Command modes support specific Cisco IOS commands. For more information on the boot loader commands, see the Cisco IOS Release 12.2 Command Summary. For a complete description of the commands that support these... T E R 1 Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to IP version 6 (IPv6). For information on the debug commands, see Chapter 2, "Catalyst 3560 Switch Cisco IOS Commands." This chapter describes how to use the switch command-line interface (CLI)...
Command Reference
Page 33
...-16405-05 Catalyst 3560 Switch Command Reference 2-1 CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services.
...-16405-05 Catalyst 3560 Switch Command Reference 2-1 CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for accounting services.
Command Reference
Page 45
... version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. These options are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. Defaults Uploads the currently running image... local or network file system. Image names are uploaded, the software creates the tar file. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command to upload an existing switch image ...
... version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. These options are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. Defaults Uploads the currently running image... local or network file system. Image names are uploaded, the software creates the tar file. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command to upload an existing switch image ...
Command Reference
Page 76
...command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 Examples This example shows how to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical ...port or port channel. (Optional) Delete all dynamic MAC addresses on a particular VLAN. clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands...
...command. 2-44 Catalyst 3560 Switch Command Reference 78-16405-05 Examples This example shows how to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on the specified physical ...port or port channel. (Optional) Delete all dynamic MAC addresses on a particular VLAN. clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands...
Command Reference
Page 77
... address table static and dynamic entries. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
... address table static and dynamic entries. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show...
Command Reference
Page 80
... Defaults No default is not the access VLAN. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to remove a specific configured secure address from the specified VLAN. Enter one of these options after you enter the vlan... keyword: • vlan-id-On a trunk port, specify the VLAN ID of a specific type (configured, dynamic, or sticky) on the switch or on the specified physical port or VLAN. (Optional) Delete the specified secure MAC address ...
... Defaults No default is not the access VLAN. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to remove a specific configured secure address from the specified VLAN. Enter one of these options after you enter the vlan... keyword: • vlan-id-On a trunk port, specify the VLAN ID of a specific type (configured, dynamic, or sticky) on the switch or on the specified physical port or VLAN. (Optional) Delete the specified secure MAC address ...
Command Reference
Page 81
... command. switchport port-security mac-address mac-address Configures secure MAC addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the...
... command. switchport port-security mac-address mac-address Configures secure MAC addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the...
Command Reference
Page 102
...for the ARP responses. Deny the specified range of target MAC addresses. (Optional) Log a packet when it matches the ACE. Deny a specific sender MAC address. Deny the MAC address values for the ARP responses. However, at the end of this command to deny an ARP ... address. Deny the specified target MAC address. Use the no default settings. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified access...
...for the ARP responses. Deny the specified range of target MAC addresses. (Optional) Log a packet when it matches the ACE. Deny a specific sender MAC address. Deny the MAC address values for the ARP responses. However, at the end of this command to deny an ARP ... address. Deny the specified target MAC address. Use the no default settings. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified access...
Command Reference
Page 107
... layer service. Therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to define the conditions under which is IPv6-specific. Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are not specified. 78-16405-05 Catalyst 3560...permit, deny, or remark statements to the IPv6 neighbor discovery process, uses a separate data-link layer protocol. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in increments of 10. Defaults No IPv6 access list is similar to the...
... layer service. Therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to define the conditions under which is IPv6-specific. Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are not specified. 78-16405-05 Catalyst 3560...permit, deny, or remark statements to the IPv6 neighbor discovery process, uses a separate data-link layer protocol. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in increments of 10. Defaults No IPv6 access list is similar to the...
Command Reference
Page 128
... command only to the unauthorized state. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. Usage Guidelines You should change the default...
... command only to the unauthorized state. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. Usage Guidelines You should change the default...
Command Reference
Page 129
... range is 1 to the client before restarting the authentication process. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. Command Modes Interface configuration Command History...
... range is 1 to the client before restarting the authentication process. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. Command Modes Interface configuration Command History...
Command Reference
Page 131
... 802.1x authentication on the port and cause the port to change an IEEE 802.1x-enabled port to enable IEEE 802.1x on a specific port. Deny all attempts by using the dot1x system-auth-control global configuration command before enabling IEEE 802.1x on a dynamic-access (VLAN... message appears, and the port mode is not changed . 78-16405-05 Catalyst 3560 Switch Command Reference 2-99 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the authorized state without IEEE 802.1x-based...
... 802.1x authentication on the port and cause the port to change an IEEE 802.1x-enabled port to enable IEEE 802.1x on a specific port. Deny all attempts by using the dot1x system-auth-control global configuration command before enabling IEEE 802.1x on a dynamic-access (VLAN... message appears, and the port mode is not changed . 78-16405-05 Catalyst 3560 Switch Command Reference 2-99 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the authorized state without IEEE 802.1x-based...
Command Reference
Page 132
...Related Commands Command show dot1x [interface interface-id] privileged EXEC command. Examples This example shows how to enable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. However, IEEE 802.1x is disabled until the port is not enabled. ...dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, ...
...Related Commands Command show dot1x [interface interface-id] privileged EXEC command. Examples This example shows how to enable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. However, IEEE 802.1x is disabled until the port is not enabled. ...dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is an active or a not-yet-active member of an EtherChannel, ...
Command Reference
Page 137
...EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. Enables periodic re-authentication of the client. If you have enabled periodic re-...Displays IEEE 802.1x status for all ports. 78-16405-05 Catalyst 3560 Switch Command Reference 2-105 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as...
...EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. Enables periodic re-authentication of the client. If you have enabled periodic re-...Displays IEEE 802.1x status for all ports. 78-16405-05 Catalyst 3560 Switch Command Reference 2-105 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as...
Command Reference
Page 140
... invalid Gigabit Interface Converter (GBIC) module. Enable error detection for detected loopbacks. The arp-inspection keyword was added. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to an invalid small form-factor pluggable (SFP) module. Use the no...-flap | pagp-flap} Syntax Description all arp-inspection dhcp-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap Enable error detection for a specific cause or all causes.
... invalid Gigabit Interface Converter (GBIC) module. Enable error detection for detected loopbacks. The arp-inspection keyword was added. errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to an invalid small form-factor pluggable (SFP) module. Use the no...-flap | pagp-flap} Syntax Description all arp-inspection dhcp-rate-limit dtp-flap gbic-invalid l2ptguard link-flap loopback pagp-flap Enable error detection for a specific cause or all causes.
Command Reference
Page 142
...pagp-flap | psecure-violation | security-violation | udld | vmps} | {interval interval} no form of this error refers to recover from a specific cause. Enable the timer to an invalid small form-factor pluggable (SFP) error-disabled state. Enable the timer to recover from the UniDirectional Link Detection... Resolution Protocol (ARP) inspection error-disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from the DHCP snooping error-disabled state.
...pagp-flap | psecure-violation | security-violation | udld | vmps} | {interval interval} no form of this error refers to recover from a specific cause. Enable the timer to an invalid small form-factor pluggable (SFP) error-disabled state. Enable the timer to recover from the UniDirectional Link Detection... Resolution Protocol (ARP) inspection error-disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from the DHCP snooping error-disabled state.
Command Reference
Page 167
... multilayer image (EMI). When enabled, packets with different MAC addresses are enabled, all IP multicast addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings. ...at least one of the previous command; If you also can be specified. If none of this command to return to perform specific checks for ARP responses. Use the no form of the second command. When enabled, packets with different MAC addresses are checked only...
... multilayer image (EMI). When enabled, packets with different MAC addresses are enabled, all IP multicast addresses. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings. ...at least one of the previous command; If you also can be specified. If none of this command to return to perform specific checks for ARP responses. Use the no form of the second command. When enabled, packets with different MAC addresses are checked only...
Command Reference
Page 208
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Command Reference
Page 211
...if)# ip verify source port-security You can verify your settings by entering the show ip verify source Description Configures static bindings on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Examples This example shows how to enable IP source guard with source IP... is disabled. If you must enable port security on an interface. Defaults IP source guard is enabled. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on the interface...
...if)# ip verify source port-security You can verify your settings by entering the show ip verify source Description Configures static bindings on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Examples This example shows how to enable IP source guard with source IP... is disabled. If you must enable port security on an interface. Defaults IP source guard is enabled. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on the interface...