Global Configuration Commands

clock

Set the timezone to use on the local device.

clock timezone timezone hours-offset

Syntax Description

timezone timezone

Set the timezone on the device. timezone is one of the timezones in the tz database (also called tzdata, the zoneinfo database, or the IANA timezone database).

Default: UTC

hours-offset

Hours offset from Coordinated Universal Time (UTC). Range is from –23 to +23.

Command Default

UTC

Command Modes

Global configuration (config)

Release

Modification

Cisco IOS XE Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE clock timezone command.

Examples


  Device(config)# clock timezone UTC 20

config-transaction

To enter global configuration mode on a Cisco IOS XE Catalyst SD-WAN device, use the config-transaction command in privileged EXEC mode.

config-transaction

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco SD-WAN Manager CLI templates.

Usage Guidelines

Use this command to enter global configuration mode on a Cisco IOS XE Catalyst SD-WAN device. Commands entered in this mode are written to the running configuration file, but saved in the running config after commit.

Example

The following example shows how to enter global configuration mode from privileged EXEC and set an ip address for a name server, then commit changes. 

Device# config-transaction
Device(config)# ip name-server 10.255.1.1
Device(config)# commit
Table 1. Related Commands

Commands

Description
commit

Submits changes and writes to memory.
end

Cancels and exits out to privileged EXEC mode.
yes

Sends yes.
no

Sends no.
cancel

Cancels changes.

crypto isakmp diagnose error

To set the count of display errors for Internet Security Association and Key Management Protocol (ISAKMP), use the crypto isakmp diagnose error command in global configuration mode. To remove the ISAKMP error count, use the no form of this command.

crypto isakmp diagnose error count

no crypto isakmp diagnose error count

Syntax Description

count

Sets error counters.

Command Default

ISAKMP error diagnostic is enabled by default.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco SD-WAN Manager CLI templates.

Usage Guidelines

IKE is a hybrid protocol that implements the Oakley key exchange and key exchange inside the framework. IKE is a key management protocol standard that is used in conjunction to configure basic VPNs. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.

Example

The following example shows how to configure the crypto diagnose error count to 10.

Device(config)# crypto isakmp diagnose error 10

hostname

To specify or modify the hostname for the network server, use the hostname command in global configuration mode.

hostname name

Syntax Description

name

New hostname for the network server.

Command Default

The default hostname is Router.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE hostname command.

line

To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode. To remove configuration from a specific line, use the no form of this command.

line { auto-consolidation | aux | con 0 | range | vty line-number }

no line { auto-consolidation aux | con 0 | range | vty line-number }

auto-consolidation

Enable or disable auto-consolidation of terminal lines.

aux

(Optional) Auxiliary EIA/TIA-232 DTE port. Must be addressed as relative line 0. The auxiliary port can be used for modem support and asynchronous connections.

con 0

Console 0 terminal line. The console port is DCE.

vty

Virtual terminal line for remote console access.

range

Range of lines with first line number and last line number.

line-number

Relative number of the virtual terminal line (or the first line in a contiguous group) that you want to configure when the line type is specified. Numbering begins with zero.

You can either configure a single line or a range.

Command Default

There is no default line.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Cisco IOS XE Catalyst SD-WAN Release 17.10.1a

Additional parameters qualified: auto-consolidation , aux and range .

Usage Guidelines

For usage guidelines, see the Cisco IOS line command.

The terminal from which you locally configure the router is attached to the console port. To configure line parameters for the console port, enter the following: 

line console 0

The following example starts configuration for virtual terminal lines 0 to 4:

line vty 0 4

The following example configuration shows how to disable auto-consolidation:

line auto-consolidation

To configure line parameters for the auxiliary port, enter the following:

line aux 0

The following example starts configuration for a range of lines:

line range 1 5

login authentication

To enable authentication, authorization, and accounting (AAA) authentication for logins, use the login authentication command in line configuration mode. To return to the default specified by the aaa authentication login command, use the no form of this command.

login authentication { default }

no login authentication { default }

Syntax Description

default

Uses the default list created with the aaa authentication login command.

Command Default

Uses the default set with aaa authentication login .

Command Modes


Line configuration (config-line)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1r

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines


Note

The default option for login authentication command is available only if you enter the line configuration mode using the line console command.

For usage guidelines, see the Cisco IOS XE login authentication command.

The following example specifies that the default AAA authentication is to be used on the line:


line con 0
 login authentication default

login on-success log

To generate a syslog message for successful login attempts, use the login on-success log command in global configuration mode. To remove the syslog setting, use the no form of this command.

login on-success log [ every | number ]

no login on-success log [ every | number ]

Syntax Description

every

Optional command.
number

The number of successful login attempts. The range is from 0 to 65535.

Command Default

Every successful login attempt is logged.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco SD-WAN Manager CLI templates.

Usage Guidelines

Use the login on-success log command to generate a syslog message on every successful login attempt, or on any number of successful logins attempts up to 65535.

Example

The following example shows how to configure the syslog message to log every 10th successful login attempt.

Device(config)# login on-success log every 10
Table 2. Related Commands

Commands

Description
login on-success log

Logs every successful login.

mac address-table aging-time

To configure the maximum aging time for entries in the Layer 2 table, use the mac address-tableaging-time command in global configuration mode. To reset maximum aging time to the default setting, use the no form of this command.

mac address-table aging-time seconds

no mac-address-table aging-time seconds

Syntax Description

seconds

MAC address table entry maximum age. Aging time is counted from the last time that the switch detected the MAC address. The default value is 300 seconds.

Command Default

The default aging time is 300 seconds.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

The aging time entry will take the specified value. Valid entries are from 10 to 1000000 seconds.

This command cannot be disabled.

The following example shows how to configure aging time to 300 seconds: 


mac address-table aging-time 300

mac address-table static

To add static entries to the MAC address table or to disable Internet Group Multicast Protocol (IGMP) snooping for a particular static multicast MAC address, use the mac address-table static command in global configuration mode. To remove entries profiled by the combination of specified entry information, use the no form of this command.

mac address-table static mac-address vlan vlan-id interface type slot / port

no mac-address-table static mac-address vlan vlan-id interface type slot/port

Syntax Description

mac-aadress

Address to add to the MAC address table.

vlan vlan-id

Specifies the VLAN associated with the MAC address entry. The range is from 2 to 100.

interface type slot/port or interface type number

Specifies the interface type and the slot and port to be configured.

On the Catalyst switches, thetype and number arguments should specify the interface type and the slot / port or slot / subslot / port numbers (for example, interface pos 5/0 or interface ATM 8/0/1).

Command Default

Static entries are not added to the MAC address table.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.4.1a

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE mac address-table static command.

The following example shows how to add static entries to the MAC address table: 


Device(config)# mac-address-table static 0050.3e8d.6400 vlan 100 interface fastethernet5/7

memory free low-watermark processor

To set a low free memory threshold, use the memory free low-watermark processor command in global configuration mode. To remove a low free memory threshold, use the no form of this command.

memory free low-watermark processor threshold

Syntax Description

threshold

Specifies threshold in kilobytes of free processor.

The range is from 0 to 4294967295.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco SD-WAN Manager CLI templates.

Usage Guidelines

When a router is overloaded by processes, the amount of available memory might fall to levels insufficient for it to issue critical notifications. Use the memory free low-watermark processor command to reserve a region of memory to be used by the router for issuing critical notifications.

Example

The following example shows how to configure a memory threshold for the router.

Device(config)# memory free low-watermark processor 70694

platform qfp utilization monitor load

To set the default value for CPU utilization monitoring, use the platform qfp utilization monitor load command in global configuration mode. To remove the platform qfp utilization monitor load, use the no form of this command.

platform qfp utilization monitor load load

Syntax Description

load

The range is from 0 to 65535, and from range 50 to 90 can be either set to Packets Per Second (PPS) or a percent.

Command Default

The default value for this command is set to 80%.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco SD-WAN Manager CLI templates.

Usage Guidelines

The qfp monitoring is set to 80 percent by default, therefore when the CPU is running at 80 percent or above it will start to log warning and error messages. This default value can be changed to a smaller/larger percent or globally.

Example

The following examples shows how to configure a platform qfp utilization monitor load value to 75% and 60535 pps.

Device(config)# platform qfp utilization monitor load 75
Device(config)# platform qfp utilization monitor load 60535

platform-resource

To select a template for core allocation, use the platform-resource command in configuration mode. To remove this configuration, use the no form of this command.

platform-resource [ service-plane-heavy | data-plane-heavy ]

no platform-resource

Syntax Description

service-plane-heavy

(Optional) Specifies using service plane heavy template.

data-plane-heavy

(Optional) Specifies using data plane heavy template.

Command Default

Platform resource template is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Catalyst SD-WAN Release 17.5.1a

Command qualified for use in Cisco vManage CLI templates.

The following example shows how to configure vCPU distribution across the service plane.

Device(config)# platform resource service-plane-heavy

sdwan

To enter the SD-WAN configuration mode (config-sdwan) on a Cisco IOS XE SD-WAN device, enter the sdwan command in the global configuration mode.

sdwan

Syntax Description

This comand has no keywords or arguments.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.4.1a

Command qualified for use in Cisco vManage CLI templates.

Example

Device# config-transaction
Device(config)# sdwan

service password-recovery

To enable password recovery capability, use the service password-recovery command in global configuration mode. To disable password recovery capability, use the no service password-recovery [strict] command.

service password-recovery

no service password-recovery [strict]

Syntax Description

[strict]

(Optional) Restricts device recovery.

Command Default

Password recovery capability is enabled.

Command Modes


Global configuration

Command History

Release Modification

Cisco IOS XE Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE service password-recovery command.

Example

The following example shows how to disable password recovery capability using the no service password-recovery strict command: 


Device# configure terminal
Device(config)# no service password-recovery strict
WARNING:
Executing this command will disable the password recovery mechanism.
Do not execute this command without another plan for password recovery.
Are you sure you want to continue? [yes]: yes
.
.

service tcp-small-servers

To enable small TCP servers such as the Echo, use the service tcp-small-servers command in global configuration mode. To disable the TCP server, use the no form of this command.

service tcp-small-servers

no service tcp-small-servers

Command Default

TCP small servers are disabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE service tcp small servers command.

The following example shows how to enable small TCP servers:


Device(config)# service tcp-small-servers

service timestamps

To configure the system to apply a time stamp to debugging messages or system logging messages, use the service timestamps command in global configuration mode. To disable this service, use the no form of this command.

service timestamps [ debug | log ] [ uptime | datetime | msec ] [ localtime ] [ show-timezone ] [ year ]

no service timestamps [ debug | log ]

Syntax Description

debug

(Optional) Indicates time-stamping for debugging messages.

log

(Optional) Indicates time-stamping for system logging messages.

uptime

(Optional) Specifies that the time stamp should consist of the time since the system was last rebooted. For example “4w6d” (time since last reboot is 4 weeks and 6 days).

  • This is the default time-stamp format for both debugging messages and logging messages.

  • The format for uptime varies depending on how much time has elapsed:

    • HHHH :MM :SS (HHHH hours: MM minutes: SS seconds) for the first 24 hours

    • D dHH h (D days HH hours) after the first day

    • W wD d (W weeks D days) after the first week

datetime

(Optional) Specifies that the time stamp should consist of the date and time.

  • The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second.

  • If the datetime keyword is specified, you can optionally add the msec localtime , show-timezone , or year keywords.

  • If the service timestamps datetime command is used without addtional keywords, time stamps will be shown using UTC, without the year, without milliseconds, and without a time zone name.

msec

(Optional) Includes milliseconds in the time stamp, in the format HH: DD: MM: SS. mmm , where .mmm is milliseconds

localtime

(Optional) Time stamp relative to the local time zone.

year

(Optional) Include the year in the date-time format.

show-timezone

(Optional) Include the time zone name in the time stamp.

Note

 

If the localtime keyword option is not used (or if the local time zone has not been configured using the clock timezone command), time will be displayed in Coordinated Universal Time (UTC).

Command Default

Time stamps are applied to debug and logging messages.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE service timestamps command.

In the following example, the router begins with time-stamping disabled. Then, the default time-stamping is enabled (uptime time stamps applied to debug output). Then, the default time-stamping for logging is enabled (uptime time stamps applied to logging output). 

Router# show running-config | include time
 
no service timestamps debug uptime
no service timestamps log uptime
Router# config terminal
 
Device(config)# service timestamps
 
! issue the show running-config command in config mode using  do  Router(config)# do show running-config | inc time
 
! shows that debug timestamping is enabled, log timestamping is disabled  
service timestamps debug uptime
no service timestamps log uptime
! enable timestamps for logging messages  
Router(config)# service timestamps log 
Router(config)# do show run | inc time
 
service timestamps debug uptime
service timestamps log uptime
Router(config)# service sequence-numbers
 
Router(config)# end
 
000075: 5w0d: %SYS-5-CONFIG_I: Configured from console by console
! The following is a level 5 system logging message  
! The leading number comes from the  service sequence-numbers command.  
! 4w6d indicates the timestamp of 4 weeks, 6 days 000075: 4w6d: %SYS-5-CONFIG_I: Configured from console by console

In the following example, the user enables time-stamping on logging messages using the current time and date in Coordinated Universal Time/Greenwich Mean Time (UTC/GMT), and enables the year to be shown. 

Router(config)# service timestamps log datetime show-timezone year
 
Router(config)# end
! The following line shows the timestamp with datetime (11:13 PM March 22nd)  
.Mar 22 2004 23:13:25 UTC: %SYS-5-CONFIG_I: Configured from console by console

service udp-small-servers

To enable small User Datagram Protocol (UDP) servers such as the Echo, use the service udp-small-servers command in global configuration mode. To disable the UDP server, use the no form of this command.

service udp-small-servers

no service udp-small-servers

Command Default

UDP small servers are disabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE service udp small servers command.

The following example shows how to enable small UDP:


Router(config)# service udp-small-servers

speed

To configure the speed for a Fast Ethernet or Gigabit Ethernet interface, use the speed command in line configuration mode. To return to the default configuration, use the no form of this command.

speed speed-range

no speed speed-range

Syntax Description

speed-range

Configures the interface to transmit at the specified speed range.

Command Default

None

Command Modes

Line configuration (config-line)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE speed command.

The following is an example of this command


Device# configure terminal
Device(config)# line con 0
Device(config-line)# speed 9600

stopbits

To configure the stop bits for the console port, use the stopbits command. To revert to the default, use the no form of this command.

stopbits { 1 }

no stopbits { 1 }

Syntax Description

1

Specifies one stop bit.

Command Default

1 stop bit

Command Modes


Terminal line configuration mode (config)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1r

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

You can configure the console port only from a session on the console port.

This example shows how to configure the number of stop bits for the console port:


line con 0  
stopbits 1

transport input

To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode. To change or remove the protocol, use the no form of this command.

transport input { ssh }

no transport input { ssh }

Syntax Description

ssh

(Optional) Selects the Secure Shell (SSH) protocol.

Command Default

No protocols are allowed on the auxiliary (AUX), console, tty, and vty lines.

Command Modes

Line configuration (config-line)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1r

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

Cisco devices do not accept incoming network connections to tty lines by default. You must specify an incoming transport protocol or specify the transport input all command before the line will accept incoming connections.

The following example shows you how to set the incoming protocol for the vty lines 0 to 32 to Telnet:

configure terminal
line vty 0 32
transport input ssh
exit

transport output

To determine the protocols that can be used for outgoing connections from a line, use the transport output command in line configuration mode. To change or remove the protocol, use the no form of this command.

transport output ssh

no transport output [ssh]

Syntax Description

ssh

Specifies the Secure Shell (SSH) protocol.

Command Default

Telnet

Command Modes

Line configuration

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1r

Command qualified for use in Cisco vManage CLI templates.

The following example selects the SSH protocol:

transport output ssh

username

To establish a username-based authentication system, use the username command in global configuration mode. To remove an established username-based authentication, use the no form of this command.

username name [ privilege level secret { 0 | 5 | 9 } ]

no username name

Syntax Description

name

Hostname, server name, user ID, or command name. The name argument can be only one word. Blank spaces and quotation marks are not allowed.

0

Specifies that an unencrypted password or secret (depending on the configuration) follows.

5

Specifies that the type-5 encrypted password follows.

9

Specifies that the type-9 encrypted password follows.

secret

Specifies a secret for the user.

secret

For Challenge Handshake Authentication Protocol (CHAP) authentication: specifies the secret for the local router or the remote device. The secret is encrypted when it is stored on the local router. The secret can consist of any string of up to 11 ASCII characters. There is no limit to the number of username and password combinations that can be specified, allowing any number of remote devices to be authenticated.

privilege privilege-level

(Optional) Sets the privilege level for the user. Range: 0 to 15.

Command Default

No username-based authentication system is established.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

The username command provides username or password authentication, or both, for login purposes only.

In the following example, a privilege level 1 user is denied access to privilege levels higher than 1: 


 username employee1 privilege 5

The following example shows how to create a local user named admin with admin1234 for a secret with (privilege 15). 

Device(config)# username admin privilege 15 secret admin1234