- clear mac address-table
- clear platform feature-manager
- clear platform flow ip
- clear platform flow ipv6
- clear platform hardware acl
- clear platform hardware capacity rewrite-engine
- clear platform hardware cef
- clear platform hardware ehc
- clear platform hardware statistics
- clear platform qos
- clear platform software acl accounting-stats
- clear platform software met
- debug netdr
- debug netdr capture
- debug netdr capture and-filter
- debug netdr capture continuous
- debug netdr capture destination-ip-address
- debug netdr capture dmac
- debug netdr capture dstindex
- debug netdr capture ethertype
- debug netdr capture interface
- debug netdr capture or-filter
- debug netdr capture rx
- debug netdr capture smac
- debug netdr capture source-ip-address
- debug netdr capture srcindex
- debug netdr capture tx
- debug netdr capture vlan
- debug netdr clear-capture
- debug netdr copy-captured
- debug platform software multicast routing
- disconnect-timeout
- fips
- flow hardware export
- lo ggin g buf fered
- mac address-table aging-time
- mac address-table aging-type
- mac address-table learning
- mac address-table limit
- mac address-table notification change
- mac address-table notification mac-move
- mac address-table static
- mac address-table synchronize
- match l2 miss
- mls ip multicast half-met
- monitor session type
- mvr (global configuration)
- mvr (interface configuration)
- platform cts
- platform hardware cef maximum-routes
- platform cts
- platform feature-manager
- pla tform feature-manager capture rate-limit
- platform hardware acl
- platform hardware cef
- platform hardware vsl
- platform ip
- platform ip cef a ccounting per-prefix
- platform ip cef load-sharing
- platform ipv6 cef
- platform mpls gbte
- platform multicast routing
- platform multicast snooping
- platform qos 10g-only
- platform qos aggregate-policer
- platform qos marking statistics
- platform qos protocol
- platform qos rewrite ip dscp
- platform qos statistics-export delimiter
- platform qos statistics-export destination
- platform qos statistics-export interval
- platform rate-limit all
- platform rate-limit layer2
- platform rate-limit multicast
- platform rate-limit multicast ipv4
- platform rate-limit multicast ipv6
- platform rate-limit unicast acl
- platform rate-limit unicast cef
- platform rate-limit unicast ip
- platform redundancy bias
clear mac address-table
To remove a specified address (or set of addresses) from the MAC address table, use the clear mac address-table command in privileged EXEC mode.
clear mac address-table [ dynamic | restricted static | permanent ] [ address mac - address ] [ interface type module port ]
clear mac address-table notification mac-move counter [ vlan ]
Clearing a Dynamic Address Using a Supervisor 720
clear mac address-table dynamic [ address mac-address | interface interface-type interface-number | vlan vlan-id ]
Clearing a Dynamic Address Using a Supervisor Engine 2
clear mac address-table dynamic [ address mac-address | interface interface-type interface-number | protocol { assigned | ip | ipx | other ] [ vlan vlan-id ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
If the clear mac address-table command is invoked with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, all addresses on the specified interface are removed.
If a targeted address is not present in the MAC forwarding table, the following error message appears:
Enter the clear mac address-table dynamic command to remove all dynamic entries from the table.
The following values are valid for interface-type :
The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.
Examples
The following example shows how to clear all dynamic addresses in the MAC forwarding table:
The following example shows how to clear the MAC-move notification counters on a specific VLAN:
The following example shows the permanent address 0040.C80A.2F07 being cleared on Ethernet port 1:
Related Commands
clear platform feature-manager
To clear platform-specific feature manager configuration commands, use the clear platform feature-manager command.
clear platform feature-manager {consistency-check | exception {interface { async number | auto-template number | ctunnel number | dialer number | esconphy number | filter number | filtergroup number | gigabitethernet number | group-async number | longreachethernet number | loopback number | mfr number | multilink number | null number | port-channel number | portgroup number | pos-channel number | sysclock number | tengigabitethernet number | tunnel number | vif number | virtual-template number | virtual-tokenring number | vlan vlan_id | control-plane number | fcpa number | voabypassin number | voabypassout number | voafilterin number | voafilterout number | voain number | voaout number }}}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the platform-specific feature manager configuration that has an asynchronous interface number of 4:
Related Commands
|
|
|
|---|---|
Displays platform software-specific feature manager configuration commands. |
clear platform flow ip
This command clears the NetFlow hardware IP entries.
clear platform flow ip {destination {hostname { instance | module} | IP address} | instance | module | source {hostname { instance | module} | IP address }} { number }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the platform IP destination host name module 4:
Related Commands
|
|
|
|---|---|
clear platform flow ipv6
To clear platform flow IPv6 by instance or module number, use the clear platform flow ipv6 command.
clear platform flow ipv6 {instance number | module number }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear platform flow IPv6 for module 4:
Related Commands
|
|
|
|---|---|
Displays the platform flow IPv6 by instance or module number. |
clear platform hardware acl
To clear hardware ACL statistics, use the clear platform hardware acl accounting command.
clear platform hardware acl {accounting-stats {module number} | hit-counts {all {module number} | compaction {ipv6 {all {module}} | dest {module} | src {module}} | global_qos {all {module} | in {ip {module} | ipv6 {module} | mac {module} | mpls {module}} | out {ip {module} | ipv6 {module} | mac {module} | mpls {module}}} | interface { async number | auto-template number | ctunnel number | dialer number | esconphy number | filter number | filtergroup number | gigabitethernet number | longreachethernet number | loopback number | mfr number | multilink number | null number | port-channel number | portgroup number | pos-channel number | sysclock number | tengigabitethernet number | tunnel number | vif number | virtual-template number | virtual-tokenring number | vlan vlan_id | control-plane number | fcpa number | voabypassin number | voabypassout number | voafilterin number | voafilterout number | voain number | voaout number }} | rbacl { all { module number } | tcam { A { index number } | B { index number }}}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the hardware ACL accounting statistics for module 4:
Related Commands
|
|
|
|---|---|
clear platform hardware capacity rewrite-engine
To clear platform flow IPv6 by instance or module number, use the clear platform flow ipv6 command.
clear platform flow ipv6 {instance number | module number }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear platform flow IPv6 for module 4:
Related Commands
|
|
|
|---|---|
Displays the platform flow IPv6 by instance or module number. |
clear platform hardware cef
To clear platform hardware CEF, use the clear platform hardware cef command.
clear platform hardware cef {ip {accounting {per-prefix {A.B.C.D | all}}} | ipv6 {accounting {per-prefix}}}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the hardware CEF IPv6 accounting prefix entry:
Related Commands
|
|
|
|---|---|
clear platform hardware ehc
To clear platform hardware EHC information, use the clear platform hardware ehc command.
clear platform hardware ehc {ids | rate-limiter | xcpt}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to clear the platform hardware EHC exceptions:
clear platform hardware statistics
To clear the platform hardware statistics information by module number, use the clear platform hardware statistics command.
clear platform hardware statistics {module number }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the platform hardware statistics for module 4:
Related Commands
|
|
|
|---|---|
Displays the configuration for platform hardware statistics. |
clear platform qos
To clear the multilayer switching (MLS) aggregate quality of service (QoS) statistics, use the clear platform qos command in privileged EXEC mode.
clear platform qos [ ip | mac | mpls | ipv6 | arp [ interface-type interface-number | null interface-number | port-channel number | vlan vlan-id ]]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.
If you enter the clear platform qos command with no arguments, the global and per-interface aggregate QoS counters for all protocols are cleared.
If you do not enter an interface type, the protocol aggregate-QoS counters for all interfaces are cleared.
Note
Entering the clear platform qos command affects the policing token bucket counters and might briefly allow traffic to be forwarded that would otherwise be policed.
Examples
This example shows how to clear the global and per-interface aggregate-QoS counters for all protocols:
Router# clear platform qos
This example shows how to clear the specific protocol aggregate-QoS counters for all interfaces:
Router# clear platform qos ip
Related Commands
|
|
|
|---|---|
clear platform software acl accounting-stats
To clear the platform software ACL accounting statistics information by module number, use the clear platform sofware acl accounting-stats command.
clear platform software acl accounting-stats {module number }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear the platform software ACL accounting statistics for module 4:
Related Commands
|
|
|
|---|---|
Displays the configuration for platform software ACL accounting statistics. |
clear platform software met
To clear platform software MET-related statistics, use the clear platform software met command.
clear platform software met { statistics }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to clear platform software MET statistics:
Related Commands
|
|
|
|---|---|
debug netdr
To debug NetDriver activity, use the debug netdr command. Use the no form of this command to disable debugging output.
debug netdr { all | data | error }
no debug netdr { all | data | error }
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to debug the NetDriver data flow:
Related Commands
|
|
|
|---|---|
debug netdr capture
To debug NetDriver capture activity, use the debug netdr capture command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture [ and-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
no debug netdr capture [ and-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture and-filter
To debug NetDriver capture activity using an and function, use the debug netdr capture and-filter command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture and-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
no debug netdr capture and-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture continuous
To debug NetDriver capture activity continuously, use the debug netdr capture continuous command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture continuous [ and-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ] | rx [ and-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dti-type value | dti-value value | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ] | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
no debug netdr capture continuous [ and-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ] | rx [ and-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dti-type value | dti-value value | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ] | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture destination-ip-address
To debug NetDriver capture activity capturing all packets matching a destination IP address, use the debug netdr capture destination-ip-address command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture destination-ip-address { ipaddr | ipv6 ipaddr }
no debug netdr capture destination-ip-address { ipaddr | ipv6 ipaddr }
Syntax Description
Captures all packets matching the IPv6 destination IP address. |
Defaults
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Command Modes
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture dmac
To debug NetDriver capture activity by capturing all matching destination MAC addresses, use the debug netdr capture dmac command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture dmac [ mac-addr ]
no debug netdr capture dmac [ mac-addr ]
Syntax Description
(Optional) Captures packets matching a destination MAC address index. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture dstindex
To debug NetDriver capture activity capturing all packets matching the destination index, use the debug netdr capture dstindex command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture dstindex [ index-value ]
no debug netdr capture dstindex [ index-value ]
Syntax Description
(Optional) Captures all packets matching a destination index; valid values are 0 to 1048575. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture ethertype
To debug NetDriver capture ethertype activity, use the debug netdr capture ethertype command in Privileged EXEC mode. Use the no form of this command to disable debugging output..
debug netdr capture ethertype [ ethertype ]
no debug netdr capture ethertype [ ethertype ]
Syntax Description
(Optional) Captures all packets matching an ethertype; ethertype must be entered in hexidecimal format. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver ethertype:
Related Commands
|
|
|
|---|---|
debug netdr capture interface
To debug NetDriver capture interface activity, use the debug netdr capture interface command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture interface [ interface ]
no debug netdr capture interface [ interface ]
Syntax Description
(Optional) Captures packets related to the interface. See Usage Guidelines. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver interface activity:
Related Commands
|
|
|
|---|---|
debug netdr capture or-filter
To debug NetDriver capture activity using an or function, use the debug netdr capture or-filter command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
no debug netdr capture or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver or-filter:
Related Commands
|
|
|
|---|---|
debug netdr capture rx
To debug NetDriver capture activity by capturing incoming packets only, use the debug netdr capture rx command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture rx [ dti-type value | dti-value value ]
no debug netdr capture rx [ dti-type value | dti-value value ]
Syntax Description
(Optional) Captures all packets matching the 3-bit dti type; valid values are 0 to 7. |
|
(Optional) Captures all packets matching the 21-bit dti value; valid values are 0 to 4096. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDrivers incoming packets:
Related Commands
|
|
|
|---|---|
debug netdr capture smac
To debug NetDriver capture activity by capturing matching source MAC addresses, use the debug netdr capture smac command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture smac [ smac ]
no debug netdr capture smac [ smac ]
Syntax Description
(Optional) Captures packets matching the source MAC address; smac must be entered in hexidecimal format. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver by capturing the source MAC addresses:
Related Commands
|
|
|
|---|---|
debug netdr capture source-ip-address
To debug NetDriver capture activity by capturing all packets matching a source IP address, use the debug netdr capture source-ip-address command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture source-ip-address { ipaddr | ipv6 ipaddr }
no debug netdr capture source-ip-address { ipaddr | ipv6 ipaddr }
Syntax Description
Captures all packets matching the IPv6 destination IP address. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver: source IP address
Related Commands
|
|
|
|---|---|
debug netdr capture srcindex
To debug NetDriver capture activity by capturing all packets matching the source index, use the debug netdr capture srcindex command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture srcindex [ index-value ]
no debug netdr capture srcindex [ index-value ]
Syntax Description
(Optional) Captures all packets matching a source index; valid values are 0 to 1048575. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver by capturing all packets matching the source index:
Related Commands
|
|
|
|---|---|
debug netdr capture tx
To debug NetDriver capture activity by capturing the outgoing packets only, use the debug netdr capture tx command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture tx [ and-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
no debug netdr capture tx [ andand-filter | destination-ip-address { ipaddr | ipv6 ipaddr }| dmac mac-addr | dstindex index-value | ethertype ethertype | interface interface | or-filter [ destination-ip-address { ipaddr | ipv6 ipaddr }| smac smac | source-ip-address { ipaddr | ipv6 ipaddr } | srcindex index-value | vlan vlan-num ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
You can use the following interface types:
- Async
- Auto-template
- CTunnel
- Dialer
- EsconPhy
- Fcpa
- Filter
- Filtergroup
- GMPLS
- GigabitEthernet
- Group-Async
- LISP
- LongReachEthernet
- Looopback
- Lspvif
- MFR
- Multilink
- Null
- Port-channel
- Sysclock
- TenGigabitEthernet
- Tunnel
- Vif
- Virtual-Ethernet
- Virtual-Template
- Virtual-TokenRing
- VLAN
- VoaBypassIn
- VoaBypassOut
- VoaFilterIn
- VoaFilterOut
- VoaIn
- VoaOut
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr capture vlan
To debug NetDriver capture activity by capturing packets matching a specific VLAN number, use the debug netdr capture vlan command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
debug netdr capture vlan [ vlan-num ]
no debug netdr capture vlan [ vlan-num ]
Syntax Description
(Optional) Captures packets matching the VLAN number; valid VLAN numbers are 0 to 4095. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr clear-capture
To clear the capture buffer, use the debug netdr clear-capture command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Examples
This example shows how to debug the NetDriver:
Related Commands
|
|
|
|---|---|
debug netdr copy-captured
To store captured packets to a file, use the debug netdr copy-captured command in Privileged EXEC mode. Use the no form of this command to disable debugging output.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Support for this command on the Cisco 7600 series routers was extended to the 12.1 E release. |
Usage Guidelines
Examples
This example shows how to debug the NetDriver copied packets:
Related Commands
|
|
|
|---|---|
debug platform software multicast routing
To display debug information for multicast routing software components, use the debug platform software multicast routing command in privileged EXEC mode. To disable debugging output, use the no form of this command.
debug platform software multicast routing { cmfib [ all | error | event | stats ] | hal [ all | error
| event ]}
no debug platform software multicast routing { cmfib [ all | error | event | stats ] | hal [ all | error
| event ]}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example shows the multicast routing error output:
The following example shows multicast hardware statistics for HAL:
Related Commands
|
|
|
|---|---|
Configures the number of blocks for each block size of your MET profile. |
|
disconnect-timeout
To change the EXEC timeout value for the main console after the console cable is removed, use the disconnect-timeout command in EXEC mode.
Syntax Description
Number of seconds until the console connection is to be disconnected; valid values are 1 — 10 seconds. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You cannot save the disconnect-timeout command to the configuration file.
The supervisor engine automatically detects the console cable removal from the front panel console port and terminates the main console EXEC session after the specified timeout.
Examples
The following example shows how to set the disconnect time to 3 seconds:
fips
To enable the Federal Information Processing Standards (FIPS) security requirements on the switch, use the fips command in FIPS mode.
Syntax Description
Defaults
Syntax Description
Command History
|
|
|
|---|---|
Examples
This example shows how to enable FIPS security on a switch:
This example shows how to disable FIPS security on a switch:
Related Commands
|
|
|
|---|---|
flow hardware export
To configure Yielding NetFlow Data Export (NDE) parameters, use the flow hardware export threshold command in global configuration mode. To disable the export parameters, use the no form of this command.
flow hardware export threshold percentage linecard percentage
no flow hardware export threshold percentage linecard percentage
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example configures the NDE CPU and line card threshold percentages to 50:
The following example configures the NDE CPU threshold percentage to 50 and line card threshold percentage to 70:
Related Commands
|
|
|
|---|---|
logging buffered
To enable system message logging to a local buffer, use the logging buffered command in global configuration mode. To cancel the use of the buffer, use the no form of this command. To return the buffer size to its default value, use the default form of this command.
logging buffered [ discriminator discr-name ] [ buffer-size ] [ severity-level ]
Syntax Description
Command Default
Varies by platform. For most platforms, logging to the buffer is disabled by default.
Command Modes
Command History
Usage Guidelines
This command copies logging messages to an internal buffer. The buffer is circular in nature, so newer messages overwrite older messages after the buffer is filled.
Specifying a severity-level causes messages at that level and numerically lower levels to be logged in an internal buffer.
The optional discriminator keyword and discr-name argument provide another layer of filtering that you can use to control the type and number of syslog messages that you want to receive.
When you resize the logging buffer, the existing buffer is freed and a new buffer is allocated. To prevent the router from running out of memory, do not make the buffer size too large. You can use the show memory EXEC command to view the free processor memory on the router; however, the memory value shown is the maximum available and should not be approached. The default logging buffered command resets the buffer size to the default for the platform.
On Catalyst 6500 standalone switches and Catalyst 6500 virtual switches, the default logging buffered size is 8192.
To display messages that are logged in the buffer, use the show logging command. The first message displayed is the oldest message in the buffer.
The show logging command displays the addresses and levels associated with the current logging setup and other logging statistics.
Table 1 shows a list of levels and corresponding syslog definitions.
|
|
|
|
|---|---|---|
Examples
The following example shows how to enable standard system logging to the local syslog buffer:
The following example shows how to use a message discriminator named buffer1 to filter critical messages, meaning that messages at levels 0, 1, and 2 are filtered:
Related Commands
|
|
|
|---|---|
Enables system message logging (syslog) and sends XML-formatted logging messages to the XML-specific system buffer. |
|
mac address-table aging-time
To configure the maximum aging time for entries in the Layer 2 table, use the mac address - table aging - time command in global configuration mode. To reset maximum aging time to the default setting, use the no form of this command.
mac address-table aging-time seconds [ vlan vlan-id ]
no mac address-table aging-time seconds [ routed-mac | vlan vlan-id ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
If you do not enter a VLAN, the change is applied to all routed-port VLANs.
Examples
The following example shows how to configure the aging time:
The following example shows how to disable the aging time:
Related Commands
|
|
|
|---|---|
mac address-table aging-type
To add routed addresses to the MAC address table, use the mac address - table aging-type command in global configuration mode. To remove routed entries from the MAC address table, use the no form of this command.
no mac address-table routed-mac
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example shows how to add a MAC address on port fa1/1 to VLAN 4:
Related Commands
|
|
|
|---|---|
Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. |
|
mac address-table learning
To enable MAC address learning, use the mac address-table learning command in global configuration mode. To disable learning, use the no form of this command.
[ default ] mac address-table learning { vlan vlan-id | interface interface slot / port } [ module num ]
no mac address-table learning { vlan vlan-id | interface interface slot / port } [ module num ]
Syntax Description
Specifies the VLAN to apply the per-VLAN learning of all MAC addresses; valid values are from 1 to 4094. |
|
Specifies per-interface based learning of all MAC addresses. |
|
Defaults
If you configure a VLAN on a port in a module, all of the supervisor engines and Distributed Forwarding Cards (DFCs) in the Cisco 7600 series router are enabled to learn all the MAC addresses on the specified VLAN.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can use the module num keyword and argument to specify supervisor engines or DFCs only.
You can use the vlan vlan-id keyword and argument on switch port VLANs only. You cannot use the vlan vlan-id keyword and argument to configure learning on routed interfaces.
You can use the interface interface slot / port keyword and arguments on routed interfaces, supervisor engines, and DFCs only. You cannot use the interface interface slot / port keyword and arguments to configure learning on switch port interfaces or non-DFC modules.
Examples
This example shows how to enable MAC address learning on a switch port interface on all modules:
This example shows how to enable MAC address learning on a switch port interface on a specified module:
This example shows how to disable MAC address learning on a specified switch-port interface for all modules:
This example shows how to enable MAC address learning on a routed interface on all modules:
This example shows how to enable MAC address learning on a routed interface for a specific module:
This example shows how to disable MAC address learning for all modules on a specific routed interface:
Related Commands
|
|
|
|---|---|
mac address-table limit
To enable the MAC limiting functionality and set the limit to be imposed, use the mac address-table limit command in global configuration mode. To disable MAC limiting, use the no form of this command.
mac address-table limit [ action { warning | limit | shutdown }] [ notification { syslog | trap | both }] [ interface type mod / port ] [ maximum num ] [ vlan vlan ] [ maximum num ] [ action { warning | limit | shutdown }] [ flood ]
no mac address-table limit [ action { warning | limit | shutdown }] [ notification { syslog | trap | both }] [ interface type mod / port ] [ maximum num ] [ vlan vlan ] [ maximum num ] [ action { warning | limit | shutdown }] [ flood ]
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
MAC limiting can be enabled on either a per-interface basis (by specifying an interface) or on a per-VLAN basis (by specifying a VLAN). However, MAC limiting must first be enabled for the router (a higher level) in global configuration mode (config).
General Guidelines About MAC Limiting
Note the following guidelines about enabling MAC limiting:
- The maximum number of MAC entries is determined on a per-VLAN and per-EARL basis.
- If you do not specify a maximum number, an action, or a notification, the default settings are used.
- If you enable per-VLAN MAC limiting, MAC limiting is enabled on the specified VLAN only.
- The flood keyword is supported on VLAN interfaces only.
- The flood action occurs only if the limit action is configured and is violated.
- The flood keyword disables the constant unknown unicast flooding, but allows a few seconds of flooding in between for its own sensing.
- In the shutdown state, the VLAN remains in the blocked state until you reenable it through the command syntax.
Syntax for Enabling per-VLAN MAC Limiting
The following is sample syntax that can be used to enable per-VLAN MAC limiting. Both the mac address-table limit and mac address-table limit vlan commands must be used to properly enable per-VLAN MAC limiting.
Note This command enables the MAC limiting functionality for the router.
mac address-table limit [ maximum num ] [ vlan vlan ] [ action { warning | limit | shutdown }] [ flood ]
Note This command sets the specific limit and any optional actions to be imposed at the VLAN level.
Syntax for Enabling Per-Interface MAC Limiting
The following is sample syntax that can be used to enable per-interface MAC limiting. Both the mac address-table limit and mac address-table limit interface commands commands must be used to properly enable per-interface MAC limiting.
Note This command enables the MAC limiting functionality for the router.
mac address-table limit [ interface type mod / port ] [ maximum num ] [ action { warning | limit | shutdown }] [ flood ]
Note This command sets the specific limit and any optional actions to be imposed at the interface level.
Examples
This example shows how to enable per-VLAN MAC limiting. The first instance of the mac address-table limit command enables MAC limiting. The second instance of the command sets the limit and any optional actions to be imposed at the VLAN level.
This example shows how to enable per-interface MAC limiting. The first instance of the mac address-table limit command enables MAC limiting. The second instance of the command sets the limit and any optional actions to be imposed at the interface level.
Related Commands
|
|
|
|---|---|
mac address-table notification change
To send a notification of the dynamic changes to the MAC address table, use the mac address-table notification change command in global configuration mode. To return to the default settings, use the no form of this command.
mac address-table notification change [ history size | interval seconds ]
no mac address-table notification change [ history size | interval seconds ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure the Simple Network Management Protocol (SNMP) notification of dynamic additions to the MAC address table of addresses:
Related Commands
|
|
|
|---|---|
Enables the SNMP trap notification on a LAN port when MAC addresses are added to or removed from the address table. |
mac address-table notification mac-move
To enable MAC-move notification, use the mac address-table notification mac-move command in global configuration mode. To disable MAC-move notification, use the no form of this command.
mac address-table notification mac-move [ counter [ syslog ]]
no mac address-table notification mac-move [ counter [ syslog ]]
Syntax Description
(Optional) Specifies the syslog facility when the MAC-move notification detects the first instance of the MAC move. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
MAC-move notification generates a syslog message whenever a MAC address or host moves between different switch ports.
MAC-move notification does not generate a notification when a new MAC address is added to the content-addressable memory (CAM) or when a MAC address is removed from the CAM.
MAC-move notification is supported on switch ports only.
The MAC-move counter notification generates a syslog message when the number of MAC moves in a VLAN exceeds the maximum limit. The maximum limit is 1000 MAC moves.
The MAC-move counter syslog notification counts the number of times a MAC has moved within a VLAN and the number of these instances that have occurred in the system.
Examples
This example shows how to enable MAC-move notification:
This example shows how to disable MAC-move notification:
This example shows how to enable MAC-move counter syslog notification:
This example shows how to disable MAC-move counter notification:
Related Commands
|
|
|
|---|---|
mac address-table static
To add static entries to the MAC address table or to disable Internet Group Multicast Protocol (IGMP) snooping for a particular static multicast MAC address, use the mac address-table static command in global configuration mode. To remove entries profiled by the combination of specified entry information, use the no form of this command.
mac address-table static mac address vlan vlan - id { interface int | drop [ disable-snooping ]}
[ dlci dlci | pvc vpi / vci ] [ auto-learn | disable-snooping ] [ protocol { ip | ipx | assigned } ]
no mac address-table static mac address vlan vlan - id { interface int | drop [ disable-snooping ]}
[ dlci dlci | pvc vpi / vci ] [ auto-learn | disable-snooping ] [ protocol { ip | ipx | assigned } ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The output interface specified cannot be an SVI.
We recommend configuring static MAC addresses on Layer 2 EtherChannels only and not on Layer 2 physical member ports of an EtherChannel. This action does not apply to Layer 3 EtherChannels and its members.
Use the no form of this command to do the following:
- Remove entries that are profiled by the combination of specified entry information.
- Reenable IGMP snooping for the specified address.
The dlci dlci keyword and argument are valid only if Frame Relay encapsulation has been enabled on the specified interface.
The pvc vpi / vci keyword and arguments are supported on ATM interfaces only. When specifying the pvc vpi / vci , y ou must specify both a VPI and a VCI, separated by a slash.
When you install a static MAC address, it is associated with a port. If the same MAC address is seen on a different port, the entry is updated with the new port if you enter the auto-learn keyword.
The output interface specified must be a Layer 2 IDB and not an SVI.
The ipx keyword is not supported.
You can enter up to 15 interfaces per command entered, but you can enter more interfaces by repeating the command.
If you do not enter a protocol type, an entry is automatically created for each of the protocol types.
Entering the no form of this command does not remove system MAC addresses.
When you remove a MAC address, entering interface int is optional. For unicast entries, the entry is removed automatically. For multicast entries, if you do not specify an interface, the entire entry is removed. You can specify the selected ports to be removed by specifying the interface.
The mac address-table static mac address vlan vlan-id interface int disable-snooping command disables snooping on the specified static MAC address/VLAN pair only. To reenable snooping, first you must delete the MAC address using the no form of the command, and then you must reinstall the MAC address using the mac address-table static mac address vlan vlan-id interface int command, without entering the disable-snooping keyword.
The mac address-table static mac address vlan vlan-id drop command cannot be applied to a multicast MAC address.
Note Both the unicast MAC addresses and the multicast MAC addresses allow only one WAN interface.
Specifying a MAC Address for DLCI or PVC Circuits
To support multipoint bridging and other features, the behavior of the following command has changed for ATM and Frame Relay interfaces in Cisco IOS Release 12.2(18)SXE and later releases. In previous releases, you needed to specify only a VLAN ID and an interface.
In Cisco IOS Release 12.2(18)SXE, you must also specify the dlci option for Frame Relay interfaces, or the pvc option for ATM interfaces, such as in the following example:
Note If you omit the dlci option for Frame Relay interfaces, the MAC address is mapped to the first DLCI circuit that is configured for the specified VLAN on that interface. Similarly, if you omit the pvc option for ATM interfaces, the MAC address is mapped to the first PVC that is configured for the specified VLAN on that interface. To ensure that the MAC address is configured correctly, we recommend always using the dlci and pvc keywords on the appropriate interfaces.
Examples
The following example shows how to add static entries to the MAC address table:
The following example shows how to configure a static MAC address with IGMP snooping disabled for a specified address:
Router(config)# mac address-table static 0050.3e8d.6400 vlan 100 interface fastethernet5/7 disable-snooping
The following example shows how to add static entries to the MAC address table for an ATM PVC circuit and for a Frame Relay DLCI circuit:
Related Commands
|
|
|
|---|---|
Displays MAC address table information for a specific MAC address. |
mac address-table synchronize
To synchronize the Layer 2 MAC address table entries across the Policy Feature Card (PFC) and all the Distributed Forwarding Cards (DFCs), use the mac address-table synchronize command in global configuration mode. To disable MAC address table synchronization or reset the activity timer, use the no form of this command.
mac address-table synchronize [ activity-time seconds | auto ]
no mac address-table synchronize [ activity-time seconds | auto ]
Syntax Description
(Optional) Specifies the activity timer interval: valid values are 160, 320, and 640 seconds. |
|
(Optional) Specifies that MAC address synchronization occur automatically. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
We recommend that you configure the activity time so that at least two activity times exist within the regular Layer 2 aging time (or within the aging time used for VLANs in distributed EtherChannels if this feature is used only for distributed EtherChannels). If at least two activity times do not exist within the aging time, then an error message is displayed.
Examples
This example shows how to specify the activity timer interval:
This example shows how to specify the activity timer interval when out-of-band (OOB) synchronization is enabled:
This example shows how to display the timer interval:
This example shows how to display the timer interval when OOB synchronization is enabled:
Related Commandsand global aging time will be changed automatically if required
|
|
|
|---|---|
match l2 miss
To match Layer 2 MAC miss in ingress policy, use the match l2 miss command.
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example shows how to obtain information on match layer 2 MAC miss in ingress policy:
mls ip multicast half-met
To halve the multicast expansion table (MET), use the mls ip multicast half-met command in global configuration mode. To return to the default settings, use the no form of this command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The mls ip multicast half-met command replaces the ipv6 mfib hardware-switching uplink command.
The mls ip multicast half-met command is required for supporting IPv6 multicast on the redundant Supervisor Engine 720 and Supervisor Engine 720-10GE. The command is applicable only on reload.
Examples
This example shows how to enable halve the MET:
Router(config)# mls ip multicast half-met
This example shows how to disablethe halve the MET:
Related Commands
|
|
|
|---|---|
monitor session type
To configure a local Switched Port Analyzer (SPAN), RSPAN, or ERSPAN, use the monitor session type command in global configuration mode. To remove one or more source or destination interfaces from the SPAN session, use the no form of this command.
monitor session span-session-number type { erspan-destination | erspan-source | local | local-tx | rspan-destination | rspan-source }
no monitor session span-session-number type { erspan-destination | erspan-source | local | local-tx | rspan-destination | rspan-source }
Syntax Description
Defaults
Command Modes
Command History
Usage Guidelines
Release 12.2(18)SXE and later releases support ERSPAN with the Supervisor Engine 720, hardware revision 3.2 or higher. Enter the show module version | include WS-SUP720-BASE command to display the hardware revision.
ERSPAN traffic is GRE-encapsulated SPAN traffic that can only be processed by an ERSPAN destination session.
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
All ERSPAN source sessions on a switch must use the same source IP address. You enter the origin ip address command to configure the IP address for the ERSPAN source sessions.
All ERSPAN destination sessions on a switch must use the same IP address. You enter the ip address command to configure the IP address for the ERSPAN destination sessions. If the ERSPAN destination IP address is not a PFC3 mode switch (for example, it is a network sniffer), the traffic arrives with the GRE and RSPAN headers/encapsulation intact.
The ERSPAN source session destination IP address, which must be configured on an interface on the destination switch, is the source of traffic that an ERSPAN destination session sends to the destination ports. You configure the same address in both the source and destination sessions with the ip address command.
The ERSPAN ID differentiates the ERSPAN traffic arriving at the same destination IP address from different ERSPAN source sessions.
The local ERSPAN session limits are as follows:
The monitor session type command creates a new ERSPAN session or allows you to enter the ERSPAN session configuration mode. ERSPAN uses separate source and destination sessions. You configure the source and destination sessions on different switches. The ERSPAN session configuration mode prompts are as follows:
- Router(config-mon-erspan-src)—Indicates the ERSPAN source session configuration mode.
- Router(config-mon-erspan-src-dst)—Indicates the ERSPAN source session destination configuration mode.
- Router(config-mon-erspan-dst)—Indicates the ERSPAN destination session configuration mode.
- Router(config-mon-erspan-dst-src)—Indicates the ERSPAN destination session source configuration mode
Table 2 lists the ERSPAN destination session configuration mode syntaxes.
Table 3 lists the ERSPAN source session configuration mode syntaxes.
When you configure the monitor sessions, follow these syntax guidelines:
- erspan-destination-span-session-number can range from 1 to 66.
- single-interface is interface type slot / port ; type is fastethernet, gigabitethernet, or tengigabitethernet.
- interface-list is single-interface , single-interface, single-interface...
Note In lists, you must enter a space before and after the comma. In ranges, you must enter a space before and after the dash.
- interface-range is interface type slot / first-port - last-port.
- mixed-interface-list is, in any order, single-interface, interface-range,...
- erspan-flow-id can range from 1 to 1023.
When you clear the monitor sessions, follow these syntax guidelines:
- The no monitor session session-number command entered with no other parameters clears the session session-number.
- session-range is first-session-number - last-session-number.
Note When you enter the no monitor session range command, do not enter spaces before or after the dash. If you enter multiple ranges, do not enter spaces before or after the commas.
Use the monitor session type local command to configure ingress, egress, or both ingress and egress SPAN sessions.
Use the monitor session type local-tx command to configure egress-only SPAN sessions.
When you enter the local or the local egress-only SPAN session configuration mode, the prompt changes accordingly to Router(config-mon-local)# or Router(config-mon-local-tx)#, and the following commands are available:
The description can be up to 240 characters and cannot contain special characters or spaces.
destination { analysis-module num | anomaly-detector-module num | interface type number | intrusion-detection-module num }
- exit — Exits from configuration session mode.
- filter vlan vlan-id — Limits the SPAN source traffic to specific VLANs; valid values are from 1 to 4096.
- no — Negates a command or sets its defaults.
- shutdown — Shuts down this session
- source — Specifies the SPAN source interface or VLAN using the following syntax:
source { cpu { rp | sp } | { interface type number } | { intrusion-detection-module num } | { vlan vlan-id }} [ , | - | rx | tx | both ]
Associates the local SPAN session number with the CPU on the route processor. |
|
Associates the local SPAN session number with the CPU on the switch processor. |
|
(Optional) Monitors the received and the transmitted traffic. |
|
tx1 |
|
1.When you enter the local-tx keyword, the rx and both keywords are not available and the tx keyword is required. |
The local SPAN session limits are as follows:
If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.
Only one destination per SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.
You can configure up to 64 SPAN destination interfaces, but you can have one egress SPAN source interface and up to 128 ingress source interfaces only.
A SPAN session can either monitor VLANs or monitor individual interfaces, but it cannot monitor both specific interfaces and specific VLANs. Configuring a SPAN session with a source interface and then trying to add a source VLAN to the same SPAN session causes an error. Configuring a SPAN session with a source VLAN and then trying to add a source interface to that session also causes an error. You must first clear any sources for a SPAN session before switching to another type of source.
Port channel interfaces display in the list of interface options if you have them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.
When you configure the destination, use these guidelines:
– interface type slot / port ; type is fastethernet, gigabitethernet, or tengigabitethernet.
– interface port-channel number
Note Destination port channel interfaces must be configured with the channel-group group-num mode on command and the no channel-protocol command.
Note In lists, you must enter a space before and after the comma. In ranges, you must enter a space before and after the dash.
- An interface-range is interface type slot / first-port - last-port.
- A mixed-interface-list is, in any order, single-interface , interface-range ,...
- A single-vlan is the ID number of a single VLAN.
- A single-list is single-vlan , single-vlan , single-vlan...
- A vlan-range is first-vlan-ID - last-vlan-ID.
- A mixed-vlan-list is, in any order, single-vlan, vlan-range,...
When you clear the monitor sessions, follow these syntax guidelines:
- The no monitor session session-number command entered with no other parameters clears the session session-number.
- session-range is first-session-number - last-session-number.
Note When you enter the no monitor session range command, do not enter spaces before or after the dash. If you enter multiple ranges, do not enter spaces before or after the commas.
Examples
This example shows how to configure an ERSPAN source session number and enter the ERSPAN source session configuration mode for the session:
This example shows how to configure an ERSPAN destination session number and enter the ERSPAN destination session configuration mode for the session:
This example shows how to associate the ERSPAN destination session number with the destination ports:
This example shows how to enter the ERSPAN destination session source configuration:
This example shows how to enter the ERSPAN destination session source configuration mode:
This example shows how to configure multiple sources for a session:
This example shows how to enter the ERSPAN source session destination configuration mode:
This example shows how to configure the ID number that is used by the source and destination sessions to identify the ERSPAN traffic:
This example shows how to configure session 1 to monitor ingress traffic from Gigabit Ethernet port 1/1 and configure Gigabit Ethernet port 1/2 as the destination:
This example shows how to configure session 1 to monitor egress-only traffic from Gigabit Ethernet port 5/1 and configure Gigabit Ethernet port 5/2 as the destination:
This example shows how to remove an interface from a session:
Related Commands
|
|
|
|---|---|
Creates an ERSPAN source session number or enters the ERSPAN session configuration mode for the session. |
|
Displays information about the ERSPAN, SPAN, and RSPAN sessions. |
mvr (global configuration)
To enable the multicast VLAN registration (MVR) feature on the switch, use the mvr global configuration command without keywords on the switch stack or on a standalone switch. Use the no form of this command to return to the default settings.
mvr [ group ip-address [ count ] | mode [ compatible | dynamic ] | querytime value | vlan vlan-id ]
no mvr [ group ip-address | mode [ compatible | dynamic ] | querytime value | vlan vlan-id ]
Syntax Description
Defaults
The default MVR mode is compatible mode.
No IP multicast addresses are configured on the switch by default.
The default group IP address count is 0.
The default query response time is 5 tenths of or one-half second.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the mvr command with keywords to set the MVR mode for a switch, configure the MVR IP multicast address, set the maximum time to wait for a query reply before removing a port from group membership, and to specify the MVR multicast VLAN. A maximum of 256 MVR multicast groups can be configured on a switch.
Use the mvr group command to statically set up all the IP multicast addresses that will take part in MVR. Any multicast data sent to a configured multicast address is sent to all the source ports on the switch and to all receiver ports that have registered to receive data on that IP multicast address.
MVR supports aliased IP multicast addresses on the switch. However, if the switch is interoperating with Catalyst 6500 Series switches, you should not configure IP addresses that create an alias between themselves or with the reserved IP multicast addresses (in the range 224.0.0.xxx).
The mvr querytime command applies only to receiver ports.
If the switch MVR is interoperating with Catalyst 6500 Series switches, set the multicast mode to compatible.
When operating in compatible mode, MVR does not support IGMP dynamic joins on MVR source ports.
MVR can coexist with IGMP snooping on a switch.
Multicast routing and MVR cannot coexist on a switch. If you enable multicast routing and a multicast routing protocol while MVR is enabled, MVR is disabled and a warning message appears. If you try to enable MVR while multicast routing and a multicast routing protocol are enabled, the operation to enable MVR is cancelled and an Error message is displayed.
Examples
This example shows how to enable MVR:
Use the show mvr privileged EXEC command to display the current setting for maximum multicast groups.
This example shows how to configure 228.1.23.4 as an IP multicast address:
This example shows how to configure ten contiguous IP multicast groups with multicast addresses from 228.1.23.1 to 228.1.23.10:
Use the show mvr members privileged EXEC command to display the IP multicast group addresses configured on the switch.
This example shows how to set the maximum query response time as one second (10 tenths):
This example shows how to set VLAN 2 as the multicast VLAN:
You can verify your settings by entering the show mvr privileged EXEC command.
Related Commands
mvr (interface configuration)
To configure a Layer 2 port as a multicast VLAN registration (MVR) receiver or source port, to set the Immediate Leave feature, and to statically assign a port to an IP multicast VLAN and IP address, use the mvr interface configuration command on the switch stack or on a standalone switch. Use the no form of this command to return to the default settings.
mvr [ immediate | type { receiver | source } | vlan vlan-id group [ ip-address ]]
no mvr [ immediate | type { source | receiver } | vlan vlan-id group [ ip-address ]]
Syntax Description
Defaults
A port is configured as neither a receiver nor a source.
The Immediate Leave feature is disabled on all ports.
No receiver port is a member of any configured multicast group.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Configure a port as a source port if that port should be able to both send and receive multicast data bound for the configured multicast groups. Multicast data is received on all ports configured as source ports.
Receiver ports cannot be trunk ports. Receiver ports on a switch can be in different VLANs, but should not belong to the multicast VLAN.
A port that is not taking part in MVR should not be configured as an MVR receiver port or a source port. A non-MVR port is a normal switch port, able to send and receive multicast data with normal switch behavior.
When Immediate Leave is enabled, a receiver port leaves a multicast group more quickly. Without Immediate Leave, when the switch receives an IGMP leave message from a group on a receiver port, it sends out an IGMP MAC-based query on that port and waits for IGMP group membership reports. If no reports are received in a configured time period, the receiver port is removed from multicast group membership. With Immediate Leave, an IGMP MAC-based query is not sent from the receiver port on which the IGMP leave was received. As soon as the leave message is received, the receiver port is removed from multicast group membership, which speeds up leave latency.
The Immediate Leave feature should be enabled only on receiver ports to which a single receiver device is connected.
The mvr vlan group command statically configures ports to receive multicast traffic sent to the IP multicast address. A port statically configured as a member of group remains a member of the group until statically removed. In compatible mode, this command applies only to receiver ports; in dynamic mode, it can also apply to source ports. Receiver ports can also dynamically join multicast groups by using IGMP join messages.
When operating in compatible mode, MVR does not support IGMP dynamic joins on MVR source ports.
Examples
This example shows how to configure a port as an MVR receiver port:
Use the show mvr interface privileged EXEC command to display configured receiver ports and source ports.
This example shows how to enable Immediate Leave on a port:
This example shows how to add a port on VLAN 1 as a static member of IP multicast group 228.1.23.4:
You can verify your settings by entering the show mvr members privileged EXEC command.
Related Commands
platform cts
To configure Cisco Trusted Security (CTS) platform commands, use the platform cts command in Global configuration mode. To disable this capability, use the no form of this command.
platform cts { egress | ingress }
no platform cts { egress | ingress }
Syntax Description
Command Default
Command Modes
Global configuration (config) mode
Command History
|
|
|
|---|---|
Examples
The following example shows how to configure capturing CTS platform packets on the egress:
The following example shows how to configure capturing CTS platform packets on the ingress:
Related Commands
|
|
|
|---|---|
platform hardware cef maximum-routes
To limit the maximum number of the routes that can be programmed in the hardware allowed per protocol, use the platform hardware cef maximum-routes command in global configuration mode. To return to the default settings, use the no form of this command.
platform hardware cef maximum-routes { eom-v4-mcast | eom-v6-mcast | eompls | ip | ip-multicast | ipv6 | ipv6-multicast | mpls } maximum-routes
no platform hardware cef maximum-routes { ip | ip-multicast | ipv6 | mpls }
Syntax Description
Specifies the maximum number of Multiprotocol Label Switching (MPLS) labels. |
|
Maximum number of the routes that can be programmed in the hardware allowed per protocol. |
Command Default
Each protocol has a default maximum route setup of 1000 hardware entries. Each protocol is allowed to use the maximum routes from the shared area.
The defaults for the shared area are as follows:
The maximum routes value is based on hardware entries. Different protocols use different numbers of hardware (hw) entries per route:
- IPv4 and MPLS—1 hw entry
- IPv6, IPv4 multicast and Eom-v4 multicast—2 hw entries
- IPv6 multicast and Eom-v6 multicast—4 hw entries4 hw entries
Note See the “Usage Guidelines” section for information on XL and non-XL mode systems.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Note If you copy a configuration file that contains the multilayer switching (MLS) Cisco Express Forwarding maximum routes into the startup-config file and reload the Cisco 7600 series router, the Cisco 7600 series router reloads after it reboots.
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
System reboot is not required for the maximum routes to take effect. A newly configured maximum route value is validated against the current usage of the hardware FIB. Once validated the new value takes effect immediately.
The maximum routes value for each protocol is configured separately. The new protocols supported include IPv4, IPv4 multicast, IPv6, IPv6 multicast, MPLS, EoMPLS, vpls-v4-multicast, and vpls-v6-multicast. MPLS-VPN routes are counted with MPLS maximum routes setup.
Note Due to limited space usage, diags protocol entries are counted against IPv4-allocated maximum routes value.
The concept of a flexible setting of maximum routes value has been introduced. In addition to a specific maximum routes value per protocol, a single shared area is also defined. This shared area can be used by selected protocols once their dedicated spaces are exhausted.
Combined with the flexible setting feature, the maximum routes value can be used to specify both the minimum and the maximum values of entries to be allocated to a protocol. You can specify whether the protocol is allowed to use the shared area or not.
The platform cef maximum-routes command limits the maximum number of the routes that can be programmed in the hardware. If routes are detected that exceed the limit for that protocol, an exception condition is generated.
The determination of XL and non-XL mode is based on the type of Policy Feature Card (PFC) or Distributed Forwarding Card (DFC) modules that are installed in your system. For additional information on systems running Cisco IOS Release 12.2SXF and earlier releases see:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL_4164.html#Policy_Feature_Card_Guidelines_and_Restrictions
For additional information on systems running Cisco IOS Release 12.2SXH and later releases see:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html#Policy_Feature_Card_Guidelines_and_Restrictions
The valid values for the maximum-routes argument depend on the system mode—XL mode or non-XL mode. The valid values are as follows:
– IP and MPLS—Up to 1,007,000 routes
– IP multicast and IPv6—Up to 503,000 routes
– IP and MPLS—Up to 239,000 routes
– IP multicast and IPv6—Up to 119,000 routes
Note The maximum values that you are permitted to configure is not fixed but varies depending on the values that are allocated for other protocols.
An example of how to enter the maximum routes argument is as follows:
where 4 is 4096 IP routes (1024 x4 = 4096).
The new configurations are applied after a system reload only and do not take effect if a switchover occurs.
In RPR mode, if you change and save the maximum-routes configuration, the redundant supervisor engine reloads when it becomes active from either a switchover or a system reload. The reload occurs 5 minutes after the supervisor engine becomes active.
Use the show platform cef maximum-routes command to display the current maximum routes system configuration.
Examples
This example shows how to set the maximum number of routes that are allowed per protocol:
Router(config)# platform hardware cef maximum-routes ip 100
This example shows how to return to the default setting for a specific protocol:
Router(config)# no platform hardware cef maximum-routes ip
Related Commands
|
|
|
|---|---|
platform cts
To enable Cisco Trusted Security (CTS) in egress or ingress mode, use the platform cts command.
platform cts {egress | ingress}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable the CTS in egress mode:
Related Commands
|
|
|
|---|---|
platform feature-manager
To configure the platform-specific feature manager, use the platform feature-manager command.
platform feature-manager {acl {downloadable {setup {static}}} | consistency-check}
Syntax Description
Specifies the static region setup in TCAM for downloadable ACLs. |
|
Specifies consistency checks between the feature manager and other hardware modules. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure static region setup in TCAM for downloadable ACLs:
Related Commands
|
|
|
|---|---|
Displays the platform-specific feature manager configuration. |
platform feature-manager capture rate-limit
To set the performance capture rate limits of OAL, VACL, Capture, IPv6, Copy, and VM, use the platform feature-manager capture rate-limit command in Privileged EXEC mode. To disable performance monitoring, use the no form of this command.
platform performance-monitor rate-limit pps
no platform performance-monitor rate-limit pps
Syntax Description
Specifies the rate limit in packets per second; valid values are 0 through 1000000 seconds. |
Command Modes
Command History
|
|
|
|---|---|
Examples
The following example shows how to set the rate-limit capture to 10000 seconds:
Related Commands
|
|
|
|---|---|
platform hardware acl
To configure the platform hardware ACL statistics, use the platform hardware acl command.
platform hardware acl {cc {enable} | default-result {bridge | deny | permit} | other-protocols {prot1 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3} | prot2 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3} | prot3 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3} | prot4 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3} | prot5 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3} | prot6 { range 1 | range 7 | range 8 | range 4 | range 2 | range 5 | range 6 | range 3}} | reserve { qos-banks { num }| rbacl-tcam-percentage {sgt-dgt { percentage }}} | update-mode hitless | downloadable setup static }
Syntax Description
Defaults
Release 15.0(1)SY no payload encryption (NPE) images do not support the hitless ACL update feature or the [ no ] platform hardware acl update-mode hitless command.
Release 15.0(1)SY1 and later no payload encryption (NPE) images support hitless ACL update and the platform hardware acl update-mode hitless command is configured by default.
In other releases and images, the platform hardware acl update-mode hitless command is configured by default.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the paltform hardware ACL protocol 6 with value 105:
Router(config)# platform hardware acl other-protocols prot6 105
Related Commands
|
|
|
|---|---|
platform hardware cef
To enable CEF on the hardware platform, use the platform hardware cef command.
platform hardware cef {maximum-routes { eom-v4-mcast number | eom-v6-mcast number | eompls number | ip number | ip-multicast number | ipv6 number | ipv6-multicast number | mpls number } | tunnel { fragment }}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable CEF with a per-protocol maximum routes configuration using IPv6 for five entries:
Related Commands
|
|
|
|---|---|
platform hardware vsl
To enable VSL on the hardware platform, use the platform hardware vsl command.
platform hardware vsl {pfc { mode { non-xl }}}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to boot the virtual switch in non-XL mode:
platform ip
To enable multilayer switching (MLS) IP for the internal router on the interface, use the platform ip command in interface configuration mode. To disable MLS IP on the interface use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 720.
Examples
This example shows how to enable MLS IP:
Router(config-if)# platform ip
Related Commands
|
|
|
|---|---|
Allows the external systems to enable MLS IP on a specified interface. |
|
platform ip cef accounting per-prefix
To enable multilayer switching (MLS) per-prefix accounting, use the platform ip cef accounting per-prefix command in global configuration mode. To disable MLS per-prefix accounting, use the no form of this command
platform ip cef accounting per-prefix prefix-entry prefix-entry-mask [ instance-name ]
no platform ip cef accounting per-prefix
Syntax Description
(Optional) Virtual private network (VPN) routing and forwarding instance name. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Per-prefix accounting collects the adjacency counters used by the prefix. When the prefix is used for accounting, the adjacency cannot be shared with other prefixes. You can use per-prefix accounting to account for the packets sent to a specific destination.
Examples
This example shows how to enable MLS per-prefix accounting:
Router(config)# platform ip cef accounting per-prefix 172.20.52.18 255.255.255.255
Router(config)#
This example shows how to disable MLS per-prefix accounting:
Router(config)# no platform ip cef accounting per-prefix
Router(config)#
Related Commands
|
|
|
|---|---|
Displays all the prefixes that are configured for the statistic collection. |
platform ip cef load-sharing
To configure the Cisco Express Forwarding (CEF) load balancing, use the platform ip cef load-sharing command in global configuration mode. To return to the default settings, use the no form of this command.
platform ip cef load-sharing [ dst-only ] [ full ] [ ip-only ]
no platform ip cef load-sharing
Syntax Description
Command Default
Source and destination IP address and universal identification
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The platform ip cef load-sharing command affects the IPv4, the IPv6, and the Multiprotocol Label Switching (MPLS) forwardings.
The platform ip cef load-sharing command is structured as follows:
For additional guidelines, refer to the Cisco 7600 Series Router Cisco IOS Software Configuration Guide .
Examples
This example shows how to set load balancing to include Layer 3 and Layer 4 ports with multiple adjacencies:
This example shows how to set load balancing to exclude the destination Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
This example shows how to set load balancing to exclude the source Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
This example shows how to return to the default setting:
Related Commands
|
|
|
|---|---|
Displays the IP entries in the MLS-hardware Layer 3-switching table. |
platform ipv6 cef
To enable the CEF configuration in IPv6, use the platform ipv6 cef command.
platform ipv6 cef {accounting { per-prefix {X:X:X:X}}}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable the MLF CEF accounting in IPv6 configuration:
platform mpls gbte
To configure guaranteed bandwidth traffic engineering (GBTE) flow policing and parameters, use the platform mpls gbte command.
platform mpls gbte {burst time | cir-ratio number | dscp number | global-pool}
Syntax Description
Defaults
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to inspect the TE flows using resources allocated from global pool:
platform multicast routing
To configure the multicast routing configuration replication mode, use the platform multicast routing replication egress command.
platform multicast routing replication egress
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to disable egress replication mode:
Related Commands
|
|
|
|---|---|
platform multicast snooping
To configure multicast snooping support, use the platform multicast snooping command.
platform multicast snooping { ltl-share [ across ] | flood-to-peer }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable LTL-sharing across VLANs in multicast snooping configuration:
Related Commands
|
|
|
|---|---|
platform qos 10g-only
To enable quality of service (QoS) in 10g-only mode, in which only the supervisor engine’s 10-Gigabit Ethernet uplink ports are used, use the platform qos 10g-only command in global configuration mode. To allow the use of all uplink ports, including the 1-Gigabit Ethernet ports, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
When you enter the platform qos 10g-only command, a supervisor engine with both 1-Gigabit and 10-Gigabit Ethernet uplink ports reallocates the interface queue capacity to improve the performance of its 10-Gigabit Ethernet ports. The reallocation is possible only in 10g-only mode, in which the supervisor engine’s 1-Gigabit Ethernet ports are not used. In the normal mode, when all supervisor engine ports are active, the queue structure is 2q4t on receive and 1p3q4t on transmit. In 10g-only mode, the queue structure is 8q4t on receive and 1p7q4t on transmit.
Note To display detailed information about the queues, use the show queueing interface command.
When you switch between normal and 10g-only modes, any existing QoS configuration on the uplink ports is lost, and you must reconfigure QoS. In addition, service will be temporarily lost on the ports during the transition.
If you do not shut down the 1-Gigabit Ethernet ports before entering the platform qos 10g-only command, the platform qos 10g-only command shuts down the ports.
When you switch from 10g-only mode to normal mode, you must enter the no shutdown command on each of the 1-Gigabit Ethernet ports to resume QoS service on those ports.
In 10g-only mode, the 1-Gigabit Ethernet ports are visible, but they remain in an administratively down state.
The platform qos 10g-only command affects only active and standby supervisors, but if you have four supervisors you must apply it to the in-chassis standby supervisors.
Examples
The following example shows how to place the supervisor engine in the 10g-only mode:
Related Commands
|
|
|
|---|---|
platform qos aggregate-policer
To define a named aggregate policer for use in policy maps, use the platform qos aggregate-policer command in global configuration mode. To delete a named aggregate policer, use the no form of this command.
platform qos aggregate-policer name rate-bps [ normal-burst-bytes [ maximum-burst-bytes | pir peak-rate-bps | action-type action ]]
no platform qos aggregate-policer name
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This policer can be shared by different policy map classes and on different interfaces. The Cisco 7600 series router supports up to 1023 aggregates and 1023 policing rules.
The platform qos aggregate-policer command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the rate and burst parameters, the range for the average rate is 32 kbps to 10 Gbps (entered as 32000 and 10000000000) and the range for the burst size is 1 KB (entered as 1000) to 31.25 MB (entered as 31250000). If you modify an existing aggregate rate limit entry, that entry is modified in NVRAM and in the Cisco 7600 series router if that entry is currently being used.
Note Because of hardware granularity, the rate value is limited, so the burst that you configure may not be the value that is used.
When you enter the aggregate policer name, follow these naming conventions:
- Can be a maximum of 31 characters and can include a to z, A to Z, 0 to 9, the dash character (-), the underscore character (_), and the period character (.).
- Must start with an alphabetic character, and must be unique across all ACLs of all types.
- Case sensitive.
- Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer.
Aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module, PFC2, and any non-DFC-equipped switching modules that are supported by the PFC2 by entering the show platform qos aggregate policer command.
Examples
The following example shows how to configure a QoS aggregate policer to allow a maximum of 100000 bits per second with a normal burst byte size of 10000; to set DSCP to 48 when these rates are not exceeded; and to drop packets when these rates are exceeded:
Related Commands
|
|
|
|---|---|
Creates a per-interface policer and configures the policy-map class to use it. |
|
Displays information about the aggregate policer for MLS QoS. |
platform qos marking statistics
To disable allocation of the policer-traffic class identification with set actions, use the platform qos marking statistics command in global configuration mode. To return to the default settings, use the no form of this command.
platform qos marking statistics
no platform qos marking statistics
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
Use the show policy-map interface command to display policy-map statistics.
Examples
This example shows how to disable allocation of the policer-traffic class identification with set actions:
This example shows how to allow allocation of the policer-traffic class identification with set actions:
Related Commands
|
|
|
|---|---|
Displays the statistics and the configurations of the input and output policies that are attached to an interface. |
platform qos protocol
To define routing-protocol packet policing, use the platform qos protocol command in global configuration mode. To return to the default settings, use the no form of this command.
platform qos protocol protocol-name { pass-through | police rate [ burst ] | precedence value [ police rate [ burst ]]}
no platform qos protocol protocol-name
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command does not support ARP, ISIS, or EIGRP on Cisco 7600 series routers or Catalyst 6500 switches that are configured with a Supervisor Engine 2.
If you enter the precedence value keyword and arguments without entering the police rate burst keyword and arguments, only the packets from an untrusted port are marked.
You can make the protocol packets avoid the per-interface policy maps by entering the police rate, pass-through , or precedence value keywords and arguments.
The platform qos protocol command allows you to define the routing-protocol packet policing as follows:
- When you specify the pass-through mode, the DSCP value does not change and is not policed.
- When you set the police rate, the DSCP value does not change and is policed.
- When you specify the precedence value, the DSCP value changes for the packets that come from an untrusted port, the class of service (CoS) value that is based on DSCP-to-CoS map changes, and the traffic is not policed.
- When you specify the precedence value and the police rate, the DSCP value changes, the CoS value that is based on DSCP-to-CoS map changes, and the DSCP value is policed. In this case, the DSCP value changes are based on the trust state of the port; the DSCP value is changed only for the packets that come from an untrusted port.
- If you do not enter a precedence value, the DSCP value is based on whether or not you have enabled multilayer switching (MLS) QoS as follows:
– If you enabled MLS QoS and the port is untrusted, the internal DSCP value is overwritten to zero.
– If you enabled MLS QoS and the port is trusted, the incoming DSCP value is maintained.
You can make the protocol packets avoid policing completely if you choose the pass-through mode. If the police mode is chosen, the committed information rate (CIR) specified is the rate that is used to police all the specified protocol’s packets, both entering or leaving the Cisco 7600 series router.
To protect the system by ARP broadcast, you can enter the platform qos protocol arp police bps command.
Examples
This example shows how to define the routing-protocol packet policing:
This example shows how to avoid policing completely:
This example shows how to define the IP-precedence value of the protocol packets to rewrite:
This example shows how to define the IP-precedence value of the protocol packets to rewrite and police the DSCP value:
Related Commands
|
|
|
|---|---|
platform qos rewrite ip dscp
To enable type of service (ToS)-to-differentiated services code point (DSCP) rewrite, use the platform qos rewrite ip dscp command in global configuration mode. To disable ToS-to-DSCP rewrite, use the no form of this command.
platform qos rewrite ip dscp [ slot slot1, slot2, slot3...]
no platform qos rewrite ip dscp [ slot slot1, slot2, slot3...]
Syntax Description
(Optional) Specifies the slot number. Use the platform qos rewrite ip dscp slot ? command to determine the valid slots for your chassis. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
If you disable ToS-to-DSCP rewrite, and QoS is enabled globally, the following occurs:
- Final ToS-to-DSCP rewrite is disabled, and the DSCP packet is preserved.
- Policing and marking function according to the QoS configuration.
- Marked and marked-down class of service (CoS) is used for queueing.
- In QoS disabled mode, both ToS and CoS are preserved.
The no platform qos rewrite ip dscp command is incompatible with Multiprotocol Label Switching (MPLS). The default platform qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or PFC3B to assign the correct MPLS Experimental (EXP) value for the labels that it imposes. This restriction does not apply to PFC3C or PFC3CXL forward.
The platform qos rewrite ip dscp slot command can be used for disabling ToS-to-DSCP rewrite on supervisors or DFC line cards. Although the command will be accepted for non-DFC line card slots, it does not come into effect unless a DFC line card is inserted into that slot.
To disable rewrite on packets that are coming in on non-DFC line cards, disable the rewrite on the supervisor slots. Note that this disables the rewrite on packets that are coming in on all non-DFC line cards on the system.
Examples
The following example shows how to enable ToS-to-DSCP rewrite in slot 4:
The following example shows how to disable port-queueing mode globally:
Related Commands
|
|
|
|---|---|
platform qos statistics-export delimiter
To set the quality of service (QoS) statistics data export field delimiter, use the platform qos statistics-export delimiter command in global configuration mode. To return to the default settings, use the no form of this command.
platform qos statistics-export delimiter
no platform qos statistics-export delimiter
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
QoS statistics data export is not supported on Optical Service Module (OSM) interfaces.
You must enable data export globally to set up data export on your Cisco 7600 series router.
Examples
This example shows how to set the QoS-statistics data-export field delimiter (a comma) and verify the configuration:
Related Commands
|
|
|
|---|---|
Displays information about the MLS statistics data-export status and configuration. |
platform qos statistics-export destination
To configure the quality of service (QoS) statistics data export destination host and User Datagram Protocol (UDP) port number, use the platform qos statistics-export destination command in global configuration mode. To return to the default settings, use the no form of this command.
platform qos statistics-export destination { host-name | host-ip-address } { port port-number | syslog } [ facility facility-name ] [ severity severity-value ]
no platform qos statistics-export destination { host-name | host-ip-address } { port port-number | syslog } [ facility facility-name ] [ severity severity-value ]
Syntax Description
Command Default
The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
QoS statistics data export is not supported on Optical Service Module (OSM) interfaces.
Valid facility values are as follows:
- authorization —Security and authorization messages
- cron —Clock daemon
- daemon —System daemon
- kernel —Kernel messages
- local0 —Local use 0
- local1 —Local use 1
- local2 —Local use 2
- local3 —Local use 3
- local4 —Local use 4
- local5 —Local use 5
- local6 —Local use 6
- local7 —Local use 7
- lpr —Line printer subsystem
- mail —Mail system
- news —Network news subsystem
- syslog —Messages that are generated internally by syslog
- user —User-level messages
- uucp —UNIX-to-UNIX Copy Program (UUCP) subsystem
Examples
This example shows how to specify the destination host address and syslog as the UDP port number:
Related Commands
|
|
|
|---|---|
Displays information about the MLS statistics data-export status and configuration. |
platform qos statistics-export interval
To specify how often a port or aggregate-policer quality of service (QoS) statistics data is read and exported, use the platform qos statistics-export interval command in global configuration mode. To return to the default settings, use the no form of this command.
platform qos statistics-export interval interval
no platform qos statistics-export interval
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
QoS statistics data export is not supported on Optical Services Module (OSM) interfaces.
The interval valve needs to be short enough to avoid counter wraparound with the activity in your configuration.
Be careful when decreasing the interval because exporting QoS statistics imposes a significant load on the Cisco 7600 series router.
Examples
This example shows how to set the QoS statistics data-export interval:
Related Commands
|
|
|
|---|---|
Displays information about the MLS statistics data-export status and configuration. |
platform rate-limit all
To enable and set the rate limiters that are common to unicast and multicast packets in the global configuration command mode, use the platform rate-limit all command. Use the no form of this command to disable the rate limiters.
platform rate-limit all { mtu-failure | ttl-failure } pps [ packets-in-burst ]
no platform rate-limit all { mtu-failure | ttl-failure }
Syntax Description
Packets per second; valid values are from 10 to 1000000 packets per second. |
|
(Optional) Packets in burst; valid values are from 1 to 255. |
Defaults
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the TTL-failure limiter for unicast and multicast packets:
Related Commands
|
|
|
|---|---|
platform rate-limit layer2
To enable and rate limit the control packets in Layer 2, use the platform rate-limit layer2 command in global configuration mode. To disable the rate limiter in the hardware, use the no form of this command.
platform rate-limit layer2 { ip-admission | l2pt | pdu | port-security | unknown } pps [ packets-in-burst ]
no platform rate-limit layer2 [ l2pt | pdu | port-security | unknown ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to enable and set the rate limiters for the PDU packets in Layer 2:
Related Commands
|
|
|
|---|---|
platform rate-limit multicast
To configure the platform rate-limits for multicasts, use the platform rate-limit multicast command.
platform rate-limit multicast {flood {byte rate | pkt rate} | flood-ip {byte rate | pkt rate} | flood-ip-control {byte rate | pkt rate} | ipv4 {connected {byte rate | pkt rate} | ipv6 {connected {byte rate | pkt rate} }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the platform rate-limit multicast flood:
Router(config)# platform rate-limit multicast flood pkt 100 burst 100
Related Commands
|
|
|
|---|---|
platform rate-limit multicast ipv4
To enable and set the rate limiters for the IPv4 multicast packets in the global configuration command mode, use the platform rate-limit multicast ipv4 command. Use the no form of this command to disable the rate limiters.
platform rate-limit multicast ipv4 { connected | fib-miss | igmp | ip-option | pim } pps [ packets-in-burst ]
no platform rate-limit multicast ipv4 { connected | fib-miss | igmp | ip-option | pim }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the rate limiters for the multicast packets from directly connected sources :
Related Commands
|
|
|
|---|---|
platform rate-limit multicast ipv6
To configure the IPv6 multicast rate limiters, use the platform rate-limit multicast ipv6 command in global configuration mode. To disable the rate limiters, use the no form of this command.
platform rate-limit multicast ipv6 { connected pps [ packets-in-burst ] | control-packet | mld }
no platform rate-limit multicast ipv6 { connected pps [ packets-in-burst ] | control-packet | mld }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the rate limiters for the IPv6 multicast packets from a directly connected source:
Related Commands
|
|
|
|---|---|
platform rate-limit unicast acl
To enable and set the ACL-bridged rate limiters in global configuration command mode, use the platform rate-limit unicast acl command. Use the no form of this command to disable the rate limiters.
platform rate-limit unicast acl { input | mac-pbf | output | vacl-log } pps [ packets-in-burst ]
no platform rate-limit unicast acl { input | mac-pbf | output | vacl-log } pps [ packets-in-burst ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
– ICMP unreachable for ACL drop
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failure use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode.
Examples
This example shows how to set the input ACL-bridged packet limiter for unicast packets:
Related Commands
|
|
|
|---|---|
platform rate-limit unicast cef
To enable and set the Cisco Express Forwarding (CEF) rate limiters in global configuration command mode, use the platform rate-limit unicast cef command. Use the no form of this command to disable the rate limiters.
platform rate-limit unicast cef {receive | glean} {byte byte_per_second [bytes_allowed_in_each_burst] | pkt pkt_per_second [packets_allowed_in_each_burst]} {burst burst_period_in_microsecond} [leak]
no platform rate-limit unicast cef {receive | glean} {byte byte_per_second [bytes_allowed_in_each_burst] | pkt pkt_per_second [packets_allowed_in_each_burst]} {burst burst_period_in_microsecond} [leak]
Syntax Description
Enables and sets the rate limiters for ARP-resolution packets. |
|
Packets per second; valid values are from 0 to 33554431 packets per second. |
|
(Optional) Packets in burst; valid values are from 1 to 255. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the CEF-glean limiter for the unicast packets:
Related Commands
|
|
|
|---|---|
platform rate-limit unicast ip
To enable and set the rate limiters for the unicast packets in global configuration command mode, use the platform rate-limit unicast ip command. Use the no form of this command to disable the rate limiters.
platform rate-limit unicast ip {arp-inspection | dhcp-snooping | errors | features | options | rpf-failure } pps [ packets-in-burst ]
platform rate-limit unicast ip icmp { redirect | unreachable acl-drop pps | no-route pps } [ packets-in-burst ]
no platform rate-limit unicast ip { errors | features | icmp { redirect | unreachable { acl-drop | no-route }} | options | rpf-failure } pps [ packets-in-burst ]
Syntax Description
Command Default
- If the packets-in-burst value is not set, a default of 10 is programmed as the burst for unicast cases.
- errors — Enabled at 100 pps and packets-in-burst value is set to 10.
- rpf-failure —Enabled at 100 pps and packets-in-burst value is set to 10 .
- icmp unreachable acl-drop — Enabled at 100 pps and packets-in-burst value is set to 10 .
- icmp unreachable no-route — Enabled at 100 pps and packets-in-burst value is set to 10 .
- icmp redirect — Disabled.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
Note When you configure an ICMP rate limiter, and an ICMP redirect occurs, exiting data traffic is dropped while the remaining traffic on the same interface is forwarded.
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
– ICMP unreachable for ACL drop
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failure use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode.
Examples
This example shows how to set the ICMP-redirect limiter for unicast packets:
Related Commands
|
|
|
|---|---|
platform redundancy bias
To configure platform redundancy boot bias, use the platform redundancy bias command.
platform redundancy bias milliseconds
Syntax Description
Specifies the platform redundancy bias time in milliseconds. Range is 11–3600. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows the platform redundancy bias time in 20 milliseconds:
Related Commands
|
|
|
|---|---|
Displays the platform redundancy bias time set in milliseconds. |
Feedback