- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Ugrade (eFSU)
- NSF with SSO Supervisor Engine Redundancy
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Power Management and Environmental Monitoring
- EnergyWise
- Online Diagnostics
- Onboard Failure Logging
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Ports
- Flex Links
- EtherChannels
- mLACP for Server Access
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- STP and MST
- Optional STP Features
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- L2VPN Advanced VPLS (A-VPLS)
- IP Unicast Layer 3 Switching
- IPv6 Multicast Layer 3 Switching
- MLD Snooping for IPv6 Multicast Traffic
- IPv4 Multicast Layer 3 Switching
- IGMP Snooping and MVR for IPv4 Multicast Traffic
- Configuring MVR for IPv4 Multicast Traffic
- IPv4 IGMP Filtering and Router Guard
- PIM Snooping
- IPv4 Multicast VPN Support
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Network Security
- AutoSecure
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- Port ACLs (PACLs) and VLAN ACLs (VACLs)
- Denial of Service Protection
- Control Plane Policing (CoPP)
- DHCP Snooping
- IP Source Guard
- Dynamic ARP Inspection
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- Network Admission Control (NAC)
- IEEE 802.1X Port-Based Authentication
- Web-Based Authentication
- Port Security
- NetFlow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- Ethernet Services Line Cards
- Online Diagnostic Tests
- Acronyms
Command-Line Interfaces
This chapter describes the command-line interfaces (CLIs) you use to configure the switches supported by Cisco IOS Release 12.2SX.
Note For complete syntax and usage information for the commands used in this chapter, see these publications:
•The Cisco IOS Master Command List, at this URL:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
•The Release 12.2 publications at this URL:
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
This chapter consists of these sections:
•Performing Command Line Processing
•Performing History Substitution
•Displaying a List of Cisco IOS Commands and Syntax
•ROM-Monitor Command-Line Interface
Accessing the CLI
These sections describe accessing the CLI:
•Accessing the CLI through the EIA/TIA-232 Console Interface
•Accessing the CLI through Telnet
Accessing the CLI through the EIA/TIA-232 Console Interface
Note EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard by the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA).
Perform initial configuration over a connection to the EIA/TIA-232 console interface. See the Catalyst 6500 Series Switch Module Installation Guide for console interface cable connection procedures.
To make a console connection, perform this task:
After making a console connection, you see this display:
Press Return for Console prompt
Router> enable
Password:
Router#
Accessing the CLI through Telnet
Note Before you can make a Telnet connection to the switch, you must configure an IP address (see the "Configuring IPv4 Routing and Addresses" section).
The switch supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically after remaining idle for the period specified with the exec-timeout command.
To make a Telnet connection to the switch, perform this task:
This example shows how to open a Telnet session to the switch:
unix_host% telnet Router_1
Trying 172.20.52.40...
Connected to 172.20.52.40.
Escape character is '^]'.
User Access Verification
Password:
Router_1> enable
Password:
Router_1#
Performing Command Line Processing
Commands are not case sensitive. You can abbreviate commands and parameters if the abbreviations contain enough letters to be different from any other currently available commands or parameters. You can scroll through the last 20 commands stored in the history buffer, and enter or edit the command at the prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands.
|
|
---|---|
Press Ctrl-B or |
Moves the cursor back one character. |
Press Ctrl-F or |
Moves the cursor forward one character. |
Press Ctrl-A |
Moves the cursor to the beginning of the command line. |
Press Ctrl-E |
Moves the cursor to the end of the command line. |
Press Esc B |
Moves the cursor back one word. |
Press Esc F |
Moves the cursor forward one word. |
1 The arrow keys function only on ANSI-compatible terminals such as VT100s. |
Performing History Substitution
The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands.
|
|
---|---|
Ctrl-P or the up arrow key.1 |
Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. |
Ctrl-N or the down arrow key.1 |
Returns to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands. |
Router# show history |
While in EXEC mode, lists the last several commands you have just entered. |
1 The arrow keys function only on ANSI-compatible terminals such as VT100s. |
Cisco IOS Command Modes
Note For complete information about Cisco IOS command modes, see the Cisco IOS Configuration Fundamentals Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt. See the "Displaying a List of Cisco IOS Commands and Syntax" section.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in EXEC mode. To have access to all commands, you must enter privileged EXEC mode. Normally, you must type in a password to access privileged EXEC mode. From privileged EXEC mode, you can type in any EXEC command or access global configuration mode.
The configuration modes allow you to make changes to the running configuration. If you later save the configuration, these commands are stored across reboots. You must start at global configuration mode. From global configuration mode, you can enter interface configuration mode, subinterface configuration mode, and a variety of protocol-specific modes.
Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.
ROM-monitor mode is a separate mode used when the switch cannot boot properly. For example, the switch might enter ROM-monitor mode if it does not find a valid system image when it is booting, or if its configuration file is corrupted at startup. See the "ROM-Monitor Command-Line Interface" section.
Table 2-3 lists and describes frequently used Cisco IOS modes.
The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
When you type exit, the switch backs out one level. To exit configuration mode completely and return to privileged EXEC mode, press Ctrl-Z.
Displaying a List of Cisco IOS Commands and Syntax
In any command mode, you can display a list of available commands by entering a question mark (?).
Router> ?
To display a list of commands that begin with a particular character sequence, type in those characters followed by the question mark (?). Do not include a space. This form of help is called word help because it completes a word for you.
Router# co?
collect configure connect copy
To display keywords or arguments, enter a question mark in place of a keyword or argument. Include a space before the question mark. This form of help is called command syntax help because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered.
For example:
Router# configure ?
memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host
terminal Configure from the terminal
<cr>
To redisplay a command you previously entered, press the up arrow key or Ctrl-P. You can continue to press the up arrow key to see the last 20 commands you entered.
Tip If you are having trouble entering a command, check the system prompt, and enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using incorrect syntax.
Enter exit to return to the previous mode. Press Ctrl-Z or enter the end command in any mode to immediately return to privileged EXEC mode.
Securing the CLI
Securing access to the CLI prevents unauthorized users from viewing configuration settings or making configuration changes that can disrupt the stability of your network or compromise your network security. You can create a strong and flexible security scheme for your switch by configuring one or more of these security features:
•Protecting access to privileged EXEC commands
At a minimum, you should configure separate passwords for the user EXEC and privileged EXEC (enable) IOS command modes. You can further increase the level of security by configuring username and password pairs to limit access to CLI sessions to specific users. For more information, see "Configuring Security with Passwords, Privilege Levels, and Login Usernames for CLI Sessions on Networking Devices" at this URL:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli.html
•Controlling switch access with RADIUS, TACACS+, or Kerberos
For a centralized and scalable security scheme, you can require users to be authenticated and authorized by an external security server running either Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access-Control System Plus (TACACS+), or Kerberos.
For more information about RADIUS, see "Configuring RADIUS" at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html
For more information about TACACS+, see "Configuring TACACS+" at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.html
For more information about Kerberos, see "Configuring Kerberos" at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html
•Configuring a secure connection with SSH or HTTPS
To prevent eavesdropping of your configuration session, you can use a Secure Shell (SSH) client or a browser that supports HTTP over Secure Socket Layer (HTTPS) to make an encrypted connection to the switch.
For more information about SSH, see "Configuring Secure Shell" at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/12-2sx/sec-secure-copy.html
For more information about HTTPS, see "HTTPS - HTTP Server and Client with SSL 3.0" at this URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_sec_4cli.html
•Copying configuration files securely with SCP
To prevent eavesdropping when copying configuration files or image files to or from the switch, you can use the Secure Copy Protocol (SCP) to perform an encrypted file transfer. For more information about SCP, see "Secure Copy" at this URL:
For additional information about securing the CLI, see "Cisco IOS Security Configuration Guide: Securing User Services, Release 12.2SX" at this URL:
ROM-Monitor Command-Line Interface
The ROM-monitor is a ROM-based program that executes upon platform power-up, reset, or when a fatal exception occurs. The switch enters ROM-monitor mode if it does not find a valid software image, if the NVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode. From the ROM-monitor mode, you can load a software image manually from flash memory, from a network server file, or from bootflash.
You can also enter ROM-monitor mode by restarting and pressing the Break key during the first 60 seconds of startup.
Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the Break key is configured to be off by configuration register settings.
To access the ROM-monitor mode through a terminal server, you can escape to the Telnet prompt and enter the send break command for your terminal emulation program to break into ROM-monitor mode.
Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands.
For more information about the ROM-monitor commands, see the Cisco IOS Master Command List.
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum