The default domain name is the value set by the ip domain-name global configuration command. If there is a period. You can configure a message-of-the-day MOTD and a login banner. The MOTD banner displays on all connected terminals at login and is useful for sending messages that affect all network users such as impending system shutdowns.
The login banner also displays on all connected terminals. It appears after the MOTD banner and before the login prompts. You can create a single or multiline message banner that appears on the screen when someone logs in to the switch.
To configure a MOTD login banner, perform this task:. To delete the MOTD banner, use the no banner motd global configuration command. For c , enter the delimiting character of your choice, for example, a pound sign , and press the Return key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending delimiter are discarded. This example shows how to configure a MOTD banner for the switch by using the pound sign symbol as the beginning and ending delimiter:.
This example shows the banner that appears from the previous configuration:. You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt. To delete the login banner, use the no banner login global configuration command. The MAC address table contains address information that the switch uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports.
The address table includes these types of addresses:. Note For complete syntax and usage information for the commands used in this section, see the command reference for this release. With multiple MAC addresses supported on all ports, you can connect any port on the switch to individual workstations, repeaters, switches, routers, or other network devices.
The switch provides dynamic addressing by learning the source address of packets it receives on each port and adding the address and its associated port number to the address table. As stations are added or removed from the network, the switch updates the address table, adding new dynamic addresses and aging out those that are not in use.
The aging interval is globally configured. The switch sends packets between any combination of ports, based on the destination address of the received packet. Using the MAC address table, the switch forwards the packet only to the port associated with the destination address. If the destination address is on the port that sent the packet, the packet is filtered and not forwarded. The switch always uses the store-and-forward method: complete packets are stored and checked for errors before transmission.
All addresses are associated with a VLAN. An address can exist in more than one VLAN and have different destinations in each. Each VLAN maintains its own logical address table.
Table shows the default MAC address table configuration. Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in use. Setting too short an aging time can cause addresses to be prematurely removed from the table.
When the switch receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses, which prevents new addresses from being learned. Flooding results, which can impact switch performance. To configure the dynamic address table aging time, perform this task:. Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated.
To return to the default value, use the no mac address-table aging-time global configuration command. The range is 10 to seconds. The default is You can also enter 0, which disables aging. Static address entries are never aged or removed from the table. For vlan-id , valid IDs are 1 to To remove all dynamic entries, use the clear mac address-table dynamic command in EXEC mode. You can also remove a specific MAC address clear mac address-table dynamic address mac-address , remove all addresses on the specified physical port or port channel clear mac address-table dynamic interface interface-id , or remove all addresses on a specified VLAN clear mac address-table dynamic vlan vlan-id.
To verify that dynamic entries have been removed, use the show mac address-table dynamic privileged EXEC command. MAC change notification allows you to track users on a network by storing the MAC change activity on the switch. If you have many users entering and exiting the network, you can set a trap interval time to bundle the notification traps and reduce network traffic. The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled.
MAC address notifications are generated for dynamic and static MAC addresses; events are not generated for self addresses or multicast addresses. To disable the switch from sending MAC change notification traps, use the no snmp-server enable traps mac-notification change global configuration command.
Enables the MAC address change notification feature. Enters the trap interval time and the history table size. To disable the MAC change notification feature, use the no mac address-table notification change global configuration command. This example shows how to specify To configure MAC move notification, perform this task:.
To disable the switch from sending MAC notification traps, use the no snmp-server enable traps mac-notification move global configuration command. To disable this feature, use the no mac-address-table notification mac-move global configuration command. To configure MAC address threshold notification, perform this task:. To disable the switch from sending MAC threshold notification traps, use the no snmp-server enable traps mac-notification threshold global configuration command.
Enables the MAC address threshold notification feature. To disable this feature, use the no address-table notification threshold global configuration command. Enters the threshold value for the MAT usage monitoring. Displays the MAC utilization threshold notification status. A static address has these characteristics:.
You can add and remove static addresses and define the forwarding behavior for them. The forwarding behavior defines how a port that receives a packet forwards it to another port for transmission. You can specify a different list of destination ports for each source port. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.
You add a static address to the address table by specifying the destination MAC unicast address and the VLAN from which it is received.
Packets received with this destination address are forwarded to the interface specified with the interface-id option. To add a static address, perform this task :. You can specify static multicast addresses for multiple interface IDs. To remove static entries from the address table, use the no mac address-table static mac-addr vlan vlan-id [ interface interface-id ] global configuration command. This example shows how to add the static address c2f3. When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses.
This feature is disabled by default and only supports unicast static addresses. When using unicast address filtering, consider these guidelines:.
For example, if you enter the mac address-table static vlan interface global configuration command followed by the mac address-table static vlan drop command, the switch drops packets with the specified MAC address as a source or destination. If you enter the mac address-table static vlan drop global configuration command followed by the mac address-table static vlan interface command, the switch adds the MAC address as a static address.
You enable unicast MAC address filtering and configure the switch to drop packets with a specific address by specifying the source or destination unicast MAC address and the VLAN from which it is received. To configure the switch to drop a source or destination unicast static address , perform this task:. Enables unicast MAC address filtering and configure the switch to drop a packet with the specified source or destination unicast static address.
To disable unicast MAC address filtering, use the no mac address -table static vlan global configuration command. This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.
Before disabling MAC address learning, you should understand the network topology and features deployed. Many Layer 2 features use MAC addresses and may not work properly if learning is disabled. Because disabling learning causes flooding of packets, you need to understand the impact of flooding on the network. Note These guidelines are advisory only. Contact the Cisco solution provider team for specific solution implementations. In this topology, you have two ports on a VLAN; traffic enters one and must exit the other.
On a point-to-point link in metro networks, numerous MAC addresses are on these types of ports by disabling learning on the VLAN to which these two ports belong, many entries in the MAC address table space can be saved.
Because there is only one egress port for the traffic, you can flood the packet and avoid having to learn all the MAC addresses seen on this port. This process saves considerable space in the MAC address table.
To obtain source learning, packets are bridged as Layer 2 flood packets. Replicated packets use a distinct dedicated bandwidth. Regardless of the number of ports in a flood set, a flood packet always consumes replication packet bandwidth, which consumes some multicast and broadcast packet-processing bandwidth Figure In this topology, you have two devices, one active and one standby.
To perform load balancing, both devices must receive all packets. You could place both devices on the same VLAN. You also can assign a multicast MAC address to both load balancers to ensure that all packets reach them. Figure In this topology, a rewritten Layer 3 packet is routed back to a Layer 2 firewall or cache before exiting.
For a routed port or SVI, however, the switch does not learn the address. Source misses are generated continuously for all arriving data packets and the switch shows a very high CPU utilization.
By disabling learning on the VLAN that the firewall or cache egress is connected to, you will routinely suppress the source miss and do not observe high CPU utilization Figure The following features are incompatible with disabling MAC address learning and do not work properly when the feature is enabled:.
Although the following features are partially incompatible with disabling MAC address learning, they still retain a large portion of their functionality:. Displays the MAC address table information for the specified interface. Displays the MAC notification parameters and history table. To communicate with a device over Ethernet, for example , the software first must learn the bit MAC address or the local data link address of that device.
The process of learning the local data link address from an IP address is called address resolution. ARP entries added manually to the table do not age and must be manually removed. CiscoView is a device management application that can be embedded on the switch flash and provides dynamic status, monitoring, and configuration information for your switch. CiscoView displays a physical view of your switch chassis with color-coded modules and ports and monitoring capabilities that display the switch status, performance, and other statistics.
Configuration capabilities allow comprehensive changes to devices, if the required security privileges have been granted. To install and configure Embedded CiscoView, perform this task:. Removes existing files from the CiscoView directory. Switch copy tftp bootflash. In a redundant configuration, repeat Step 1 through Step 6 for the file system on the redundant supervisor engine.
Switch configure terminal. Switch config ip http server. Switch config snmp-server community string ro. Configures the SNMP password for read-only operation. Switch config snmp-server community string rw. Note The default password for accessing the switch web page is the enable-level password of the switch. The following example shows how to install and configure Embedded CiscoView on your switch:. To display the Embedded CiscoView information, enter the following commands:.
Switch show ciscoview package. Displays information about the Embedded CiscoView files. Switch show ciscoview version. The following example shows how to display the Embedded CiscoView file and version information:. Skip to content Skip to search Skip to footer. Book Contents Book Contents. Find Matches in This Book. Updated: May 17, Chapter: Administering the Switch.
Administering the Switch This chapter describes how to perform one-time operations to administer the Catalyst series switch. No authentication key is specified. NTP peer or server associations None configured. NTP access restrictions No access control is specified. Configuring NTP Authentication This procedure must be coordinated with the administrator of the NTP server; the information you configure in this procedure must be matched by the servers used by the switch to synchronize its time to the NTP server.
To authenticate the associations communications between devices running NTP that provide for accurate timekeeping with other devices for security purposes, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 ntp authenticate Enables the NTP authentication feature, which is disabled by default.
Step 3 ntp authentication-key number md5 value Defines the authentication keys. For number , specify a key number. The range is 1 to For value , enter an arbitrary string of up to eight characters for the key. Step 4 ntp trusted-key key-number Specifies one or more key numbers defined in Step 3 that a peer NTP device must provide in its NTP packets for this switch to synchronize to it.
By default, no trusted keys are defined. Step 6 show running-config Verifies your entries. Step 7 copy running-config startup-config Optional Saves your entries in the configuration file.
To form an NTP association with another device, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 ntp peer ip-address [ version number ] [ key keyid ] [ source interface ] [ prefer ] or ntp server ip-address [ version number ] [ key keyid ] [ source interface ] [ prefer ] Configures the switch system clock to synchronize a peer or to be synchronized by a peer peer association.
For ip-address in a peer association, specify either the IP address of the peer providing, or being provided, the clock synchronization. For a server association, specify the IP address of the time server providing the clock synchronization. Optional For number , specify the NTP version number. The range is 1 to 3. By default, Version 3 is selected. Optional For keyid , enter the authentication key defined by entering the ntp authentication-key global configuration command.
Optional For interface , specify the interface from which to pick the IP source address. By default, the source IP address is taken from the outgoing interface. Optional Enter the prefer keyword to make this peer or server the preferred one that provides synchronization. This keyword reduces switching back and forth between peers and servers. Step 4 show running-config Verifies your entries. Step 5 copy running-config startup-config Optional Saves your entries in the configuration file.
To configure the switch to send NTP broadcast packets to peers so that they can synchronize their clock to the switch, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 interface interface-id Specifies the interface to send NTP broadcast packets, and enter interface configuration mode. Step 3 ntp broadcast [ version number ] [ key keyid ] [ destination-address ] Enables the interface to send NTP broadcast packets to a peer. If you do not specify a version, Version 3 is used.
Optional For keyid , specify the authentication key to use when sending packets to the peer. Optional For destination-address , specify the IP address of the peer that is synchronizing its clock to this switch. Step 5 show running-config Verifies your entries. Step 6 copy running-config startup-config Optional Saves your entries in the configuration file.
Step 2 interface interface-id Specifies the interface to receive NTP broadcast packets, and enter interface configuration mode. Step 3 ntp broadcast client Enables the interface to receive NTP broadcast packets. Step 4 exit Returns to global configuration mode. Step 5 ntp broadcastdelay microseconds Optional Changes the estimated round-trip delay between the switch and the NTP broadcast server. Step 7 show running-config Verifies your entries.
Step 8 copy running-config startup-config Optional Saves your entries in the configuration file. The keywords have these meanings: query-only —Allows only NTP control queries. Step 3 access-list access-list-number permit source [ source-wildcard ] Creates the access list. For access-list-number , enter the number specified in Step 2. Enter the permit keyword to permit access if the conditions are matched. For source , enter the IP address of the device that is permitted access to the switch.
Optional For source-wildcard , enter the wildcard bits to be applied to the source. The access group keywords are scanned in this order, from least restrictive to most restrictive: 1. However, the switch restricts access to allow only time requests from access list Switch configure terminal Switch config ntp access-group peer 99 Switch config ntp access-group serve-only 42 Switch config access-list 99 permit To disable NTP packets from being received on an interface, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 interface interface-id Enters interface configuration mode, and specify the interface to disable. Step 3 ntp disable Disables NTP packets from being received on the interface. By default, all interfaces receive NTP packets. To configure a specific interface from which the IP source address is to be taken, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 ntp source type number Specifies the interface type and number from which the IP source address is taken. Configuring Time and Date Manually If no other source of time is available , you can manually configure the time and date after the system is restarted.
To set the system clock, perform this task: Command Purpose Step 1 clock set hh : mm : ss day month year or clock set hh : mm : ss month day year Manually sets the system clock using one of these formats.
For hh : mm : ss , specify the time in hours hour format , minutes, and seconds. The time specified is relative to the configured time zone. For day , specify the day by date in the month. For month , specify the month by name. For year , specify the year no abbreviation. Configuring the Time Zone To manually configure the time zone, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 clock timezone zone hours-offset [ minutes-offset ] Sets the time zone. For zone , enter the name of the time zone to be displayed when standard time is in effect. The default is UTC.
For hours-offset , enter the hours offset from UTC. Optional For minutes-offset , enter the minutes offset from UTC. Configuring Summer Time Daylight Saving Time To configure summer time daylight saving time in areas where it starts and ends on a particular day of the week each year, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 clock summer-time zone recurring [ week day month hh : mm week day month hh : mm [ offset ]] Configures summer time to start and end on the specified days every year. For zone , specify the name of the time zone for example, PDT to be displayed when summer time is in effect.
Optional For week , specify the week of the month 1 to 5 or last. Optional For day , specify the day of the week Sunday, Monday Optional For month , specify the month January, February Optional For hh : mm , specify the time hour format in hours and minutes. Optional For offset , specify the number of minutes to add during summer time.
This example shows how to specify that summer time starts on the first Sunday in April at and ends on the last Sunday in October at Switch configure terminal Switch config clock summer-time PDT recurring 1 Sunday April last Sunday October Switch config end Switch If summer time in your area does not follow a recurring pattern configure the exact date and time of the next summer time events , perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 clock summer-time zone date [ month date year hh : mm month date year hh : mm [ offset ]] or clock summer-time zone date [ date month year hh : mm date month year hh : mm [ offset ]] Configures summer time to start on the first date and end on the second date. This example shows how to set summer time to start on October 12, , at , and end on April 26, , at Switch configure terminal Switch config clock summer-time pdt date 12 October 26 April Switch Managing Software Licenses Using Permanent Right-To-Use Features If you want to upgrade or downgrade from one license level to another, we recommend that you use the permanent right-to-use PRTU license instead of the node-locked license.
Downgrade from a higher license to a lower license using the license right-to-use deactivate feature name command. You cannot relocate a PRTU license to another device because the license is bundled with the image. They can be instantly activated on any supported switch. They can be applied without requiring an Internet connection. This agreement is explained in detail in the EULA, which is displayed when you activate the license.
The PRTU license model does not replace the node-locked license model. The node-licked license model is still available. Although PRTU licenses are permanent, we also support evaluation licenses and all existing licenses. Displaying Software License Information To display information about the software licenses on your switch, use one of these methods: Use Cisco License Manager to view license and device information.
In the GUI, the discovery and polling features collect all the license and device information that appears in the Properties window. For detailed instructions, see the Cisco License Manager online help. This is an example of output from the show license command: Switch show license detail Index: 1 Feature: entservices Version: 1. Step 2 hostname name Manually configures a system name. Step 5 copy running-config startup-confi g Optional Saves your entries in the configuration file.
DNS default domain name None configured. DNS servers No name server addresses are configured. Step 2 ip domain-name name Defines a default domain name that the software uses to complete unqualified hostnames names without a dotted-decimal domain name. Step 3 ip name-server server-address1 [ server-address Configuring a Message-of-the-Day Login Banner You can create a single or multiline message banner that appears on the screen when someone logs in to the switch.
Step 2 banner motd c message c Specifies the message of the day. This example shows how to configure a MOTD banner for the switch by using the pound sign symbol as the beginning and ending delimiter: Switch config banner motd it is a secure site.
Only authorized users are allowed. For access, contact technical support. Connected to User Access Verification Password: Configuring a Login Banner You can configure a login banner to be displayed on all connected terminals.
To configure a login banner, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 banner login c message c Specifies the login message. Please enter your username and password. The address table includes these types of addresses: Dynamic address—A source MAC address that the switch learns and then ages when it is not in use.
Static address —A manually entered unicast address that does not age and that is not lost when the switch resets. To configure the dynamic address table aging time, perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Step 2 mac address-table aging-time [ 0 ] [ vlan vlan-id ] Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated.
Step 4 show mac address-table aging-time Verifies your entries. For host-addr , specify the name or address of the NMS. Specify traps the default to send SNMP traps to the host. Specify informs to send SNMP informs to the host. Specify the SNMP version to support.
Version 1, the default, is not available with informs. For community-string, specify the string to send with the notification operation. Though you can set this string by using the snmp-server host command, we recommend that you define this string by using the snmp-server community command before using the snmp-server host command. For notification-type , use the mac-notification keyword. Step 4 mac address-table notification change Enables the MAC address change notification feature.
Step 5 mac address-table notification change [ interval value ] [ history-size value ] Enters the trap interval time and the history table size. Optional For interval value, specify the notification trap interval in seconds between each set of traps that are generated to the NMS. The range is 0 to seconds; the default is 1 second. Optional For history-size value , specify the maximum number of entries in the MAC notification history table. The range is 0 to ; the default is 1.
Step 6 interface interface-id Enters interface configuration mode, and specifies the interface on which to enable the SNMP MAC change notification trap. I want to use this entservices its showing active but not in use how can i do that? All rights reserved. The software code licensed under GPL Version 2. ROM: No valid license found. Next reboot license Level: lanbase. Buy or Renew. Find A Community. Cisco Community. Thank you for your support! We're happy to announce that we met our goal for the Community Helping Community campaign!
Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for. Search instead for. Did you mean:. All Community This category This board. License Activation on HI all, I want to use this entservices its showing active but not in use how can i do that? Configuration register is 0x CORE1. Labels: Labels: Other Routing. I have this problem too.
All forum topics Previous Topic Next Topic. Sanjay Shaw. Hi , Please issue the below command to activate the ent feature. Switch license right-to-use activate entservices all acceptEULA reload. In response to Sanjay Shaw. Don't you have set it as the next license boot level before reload? Switch config license boot level entservices.
0コメント