The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the system management commands that begin with S.
To shut down an Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the shut command. To enable an ERSPAN session, use the no form of this command.
shut
no shut
This command has no arguments or keywords.
None
ERSPAN session configuration mode
|
|
5.2(1)N1(1) |
This command was introduced. |
This command does not require a license.
This example shows how to shut down an ERSPAN session:
switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# shut
switch(config-erspan-src)#
This example shows how to enable an ERSPAN session:
switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# no shut
switch(config-erspan-src)#
|
|
---|---|
monitor session |
Enters the monitor configuration mode. |
show monitor session |
Displays the virtual SPAN or ERSPAN configuration. |
To create Simple Network Management Protocol (SNMP) communities for SNMPv1 or SNMPv2c, use the snmp-server community command. To revert to the defaults, sue the no form of this command.
snmp-server community com-name [group grp-name | ro | rw | use-acl acl-name]
no snmp-server community com-name [group grp-name | ro | rw | use-acl acl-name]
None
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops the request and sends a system message.
See the Cisco Nexus 5000 Series NX-OS Security Configuration Guide for more information on creating ACLs. The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community.
This example shows how to create an SNMP community string and assign an ACL to the community to filter SNMP requests:
switch(config)# snmp-server community public use-acl my_acl_for_public
switch(config)#
|
|
---|---|
show snmp community |
Displays the SNMP community strings. |
To configure the Simple Network Management Protocol (SNMP) contact (sysContact) information, use the snmp-server contact command. To remove the contact information, use the no form of this command.
snmp-server contact [text]
no snmp-server contact [text]
text |
(Optional) String that describes the system contact information. The text can be any alphanumeric string up to 32 characters and cannot contain spaces. |
No system contact (sysContact) string is set.
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to set an SNMP contact:
switch(config)# snmp-server contact DialSystemOperatorAtBeeper#1235
switch(config)#
This example shows how to remove an SNMP contact:
switch(config)# no snmp-server contact DialSystemOperatorAtBeeper#1235
switch(config)#
|
|
---|---|
show snmp |
Displays information about SNMP. |
snmp-server location |
Sets the system location string. |
To configure the Simple Network Management Protocol (SNMP) context to logical network entity mapping, use the snmp-server context command. To remove the context, use the no form of this command.
snmp-server context context-name [instance instance-name] [vrf {vrf-name | default | management}] [topology topology-name]
no snmp-server context context-name [instance instance-name] [vrf {vrf-name | default | management}] [topology topology-name]
None
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
Use the snmp-server context command to map between SNMP contexts and logical network entities, such as protocol instances or VRFs.
This example shows how to map the public1 context to the default VRF:
switch(config)# snmp-server context public1 vrf default
switch(config)#
|
|
---|---|
show snmp |
Displays the SNMP status. |
show snmp context |
Displays information about SNMP contexts. |
To enable the Simple Network Management Protocol (SNMP) notifications, use the snmp-server enable traps command. To disable SNMP notifications, use the no form of this command.
snmp-server enable traps
[aaa [server-state-change] |
callhome [event-notify | smtp-send-fail] |
entity {entity_fan_status_change | entity_mib_change | entity_module_inserted | entity_module_removed | entity_module_status_change | entity_power_out_change | entity_power_status_change | entity_unrecognised_module} |
fcdomain |
fcns |
fcs |
fctrace |
fspf |
license [notify-license-expiry | notify-license-expiry-warning | notify-licensefile-missing | notify-no-license-for-feature] |
link |
rf [redundancy_framework] |
rmon [fallingAlarm | hcFallingAlarm | hcRisingAlarm | risingAlarm] |
rscn |
snmp [authentication] |
vsan | vtp |
zone [default-zone-behavior-change | merge-failure | merge-success | request-reject1 | unsupp-mem]]
no snmp-server enable traps
[aaa [server-state-change] |
callhome [event-notify | smtp-send-fail] |
entity {entity_fan_status_change | entity_mib_change | entity_module_inserted | entity_module_removed | entity_module_status_change | entity_power_out_change | entity_power_status_change | entity_unrecognised_module} |
fcdomain |
fcns |
fcs |
fctrace |
fspf |
license [notify-license-expiry | notify-license-expiry-warning | notify-licensefile-missing | notify-no-license-for-feature] |
link |
rf [redundancy_framework] |
rmon [fallingAlarm | hcFallingAlarm | hcRisingAlarm | risingAlarm] |
rscn |
snmp [authentication] |
vsan | vtp |
zone [default-zone-behavior-change | merge-failure | merge-success | request-reject1 | unsupp-mem]]
All notifications
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
The snmp-server enable traps command enables both traps and informs, depending on the configured notification host receivers.
This example shows how to enable SNMP notifications for the server state change:
switch(config)# snmp-server enable traps aaa
switch(config)#
This example shows how to disable all SNMP notifications:
switch(config)# no snmp-server enable traps
switch(config)#
To enable the Simple Network Management Protocol (SNMP) notifications on link traps, use the snmp-server enable traps link command. To disable SNMP notifications on link traps, use the no form of this command.
snmp-server enable traps link [notification-type]
no snmp-server enable traps link [notification-type]
Disabled
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This command is disabled by default. Most notification types are disabled.
If you enter this command with no notification-type arguments, the default is to enable all notification types controlled by this command
This example shows how to enable the SNMP link trap notification on the switch:
switch(config)# snmp-server enable traps link
switch(config)#
This example shows how to disable the SNMP link trap notification on the switch:
switch(config)# no snmp-server enable traps link
switch(config)#
|
|
---|---|
show snmp trap |
Displays the SNMP notifications enabled or disabled. |
To configure Simple Network Management Protocol (SNMP) message encryption for all users, use the snmp-server globalEnforcePriv command. To remove the encryption, use the no form of this command.
snmp-server globalEnforcePriv
no snmp-server globalEnforcePriv
This command has no arguments or keywords.
The SNMP agent accepts SNMPv3 messages without authentication and encryption.
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to configure SNMP message encryption for all users:
switch(config)# snmp-server globalEnforcePriv
switch(config)#
This example shows how to remove SNMP message encryption for all users:
switch(config)# no snmp-server globalEnforcePriv
switch(config)#
|
|
---|---|
snmp-server user |
Configures a new user to an SNMP group. |
show snmp sessions |
Displays the current SNMP sessions. |
To specify the recipient of a Simple Network Management Protocol (SNMP) notification operation, use the snmp-server host command. To remove the specified host, use the no form of this command.
snmp-server host host-address {community-string
| filter-vrf {vrf-name | default | management}
| {informs | traps} {community-string | version {1 | 2c | 3 {auth | noauth | priv}} community-string [udp-port port]}
| version {1 | 2c | 3 {auth | noauth | priv}} community-string [udp-port port]}
no snmp-server host host-address {community-string
| filter-vrf {vrf-name | default | management}
| {informs | traps} {community-string | version {1 | 2c | 3 {auth | noauth | priv}} community-string [udp-port port]}
| version {1 | 2c | 3 {auth | noauth | priv}} community-string [udp-port port]}
Disabled
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Therefore, informs are more likely to reach their intended destination.
This example shows how to sends the SNMP traps to the host specified by the IPv4 address 192.168.0.10. The community string is defined as my_acl_for_public.:
switch(config)# snmp-server community public use-acl my_acl_for_public
switch(config)# snmp-server host 192.168.0.10 my_acl_for_public
switch(config)#
This example shows how to send all inform requests to the host myhost.cisco.com using the community string my_acl_for_public:
switch(config)# snmp-server enable traps
switch(config)# snmp-server host myhost.cisco.com informs version 2c my_acl_for_public
switch(config)#
|
|
---|---|
show snmp host |
Displays information about the SNMP host. |
To set the Simple Network Management Protocol (SNMP) system location string, use the snmp-server location command. To remove the location string, use the no form of this command.
snmp-server location [text]
no snmp-server location [text]
text |
(Optional) String that describes the system location information. |
No system location string is set.
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to set a system location string:
switch(config)# snmp-server location Building 3/Room 21
switch(config)#
This example shows how to remove the system location string:
switch(config)# no snmp-server location Building 3/Room 21
switch(config)#
|
|
---|---|
snmp-server contact |
Sets the SNMP system contact (sysContact) string. |
To configure a Simple Network Management Protocol (SNMP) context to map to a logical network entity, such as a protocol instance or VRF, use the snmp-server mib community-map command. To remove the mapping, use the no form of this command.
snmp-server mib community-map community-string context context-name
no snmp-server mib community-map community-string context context-name
None
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to map an SNMPv2c community named my_acl_for_public to an SNMP context public1:
switch(config)# snmp-server mib community-map my_acl_for_public context public1
switch(config)#
This example shows how to remove the mapping of an SNMPv2c community to an SNMP context:
switch(config)# no snmp-server mib community-map my_acl_for_public context public1
switch(config)#
|
|
---|---|
snmp-server community |
Configures an SNMP community. |
snmp-server context |
Configures an SNMP context. |
show snmp |
Displays the SNMP status. |
To enable a one-time authentication for Simple Network Management Protocol (SNMP) over a TCP session, use the snmp-server tcp-session command. To disable the one-time authentication, use the no form of this command.
snmp-server tcp-session [auth]
no snmp-server tcp-session [auth]
auth |
(Optional) Specifies that one-time authentication for SNMP be enabled over the TCP session. |
Disabled
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to enable one-time authentication for SNMP over a TCP session:
switch(config)# snmp-server tcp-session auth
switch(config)#
This example shows how to disable one-time authentication for SNMP over a TCP session:
switch(config)# no snmp-server tcp-session auth
switch(config)#
|
|
---|---|
show snmp |
Displays the SNMP status. |
To configure a new user to a Simple Network Management Protocol (SNMP) group, use the snmp-server user command. To remove a user from an SNMP group, use the no form of this command.
snmp-server user username [groupname] [auth {md5 | sha} auth-password [{engineID engine-ID | localizedkey | priv {priv-password | aes-128}}]]
no snmp-server user
None
Global configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This example shows how to configure an SNMP user named authuser with authentication and privacy parameters:
switch(config)# snmp-server user authuser publicsecurity auth sha shapwd priv aes-128
switch(config)#
This example shows how to delete an SNMP user:
switch(config)# no snmp-server user authuser
switch(config)#
|
|
---|---|
show snmp user |
Displays information about one or more SNMP users. |
To enable Simple Network Management Protocol (SNMP) link trap generation on an interface, use the snmp trap link-status command. To disable SNMP link traps, use the no form of this command.
snmp trap link-status
no snmp trap link-status
This command has no arguments or keywords.
Enabled
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
By default, SNMP link traps are sent when a Layer 2 interface goes up or down. You can disable SNMP link trap notifications on an individual interface. You can use these limit notifications on a flapping interface (an interface that transitions between up and down repeatedly).
You can use this command on the following interfaces:
•Layer 2 interface
•Layer 3 interface
Note Use the no switchport command to configure an interface as a Layer 3 interface.
•Virtual Ethernet interface
This example shows how to disable SNMP link-state traps for a specific Layer 2 interface:
switch(config)# interface ethernet 1/1
switch(config-if)# no snmp trap link-status
switch(config-if)#
This example shows how to enable SNMP link-state traps for a specific Layer 3 interface:
switch(config)# interface ethernet 1/5
switch(config-if)# no switchport
switch(config-if)# snmp trap link-status
switch(config-if)#
This example shows how to enable SNMP link-state traps for a specific Layer 2 interface:
switch(config)# interface ethernet 1/1
switch(config-if)# snmp trap link-status
switch(config-if)#
This example shows how to enable SNMP link-state traps for a specific virtual Ethernet interface:
switch(config)# interface vethernet 1
switch(config-if)# snmp trap link-status
switch(config-if)#
To add an Ethernet Switched Port Analyzer (SPAN) or an Encapsulated Remote Switched Port Analyzer (ERSPAN) source port, use the source command. To remove the source SPAN or ERSPAN port, use the no form of this command.
source {interface {ethernet slot/[QSFP-module/]port | port-channel channel-num | vethernet veth-num} [{both | rx | tx}] | vlan vlan-num | vsan vsan-num}
no source {interface {ethernet slot/[QSFP-module/]port | port-channel channel-num | vethernet veth-num} | vlan vlan-num | vsan vsan-num}
None
SPAN session configuration mode
ERSPAN session configuration mode
|
|
6.0(2)N1(2) |
Support for the QSFP+ GEM was added. |
5.2(1)N1(1) |
This command was introduced. |
A source port (also called a monitored port) is a switched port that you monitor for network traffic analysis. In a single local SPAN session, you can monitor source port traffic such as received (Rx), transmitted (Tx), or bidirectional (both).
A source port can be an Ethernet port, port channel, SAN port channel, VLAN, or a VSAN port. It cannot be a destination port.
For ERSPAN, if you do not specify both, rx, or tx, the source traffic is analyzed for both directions.
This example shows how to configure an Ethernet SPAN source port:
switch# configure terminal
switch(config)# monitor session 9 type local
switch(config-monitor)# description A Local SPAN session
switch(config-monitor)# source interface ethernet 1/1
switch(config-monitor)#
This example shows how to configure a port channel SPAN source:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 5
switch(config-monitor)#
This example shows how to configure an ERSPAN source port to receive traffic on the port:
switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# source interface ethernet 1/5 rx
switch(config-erspan-src)#
To configure a rate limit to monitor traffic on an interface, use the switchport monitor rate-limit command. To remove a rate limit, use the no form of this command.
switchport monitor rate-limit 1G
no switchport monitor rate-limit [1G]
1G |
(Optional) Specifies that the rate limit is 1 GB. |
None
Interface configuration mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
This command is applicable to the following Cisco Nexus 5000 Series switches:
•Cisco Nexus 5010 Series
•Cisco Nexus 5020 Series
This command does not require a license.
This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:
switch(config)# interface ethernet 1/2
switch(config-if)# switchport monitor rate-limit 1G
switch(config-if)#
To create or configure a switch profile, use the switch-profile command. To delete a switch profile, use the no form of this command.
switch-profile sw-profile-name
no switch-profile sw-profile-name {all-config | local-config | profile-only}
None
Configuration synchronization mode
|
|
---|---|
5.2(1)N1(1) |
This command was introduced. |
Use this command to create a switch profile on each of the peer switches. You must use the same profile name on both the switches in the Cisco Fabric Services (CFS) peer configuration.
You can configure only one active switch profile on each peer switch. If you create or configure a second switch profile, you see the following error message:
Error: Another switch profile already exists. Cannot configure more than one switch-profile.
The configuration that is made locally on the switch is synchronized and made available on the peer switch only after the connectivity is established between the peer switches and the configuration is verified and committed on the local switch.
You can configure a switch profile to include the interface configuration, quality of service (QoS), and virtual port channel (vPC) commands. FCoE commands are not supported on a switch profile.
When you delete a switch profile, you can choose to delete the local switch profile with the local configurations on the switch, delete the switch profile with the local configurations and configuration information in the peer, or delete the switch profile only while saving all other configuraiton information. The peer becomes unreachable.
This example shows how to create a switch profile named s5010 on switch 1 of the peer:
Peer A
switch# configure terminal
switch(config)# cfs ipv4 distribute
switch(config)# exit
switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile s5010
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
This example shows how to create a switch profile named s5010 on switch 2 of the peer:
Peer B
switch# configure terminal
switch(config)# cfs ipv4 distribute
switch(config)# exit
switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile s5010
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
This example shows how to delete a switch profile named s5010 and its local configuration on switch 1 of the peer:
Peer A
switch# config sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# no switch-profile s5010 local-config
switch(config-sync)#