|
|
This chapter describes the Cisco IOS commands that have been created or changed for the Catalyst 2900 series XL switches. Table 2-1 lists the commands in this chapter and the command modes from which they are entered.
| Commands | Description | |
|---|---|---|
| Privileged EXEC mode |
| |
| clear mac-address-table | Delete all addresses in the MAC address table. |
| clear cgmp | Delete the multicast addresses and router ports maintained by CGMP. |
| show mac-address-table | Display the MAC address table. |
| show port block | Display the blocking of unicast and multicast filtering for the port. |
| show cgmp | Display the current state of the CGMP-learned multicast groups and routers. |
| show port group | Display the ports that are assigned to groups. |
| show port monitor | Display the ports that have port monitoring enabled. |
| show port network | Display the network ports on the switch. |
| show port security | Display the ports that have port security enabled. |
| show spanning-tree | Display STP information. |
| show port storm-control | Display the setting of broadcast-storm control. |
| show vlan | Display information about a VLAN. |
| Global configuration mode |
| |
| cgmp | Enable Cisco Group Management Protocol |
| mac-address-table aging-time | Set the length of time that a dynamic entry remains in the address table. |
| mac-address-table dynamic | Add a dynamic address entry to the address table. |
| mac-address-table secure | Add secure address entries to the address table. |
| mac-address-table static | Add static address entries to the address table. |
| spanning-tree | Enable an instance of Spanning Tree Protocol. |
| spanning-tree priority | Configure the bridge priority for the specified spanning-tree instance. |
| spanning-tree protocol | Define the type of Spanning-Tree Protocol. |
| spanning-tree hello-time | Specify the interval between hello bridge protocol data units (BPDUs). |
| spanning-tree forward-time | Specify the forward delay interval for the switch. |
| spanning-tree max-age | Change the interval the switch waits to receive BPDUs from the root bridge. |
| Interface configuration mode |
| |
| ip address | Set a primary or secondary IP address of an interface. |
| duplex | Specify the duplex mode of operation for an interface. |
| port block | Prevent the flooding of unknown destination MAC addresses and multicast addresses on this interface. |
| port group | Place an interface into a port aggregation group. |
| port monitor | Implement port monitoring on a port. |
| port network | Enable a port as the network port for a VLAN. |
| port security | Enable port security on a port. |
| port storm-control | Disable broadcast traffic if too many broadcast packets are seen on this port. |
| shutdown | Disable an interface. |
| spanning-tree cost | Set a different path cost. |
| spanning-tree port-priority | Configure the Spanning-Tree Protocol priority of a port. |
| spanning-tree portfast | Enable the Port Fast option on the switch. |
| speed | Specify the speed of an interface. |
| switchport access | Set the VLAN to vlan-id when the port is in access mode. |
| switchport mode | Set the port to access or multi-VLAN mode. |
| switchport multi | Set the VLAN to vlan-id when the port is in multi-VLAN mode. |
Use the cgmp global configuration command to enable Cisco Group Management Protocol (CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging time. Use the no form of the command to disable CGMP.
cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime time]
Syntax Description
leave-processing | Enable Fast Leave processing on the switch. |
holdtime | Set the amount of time a router connection is retained before the switch ceases to exchange messages with it. |
time | Number of seconds a router connection is retained before the switch ceases to exchange messages with it. You can enter a number between 10 and 6000. |
Global configuration
Enable CGMP by entering cgmp; disable it by entering no cgmp. CGMP must be enabled before the Fast Leave option can be enabled.
The following example shows how to disable CGMP:
Switch(config)# no cgmp
The following example shows how to disable the Fast Leave option:
Switch(config)# no cgmp leave-processing
The following example shows how to set the amount of time the switch waits before ceasing to exchange messages with a router:
Switch(config)# cgmp holdtime 400
The following example shows how to remove the amount of time the switch waits before ceasing to exchange messages with a router:
Switch(config)# no cgmp holdtime
You can verify the following commands by entering the show cgmp command.
show cgmp
clear cgmp
Use the clear mac-address-table privileged EXEC command to delete entries from the MAC address table.
clear mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface] [vlan vlan-id]
static | (Optional) Delete only static addresses. |
dynamic | (Optional) Delete only dynamic addresses. |
secure | (Optional) Delete only secure addresses. |
address | (Optional) Delete the address hw-addr of type static, dynamic, and secure as specified. |
hw-addr | Delete this address. |
interface | (Optional) Delete an address on the interface interface of type static, dynamic, or secure as specified. |
interface | Delete MAC addresses on this interface. |
vlan | (Optional) Delete all the addresses for vlan-id. |
vlan-id | Delete MAC addresses in this VLAN. |
Privileged EXEC
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.
The following example shows how to delete static addresses with in-port equal to fa0/7:
Switch# clear mac-address-table static interface fa0/7
The following example shows how to delete all secure addresses in VLAN 3:
Switch# clear mac-address-table secure vlan 3
The following example shows how to delete the specific hw-addr from all interfaces in all VLANs. If the address exists in multiple VLANs or multiple interfaces, all the instances are deleted.
Switch# clear mac-address-table address 0099.7766.5544
The following example shows how to delete the specific hw-addr only in VLAN 2:
Switch# clear mac-address-table address 0099.7766.5544 vlan 2
All of these examples can be verified by using the show mac-address-table command.
show mac-address-table
Use the clear cgmp privileged EXEC command to delete information that was learned by the switch using the Cisco Group Management Protocol.
clear cgmp [vlan vlan-id ] [group [address] | router [address]]
vlan | (Optional) Delete groups only within vlan-id. |
vlan-id | VLAN for which the CGMP groups or routers are to be deleted. |
group | Delete all known multicast groups and their destination interfaces. Limited to a VLAN if the vlan keyword is entered. Limited to a specific group if the address parameter is entered. |
address | MAC address of the group or router. |
router | Delete all routers, their interfaces, and expiration times. Limited to a given VLAN if the vlan keyword is entered. Limited to a specific router if the address parameter is entered. |
Privileged EXEC
Using clear cgmp with no arguments deletes all groups and routers in all VLANs.
The following example shows how to delete all groups and routers on VLAN 2:
Switch# clear cgmp vlan 2
The following example shows how to delete all groups on all VLANs:
Switch# clear cgmp group
The following example shows how to delete a router address on VLAN 2:
Switch# clear cgmp vlan 2 router 0012.1234.1234
You can verify the results of a clear cgmp command by entering the show cgmp command.
cgmp
show cgmp
Use the duplex interface configuration command to specify the duplex mode of operation for an interface. Use the no form of this command to return the interface to its default value.
duplex {full | half | auto}
no duplex
full | Interface is in full-duplex mode. |
half | Interface is in half-duplex mode. |
auto | Interface automatically detects whether it should run in full- or half-duplex mode. |
The default is auto.
Interface configuration
Certain interfaces can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All fixed ports can be configured for either full or half duplex. Setting the fixed ports to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.
The following example shows how to set port 1 on module 2 to full duplex:
Switch(config)# interface fastethernet2/1 Switch(config-if)# duplex full
You can verify the setting by returning to privileged EXEC mode and entering the show running-config command.
Use the ip address interface configuration command to set an IP address for an interface. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask
no ip address ip-address mask
ip-address | IP address. |
mask | Mask for the associated IP subnet. |
No IP address is defined for the interface.
Interface configuration
An interface can have one IP address.
The following example shows how to configure the IP address for the switch on a subnetted network:
Switch(config)# interface vlan 1 Switch(config-if)# ip address 172.20.128.2 255.255.255.0
You can verify the entry by entering the show running-config command in privileged EXEC mode.
Use the mac-address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table since the last time the entry was used or updated. Use the no form of this command to use the default aging-time interval. The aging time applies to all VLANs.
mac-address-table aging-time age
no mac-address-table aging-time
age | Number from 10 to 1000000 seconds. |
The default is 300 seconds.
Global configuration
If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time. This can reduce the possibility of flooding when the hosts transmit again.
The following example sets the aging time to 200 seconds:
Switch(config)# mac-address-table aging-time 200
You can verify your entry by entering the show mac-address-table command.
clear mac-address-table secure
show cgmp
port block
mac-address-table dynamic
Use the mac-address-table dynamic global configuration command to add dynamic addresses to the MAC address table. Dynamic addresses are automatically added to the address table and dropped from the address table when they are not in use. Use the no form of the command to remove entries from the MAC address table.
mac-address-table dynamic hw-addr interface [vlan vlan]
no mac-address-table dynamic hw-addr [vlan vlan]
hw-addr | MAC address added to or removed from the table. |
interface | Interface or port to which packets destined for hw-addr are forwarded. |
vlan | (Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded. This keyword is optional if the interface is a static VLAN access port. In that case, the VLAN assigned to the interface is assumed to be that of the port with which the MAC address is associated. The vlan keyword is required for multi-VLAN ports. If vlan is not specified and the no form of the command is used, hw-addr is removed from all VLANs. |
vlan | ID of the VLAN to which packets destined for hw-addr are forwarded. |
Global configuration
If a VLAN ID is not specified and the no form of the command is used, hw-addr is removed from all VLANs.
The following example shows a MAC address added on interface fa1/1 to VLAN 4:
Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa1/1 vlan 4
You can verify your entry by entering the show mac-address-table command.
clear mac-address-table secure
show mac-address-table
mac-address-table static
mac-address-table aging-time
Use the mac-address-table secure global configuration command to add secure addresses to the MAC address table. Use the no form of this command to remove entries from the MAC address table.
mac-address-table secure hw-addr interface [vlan vlan]
no mac-address-table secure hw-addr [vlan vlan]
hw-addr | MAC address that is added to the table. |
interface | Interface or port to which packets destined for hw-addr are forwarded. |
vlan | (Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded. |
vlan | ID of the VLAN to which secure entries are added to the address table. |
Global configuration
Secure addresses can only be assigned to one port at a time. Therefore, if a secure address table entry for the specified MAC address and VLAN already exists on another port, it is removed from that port and assigned to the specified interface.
The following example shows how to add a secure MAC address to VLAN 6 of interface fa1/1 of the system:
Switch(config)# mac-address-table secure 00c0.00a0.03fa fa1/1 vlan 6
You can verify your entry by entering the show mac-address-table command.
mac-address-table aging-time
show mac-address-table
mac-address-table static
mac-address-table dynamic
Use the mac-address-table static global configuration command to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.
mac-address-table static hw-addr in-port out-port-list [vlan vlan]
no mac-address-table static hw-addr [in-port in-port] [out-port-list out-port-list] [vlan vlan]
hw-addr | MAC address to add to the address table. |
in-port | Input port from which packets received with a destination address of hw-addr are forwarded to the list of ports in the out-port-list. The in-port must belong to the same VLAN as all the ports in the out-port-list. |
out-port-list | List of ports to which packets received with a destination address of hw-addr on ports in in-port are forwarded. All ports in the list must belong to the same VLAN. |
vlan | (Optional) The interface and VLAN parameters together specify a destination where packets destined for the specified MAC address are forwarded. This parameter is optional if all the interfaces specified by in-port and out-port-list are static VLAN access ports. In that case, the VLAN assigned to the interfaces is assumed. The vlan keyword is required for multi-VLAN ports. If vlan is not specified and the no form of the command is used, the MAC address is removed from all VLANs. |
vlan | ID of the VLAN to which static address entries are forwarded. |
Global configuration
When a packet is received on the in-port, it is forwarded to the VLAN of each port in the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address that is already defined as a static address modifies the port map (vlan and out-port-list) for the port specified in the in-port.
Traffic from a static address is only accepted from a port defined in the in-port variable.
The following example adds a static address with port 1 as an input port and ports 2 and 8 of VLAN 4 as output ports:
Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8 vlan 4
You can verify the command by entering the show mac-address-table command.
mac-address-table aging-time
show mac-address-table
mac-address-table secure
mac-address-table dynamic
Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.
port block {unicast | multicast}
no port block {unicast | multicast}
unicast | Packets with unknown unicast addresses are not forwarded to this port. |
multicast | Packets with unknown multicast addresses are not forwarded to this port. |
Flood unknown unicast and multicast packets to all ports.
Interface configuration
The port block command cannot be entered for a port that is a network port.
The following example shows how to block the forwarding of multicast and unicast packets to a port:
Switch(config-if)# port block unicast Switch(config-if)# port block multicast
You can verify the entry by using the show port block command.
Use the port group interface configuration command to assign a port to a Fast EtherChannel port group. Up to 12 port groups can be created on a switch. Any number of ports can belong to a destination-based port group. Up to eight ports can belong to a source-based port group. Use the no form of this command to remove a port from a port group.
port group group-number distribution [source | destination]
no port group
group-number | Port group number to which the port belongs. Number can between 1 |
distribution | Forwarding method for the port group. |
source | Forward packets received on group ports according to the source address of the packet. This is the default forwarding method. |
destination | Forward packets received on group ports according to the destination address of the packet. |
Port does not belong to a port group.
Interface configuration
Any port can belong to a port group, but the following restrictions apply:
When a group is first formed, the switch automatically sets the following parameters to be the same on all ports:
Configuration of the first port added to the group is used when setting the above parameters for other ports in the group. After a group is formed, changing any parameter in the above list changes the parameter on all other ports.
Use the distribution parameter to customize the port group to your particular environment. The forwarding method you choose depends on how your network is configured. However, source-based forwarding works best for most network configurations. For more information, see the section "Setting Port Features" in the "Using the Catalyst 2900 Series XL Command-Line Interface" chapter.
The following example shows how to add a port to a port group:
Switch(config-if)# port group 1
You can verify the port group by using the show port group command.
show port group
Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the interface to its default value.
port monitor interface
no port monitor interface
interface | (Optional) Module and port number for which SPAN is to be enabled. |
Port does not monitor any other ports.
Interface configuration
All ports can be monitor ports, but the following restrictions apply:
The following example shows how to enable port monitoring on port fa0/2:
Switch(config-if)# port monitor fa0/2
You can verify your entry by using the show port monitor command.
show port monitor
Use the port network interface configuration command to define a port as the switch network port. All traffic with unknown unicast addresses are forwarded to the network port on the same VLAN. Use the no form of this command to return the interface to the default value.
port network
no port network
None
Port is not a network port.
Interface configuration
The following restrictions apply to network ports:
The following example shows how to set a port as a network port.
Switch(config-if)# port network
You can verify this entry by entering the show network port command.
show port network
Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the interface to its default value.
port security [action {shutdown | trap}]
port security [max-mac-count addresses]
no port security
action | (Optional) Action to take when an address violation occurs on this port. |
shutdown | Disable the port when a security violation occurs. |
trap | Generate an SNMP trap when a security violation occurs. |
max-mac-count | (Optional) Maximum number of secure addresses that this port can support. |
addresses | 1 to 132. |
Port security is disabled.
Interface configuration
The following restrictions apply to secure ports:
The following example shows how to enable port security on a port and what action the port takes in case of an address violation (shutdown).
Switch(config-if)# port security action shutdown
The following example shows the maximum number of addresses that the port can learn (8).
Switch(config-if)# port security max-mac-count 8
You can verify this entry by entering the show port security command.
show port security
Use the port storm-control interface configuration command to enable broadcast storm control on a port. Use the no form of this command to disable storm control or one of the storm control parameters on the interface.
port storm-control [filter] [trap] [threshold rising rising-number] [threshold falling falling-number]
no port storm-control [filter] [trap] [threshold rising rising-number] [threshold falling falling-number]
filter | Disable the port during a broadcast storm. |
threshold rising | Block the normal flooding of broadcast packets when the value in the variable rising-number is reached. |
rising-number | 0 to 4294967295 packets per second. |
threshold falling | Restart the normal flooding of broadcast packets when the value in the variable falling-number is reached. |
falling-number | 0 to 4294967295 packets per second. |
trap | Generate an SNMP trap when the port crosses the rising or falling threshold. |
Broadcast storm control is not enabled.
Interface configuration
The following example shows how to enable broadcast storm control on a port. In this example, flooding is inhibited when the number of broadcast packets arriving on the port reaches 1000, and flooding is restarted when the number of broadcast packets arriving on the port returns to 200.
Switch(config-if)# port storm-control threshold rising 1000 falling 200
You can verify this entry by entering the show port storm-control command.
Use the show cgmp privileged EXEC command to display the current state of the CGMP-learned multicast groups and routers.
show cgmp [state | holdtime | [vlan vlan-id] [group [address] | router [address]]]
state | Display whether CGMP is enabled or not, whether Fast Leave is enabled or not, and the router port timeout value. |
holdtime | Display the router port timeout value, in seconds. |
vlan | (Optional) Limit the display to the specified VLAN. |
vlan-id | ID of VLAN to which the command applies. |
group | Display all known multicast groups and the destination interfaces. Limited to given VLAN if vlan keyword is entered; limited to a specific group if the address parameter is entered. |
address | MAC address of the group or router. |
router | Display all routers, their interfaces, and expiration times. Limited to given VLAN if vlan keyword entered; limited to a specific router if the address parameter is entered. |
Privileged EXEC
This command displays CGMP information about known routers and groups, as well as if CGMP is enabled, Fast Leave is enabled, and the current value of the router timeout. If show cgmp is entered with no arguments, all information is displayed.
The following is sample output from the show cgmp command.
Switch# show cgmp CGMP is running. CGMP Fast Leave is running. Default router timeout is 300 sec. vLAN IGMP MAC Address Interfaces ------ ----------------- ---------- 1 01:00:5e:00:12:22 Fa0/1 Fa0/3 vLAN IGMP Router Expire Interface ------ ----------------- ------- --------- 1 00:02:22:34:23:45 123sec Fa0/5
clear cgmp
cgmp
Use the show mac-address-table privileged EXEC command to display the MAC address table.
show mac-address-table [static | dynamic | secure | self | aging-time | count]
[address hw-addr] [interface interface] [vlan vlan-id]
static | (Optional) Display only the static addresses. |
dynamic | (Optional) Display only the dynamic addresses. |
secure | (Optional) Display only the secure addresses. |
self | (Optional) Display only addresses added by the switch itself. |
aging-time | (Optional) Display aging-time for dynamic addresses for all VLANs. |
count | (Optional) Display a count for different kinds of MAC addresses. |
address | (Optional) Display information for a specific address. |
hw-addr | (Optional) Display information for this address. |
interface | (Optional) Display addresses for a specific interface. |
interface | (Optional) Display addresses for this interface. |
vlan | (Optional) Display addresses for a specific VLAN. |
vlan-id | (Optional) Display addresses for this VLAN. |
Privileged EXEC
This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.
The following is sample output from the show mac-address-table command:
Switch# show mac-address-table Switch(config)#end Switch#show mac-address-table Dynamic Addresses Count: 9 Secure Addresses (User-defined) Count: 0 Static Addresses (User-defined) Count: 0 System Self Addresses Count: 41 Total MAC addresses: 50 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0010.0de0.e289 Dynamic 1 FastEthernet0/1 0010.7b00.1540 Dynamic 2 FastEthernet0/5 0010.7b00.1545 Dynamic 2 FastEthernet0/5 0060.5cf4.0076 Dynamic 1 FastEthernet0/1 0060.5cf4.0077 Dynamic 1 FastEthernet0/1 0060.5cf4.1315 Dynamic 1 FastEthernet0/1 0060.70cb.f301 Dynamic 1 FastEthernet0/1 00e0.1e42.9978 Dynamic 1 FastEthernet0/1 00e0.1e9f.3900 Dynamic 1 FastEthernet0/1
clear mac-address-table
show port block {unicast | multicast} [interface]
unicast | Show whether ports are blocking unicast packets or not. |
multicast | Show whether ports are blocking multicast packets or not. |
interface | (Optional) Show whether this port is blocking unicast or multicast packets. |
Privileged EXEC
The following is sample output from the show port block command:
Switch# show port block unicast fa0/8 FastEthernet0/8 is blocked from unknown unicast addresses
port block
Use the show port group privileged EXEC command to list the ports that belong to a port group.
show port group [group-number]
group-number | Port group to which the port is assigned. |
Privileged EXEC
The following is sample output from the show port group command:
Switch# show port group 1
Group Interface
----- ---------------
1 FastEthernet0/1
1 FastEthernet0/4
port group
Use the show port monitor privileged EXEC command to display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled.
show port monitor interface
interface | Module and port number enabled for SPAN. |
Privileged EXEC
All ports can be monitor ports, but the following restrictions apply:
The following is sample output from the show port monitor command:
Switch# show port monitor fa0/8 Monitor Port Port/VLAN Being Monitored FastEthernet0/8 FastEthernet0/1 VLAN 1 FastEthernet0/8 FastEthernet0/2 VLAN 1 FastEthernet0/8 FastEthernet0/3 VLAN 1 FastEthernet0/8 FastEthernet0/4 VLAN 1 FastEthernet0/8 FastEthernet0/5 VLAN 1 FastEthernet0/8 FastEthernet0/6 VLAN 1 FastEthernet0/8 FastEthernet0/7 VLAN 1
port monitor
Use the show port network privileged EXEC command to display the network port defined for the switch or VLAN.
show port network [interface]
interface | (Optional) Interface to be displayed. |
Privileged EXEC
The show port network command displays all network ports on the switch.
The following is sample output from the show port network command:
Switch# show port network
Network Port VLAN ID ------------ ------- FastEthernet0/11 1
port network
Use the show port security privileged EXEC command to show the port security parameters defined for the port.
show port security interface
Syntax Description
interface | Interface to be displayed. |
Privileged EXEC
The following is sample output from the show port security command for fixed port 07:
Switch# show port security fa0/7
Secure Port Secure Addr Secure Addr Security Security Action
Cnt (Current) Cnt (Max) Reject Cnt
--------------- ------------- ----------- ---------- ----------------
FastEthernet0/7 0 132 0 Send Trap
port security
Use the show port storm-control privileged EXEC command to display the rising and falling thresholds for broadcast storm control. This command also displays the action that the switch takes when the thresholds are reached.
show port storm-control [interface]
interface | (Optional) Interface for which the broadcast storm control parameters are displayed. |
Privileged EXEC
The following is sample output from the show port storm-control command:
Switch# show port storm-control
Interface Filter State Trap State Rising Falling Current Traps Sent --------- ------------- ------------- ------ ------- ------- ---------- Fa0/1 <inactive> <inactive> 1000 200 0 0 Fa0/2 <inactive> <inactive> 500 250 0 0 Fa0/3 <inactive> <inactive> 500 250 0 0 Fa0/4 <inactive> <inactive> 500 250 0 0
port storm-control
Use the show spanning-tree privileged EXEC command to show spanning-tree information for the specified spanning-tree instances.
show spanning-tree [stp-list] [interface interface-list]
stp-list | (Optional) List of spanning-tree instances. If omitted, the command applies to the spanning-tree instance associated with VLAN 1. |
interface | Include interfaces in the interface-list variable when displaying information about spanning-tree instances. |
interface-list | (Optional) List of interfaces that are included with the information about an instance of spanning tree. |
Privileged EXEC
The following is sample output from the show spanning-tree command for VLAN 1:
Switch# show spanning-tree vlan 1
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0010.0b3f.ac80
Root port is 5, cost of root path is 10
Topology change flag not set, detected flag not set, changes 1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 in Spanning tree 1 is down
Port path cost 100, Port priority 128
Designated root has priority 32768, address 0010.0b3f.ac80
Designated bridge has priority 32768, address 00e0.1eb2.ddc0
Designated port is 1, path cost 10
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
...
spanning-tree
spanning-tree forward-time
spanning-tree port-priority
spanning-tree protocol
spanning-tree max-age
Use the show vlan privileged EXEC command to display the parameters for one VLAN or all VLANs in an administrative domain.
show vlan brief
show vlan id vlan-id
brief | Display a single line for each VLAN with the VLAN name, status, and its ports. |
id | Display information about a single VLAN. |
vlan-id | ID of the VLAN about which information is displayed. |
Privileged EXEC
The following is sample output from the show vlan brief command and displays just the first part of the output:
Switch# show vlan brief VLAN Name Status Mod/Ports ---- -------------------------------- --------- ---------- 1 default active 0/1-15 2 VLAN0002 active 0/16 3 VLAN0003 active 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active 7 VLAN0007 active 8 VLAN0008 active 9 VLAN0009 active 10 VLAN0010 active 11 VLAN0011 active 12 VLAN0012 active 13 VLAN0013 active 14 VLAN0014 active 15 VLAN0015 active
Switch# show vlan id 2 VLAN Name Status Mod/Ports -------- -------------------------------- --------- --------- 2 VLAN0002 active
Use the shutdown interface configuration command to disable an interface. To restart a disabled interface, use the no form of this command.
shutdown
no shutdown
This command has no arguments or keywords.
Interface configuration
Use the shutdown command on the VLAN interface to disable communication with the switch. The shutdown command for a port interface causes the port to stop forwarding but maintains communication with the switch. For example, you can still enable the port with no shutdown.
The following examples show how to disable fixed port fa0/8 and how to reenable it:
Switch(config)# interface fa0/8 Switch(config-if)# shutdown Switch(config-if)# no shutdown
You can verify this entry by entering the show interface command.
Use the spanning-tree global configuration command to enable Spanning-Tree Protocol (STP) on a VLAN. To disable STP on a VLAN, use the no form of the command.
spanning-tree (stp-list)
no spanning-tree (stp-list)
stp-list | (Optional) List of spanning-tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
STP is enabled.
Global configuration
Disabling STP causes the VLAN or list of VLANs to stop participating in STP. Ports that are administratively down remain down. Received bridge protocol data units (BPDUs) are forwarded like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.
STP can be disabled for a VLAN that is not currently active. The setting takes effect when the VLAN is activated.
If the list of STP instances is omitted (stp-list), the command applies to the STP instance associated with VLAN 1.
The following example shows how to disable STP on VLAN 5:
Switch(config)# no spanning-tree vlan 5
You can verify this entry by entering the show spanning-tree command. In this instance, VLAN 5 would nt appear in the list.
spanning-tree forward-time
spanning-tree port-priority
spanning-tree protocol
spanning-tree max-age
Use the spanning-tree forward-time global configuration command to set the forwarding-time for the specified spanning tree instances. Use the no form of this command to revert to the default value.
spanning-tree [stp-list] forward-time seconds
no spanning-tree [stp-list] forward-time
stp-list | (Optional) List of spanning-tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
seconds | Forward-delay interval, in seconds. It must be a number between 4 |
The default configuration IEEE Spanning-Tree Protocol (STP) is 15 seconds. The default for IBM STP is 4 seconds, and the default for DEC STP is 30 seconds.
Global configuration
If the list of STP instances is omitted (stp-list), the command applies to the STP instance associated with VLAN 1.
The following example sets the spanning-tree forwarding-time to 18 seconds for VLAN 20:
Switch(config)# spanning-tree vlan 20 forward-time 18
spanning-tree protocol
spanning-tree max-age
spanning-tree port-priority
spanning-tree forward-time
Use the spanning-tree hello-time global configuration command to specify the interval between hello bridge protocol data units (BPDUs). Use the no form of this command to return to the default interval.
spanning-tree [stp-list] hello-time seconds
no spanning-tree [stp-list] hello-time
stp-list | (Optional) List of spanning tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
seconds | Interval between 1 and 10 seconds. |
The default configuration IEEE Spanning-Tree Protocol (STP) is 2 seconds. The default for IBM STP is 2 seconds, and the default for DEC STP is 1 second.
Global configuration
If the list of STP instances is omitted (stp-list), the command applies to the STP instance associated with VLAN 1.
The following example sets the spanning-tree hello-delay time to 3 seconds for VLAN 20:
Switch (config) # spanning-tree vlan 20 hello-time 3
Related Commands
spanning-tree
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree max-age global configuration command to change the interval that the specified spanning trees wait to hear messages from the root bridge. If a bridge does not receive a message from the root bridge within this interval, it recomputes the STP topology. Use the no form of this command to return to the default interval.
spanning-tree [stp-list] max-age seconds
no spanning-tree [stp-list] max-age
stp-list | (Optional) List of spanning-tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
seconds | Interval the bridge waits to hear BPDUs from the root bridge. It must be a a number between 10 and 10,000. |
The default configuration (IEEE STP) is 20 seconds. The default for DEC STP is 15 seconds, and the default for IBM STP is 10 seconds.
Global configuration
The max-age setting must be greater than the hello-time setting. If the list of STP instances is omitted (stp-list), the command applies to the STP instance associated with VLAN 1.
The following example sets the spanning-tree max-age to 30 seconds for VLAN 20:
Switch (config)# spanning-tree vlan 20 max-age 30
The following example resets the max-age parameter to the default value for spanning-tree instances 100 through 102:
Switch (config)# no spanning-tree vlan 100 101 102 max-age
spanning-tree protocol
spanning-tree priority
spanning-tree forward-time
spanning-tree hello-time
Use the spanning-tree priority global configuration command to configure the bridge priority for the specified spanning-tree instance. This will change the likelihood that the bridge is selected as the root bridge. Use the no form of this command to revert to the default value.
spanning-tree [stp-list] priority bridge-priority
no spanning-tree [stp-list] priority
stp-list | (Optional) List of STP instances. Enter each VLAN number separated by a space. Ranges are not supported. |
bridge-priority | A number between 0 and 65535. The lower the number, the more likely the bridge will be chosen as root. |
The default configuration (IEEE STP) is 32768. The default value for IBM STP and DEC STP is also 32768.
Global configuration
If the list of STP instances is omitted (stp-list), the command applies to the STP instance associated with VLAN 1.
The following example shows how to set the spanning-tree priority to 125 for a list of VLANs:
Switch (config)# spanning-tree vlan 20 100 101 102 priority 125
spanning-tree protocol
spanning-tree forward-time
spanning-tree hello-time
spanning-tree max-age
Use the spanning-tree cost interface configuration command to set the path cost of an interface for Spanning-Tree Protocol (STP) calculations. Use the no form of this command to revert to the default value.
spanning-port [stp-list] cost cost
no spanning-port [stp-list] cost
stp-list | (Optional) List of spanning tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
cost | Set a cost for the interface. |
cost | Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies whether or not the IEEE or Digital STP has been specified. |
The default path cost is computed from the interface bandwidth setting. The following are IEEE default path cost values:
Interface configuration
If the list of STP instances is omitted, the command applies to the STP instance associated with VLAN 1.
The following example sets a path cost value of 250 for VLAN 1:
Switch(config-if)# spanning-tree vlan 1 cost 250
Related Commands
spanning-tree priority
spanning-tree portfast
Use the spanning-tree portfast interface configuration command to enable the Port Fast feature on a port. When the Port Fast feature is enabled, the port changes directly from a blocking state to a forwarding state without making the intermediate Spanning-Tree Protocol (STP) status changes. Use the no form of this command to return the interface to default operation.
spanning-port portfast
no spanning-port portfast
By default the Port Fast feature is disabled.
Interface configuration
This feature should only be used on ports that connect to end stations.
A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state.
The following example enables the Port Fast feature on port fixed port 2.
Switch(config-if)# spanning-tree portfast fa0/2
spanning-tree port-priority
spanning-tree cost
Use the spanning-tree port-priority interface configuration command to set a priority used when two bridges tie for position as the root bridge. Use the no form of this command to revert to the default value.
spanning-port [stp-list] port-priority port-priority
no spanning-port [stp-list] port-priority
stp-list | (Optional) List of spanning-tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
port-priority | Number from between 0 to 255. |
The default configuration (IEEE STP) is 128. The default for IBM STP and DEC STP is also 128.
Interface configuration
The following example increases the likelihood that the spanning-tree instance 20 is chosen as the root-bridge on interface fa0/2:
Switch(config)# interface fa0/2
Switch(config-if)# spanning-port vlan 20 port-priority 0
If the command is entered without a list of STP instances (stp-list), the command applies to the STP instance associated with VLAN 1.
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree protocol global configuration command to specify the Spanning-Tree Protocol to be used for specified spanning-tree instances. Use the no form to use the default protocol.
spanning-tree [stp-list] protocol {ieee | dec | ibm}
no spanning-tree [stp-list] protocol
stp-list | (Optional) List of spanning-tree instances. Enter each VLAN number separated by a space. Ranges are not supported. |
ieee | IEEE Ethernet Spanning-Tree Protocol. |
dec | Digital Spanning-Tree Protocol. |
ibm | IBM Spanning-Tree Protocol. |
The default protocol is ieee.
Global configuration
Changing the protocol of a spanning tree causes STP parameters to change to default values of the new protocol.
The following example shows how to change the STP protocol for VLAN 20 to the DEC version of STP:
Switch(config)# spanning-tree vlan 20 protocol dec
spanning-tree forward-time
spanning-tree port-priority
spanning-tree max-age
spanning-tree
Use the speed interface configuration command to specify the speed of the interface. Use the no form of this command to return the interface to its default value.
speed {10 | 100 | auto}
no speed
10 | Interface runs at 10 Mbps. |
100 | Interface runs at 100 Mbps. |
auto | Interface automatically detects whether it should run at 10 or 100 Mbps. |
The default is auto.
Interface configuration
Certain interfaces can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent. All fixed ports can be configured for either 10- or 100-Mbps operation.
The following example shows how to set port 1 on module 2 to 100 Mbps:
Switch(config)# interface fastethernet2/1 Switch(config-if)# speed 100
duplex
Use the switchport access interface configuration command to configure VLAN membership for an access port. If the mode is set to access, the portwill operate as amember of the configured VLAN.
switchport access vlan vlan-id
no switchport access vlan vlan-id
access | An access port can only be assigned to one and only one VLAN. |
vlan-id | Number identifying the VLAN. Valid numbers are between 1 and 1001. |
The default for all ports is access mode in VLAN 1.
Interface configuration
Configuration using the access keyword only takes effect when the port is changed to the corresponding mode by using the switchport mode command. The access port configuration is maintained, but only one configuration is active at a time.
The following example changes a port to an access port on VLAN 3:
Switch(config-if)# switchport access vlan 3
switchport multi
switchport mode
Use the switchport multi interface configuration command to configure VLAN membership for a multi-VLAN port. If themode is set to multi, the port will operate as a member of the list of VLANs configured.
switchport multi vlan vlan-list
no switchport multi vlan vlan-list
multi | A multi-VLAN port can be assigned with 1 or more VLANs. |
vlan-list | List of VLAN numbers that the port belongs to. Valid entries are 1 to 1001. |
The default for VLAN membership of a multi-VLAN port is VLAN 1.
Interface configuration
Configuration using the multi keyword only takes effect when the port is changed to the corresponding mode by using the switchport mode command.
The following example shows how to assign a multi-VLAN port to two VLANs:
Switch(config-if)# switchport multi vlan 2 4
switchport access
switchport mode
Use the switchport mode interface configuration command to set a port to access or multi-VLAN mode.
switchport mode [access | multi]
no switchport mode [access | multi]
mode | Set the port to access or multi-VLAN mode. |
access | An access port can only be assigned to one and only one VLAN. |
multi | A multi-VLAN port can be assigned with 1 or more VLANs. |
The default for all ports is access mode in VLAN 1.
Interface configuration
Configuration using the access or multi keywords only takes effect when the port is changed to the corresponding mode by using the switchport mode command. The access or multi-VLAN port configuration are both maintained, but only one configuration is active at a time.
The following examples show how to configure a port as a multi-VLAN port and assign it to two VLANs:
Switch(config-if)# switchport mode multi
Switch(config-if)# switchport multi vlan 2 4
The following examples change a port to an access port on VLAN 3:
Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 3
switchport access
switchport multi
Posted: Wed Sep 8 14:16:18 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.