Guest

Cisco IOS Software Releases 12.4 T

Extended VLAN ID

  • Viewing Options

  • PDF (507.5 KB)
  • Feedback
Extended VLAN ID

Table Of Contents

Extended VLAN ID

Contents

Prerequisites for Extended VLAN ID

Restrictions for Extended VLAN ID

Information About Extended VLAN ID

VLAN Number Space Management

Default Ethernet VLAN Configuration

VLAN Trunking Protocol Guidelines

Other Extended VLAN ID Guidelines

How to Configure an Extended VLAN ID

Configuring an Extended VLAN

Prerequisites

Restrictions

Troubleshooting Tips

Configuring an Extended-Range VLAN Using an Internal VLAN ID

Deleting an Extended VLAN

Prerequisites

Configuration Examples for Extended VLAN ID

Configuring an Extended VLAN ID: Example

Deleting an Extended VLAN ID: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

monitor session

show mac-address-table

show spanning-tree

spanning-tree vlan

switchport trunk

vlan (global configuration mode)

Feature Information for Extended VLAN ID


Extended VLAN ID


First Published: June 28, 2007
Last Updated: June 28, 2007

The IEEE 802.1Q standard provides for support of up to 4096 VLANs. Beginning with Cisco IOS Release 12.4(15)T, you can configure VLAN IDs in the range from 1006 to 4094 on specified routers.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Extended VLAN ID" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Extended VLAN ID

Restrictions for Extended VLAN ID

Information About Extended VLAN ID

How to Configure an Extended VLAN ID

Configuration Examples for Extended VLAN ID

Additional References

Command Reference

Feature Information for Extended VLAN ID

Prerequisites for Extended VLAN ID

These are the prerequisites for configuring extended VLAN ID:

You should understand how to configure VLANs. For information on configuring VLANs, see the "Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.

The reduced MAC address feature is required to support 4000 VLANs. Cisco IOS Release 12.1(14)E1 and later releases support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, Spanning Tree Protocol (STP) uses the extended system ID (which is the VLAN ID) plus a MAC address to make the bridge ID unique for each VLAN. (Without the reduced MAC address support, 4096 VLANs would require 4096 MAC addresses on the switch.)

The spanning-tree extended system-ID feature must be enabled. For information on enabling the extended system ID, see the "Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.


Note The spanning-tree extended system ID is enabled permanently on chassis that support 64 MAC addresses.


The following Cisco routers support the Extended VLAN ID feature:

Cisco 800 series routers, including models 851, 857, 871, 876, 877, 878

Cisco 1700 series routers, including models 1711, 1712, 1751, 1751V, 1760

Cisco 1800 series routers, including models 1801, 1802, 1803, 1811, 1812, 1841

Cisco 2600 series routers, including models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691

Cisco 2800 series routers, including models 2801, 2811, 2821, 2851

Cisco 3600 series routers, including models 3620, 3640, 3640A, 3660

Cisco 3700 series routers, including models 3725, 3745

Cisco 3800 series routers, including models 3825, 3845

Restrictions for Extended VLAN ID

These are the restrictions for configuring normal and extended VLANs:

VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.

VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them. These VLANs are not displayed.

You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.

You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.

The vlan database mode does not support extended VLAN configuration.

Information About Extended VLAN ID

Before you configure an extended VLAN ID, you should understand the following concepts:

VLAN Number Space Management

Default Ethernet VLAN Configuration

VLAN Trunking Protocol Guidelines

Other Extended VLAN ID Guidelines

VLAN Number Space Management

Before Cisco IOS Release 12.4(15)T, users were permitted to configure VLANs numbered from 2 to 1001. The remaining VLANs (numbered from 1006 to 4094) were reserved for use as internal VLANs configured by applications. Beginning with Cisco IOS Release 12.4(15)T, all VLAN numbers except those reserved for default and reserved VLANs are available for user configuration. The result is that users and applications share the VLAN number space from 1006 to 4094. To manage this number space effectively, follow these guidelines:

Internal VLAN numbers begin with 1006 and use the next higher number for each additional VLAN.

Users should configure extended VLAN ID numbers beginning with 4094 and use the next lower number for each additional VLAN.

A first-come, first-served policy governs the allocation of numbers to internal VLANs and user-configured VLANs in the extended VLAN number space.


Note During system bootup, internal VLANs required for the features in the startup-configuration file are allocated numbers first, followed by user-configured VLANs in the startup configuration.


Before configuring extended-range VLANs, enter the show vlan internal usage privileged EXEC command to see which VLANs have been allocated as internal VLANs.

If you configure a VLAN number that matches the number of an existing internal VLAN, an error message appears and the extended VLAN configuration is denied.

To configure an extended VLAN with a number that is assigned to an internal VLAN, follow these steps:

Shut down the port assigned to the internal VLAN, freeing up the assigned VLAN number.

Create the extended-range VLAN with the desired VLAN number.

Reenable the port, which then uses a different VLAN number for its internal VLAN. See the "Configuring an Extended-Range VLAN Using an Internal VLAN ID" section for details.

Default Ethernet VLAN Configuration

Table 1 shows the default configuration for Ethernet VLANs.


Note The router supports Ethernet interfaces exclusively. Because Fiber Distributed Data Interface (FDDI) and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other devices.


Table 1 Ethernet VLAN Defaults and Ranges 

Parameter
Default
Range

IEEE 802.10 SAID

100001 (100000 plus the VLAN ID)

1 to 4294967294

MTU size

1500

1500 to 18190

Private VLANs

none configured

2 to 1001, 1006 to 4094.

Remote SPAN

disabled

enabled, disabled

Translational bridge 1

0

0 to 1005

Translational bridge 2

0

0 to 1005

VLAN ID

1

1 to 4094.

Note Extended-range VLANs (VLAN IDs 1006 to 4094) are not saved in the VLAN database.

VLAN name

VLANxxxx, where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number

No range

VLAN state

active

active, suspend


VLAN Trunking Protocol Guidelines

These are the guidelines for using extended VLAN ID with VLAN Trunking Protocol (VTP):

Extended range VLANs are not controlled by VTP.

VLANs in the extended range cannot be pruned. The VLAN range for the switchport trunk pruning vlan command remains 1-1005.

The VTP supported VLAN configuration (VLANs 1-1005) is included in the Cisco IOS configuration file only when the device is in VTP transparent mode.

VTP learns only normal-range VLANs, with VLAN IDs 1 to 1005; extended-range VLANs are not stored in the VLAN database. The router must be in VTP transparent mode when you create extended-range VLANs.

Other Extended VLAN ID Guidelines

Follow these guidelines when configuring extended VLAN IDs:

ISL-1Q mapping has been modified to accept extended range VLANs and normal range VLANs when specifying the ISL VLAN.

During system bootup, internal VLANs from the extended VLAN space are allocated after the VLAN and mapping commands from the startup configuration file have been parsed and executed.


Note Mapping a VLAN to a reserved or internal VLAN is not allowed.


Extended-range VLANs are not saved in the VLAN database; they are saved in the switch that runs the configuration file. You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command.

How to Configure an Extended VLAN ID

Extended VLANs have VLAN IDs in the range from 1006 to 4094. You can create or delete extended VLANs using the command-line interface (CLI) in the config-vlan submode. All extended VLANs are created with the primary type (for example, Ethernet) appropriate for the device. Configurable VLAN parameters include maximum transmission unit (MTU) size, private VLAN, and remote switched port analyzer (RSPAN). All other extended VLAN parameters use the default values.

For detailed information on default values for extended VLAN parameters, see the "VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.

For detailed information on VLANs and configuring VLAN IDs see the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.

This section contains instructions for the following tasks:

Configuring an Extended VLAN

Configuring an Extended-Range VLAN Using an Internal VLAN ID

Deleting an Extended VLAN

Configuring an Extended VLAN

When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094). The extended-range VLAN IDs are allowed for any commands that allow VLAN IDs. You always use config-vlan mode (accessed by entering the vlan vlan-id global configuration command) to configure extended-range VLANs. The extended range is not supported in VLAN database configuration mode (accessed by entering the vlan database privileged EXEC command).

Extended-range VLAN configurations are not stored in the VLAN database, but because VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command.

To configure a new extended VLAN, follow the steps below.

Prerequisites

Extended VLANs can be configured only in the global configuration mode.

The router must be in VTP transparent mode to configure an extended VLAN.

Restrictions

These are the restrictions for configuring extended VLANs:

You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.

You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.

The vlan database mode does not support extended VLAN configuration.

The extended-range VLAN has the default Ethernet VLAN characteristics (see Table 1), and the MTU size, private VLAN, and RSPAN configuration are the only parameters you can change.

SUMMARY STEPS

1. enable

2. configure terminal

3. vtp mode transparent

4. vlan {vlan-id | vlan-range}

5. mtu mtu-size

6. remote-span

7. end

8. copy running-config startup config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

vtp mode transparent

Example:

Router(config)# vtp mode transparent

Disables VTP.

Step 4 

vlan {vlan-id | vlan-range)

Example:

Router(config)# vlan 4025

Creates or modifies an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list. The range for the extended VLAN_ID argument is from 1006 to 4094.

Note Do not enter space characters.

Step 5 

mtu mtu-size

Example:

Router(config)# mtu 1600

(Optional) Modifies the VLAN by changing the MTU size.

Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.

Step 6 

remote-span

Example:

Router(config)# remote-span

(Optional) Configures the VLAN as the RSPAN VLAN.

Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.

See the "Configuring a VLAN as an RSPAN VLAN" section of the "Configuring SPAN and RSPAN" chapter in the Catalyst 3750 Switch Software Configuration Guide, Release 12.2(35)SE.

Step 7 

Router(config-vlan)# end

Example:

Router(config-vlan)# end

Returns to privileged EXEC mode.

Step 8 

copy running-config startup config

Example:

Router# copy running-config startup config

Saves your entries in the startup configuration file.

To save extended-range VLAN configurations, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.

Troubleshooting Tips

To verify your VLAN configuration, use the show vlan command in privileged EXEC mode to display summary configuration information for all configured VLANs.

Configuring an Extended-Range VLAN Using an Internal VLAN ID

If you enter an extended-range VLAN ID that is already assigned to an internal VLAN, an error message appears, and the extended-range VLAN is rejected. To manually free an internal VLAN ID, you must temporarily shut down the router port that is using the internal VLAN ID. Shutting down the port releases the VLAN ID for use with another VLAN.

After you shut down the port, you can configure the VLAN with the released VLAN ID and then reenable the port.

SUMMARY STEPS

1. enable

2. show vlan internal usage

3. configure terminal

4. interface interface-id

5. shutdown

6. exit

7. vtp mode transparent

8. vlan {vlan-id}

9. exit

10. interface interface-id

11. no shutdown

12. end

13. copy running-config startup config

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show vlan internal usage

Example:

Router# show vlan internal usage

Displays the VLAN IDs being used internally by the switch.

If the VLAN ID that you want to use is an internal VLAN, the display shows the router port that is using the VLAN ID. Enter that port number in Step 4.

Step 3 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 4 

interface interface-id

Example:

Router(config)# interface ethernet 0/1

Specifies the interface ID for the routed port that is using the VLAN ID and enters interface configuration mode.

Step 5 

shutdown

Example:

Router(config-interface)# shutdown

Shuts down the port to free the internal VLAN ID.

Step 6 

exit

Example:

Router(config-interface) exit

Returns to global configuration mode.

Step 7 

vtp mode transparent

Example:

Router(config)# vtp mode transparent

Sets the VTP mode to transparent for creating extended-range VLANs.

Step 8 

vlan vlan-id

Example:

Router(config)# vlan 2520

Enters the new extended-range VLAN ID and enters config-vlan mode.

Step 9 

exit

Example:

Router(config-vlan)# exit

Exits from config-vlan mode, and returns to global configuration mode.

Step 10 

interface interface-id

Example:

Router(config)# interface ethernet 0/1

Specifies the interface ID for the router port that you shut down in Step 5, and enters interface configuration mode.

Step 11 

no shutdown

Example:

Router(config-interface)# no shutdown

Reenables the router port, which will be assigned a new internal VLAN ID.

Step 12 

end

Example:

Router(config-interface)# end

Returns to privileged EXEC mode.

Step 13 

copy running-config startup config

Example:

Router# copy running-config startup config

Saves your entries in the switch startup configuration file.

To save an extended-range VLAN configuration, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the router startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.

Deleting an Extended VLAN

To delete an extended VLAN, follow the steps below.

Prerequisites

Extended VLANs can be deleted only in the global configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. no vlan {vlan-id | vlan-range}

4. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

no vlan {vlan-id | vlan-range)

Example:

Router(config)# no vlan 4025

Deletes an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list.

The range for the extended VLAN_ID argument is from 1006 to 4094.

Note Do not enter space characters.

Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.

Step 4 

end

Example:

Router(config-vlan)# end

Updates the VLAN database and returns to privileged EXEC mode.

Configuration Examples for Extended VLAN ID

The following examples show how to configure and delete a VLAN with an extended VLAN ID:

Configuring an Extended VLAN ID: Example

Deleting an Extended VLAN ID: Example

Configuring an Extended VLAN ID: Example

The following example shows how to configure a VLAN with the VLAN ID 4072:

enable
configure terminal
vtp mode transparent
vlan 4072
end
copy running-config startup config
 
   

Deleting an Extended VLAN ID: Example

The following example shows how to delete VLAN 4072:

enable
configure terminal
no vlan 4072
end
 
   

Additional References

The following sections provide references related to the Extended VLAN ID feature.

Related Documents

Related Topic
Document Title

Configuring VLANs

"Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.

Default VLAN configuration

"VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.

Enabling the spanning-tree extended system-ID feature

"Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E

Cisco IOS LAN Switching commands

Cisco IOS LAN Switching Command Reference, Release 12.2SR


Standards

Standard
Title

IEEE 802.1Q

IEEE 802.1Q—Virtual LANs


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Command Reference

This section documents commands that are new or modified.

monitor session

show mac-address-table

show spanning-tree

spanning-tree vlan

switchport trunk

vlan (global configuration mode)

monitor session

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

To start a new Switched Port Analyzer (SPAN) session, add or delete interfaces from an existing SPAN session, or delete a SPAN session, use the monitor session command in global configuration mode. To remove one or more source interfaces or destination interfaces from the SPAN session, use the no form of this command.

Source Interface

monitor session session source interface type/slot/port [, | - | rx | tx | both]

no monitor session session source interface type/slot/port [, | - | rx | tx | both]

Destination Interface

monitor session session destination interface type/slot/port [, | -]

no monitor session session destination interface type/slot/port [, | -]

Session

monitor session session

no monitor session session

Cisco 6500/6000 Catalyst Switches and Cisco 7600 Series Routers

To start a new ERSPAN, SPAN, or RSPAN session, add or delete interfaces or VLANs to or from an existing session, filter ERSPAN, SPAN, or RSPAN traffic to specific VLANs, or delete a session, use the monitor session command in global configuration mode. To remove one or more source or destination interfaces from the session, remove a source VLAN from the session, or delete a session, use the no form of this command.

Setting the Source Interface or VLAN

monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id}

no monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id}

Setting the Destination Interface or VLAN

monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id | analysis-module slot-number | {data-port port-number}

no monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id | analysis-module slot-number | data-port port-number}

Setting the Filter VLAN

monitor session session-number filter vlan vlan-range

no monitor session session-number filter vlan vlan-range

Setting the Session Type

monitor session session-number type {erspan-source | erspan-destination}

no monitor session {range session-range | local | remote | all | session}

Enabling a Service Module

monitor session servicemodule mod-list

no monitor session servicemodule mod-list

Syntax Description

session-number

Number of the SPAN session. For Cisco 2600, 3600, and 3700 series routers, valid values are 1 and 2. For Cisco 6500/6000 and 7600 series routers, valid values are 1 to 66.

source

Specifies the SPAN source.

destination

Specifies the SPAN destination interface.

interface type

(Optional) Specifies the interface type. For the Cisco 2600, 3600, and 3700 series routers, valid values are fastethernet and gigabitethernet. For the Cisco 6500/6000 and 7600 series routers, valid values are ethernet, fastethernet, gigabitethernet, or tengigabitethernet. See the "Usage Guidelines" for formatting information.

slot

(Optional) Specifies the interface number; valid entries are 1 and 2.

port

(Optional) Port interface number ranges based on type of Ethernet switch network module used:

0 to 15 for NM-16ESW
0 to 35 for NM-36ESW
0 to 1 for GigabitEthernet

interface type/slot/port

Specifies the interface type and number; valid values are ethernet (1 to 9), fastethernet (1 to 9), gigabitethernet (1 to 9), and port-channel (see the "Usage Guidelines" section).

,

(Optional) Specifies a series of SPAN VLANs.

-

(Optional) Specifies a range of SPAN VLANs.

rx

(Optional) Specifies monitor received traffic only.

tx

(Optional) Specifies monitor transmitted traffic only.

both

(Optional) Specifies monitor received and transmitted traffic.

vlan vlan-id

Specifies the VLAN identification. For the Cisco 2600, 3600, and 3700 series routers, the valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

For the Cisco 6500/6000 and 7600 series routers, valid values are 1 to 4094.

remote vlan rspan-vlan-id

Specifies the RSPAN VLAN as a destination VLAN.

destination

Specifies the SPAN-destination interface.

analysis-module slot-number

Specifies the network analysis module number; see the "Usage Guidelines" section for additional information.

data-port port-number

Specifies the data port number; see the "Usage Guidelines" section for additional information.

filter vlan vlan-range

Limits SPAN-source traffic to specific VLANs.

Note The filter keyword is not supported on the Cisco 2600 series or the Cisco 3600 series routers.

servicemodule

Specifies service modules. See the "Usage Guidelines" for a list of the valid values.

mod-list

List of service module numbers.

type erspan-destination

Enters the ERSPAN destination-session configuration mode. See the monitor session type command for additional information.

type erspan-source

Enters the ERSPAN source-session configuration mode. See the monitor session type command for additional information.

range session-range

Specifies the range of sessions.

local

Specifies the local session.

remote

Specifies the remote session.

all

Specifies all sessions.


Command Default

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

A trunking interface monitors all VLANs and all received and transmitted traffic.

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

The defaults are as follows:

both—Received and transmitted traffic are monitored.

servicemodule—All service modules are allowed to use the SPAN service module session.

Command Modes

Global configuration (config)

Command History

Release
Modification

12.0(7)XE

This command was introduced on the Catalyst 6000 family switches.

12.1(1)E

Support for this command on the Catalyst 6000 family switches was extended to Cisco IOS Release 12.1(1)E.

12.1(3a)E3

The number of valid values for the port-channel number was changed; see the "Usage Guidelines" section for valid values.

12.1(5c)EX

These SPAN support restrictions were added:

If your switch has a Switch Fabric Module installed, SPAN is supported among supervisor engines and nonfabric-enabled modules.

If your switch does not have a Switch Fabric Module installed, SPAN is supported on all modules, including fabric-enabled modules.

SPAN on DFC-equipped modules is not supported.

12.2(2)XT

This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(17a)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17b)SXA

This command was changed to support the SSO mode and change the default mode.

12.2(17d)SXB

Support for this command was introduced on the Supervisor Engine 2.

12.2(18)SXE

This command was changed as follows on the Supervisor Engine 720 only:

Added the type erspan-source and the type erspan-source keywords to support ERSPAN; see the monitor session type command for additional information.

Added the mod-list argument to the monitor session servicemodule command to allow you to enable or disable the SPAN service module session for a list of modules.

In the transmit or transmit and receive directions, you can specify up to 128 physical interfaces as the source.

12.4(15)T

This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.


Usage Guidelines

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The port-channel number supports six EtherChannels and eight ports in each channel.

Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you will get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

Ciso 6500/6000 Catalyst Switches

The number of valid values for port-channel number depends on the software release. For Cisco IOS releases prior to software Release 12.1(3a)E3, valid values are from 1 to 256; for Cisco IOS Release 12.1(3a)E3, 12.1(3a)E4, and 12.1(4)E1, valid values are from 1 to 64. Cisco IOS Release 12.1(5c)EX and later support a maximum of 64 values ranging from 1 to 256.

Only one destination per SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

You can configure up to 64 SPAN destination interfaces, but you can have one egress SPAN source interface and up to 64 ingress source interfaces only.

A SPAN session can either monitor VLANs or monitor individual interfaces, but it cannot monitor both specific interfaces and specific VLANs. Configuring a SPAN session with a source interface and then trying to add a source VLAN to the same SPAN session causes an error. Configuring a SPAN session with a source VLAN and then trying to add a source interface to that session also causes an error. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.

Port channel interfaces display in the list of interface options if you have them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.

The following servicemodule mod-list values are valid for the Cisco 6500/6000 Catalyst switches:

bpdu—Enables Bridge Protocol Data Units (BPDUs) of service modules.

module—Specifies a list of service modules.

network-analysis-module—Enables Network Analysis Module (NAM) service module.

Cisco 7600 Series Routers

Use these formatting guidelines when configuring monitor sessions:

interface and single-interface formats are type slot/port; valid values for type are ethernet, fastethernet, gigabitethernet, or tengigabitethernet.

An interface-list is a list of interfaces that are separated by commas. Insert a space before and after each comma as shown in this example:

single-interface , single-interface , single-interface

An interface-range is a range of interfaces that are separated by dashes. Insert a space before and after each dash. To enter multiple ranges, separate each range with a comma as shown in this example:

type slot/first-port , last-port

A mixed-interface-list is a mixed list of interfaces. Insert a space before and after each dash and comma as shown in this example:

single-interface, - interface-range , ... in any order.

A single-vlan is an ID number of a single VLAN; valid values are from 1 to 4094.

A vlan-list is a list of VLAN IDs that are separated by commas. An example is shown as follows:

single-vlan , single-vlan , single-vlan ...

A vlan-range is a range of VLAN IDs that are separated by dashes. An example is shown as follows:

first-vlan-ID - last-vlan-ID

A mixed-vlan-list is a mixed list of VLAN IDs. Insert a space before and after each dash. To enter multiple ranges, separate each VLAN ID with a comma as shown in this example:

single-vlan , vlan-range , ... in any order

The servicemodule keyword has only one valid value:

module—Specifies a list of service modules.

The analysis-module slot-number and the data-port port-number keywords and arguments are supported only on NAM.

The number of valid values for port-channel number are a maximum of 64 values ranging from 1 to 256.

You cannot share the destination interfaces among SPAN sessions. For example, a single destination interface can belong to one SPAN session only and cannot be configured as a destination interface in another SPAN session.


Note Be careful when configuring SPAN-type source ports that are associated to SPAN-type destination ports because you do not configure SPAN on high-traffic interfaces. If you configure SPAN on high-traffic interfaces, you may saturate fabric channels, replication engines, and interfaces. To configure SPAN-type source ports that are associated to SPAN-type destination ports, enter the monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id} command.


The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN session limits are as follows:

Total Sessions
Local SPAN, RSPAN Source, or ERSPAN Source Sessions
RSPAN Destination Sessions
ERSPAN Destination Sessions

66

2 (ingress or egress or both)

64

23


The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN source and destination limits are as follows:

 
In Each Local SPAN Session
In Each RSPAN Source Session
In Each ERSPAN Source Session
In Each RSPAN Destination Session
In Each ERSPAN Destination Session

Egress or ingress and egress sources

With releases earlier than Release 12.2(18)SXE

1

1

1

Release 12.2(18)SXE and later releases

128

128

128

Ingress sources

With releases earlier than Release 12.2(18)SXD

64

64

64

Release 12.2(18)SXD and later releases

128

128

128

RSPAN and ERSPAN destination session sources

1 RSPAN VLAN

1 IP address

Destinations per session

64

1 RSPAN VLAN

1 IP address

64

64



NoteSupervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.

Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.


The Supervisor Engine 2 local SPAN and RSPAN session limits are as follows:

Total Sessions
Local SPAN Sessions
RSPAN Source Sessions
RSPAN Destination Sessions

66

2 (ingress or egress or both)

0

64

1 ingress

1 (ingress or egress or both)

64

1 or 2 egress

0

64


The Supervisor Engine 2 local SPAN and RSPAN source and destination limits are as follows:

 
In Each Local SPAN Session
In Each RSPAN Source Session
In Each RSPAN Destination Session

Egress or egress and ingress sources

1 (0 with a remote SPAN source session configured)

1 (0 with a local SPAN egress source session configured)

Ingress sources

With releases earlier than Release 12.2(18)SXD

64

64

Release 12.2(18)SXD and later releases

128

128

RSPAN destination session source

1 RSPAN VLAN

Destinations per session

64

1 RSPAN VLAN

64



Note Supervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.



Note Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.


A particular SPAN session can either monitor the VLANs or monitor individual interfaces—you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you get an error. You also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.

The port-channel interfaces display in the list of interface options if you have them configured. The VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.

The show monitor command displays the SPAN service module session only if it is allocated in the system. It also displays a list of allowed modules and a list of active modules that can use the service module session.

Only the no form of the monitor session servicemodule command is displayed when you enter the show running-config command.

If no module is allowed to use the service module session, the service module session is automatically deallocated. If at least one module is allowed to use the service module session and at least one module is online, the service module session is automatically allocated.

If you allow or disallow a list of modules that are not service modules from using the service module session, there will be no effect on the allocation or deallocation of the service module session. Only the list of modules is saved in the configuration.

If you disable the SPAN service module session with the no monitor session sericemodule command, allowing or disallowing a list of modules from using the service module session has no effect on the allocation or deallocation of the service module session. Only the list of modules is saved in the configuration.

The monitor session sericemodule command is accepted even if there are no modules physically inserted in any slot.

Examples

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The following example shows how to add a destination VLAN to an existing SPAN session:

Router(config)# monitor session 1 destination interface fastEthernet 2/0

Cisco 6500/600 Catalyst Switches

The following example shows how to add a destination VLAN to an existing SPAN session:

Router(config)# monitor session 1 destination vlan 100
 
   

The following example shows how to delete a destination VLAN from an existing SPAN session:

Router(config)# no monitor session 1 destination vlan 100
 
   

The following example shows how to limit SPAN traffic to specific VLANs:

Router(config)# monitor session 1 filter vlan 100 - 304

Cisco 7600 Series Routers

This example shows how to configure multiple sources for a session:

Router(config)# monitor session 2 source interface fastethernet 5/15 , 7/3 rx
Router(config)# monitor session 2 source interface gigabitethernet 1/2 tx 
Router(config)# monitor session 2 source interface port-channel 102 
Router(config)# monitor session 2 source filter vlan 2 - 3
Router(config)# monitor session 2 destination remote vlan 901
 
   

This example shows how to configure an RSPAN destination in the final switch (RSPAN destination session):

Router(config)# monitor session 8 source remote vlan 901
Router(config)# monitor session 8 destination interface fastethernet 1/2 , 2/3
 
   

This example shows how to clear the configuration for sessions 1 and 2:

Router(config)# no monitor session 1 - 2
Router(config)#
 
   

This example shows how to clear the configuration for all sessions:

Router(config)# no monitor session all
Router(config)#

This example shows how to clear the configuration for all remote sessions:

Router(config)# no monitor session remote
Router(config)#
 
   

This example shows how to allow a list of modules to use the SPAN service module session:

Router(config)# monitor session servicemodule module 1 - 2
Router(config)#
 
   

This example shows how to disallow a list of modules from using the SPAN service module session:

Router(config)# no monitor session servicemodule module 1 - 2
Router(config)#

Related Commands

Command
Description

remote-span

Configures a VLAN as an RSPAN VLAN.

show monitor

Displays SPAN session information.

show monitor session

Displays information about the ERSPAN, SPAN, and RSPAN sessions.


show mac-address-table

To display the MAC address table, use the show mac-address-table command in privileged EXEC mode.

Cisco 2600, 3600, and 3700 Series Routers

show mac-address-table [static | dynamic | secure | self | aging-time | count] [address mac-addr] [interface interface-type] [fa | gi slot/port] [vlan vlan-id]

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

show mac-address-table

show mac-address-table address mac-addr [all | interface interface-type interface-number | module number | vlan vlan-id]

show mac-address-table aging-time [vlan vlan-id]

show mac-address-table count [module number | vlan vlan-id]

show mac-address-table dynamic [address mac-addr | interface interface-type interface-number | module number | vlan vlan-id]

show mac-address-table interface interface-type interface-number

show mac-address-table limit [vlan vlan-id | module number | interface interface-type]

show mac-address-table module number

show mac-address-table multicast [count | {igmp-snooping | mld-snooping [count] | user [count] | vlan vlan-id}]

show mac-address-table multicast [count | igmp-snooping | mld-snooping | user | vlan vlan-id ]

show mac-address-table notification {mac-move | threshold}

show mac-address-table static [address mac-addr | detail | interface interface-type interface-number | vlan vlan-id | module number]

show mac-address-table synchronize statistics

show mac-address-table unicast-flood

show mac-address-table vlan vlan-id [module number]

Syntax Description

static

(Optional) Displays information about the static MAC address table entries only.

dynamic

(Optional) Displays information about the dynamic MAC address table entries only.

secure

(Optional) Displays only the secure addresses.

self

(Optional) Displays only addresses added by the switch itself.

aging-time

(Optional) Displays aging-time for dynamic addresses for all VLANs.

count

(Optional) Displays the number of entries that are currently in the MAC address table. See the "Usage Guidelines" for valid values.

address mac-addr

Displays information about the MAC address table for a specific MAC address. See the "Usage Guidelines" section for formatting information.

interface interface-type

(Optional) Displays addresses for a specific port.

interface interface

(Optional) Displays information about a specific interface type. For the Cisco 6500/6000 series, valid values are atm, fastethernet, gigabitethernet, and port-channel. For the Cisco 7600 series, valid values are ethernet, fastethernet, gigabitethernet, tengigabitethernet, pos, atm, and ge-wan.

fa

(Optional) Specifies Fast Ethernet.

gi

(Optional) Specifies Gigabit Ethernet.

slot/port

(Optional) Adds dynamic addresses to the module in slot 1 or 2.

atm slot/port

(Optional) Adds dynamic addresses to ATM module slot/port. Use 1 or 2 for the slot number. Use 0 as the port number.

vlan vlan-id

(Optional) Displays addresses for a specific VLAN. For the Cisco 2600, 3600, and 3700 series, valid values are from 1 to 1005; do not enter leading zeroes. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

For the Cisco 6500/6000 and 7600 series, valid values are from 1 to 4094.

all

(Optional) Displays every instance of the specified MAC address in the forwarding table.

interface-number

(Optional) Module and port number; see the "Usage Guidelines" section for valid values.

module number

(Optional) Displays information about the MAC address table for a specific Distributed Forwarding Card (DFC) module.

limit

Displays MAC-usage information.

port number

(Optional) Displays MAC-usage information for the specified port.

multicast

Displays information about the multicast MAC address table entries only.

igmp-snooping

Displays the addresses learned by IGMP snooping.

mld-snooping

Displays the addresses learned by Multicast Listener Discover version 2 (MLDv2) snooping.

user

Displays the manually entered (static) addresses.

notification mac-move

Displays the MAC-move notification status.

notification threshold

Displays the Counter-Addressable Memory (CAM) table utilization notification status.

synchronize statistics

Displays information about the statistics collected on the switch processor/DFC.

unicast-flood

Displays unicast-flood information.


Command Modes

Privileged EXEC (#)

Command History

Release
Modification

11.2(8)SA

This command was introduced.

11.2(8)SA3

The self, aging-time, count, and vlan vlan-id keywords and arguments were added.

11.2(8)SA5

The atm slot/port keyword and arguments were added.

12.2(2)XT

This command was implemented on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17a)SX

For the Cisco 6500/6000 and 7600 series, this command was changed to support the following optional keywords and arguments:

unicast-flood

count module number

limit [vlan vlan | port number | interface interface-type]

notification threshold

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.

12.2(18)SXE

For the Cisco 6500/6000 and 7600 series, this command was changed to support the mld-snooping keyword on the Supervisor Engine 720 only.

12.2(18)SXF

For the Cisco 6500/6000 and 7600 series, this command was changed to support the synchronize statistics keywords on the Supervisor Engine 720 only.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.4(15)T

This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.


Usage Guidelines

Cisco 2600, 3600 , and 3700 Series Routers

This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and arguments. If more than one optional keyword is used, then all the conditions must be true for that entry to be displayed.

Csico 6500/6000 Catalyst Switches and 7600 Series Routers

If you do not specify a module number, the output of the show mac-address-table command displays information about the supervisor engine. To display information about the MAC address table of the DFCs, you must enter the module number or the all keyword.

The mac-addr is a 48-bit MAC address and the valid format is H.H.H.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.

The optional module number keyword and argument are supported only on DFC modules. The module number keyword and argument designate the module number.

Valid values for mac-group-address are from 1 to 9.

The optional count keyword displays the number of multicast entries.

append—Appends redirected output to the URL.

begin—Begins with the matching line.

exclude—Excludes matching lines.

include—Includes matching lines.

redirect—Redirects output to the URL.

tee—Copies output to the URL.

The optional multicast keyword displays the multicast MAC addresses (groups) in a VLAN or displays all statically installed or IGMP snooping-learned entries in the Layer 2 table.

The information that is displayed in the show mac-address-table unicast-flood command output is as follows:

Up to 50 flood entries, shared across all the VLANs that are not configured to use the filter mode, can be recorded.

The output field displays are defined as follows:

ALERT—Information is updated approximately every 3 seconds.

SHUTDOWN—Information is updated approximately every 3 seconds.


Note The information displayed on the destination MAC addresses is deleted as soon as the floods stop after the port shuts down.


Information is updated each time that you install the filter. The information lasts until you remove the filter.

The dynamic entries that are displayed in the Learn field are always set to Yes.

The show mac-address-table limit command output displays the following information:

The current number of MAC addresses.

The maximum number of MAC entries that are allowed.

The percentage of usage.

The show mac-address-table synchronize statistics command output displays the following information:

Number of messages processed at each time interval.

Number of active entries sent for synchronization.

Number of entries updated, created, ignored, or failed.

Examples

Cisco 2600, 3600, and 3700 Series Routers

The following is sample output from the show mac-address-table command:

Router# show mac-address-table
 
   
Dynamic Addresses Count:               9
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count:           41
Total MAC addresses:                   50
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0010.0de0.e289       Dynamic          1  FastEthernet0/1
0010.7b00.1540       Dynamic          2  FastEthernet0/5
0010.7b00.1545       Dynamic          2  FastEthernet0/5
0060.5cf4.0076       Dynamic          1  FastEthernet0/1
0060.5cf4.0077       Dynamic          1  FastEthernet0/1
0060.5cf4.1315       Dynamic          1  FastEthernet0/1
0060.70cb.f301       Dynamic          1  FastEthernet0/1
00e0.1e42.9978       Dynamic          1  FastEthernet0/1
00e0.1e9f.3900       Dynamic          1  FastEthernet0/1 
 
   

Cisco 6500/6000 Catalyst Switches

The following is sample output from the show mac-address-table command:

Switch# show mac-address-table
Dynamic Addresses Count:               9
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count:           41
Total MAC addresses:                   50
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0010.0de0.e289       Dynamic          1  FastEthernet0/1
0010.7b00.1540       Dynamic          2  FastEthernet0/5
0010.7b00.1545       Dynamic          2  FastEthernet0/5
0060.5cf4.0076       Dynamic          1  FastEthernet0/1
0060.5cf4.0077       Dynamic          1  FastEthernet0/1
0060.5cf4.1315       Dynamic          1  FastEthernet0/1
0060.70cb.f301       Dynamic          1  FastEthernet0/1
00e0.1e42.9978       Dynamic          1  FastEthernet0/1
00e0.1e9f.3900       Dynamic          1  FastEthernet0/1 

Cisco 7600 Series Routers


Note In a distributed Encoded Address Recongition Logic (EARL) switch, the asterisk (*) indicates a MAC address that is learned on a port that is associated with this EARL.


This example shows how to display the information about the MAC address table for a specific MAC address; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table address 001.6441.60ca
 
   
Codes: * - primary entry
 
   
  vlan   mac address     type    learn qos            ports
------+----------------+--------+-----+---+--------------------------
Supervisor:
*  ---  0001.6441.60ca    static  No    --  Router
Router#

This example shows how to display MAC address table information for a specific MAC address; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table address 0100.5e00.0128
 
   
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available
 
   
  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Supervisor:
*   44  0100.5e00.0128    static  Yes          -   Fa6/44,Router
*    1  0100.5e00.0128    static  Yes          -   Router
Module 9:
*   44  0100.5e00.0128    static  Yes          -   Fa6/44,Router
*    1  0100.5e00.0128    static  Yes          -   Router
Router# 

This example shows how to display the currently configured aging time for all VLANs:

Router# show mac-address-table aging-time 
 
   
Vlan    Aging Time
----    ----------
*100     300
200     1000
 
   
Router# 

This example shows how to display all the dynamic MAC address entries:

Router# show mac-address-table dynamic
 
   
Legend: * - primary entry 
age - seconds since last seen 
n/a - not applicable
vlan     mac address      type   learn    age               ports 
------+----------------+--------+-----+----------+-------------------------- 
* 10   0010.0000.0000   dynamic  Yes   n/a        Gi4/1 
* 3    0010.0000.0000   dynamic  Yes   0          Gi4/2 
* 1    0002.fcbc.ac64   dynamic  Yes   265        Gi8/1 
* 1    0009.12e9.adc0   static   No    -          Router
Router# 

This example shows how to display the information about the MAC address table for a specific interface; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table interface fastethernet 6/45
 
   
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available
 
   
  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   45  00e0.f74c.842d   dynamic  Yes          5   Fa6/45
Router#

Note A leading asterisk (*) indicates entries from a MAC address that was learned from a packet coming from an outside device to a specific module.


This example shows how to display the MAC-move notification status:

Router# show mac-address-table notification mac-move
 
   
MAC Move Notification: Enabled
Router# 
 
   

This example shows how to display the CAM-table utilization-notification status:

Router# show mac-address-table notification threshold 
 
   
Status limit Interval 
-------------+-----------+------------- 
enabled 1 120 
Router# 
 
   

This example shows how to display unicast-flood information:

Router# show mac-address-table unicast-flood 
 
   
> > Unicast Flood Protection status: enabled 
> > 
> > Configuration: 
> > vlan Kfps action timeout 
> > ------+----------+-----------------+---------- 
> > 2 2 alert none 
> > 
> > Mac filters: 
> > No. vlan source mac addr. installed 
> > on time left (mm:ss) 
> > 
> >-----+------+-----------------+------------------------------+------------------ 
> > 
> > Flood details: 
> > Vlan source mac addr. destination mac addr. 
> > 
> >------+----------------+------------------------------------------------- 
> > 2 0000.0000.cafe 0000.0000.bad0, 0000.0000.babe, 
> > 0000.0000.bac0 
> > 0000.0000.bac2, 0000.0000.bac4, 
> > 0000.0000.bac6 
> > 0000.0000.bac8 
> > 2 0000.0000.caff 0000.0000.bad1, 0000.0000.babf, 
> > 0000.0000.bac1 
> > 0000.0000.bac3, 0000.0000.bac5, 
> > 0000.0000.bac7 
> > 0000.0000.bac9
Router#
                                                         

This example shows how to display all the static MAC address entries; this Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table static
 
   
Codes: * - primary entry
 
   
  vlan   mac address     type    learn qos            ports
------+----------------+--------+-----+---+--------------------------
*  ---  0001.6441.60ca    static  No    --  Router
 
   
Router#

This example shows how to display the information about the MAC-address table for a specific VLAN:

Router# show mac-address-table vlan 100
 
   
vlan   mac address     type    protocol  qos             ports
-----+---------------+--------+---------+---+--------------------------------
 100  0050.3e8d.6400  static   assigned  --  Router
 100  0050.7312.0cff  dynamic        ip  --  Fa5/9
 100  0080.1c93.8040  dynamic        ip  --  Fa5/9
 100  0050.3e8d.6400  static        ipx  --  Router
 100  0050.3e8d.6400  static      other  --  Router
 100  0100.0cdd.dddd  static      other  --  Fa5/9,Router,Switch
 100  00d0.5870.a4ff  dynamic        ip  --  Fa5/9
 100  00e0.4fac.b400  dynamic        ip  --  Fa5/9
 100  0100.5e00.0001  static         ip  --  Fa5/9,Switch
 100  0050.3e8d.6400  static         ip  --  Router
Router#  
 
   

This example shows how to display the information about the MAC address table for MLDv2 snooping:

Router# show mac-address-table multicast mld-snooping
 
   
vlan mac address type learn qos ports 
-----+---------------+--------+-----+---+-------------------------------- 
--- 3333.0000.0001 static Yes - Switch,Stby-Switch 
--- 3333.0000.000d static Yes - Fa2/1,Fa4/1,Router,Switch 
--- 3333.0000.0016 static Yes - Switch,Stby-Switch
Router#

Related Commands

Command
Description

clear mac-address-table

Deletes entries from the MAC address table.

mac-address-table aging-time

Configures the aging time for entries in the Layer 2 table.

mac-address-table limit

Enables MAC limiting.

mac-address-table notification mac-move

Enables MAC-move notification.

mac-address-table static

Adds static entries to the MAC address table or configure a static MAC address with IGMP snooping disabled for that address.

mac-address-table synchronize

Synchronizes the Layer 2 MAC address table entries across the PFC and all the DFCs.


show spanning-tree

To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command in privileged EXEC mode.

Cisco 2600, 3660, and 3845 Series Switches

show spanning-tree [bridge-group] [active | backbonefast | blockedports | bridge | brief | inconsistentports | interface interface-type interface-number| root | summary [totals] | uplinkfast | vlan vlan-id]

Cisco 6500/6000 Catalyst Series Switches and Cisco 7600 Series Routers

show spanning-tree [bridge-group | active | backbonefast | bridge [id] | detail | inconsistentports | interface interface-type interface-number | root | summary [total] | uplinkfast | vlan vlan-id | port-channel number | pathcost method]

Syntax Description

bridge-group

(Optional) Specifies the bridge group number. The range is 1 to 255.

active

(Optional) Displays spanning-tree information on active interfaces only.

backbonefast

(Optional) Displays spanning-tree BackboneFast status.

blockedports

(Optional) Displays blocked port information.

bridge

(Optional) Displays status and configuration of this switch.

brief

(Optional) Specifies a brief summary of interface information.

inconsistentports

(Optional) Displays information about inconsistent ports.

interface interface-type interface-number

(Optional) Specifies the type and number of the interface. Enter each interface designator, using a space to separate it from the one before and the one after. Ranges are not supported. Valid interfaces include physical ports and virtual LANs (VLANs). See the "Usage Guidelines" for valid values.

root

(Optional) Displays root-switch status and configuration.

summary

(Optional) Specifies a summary of port states.

totals

(Optional) Displays the total lines of the spanning-tree state section.

uplinkfast

(Optional) Displays spanning-tree UplinkFast status.

vlan vlan-id

(Optional) Specifies the VLAN ID. The range is 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

If the vlan-id value is omitted, the command applies to the spanning-tree instance for all VLANs.

id

(Optional) Identifies the spanning tree bridge.

detail

(Optional) Shows status and configuration details.

port-channel number

(Optional) Identifies the Ethernet channel associated with the interfaces.

pathcost method

(Optional) Displays the default path-cost calculation method that is used. See the "Usage Guidelines" section for the valid values.


Command Modes

Privileged EXEC (#)

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.0(5.2)WC(1)

This command was integrated into Cisco IOS Release 12.0(5.2)WC(1).

12.1(6)EA2

This command was integrated into Cisco IOS Release 12.1(6)EA2. The following keywords and arguments were added: bridge-group, active, backbonefast, blockedports, bridge, inconsistentports, pathcost method, root, totals, and uplinkfast.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(15)ZJ

The syntax added in Cisco IOS Release 12.1(6)EA2 was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to
Cisco IOS Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.3(4)T

The platform support and syntax added in Cisco IOS Release 12.2(15)ZJ was integrated into Cisco IOS Release 12.3(4)T.

12.4(15)T

This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.


Usage Guidelines

The keywords and arguments that are available with the show spanning-tree command vary depending on the platform you are using and the network modules that are installed and operational.

Cisco 2600, 3660, and 3845 Series Switches

The valid values for interface interface-type are:

fastethernet—Specifies a Fast Ethernet IEEE 802.3 interface.

port-channel—Specifies an Ethernet channel of interfaces.

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

The port-channel number values from 257 to 282 are supported on the Content Switching Module (CSM) and the Firewal Services Module (FWSM) only.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.

When checking spanning tree-active states and you have a large number of VLANs, you can enter the show spanning-tree summary total command. You can display the total number of VLANs without having to scroll through the list of VLANs.

The valid values for interface interface-type are:

fastethernet—Specifies a Fast Ethernet IEEE 802.3 interface.

port-channel—Specifies an Ethernet channel of interfaces.

atm—Specifies an Asynchronous Transfer Mode (ATM) interface.

gigabitethernet—Specifies a Gigabit Ethernet IEEE 802.3z interface.

multilink—Specifies a multilink-group interface.

serial—Specifies a serial interface.

vlan—Specifies a catalyst VLAN interface.

The valid values for keyword pathcoast method are:

append—Appends the redirected output to a URL (supporting the append operation).

begin—Begins with the matching line.

exclude—Excludes matching lines.

include—Includes matching lines.

redirect—Redirects output to a URL.

tee—Copies output to a URL.

Examples

Cisco 2600, 3660, and 3845 Series Switches

The following example shows that bridge group 1 is running the VLAN Bridge Spanning Tree Protocol:

Router# show spanning-tree 1
 
   
Bridge group 1 is executing the VLAN Bridge compatible Spanning Tree Protocol
Bridge Identifier has priority 32768, address 0000.0c37.b055
Configured hello time 2, max age 30, forward delay 20
We are the root of the spanning tree
Port Number size is 10 bits
Topology change flag not set, detected flag not set
Times: hold 1, topology change 35, notification 2
      hello 2, max age 30, forward delay 20
Timers: hello 0, topology change 0, notification 0
  bridge aging time 300
 
Port 8 (Ethernet1) of Bridge group 1 is forwarding
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 0000.0c37.b055
   Designated bridge has priority 32768, address 0000.0c37.b055
   Designated port is 8, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 184, received 0

The following is sample output from the show spanning-tree summary command:

Router# show spanning-tree summary
 
   
UplinkFast is disabled
 
   
Name                 Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ----------
VLAN1                23       0         0        1          24
-------------------- -------- --------- -------- ---------- ----------
              1 VLAN 23       0         0        1          24
 
   

Table 2 describes the significant fields shown in the display.

Table 2 show spanning-tree summary Field Descriptions 

Field
Description

UplinkFast

Indicates whether the spanning-tree UplinkFast feature is enabled or disabled.

Name

Name of VLAN.

Blocking

Number of ports in the VLAN in a blocking state.

Listening

Number of ports in a listening state.

Learning

Number of ports in a learning state.

Forwarding

Number of ports in a forwarding state.

STP Active

Number of ports using the Spanning-Tree Protocol.


The following is sample output from the show spanning-tree brief command:

Router# show spanning-tree brief
 
   
VLAN1
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0030.7172.66c4
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec 
VLAN1
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0030.7172.66c4
Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Fa0/11  128.17  128  100  BLK  38    0404.0400.0001 128.17
Fa0/12  128.18  128  100  BLK  38    0404.0400.0001 128.18
Fa0/13  128.19  128  100  BLK  38    0404.0400.0001 128.19
Fa0/14  128.20  128  100  BLK  38    0404.0400.0001 128.20
Fa0/15  128.21  128  100  BLK  38    0404.0400.0001 128.21
Fa0/16  128.22  128  100  BLK  38    0404.0400.0001 128.22
Fa0/17  128.23  128  100  BLK  38    0404.0400.0001 128.23
Fa0/18  128.24  128  100  BLK  38    0404.0400.0001 128.24
Fa0/19  128.25  128  100  BLK  38    0404.0400.0001 128.25
Fa0/20  128.26  128  100  BLK  38    0404.0400.0001 128.26
Fa0/21  128.27  128  100  BLK  38    0404.0400.0001 128.27
 
   
Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Fa0/22  128.28  128  100  BLK  38    0404.0400.0001 128.28
Fa0/23  128.29  128  100  BLK  38    0404.0400.0001 128.29
Fa0/24  128.30  128  100  BLK  38    0404.0400.0001 128.30 Hello Time   2 sec  Max Age 20 
sec  Forward Delay 15 sec 
 
   

Table 3 describes the significant fields shown in the display.

Table 3 show spanning-tree brief Field Descriptions 

Field
Description

VLAN1

VLAN for which spanning-tree information is shown.

Spanning tree enabled protocol

Type of spanning tree (IEEE, IBM, CISCO).

ROOT ID

Indicates the root bridge.

Priority

Priority indicator.

Address

MAC address of the port.

Hello Time

Amount of time, in seconds, that the bridge sends bridge protocol data units (BPDUs).

Max Age

Amount of time, in seconds, that a BPDU packet should be considered valid.

Forward Delay

Amount of time, in seconds, that the port spends in listening or learning mode.

Port Name

Interface type and number of the port.

Port ID

Identifier of the named port.

Prio

Priority associated with the port.

Cost

Cost associated with the port.

Sts

Status of the port.

Designated Cost

Designated cost for the path.

Designated Bridge ID

Bridge identifier of the bridge assumed to be the designated bridge for the LAN associated with the port.


The following is sample output from the show spanning-tree vlan 1 command:

Router# show spanning-tree vlan 1
 
   
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 32768, address 0010.0b3f.ac80
  Root port is 5, cost of root path is 10
  Topology change flag not set, detected flag not set, changes 1
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
 
   
Interface Fa0/1  in Spanning tree 1 is down
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 0010.0b3f.ac80
Designated bridge has priority 32768, address 00e0.1eb2.ddc0
   Designated port is 1, path cost 10
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0 
   
 
   

Table 4 describes the significant fields shown in the display.

Table 4 show spanning-tree vlan Field Descriptions 

Field
Description

Spanning tree

Type of spanning tree (IEEE, IBM, CISCO).

Bridge Identifier

Part of the bridge identifier and taken as the most significant part for bridge ID comparisons.

address

Bridge MAC address.

Root port

Identifier of the root port.

Topology change

Flags and timers associated with topology changes.


The following is sample output from the show spanning-tree interface fastethernet0/3 command:

Router# show spanning-tree interface fastethernet0/3
 
   
Interface Fa0/3 (port 3) in Spanning tree 1 is down
   Port path cost 100, Port priority 128
   Designated root has priority 6000, address 0090.2bba.7a40
   Designated bridge has priority 32768, address 00e0.1e9f.4abf
   Designated port is 3, path cost 410
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0

Cisco 6500/6000 Series Catalyst Switches and 7600 Series Routers

This example shows how to display a summary of interface information:

Router# show spanning-tree
 
   
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0004.9b78.0800
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 
   
  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     0004.9b78.0800
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 15 
 
   
Interface        Port ID                     Designated                Port ID
Name             Prio.Nbr      Cost Sts      Cost Bridge ID            Prio.Nbr
---------------- -------- --------- --- --------- -------------------- --------
Gi2/1            128.65           4 LIS         0  4097 0004.9b78.0800 128.65  
Gi2/2            128.66           4 LIS         0  4097 0004.9b78.0800 128.66  
Fa4/3            128.195         19 LIS         0  4097 0004.9b78.0800 128.195 
Fa4/4            128.196         19 BLK         0  4097 0004.9b78.0800 128.195 
 
   
Router#
 
   

Table 5 describes the fields that are shown in the example.

Table 5 show spanning-tree Command Output Fields

Field
Definition

Port ID Prio.Nbr

Port ID and priority number.

Cost

Port cost.

Sts

Status information.


This example shows how to display information about the spanning tree on active interfaces only:

Router# show spanning-tree active
 
   
UplinkFast is disabled
BackboneFast is disabled
 
   
 VLAN1 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0050.3e8d.6401
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 16384, address 0060.704c.7000
  Root port is 265 (FastEthernet5/9), cost of root path is 38
  Topology change flag not set, detected flag not set
  Number of topology changes 0 last change occurred 18:13:54 ago
  Times:  hold 1, topology change 24, notification 2
          hello 2, max age 14, forward delay 10
  Timers: hello 0, topology change 0, notification 0
 
   
Router#
 
   

This example shows how to display the status of spanning-tree BackboneFast:

Router# show spanning-tree backbonefast
 
   
BackboneFast is enabled
 
BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs) : 0
Number of inferior BPDUs received (all VLANs)     : 0
Number of RLQ request PDUs received (all VLANs)   : 0
Number of RLQ response PDUs received (all VLANs)  : 0
Number of RLQ request PDUs sent (all VLANs)       : 0
Number of RLQ response PDUs sent (all VLANs)      : 0
Router# 

This example shows how to display information about the spanning tree for this bridge only:

Router# show spanning-tree bridge
 
   
VLAN1
  Bridge ID  Priority    32768
             Address     0050.3e8d.6401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
.
Router#
 
   

This example shows how to display detailed information about the interface:

Router# show spanning-tree detail
 
   
VLAN1 is executing the ieee compatible Spanning Tree protocol 
Bridge Identifier has priority 4096, address 00d0.00b8.1401 
Configured hello time 2, max age 20, forward delay 15 
We are the root of the spanning tree 
Topology change flag not set, detected flag not set 
Number of topology changes 9 last change occurred 02:41:34 ago 
from FastEthernet4/21 
Times: hold 1, topology change 35, notification 2 
hello 2, max age 20, forward delay 15 
Timers: hello 1, topology change 0, notification 0, aging 300 
Port 213 (FastEthernet4/21) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.213. 
Designated root has priority 4096, address 00d0.00b8.1401 
Designated bridge has priority 4096, address 00d0.00b8.1401 
Designated port id is 128.213, designated path cost 0 
Timers: message age 0, forward delay 0, hold 0 
Number of transitions to forwarding state: 1 
BPDU: sent 4845, received 1 
Router# 
 
   

This example shows how to display information about the spanning tree for a specific interface:

Router# show spanning-tree interface fastethernet 5/9
 
   
Interface Fa0/10 (port 23) in Spanning tree 1 is ROOT-INCONSISTENT 
Port path cost 100, Port priority 128 
Designated root has priority 8192, address 0090.0c71.a400 
Designated bridge has priority 32768, address 00e0.1e9f.8940 

This example shows how to display information about the spanning tree for a specific bridge group:

Router# show spanning-tree 1
 
   
UplinkFast is disabled
 BackboneFast is disabled
 
  Bridge group 1 is executing the ieee compatible Spanning Tree protocol
   Bridge Identifier has priority 32768, address 00d0.d39c.004d
   Configured hello time 2, max age 20, forward delay 15
   Current root has priority 32768, address 00d0.d39b.fddd
   Root port is 7 (FastEthernet2/2), cost of root path is 19
   Topology change flag set, detected flag not set
   Number of topology changes 3 last change occurred 00:00:01 ago
           from FastEthernet2/2
   Times:  hold 1, topology change 35, notification 2
           hello 2, max age 20, forward delay 15 
   Timers: hello 0, topology change 0, notification 0  bridge aging time 15
 
Port 2 (Ethernet0/1/0) of Bridge group 1 is down
                                        
    Port path cost 100, Port priority 128
    Designated root has priority 32768, address 0050.0bab.1808
    Designated bridge has priority 32768, address 0050.0bab.1808
    Designated port is 2, path cost 0
    Timers: message age 0, forward delay 0, hold 0
    BPDU: sent 0, received 0                                
Router#      

This example shows how to display a summary of port states:

Router# show spanning-tree summary 
 
   
Root bridge for: Bridge group 1, VLAN0001, VLAN0004-VLAN1005 
 VLAN1013-VLAN1499, VLAN2001-VLAN4094 
EtherChannel misconfiguration guard is enabled 
Extended system ID is enabled 
Portfast is enabled by default 
PortFast BPDU Guard is disabled by default 
Portfast BPDU Filter is disabled by default 
Loopguard is disabled by default 
UplinkFast is disabled 
BackboneFast is disabled 
Pathcost method used is long
Name                   Blocking Listening Learning Forwarding STP Active 
---------------------- -------- --------- -------- ---------- ---------- 
1 bridge               0        0         0        1          1 
3584 vlans 3584 0 0 7168 10752
Blocking Listening Learning Forwarding STP Active 
---------------------- -------- --------- -------- ---------- ---------- 
Total                  3584     0         0        7169       10753 
Router#      
 
   

This example shows how to display the total lines of the spanning-tree state section:

Router#  show spanning-tree summary total 
Root bridge for:Bridge group 10, VLAN1, VLAN6, VLAN1000.
Extended system ID is enabled.
PortFast BPDU Guard is disabled
EtherChannel misconfiguration guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Default pathcost method used is long
 
   
Name                 Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ----------
           105 VLANs 3433     0         0        105        3538      
 
BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs) :0
Number of inferior BPDUs received (all VLANs)     :0
Number of RLQ request PDUs received (all VLANs)   :0
Number of RLQ response PDUs received (all VLANs)  :0
Number of RLQ request PDUs sent (all VLANs)       :0
Number of RLQ response PDUs sent (all VLANs)      :0
Router# 

This example shows how to display information about the spanning tree for a specific VLAN:

Router# show spanning-tree vlan 200
VLAN0200 
 Spanning tree enabled protocol ieee 
 Root ID Priority 32768 
    Address 00d0.00b8.14c8 
    This bridge is the root 
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32768 
    Address 00d0.00b8.14c8 
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
    Aging Time 300
Interface Role Sts Cost Prio.Nbr Status 
---------------- ---- --- --------- -------- -------------------------------- 
Fa4/4 Desg FWD 200000 128.196 P2p 
Fa4/5 Back BLK 200000 128.197 P2p
Router#
 
   

Table 0-6 describes the fields that are shown in the example.

Table 0-6 show spanning-tree vlan Command Output Fields 

Field
Definition

Role

Current 802.1w role; valid values are Boun (boundary), Desg (designated), Root, Altn (alternate), and Back (backup).

Sts

Spanning-tree states; valid values are BKN* (broken)1 , BLK (blocking), DWN (down), LTN (listening), LBK (loopback), LRN (learning), and FWD (forwarding).

Cost

Port cost.

Prio.Nbr

Port ID that consists of the port priority and the port number.

Status

Status information; valid values are as follows:

P2p/Shr—The interface is considered as a point-to-point (resp. shared) interface by the spanning tree.

Edge—PortFast has been configured (either globally using the default command or directly on the interface) and no BPDU has been received.

*ROOT_Inc, *LOOP_Inc, *PVID_Inc and *TYPE_Inc—The port is in a broken state (BKN*) for an inconsistency. The port would be (respectively) Root inconsistent, Loopguard inconsistent, PVID inconsistent, or Type inconsistent.

Bound(type)—When in MST mode, identifies the boundary ports and specifies the type of the neighbor (STP, RSTP, or PVST).

Peer(STP)—When in PVRST rapid-pvst mode, identifies the port connected to a previous version of the 802.1D bridge.

1 For information on the *, see the definition for the Status field.


This example shows how to determine if any ports are in the root-inconsistent state:

Router#  show spanning-tree inconsistentports 
 
Name                 Interface            Inconsistency
-------------------- -------------------- ------------------
 VLAN1               FastEthernet3/1      Root Inconsistent
 
   
Number of inconsistent ports (segments) in the system :1
Router# 

Related Commands

Command
Description

spanning-tree backbonefast

Enables BackboneFast on all Ethernet VLANs.

spanning-tree cost

Sets the path cost of the interface for STP calculations.

spanning-tree guard

Enables or disables the guard mode.

spanning-tree pathcost method

Sets the default path-cost calculation method.

spanning-tree portfast (interface configuration mode)

Enables PortFast mode.

spanning-tree portfast bpdufilter default

Enables BPDU filtering by default on all PortFast ports.

spanning-tree portfast bpduguard default

Enables BPDU guard by default on all PortFast ports.

spanning-tree port-priority

Sets an interface priority when two bridges vie for position as the root bridge.

spanning-tree uplinkfast

Enables UplinkFast.

spanning-tree vlan

Enables the Spanning Tree Protocol (STP) on a VLAN.


spanning-tree vlan

To configure Spanning Tree Protocol (STP) on a per-virtual LAN (VLAN) basis, use the spanning-tree vlan command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds | priority priority | protocol protocol | [root {primary | secondary} [diameter net-diameter [hello-time seconds]]]]

no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | protocol | root]

Syntax Description

vlan-id

VLAN identification number; valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

forward-time seconds

(Optional) Sets the STP forward delay time; valid values are from 4 to 30 seconds.

hello-time seconds

(Optional) Specifies the duration, in seconds, between the generation of configuration messages by the root switch; valid values are from 1 to 10 seconds.

max-age seconds

(Optional) Sets the maximum number of seconds the information in a bridge packet data unit (BPDU) is valid; valid values are from 6 to 40 seconds.

priority priority

(Optional) Sets the STP bridge priority; valid values are from 0 to 65535.

protocol protocol

(Optional) Sets the STP. See the "Usage Guidelines" section for a list of valid values.

root primary

(Optional) Forces this switch to be the root bridge.

root secondary

(Optional) Specifies this switch to act as the root switch should the primary root fail.

diameter net-diameter

(Optional) Specifies the maximum number of bridges between any two points of attachment of end stations; valid values are from 2 through 7.


Command Default

The defaults are:

forward-time—15 seconds

hello-time—2 seconds

max-age—20 seconds

priority—The default with IEEE STP enabled is 32768; the default with STP enabled is 128.

protocol—IEEE

root—No STP root

Command Modes

Global configuration (config)

Command History

Release
Modification

12.0(7)XE

This command was introduced on the Catalyst 6000 series switches.

12.1(1)E

Support for this command on the Catalyst 6000 series switches was extended to Cisco IOS Release 12.1(1)E.

12.2(2)XT

This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.4(15)T

This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.


Usage Guidelines


Caution When disabling spanning tree on a VLAN using the no spanning-tree vlan vlan-id command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.


Caution We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.

When you set the max-age seconds parameter, if a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

Valid values for protocol are dec (Digital STP), ibm (IBM STP), ieee (IEEE Ethernet STP), and vlan-bridge (VLAN Bridge STP).

The spanning-tree root primary command alters this switch's bridge priority to 8192. If you enter the spanning-tree root primary command and the switch does not become the root switch, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch still does not become the root, an error results.

The spanning-tree root secondary command alters this switch's bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.

Use the spanning-tree root commands on backbone switches only.

Examples

The following example shows how to enable spanning tree on VLAN 200:

Router(config)# spanning-tree vlan 200 
 
   

The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root primary diameter 4 
 
   

The following example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root secondary diameter 4 

Related Commands

Command
Description

show spanning-tree

Displays spanning-tree information for the specified spanning-tree instances.

spanning-tree cost

Sets the path cost of the interface for STP calculations.

spanning-tree port-priority

Sets an interface priority when two bridges tie for position as the root bridge.

spanning-tree portfast (global configuration mode)

Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.

spanning-tree portfast (interface configuration mode)

Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.

spanning-tree uplinkfast

Enables the UplinkFast feature.


switchport trunk

To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk commands in interface configuration mode. To reset all of the trunking characteristics back to the original defaults, use the no form of this command.

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

switchport trunk {encapsulation dot1q | native vlan | allowed vlan}

no switchport trunk {encapsulation dot1q | native vlan | allowed vlan}

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

switchport trunk encapsulation {isl | dot1q [ethertype value] | negotiate}

switchport trunk native vlan vlan-id

switchport trunk allowed vlan vlan-list

switchport trunk pruning vlan vlan-list

no switchport trunk {encapsulation {isl | dot1q | negotiate} | native vlan | allowed vlan | pruning vlan}

Syntax Description

encapsulation dot1q

Sets the trunk encapsulation format to 802.1Q.

native vlan

Sets the native VLAN for the trunk in 802.1Q trunking mode.

allowed vlan

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

encapsulation isl

Sets the trunk encapsulation format to Inter-Switch Link (ISL).

ethertype value

(Optional) Sets the EtherType value; valid values are from 0x0 to 0x5EF-0xFFFF.

encapsulation negotiate

Specifies that if the Dynamic Inter-Switch Link (DISL) protocol and Dynamic Packet Transport (DPT) negotiation do not resolve the encapsulation format, ISL is the selected format.

vlan-id

Identifies the particular native VLAN.

vlan-list

List of VLANs. See the "Usage Guidelines" section directions on formatting a vlan-list.

pruning vlan

Sets the list of VLANs that are enabled for VLAN Trunking Protocol (VTP) pruning when in trunking mode. See the "Usage Guidelines" section for the vlan-list argument formatting guidelines.


Defaults

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The default encapsulation type is dot1q.

The default access VLAN and trunk interface native VLAN is a default VLAN that corresponds to the platform or interface hardware.

The default for all VLAN lists is to include all VLANs.

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

The encapsulation type is dependent on the platform or interface hardware.

The access VLAN and trunk interface native VLAN are default VLANs that correspond to the platform or interface hardware.

All VLAN lists include all VLANs.

ethertype value for 802.1Q encapsulation is 0x8100.

Command Modes

Interface configuration (config-if)

Command History

Release
Modification

12.0(7)XE

This command was introduced on the Catalyst 6000 family switches.

12.1(1)E

Switchport creation on Catalyst 6000 family switches was added.

12.2(2)XT

This command was introduced to support switchport creation on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T to support switchport creation on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.

12.2(14)SX

This command was integrated into Cisco IOS Release 12.2(14)SX to support the Supervisor Engine 720 on the Cisco 7600 series routers and Catalyst 6500 series switches.

12.2(17a)SX

This command was modified to include the following:

Restriction of ISL trunk-encapsulation

Addition of the dot1q keyword and ethertype value keyword and argument

12.2(17d)SXB

Support for the Supervisor Engine 2 on the Cisco 7600 series routers and Catalyst 6500 series switches was added.

12.2(18)SXD

This command was modified to allow the switchport trunk allowed vlan command to be entered on interfaces where the span destination port is either a trunk or an access port.

12.2(18)SXE

This command added a restriction that Gigabit Ethernet Optimized (GE) Layer 2 WAN ports are not supported on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.4(15)T

This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.


Usage Guidelines

802.1Q Trunks

When you connect Cisco switches through an 802.1Q trunk, make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.

Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can cause spanning-tree loops. Cisco recommends that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree on every VLAN in the network. Make sure that your network is free of physical loops before disabling spanning tree.

When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree Bridge Protocol Data Units (BPDUs) on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Shared Spanning Tree Protocol (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).

The 802.1Q switches that are not Cisco switches maintain only a single instance of spanning-tree (Mono Spanning Tree [MST]) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a switch through an 802.1Q trunk without a Cisco switch, the MST of the switch and the native VLAN spanning tree of the Cisco switch combine to form a single spanning-tree topology known as the Common Spanning Tree (CST).

Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on VLANs other than the native VLAN of the trunk, switches that are not Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Other Cisco switches connected to the 802.1Q cloud receive these flooded BPDUs. This condition allows Cisco switches to maintain a per-VLAN spanning-tree topology across a cloud of 802.1Q switches that are not Cisco switches. The 802.1Q cloud of switches separating the Cisco switches is treated as a single broadcast segment among all switches connected to the 802.1Q cloud of switches that are not Cisco switches through 802.1Q trunks.

Make certain that the native VLAN is the same on all of the 802.1Q trunks that connect the Cisco switches to the 802.1Q cloud of switches that are not Cisco switches.

If you are connecting multiple Cisco switches to a 802.1Q cloud of switches that are not Cisco switches, all of the connections must be through 802.1Q trunks. You cannot connect Cisco switches to a 802.1Q cloud of swatches that are not Cisco switches through ISL trunks or through access ports. Doing so will cause the switch to place the ISL trunk port or access port into the spanning-tree "port inconsistent" state and no traffic will pass through the port.

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support 802.1Q formats.

The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:

all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan form of the command.

add—Adds the defined list of VLANs to those currently set instead of replacing the list.

remove—Removes the defined list of VLANs from those currently set instead of replacing the list.

except—Lists the VLANs that should be calculated by inverting the defined list of VLANs.

vlan-list—is either a single VLAN number from 1 to 1005 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen that represents the VLAN IDs of the allowed VLANs when this port is in trunking mode. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

This command is not supported on GE Layer 2 WAN ports.

The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support both ISL and 802.1Q formats. Only 802.1q encapsulation is supported by shared port adapters (SPAs).

If you enter the switchport trunk encapsulation isl command on a port channel containing an interface that does not support ISL-trunk encapsulation, the command is rejected.

You can enter the switchport trunk allowed vlan command on interfaces where the span destination port is either a trunk or an access port.


Note The switchport trunk pruning vlan vlan-list command does not support extended-range VLANs; valid vlan-list values are from 1 to 1005.


The dot1q ethertype value keyword and argument are not supported on port-channel interfaces. You can enter the command on the individual port interface only. Also, you can configure the ports in a channel group to have different EtherType configurations.


Caution Be careful when configuring the custom EtherType value on a port. If you enter the negotiate keyword and DISL and Dynamic Trunking Protocol (DTP) negotiation do not resolve the encapsulation format, then ISL is the selected format and may pose as a security risk. The no form of this command resets the trunk-encapsulation format to the default.

The no form of the switchport trunk native vlan command resets the native mode VLAN to the appropriate default VLAN for the device.

The no form of the switchport trunk allowed vlan command resets the list to the default list, which allows all VLANs.

The no form of the switchport trunk pruning vlan command resets the list to the default list, which enables all VLANs for VTP pruning.

The no form of the switchport trunk encapsulation dot1q ethertype value command resets the list to the default value.

The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:

all—Specifies all the appropriate VLANs. This keyword is not supported in the switchport trunk pruning vlan command.

none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan command.

add vlan-list[,vlan-list...]—Adds the defined list of VLANs to those currently set instead of replacing the list.

remove vlan-list[,vlan-list...]—Removes the defined list of VLANs from those currently set instead of replacing the list. You can remove VLAN 1. If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic (for example, Cisco Discovery Protocol, version 3 (CDP3), VTP, Port Aggregation Protocol, version 4 (PAgP4), and DTP) in VLAN 1.


Note You can remove any of the default VLANs (1002 to 1005) from a trunk; this action is not allowed in earlier releases.


except vlan-list[,vlan-list...]—Excludes the specified list of VLANs from those currently set instead of replacing the list.

vlan-list[,vlan-list...]Specifies a single VLAN number from 1 to 4094 or a continuous range of VLANs that are described by two VLAN numbers from 1 to 4094. You can specify multiple VLAN numbers or ranges of numbers using a comma-separated list.

To specify a range of VLANs, enter the smaller VLAN number first, separated by a hyphen and the larger VLAN number at the end of the range.

Do not enable the reserved VLAN range (1006 to 1024) on trunks when connecting a Cisco 7600 series router running the Cisco IOS software on both the supervisor engine and the Multilayer Switch Feature Card (MSFC) to a Cisco 7600 series router running the Catalyst operating system. These VLANs are reserved in Cisco 7600 series routers running the Catalyst operating system. If enabled, Cisco 7600 series routers running the Catalyst operating system may disable the ports if there is a trunking channel between these systems.

Examples

The following example shows how to cause a port interface configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:

Router(config-if)# switchport trunk encapsulation dot1q

Related Commands

Command
Description

show interfaces switchport

Displays administrative and operational status of a switching (nonrouting) port.


vlan (global configuration mode)

To add a VLAN and enter config-VLAN submode, use the vlan command in global configuration mode. To delete the VLAN, use the no form of this command.

vlan {vlan-id | vlan-range}

no vlan {vlan-id | vlan-range}

Syntax Description

vlan-id

Number of the VLAN; valid values are from 1 to 4094. See the "Usage Guidelines" section for details on configuring VLAN ID numbers.

vlan-range

Range of configured VLANs; see the "Usage Guidelines" section for details on configuring ranges of VLAN ID numbers.


Defaults

This command has no default settings.

Command Modes

Global configuration (config)

Command History

Release
Modification

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was integrated into Cisco IOS Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.4(15)T

This command was integrated into Cisco IOS Release 12.4(15)T.


Usage Guidelines

VLAN 1 parameters are factory configured and cannot be changed.

VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.

The specified VLAN is added or modified in the VLAN database when you exit config-VLAN submode.

When you enter the vlan vlan-id command, a new VLAN is created with all default parameters in a temporary buffer and causes the CLI to enter config-VLAN submode. If the vlan-id that you entered matches an existing VLAN, any configuration commands you enter in config-VLAN submode will apply to the existing VLAN. You will not create a new VLAN.

If you define a range of configured VLANS, you are not allowed to set the vlan-name argument in config-VLAN submode.

You can enter the vlan-range argument using a comma (,), a dash (-), and the number.

VLAN IDs in the range from 1006 to 4094 are considered "extended VLAN IDs." Beginning in Cisco IOS Release 12.4(15)T, you can configure extended VLAN IDs on the following routers:

Cisco 800 series routers, including models 851, 857, 871, 876, 877, 878

Cisco 1700 series routers, including models 1711, 1712, 1751, 1751V, 1760

Cisco 1800 series routers, including models 1801, 1802, 1803, 1811, 1812, 1841

Cisco 2600 series routers, including models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691

Cisco 2800 series routers, including models 2801, 2811, 2821, 2851

Cisco 3600 series routers, including models 3620, 3640, 3640A, 3660

Cisco 3700 series routers, including models 3725, 3745

Cisco 3800 series routers, including models 3825, 3845

The reduced MAC address feature is required to support 4000 VLANs. Cisco IOS Release 12.1(14)E1 and later releases support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, Spanning Tree Protocol (STP) uses the extended system ID (which is the VLAN ID) plus a MAC address to make the bridge ID unique for each VLAN. (Without the reduced MAC address support, 4096 VLANs would require 4096 MAC addresses on the switch.)

If you configure extended VLANs, you must also enable the spanning-tree extended system-ID feature.

The legacy vlan database mode does not support extended VLAN configuration.

See the vlan (config-VLAN submode) command for information on the commands that are available under config-VLAN submode.

Examples

This example shows how to add a new VLAN and enter config-VLAN submode:

Router (config)# vlan 2
Router (config-vlan)# 
 
   

This example shows how to add a range of new VLANs and enter config-VLAN submode:

Router (config)# vlan 2,5,10-12,20,25,4000
Router (config-vlan)# 
 
   

This example shows how to delete a VLAN:

Router (config)# no vlan 2
Router (config)# 

Related Commands

Command
Description

vlan (config-VLAN submode)

Configures a specific VLAN.


Feature Information for Extended VLAN ID

Table 7 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 7 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 7 Feature Information for Extended VLAN ID 

Feature Name
Releases
Feature Information

Extended VLAN ID

12.4(15)T

You can now configure VLAN IDs in the range from 1006 to 4094 on Cisco routers.