The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS Ethernet commands available on Cisco Nexus 5000 Series switches.
To set the inherited and received bandwidth values for an interface, use the bandwidth command. To restore the default values, use the no form of this command.
bandwidth {kbps | inherit [kbps]}
no bandwidth {kbps | inherit [kbps]}
kbps |
Informational bandwidth in kilobits per second. Valid values are from 1 to 10000000. |
inherit |
(Optional) Specifies the bandwidth inherited from the main interface. |
1000000 kbps
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
The bandwidth command sets an informational parameter to communicate only the current bandwidth to the higher-level protocols; you cannot adjust the actual bandwidth of an interface using this command.
The bandwidth inherit command controls how a subinterface inherits the bandwidth of its main interface.
The no bandwidth inherit command enables all subinterfaces to inherit the default bandwidth of the main interface, regardless of the configured bandwidth. If a bandwidth is not configured on a subinterface, and you use the bandwidth inherit command, all subinterfaces will inherit the current bandwidth of the main interface. If you configure a new bandwidth on the main interface, all subinterfaces will use this new value.
If you do not configure a bandwidth on the subinterface and you configure the bandwidth inherit command on the main interface, the subinterfaces will inherit the specified bandwidth.
In all cases, if an interface has an explicit bandwidth setting configured, then that interface will use that setting, regardless of whether the bandwidth inheritance setting is in effect.
This example shows how to configure all subinterfaces off this main interface to inherit the configured bandwidth:
switch(config-if)# bandwidth inherit 30000
|
|
---|---|
show interface |
Displays the interface configuration information. |
To enable the Cisco Discovery Protocol (CDP) and configure CDP attributes, use the cdp command. To disable CDP or reset CDP attributes, use the no form of this command.
cdp {advertise {v1 | v2} | enable | format device-id {mac-address | serial-number | system-name} | holdtime seconds | timer seconds}
no cdp {advertise | enable | format device-id {mac-address | serial-number | system-name} | holdtime seconds | timer seconds}
None
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to enable CDP on all Ethernet interfaces:
switch# configure terminal
switch(config)# cdp enable
This example shows how to configure the MAC address as the CDP device ID:
switch# configure terminal
switch(config)# cdp format device-id mac-address
This example shows how to disable CDP on all Ethernet interfaces:
switch# configure terminal
switch(config)# no cdp enable
|
|
---|---|
show cdp |
Displays Cisco Discovery Protocol (CDP) information. |
To enable the Cisco Discovery Protocol (CDP) on an Ethernet interface, use the cdp enable command. To disable CDP on the interface, use the no form of this command.
cdp enable
no cdp enable
This command has no arguments or keywords.
None
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to enable CDP on an Ethernet interface:
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# cdp enable
|
|
---|---|
show interface |
Displays the interface configuration information. |
To assign and configure a physical interface to an EtherChannel, use the channel-group command. To remove the channel group configuration from the interface, use the no form of this command.
channel-group number [mode {active | on | passive}]
no channel-group [number]
number |
Number of channel group. The number range is from 1 to 4096. Cisco NX-OS creates the EtherChannel associated with this channel group if the EtherChannel does not already exist. |
mode |
(Optional) Specifies the EtherChannel mode of the interface. |
active |
Specifies that when you enable the Link Aggregation Control Protocol (LACP), this command enables LACP on the specified interface. The interface is in an active negotiating state, in which the port initiates negotiations with other ports by sending LACP packets. |
on |
This is the default channel mode. Specifies that all EtherChannels that are not running LACP remain in this mode. If you attempt to change the channel mode to active or passive before enabling LACP, the switch returns an error message. After you enable LACP globally, by using the feature lacp command, you enable LACP on each channel by configuring the channel mode as either active or passive. An interface in this mode does not initiate or respond to LACP packets. When an LACP attempts to negotiate with an interface in the on state, it does not receive any LACP packets and becomes an individual link with that interface; it does not join the channel group. The default mode is on. |
passive |
Specifies that when you enable LACP, this command enables LACP only if an LACP device is detected. The interface is in a passive negotiation state, in which the port responds to LACP packets that it receives but does not initiate LACP negotiation. |
None
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Use this command to create a channel group that includes the interface that you are working on and to add or remove specific interfaces from the channel group. Use this command to move a port from one channel group to another. You enter the channel group that you want the port to move to; the switch automatically removes the specified port from its present channel group and adds it to the specified channel group.
After you enable LACP globally, by using the feature lacp command, you enable LACP on each channel by configuring the channel mode as either active or passive. An EtherChannel in the on channel mode is a pure EtherChannel and can aggregate a maximum of eight ports. The EtherChannel does not run LACP.
You cannot change the mode for an existing EtherChannel or any of its interfaces if that EtherChannel is not running LACP; the channel mode remains as on. The system returns an error message if you attempt to change the mode.
Use the no form of this command to remove the physical interface from the EtherChannel. When you delete the last physical interface from an EtherChannel, the EtherChannel remains. To delete the EtherChannel completely, use the no form of the interface port-channel command.
The compatibility check includes the following operational attributes:
•Port mode
•Access VLAN
•Trunk native VLAN
•Tagged or untagged
•Allowed VLAN list
•SPAN (cannot be SPAN source or destination port)
•Storm control
Use the show port-channel compatibility-parameters command to see the full list of compatibility checks that Cisco NX-OS uses.
You can only add interfaces configured with the channel mode set to on for static EtherChannels, that is, without a configured aggregation protocol. You can only add interfaces configured with the channel mode as active or passive to EtherChannels that are running LACP.
You can configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, Cisco NX-OS suspends that port in the EtherChannel.
When the interface joins an EtherChannel, some of its individual parameters are overridden with the values on the EtherChannel, as follows:
•MAC address
•Spanning Tree Protocol (STP)
•Service policy
•Quality of service (QoS)
•Access control lists (ACLs)
Interface parameters, such as the following, remain unaffected when the interface joins or leaves a EtherChannel:
•Description
•Cisco Discovery Protocol (CDP)
•LACP port priority
•Debounce
•Rate mode
•Shutdown
•SNMP trap
If interfaces are configured for the EtherChannel interface and a member port is removed from the EtherChannel, the configuration of the EtherChannel interface is not propagated to the member ports.
Any configuration changes that you make in any of the compatibility parameters to the EtherChannel interface are propagated to all interfaces within the same channel group as the EtherChannel (for example, configuration changes are also propagated to the physical interfaces that are not part of the EtherChannel but are part of the channel group).
This example shows how to add an interface to LACP channel group 5 in active mode:
switch(config)#
interface ethernet 1/1
switch(config-if)# channel-group 5 mode active
To clear statistical information from the access list, use the clear mac access-list counters command.
clear mac access-list counters [name]
name |
(Optional) Name of a specific counter to clear. |
None
EXEC mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to clear statistical information from the access list:
switch# clear mac access-list counters
|
|
---|---|
show mac access-lists |
Displays the information about the MAC address table. |
To clear the dynamic address entries from the MAC address table, use the clear mac address-table dynamic command.
clear mac address-table dynamic [[address mac-addr] | [interface {type slot/port | port-channel number}]] [vlan vlan-id]
None
EXEC mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
4.2(1)N1(1) |
The command syntax is changed to clear mac address-table dynamic. |
Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries from the table.
To clear static MAC addresses from the table, use the no mac address-table static command.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, the switch removes all addresses on the specified interfaces.
This example shows how to clear all the dynamic entries from the MAC address table:
switch# clear mac address-table dynamic
This example shows how to clear all the dynamic entries from the MAC address table for VLAN 2:
switch# clear mac address-table dynamic vlan 2
|
|
---|---|
show mac address-table |
Displays the information about the MAC address table. |
To clear the counters for the Spanning Tree Protocol (STP), use the clear spanning-tree counters command.
clear spanning-tree counters [interface {ethernet interface | port-channel channel}] [vlan vlan-id]
None
EXEC mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You can clear all the STP counters on the entire switch, per VLAN, or per interface.
This example shows how to clear the STP counters for VLAN 5:
switch#
clear spanning-tree counters vlan 5
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree state. |
To restart the protocol migration, use the clear spanning-tree detected-protocol command. With no arguments, the command is applied to every port of the switch.
clear spanning-tree detected-protocol [interface {ethernet interface | port-channel channel}]
interface |
(Optional) Specifies the interface type. |
ethernet interface |
Specifies the slot and port number. |
port-channel channel |
Specifies the EtherChannel number. |
None
EXEC mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) have built-in compatibility mechanisms that allow them to interact properly with other versions of IEEE spanning tree or other regions. For example, a switch running Rapid PVST+ can send 802.1D bridge protocol data units (BPDUs) on one of its ports when it is connected to a legacy device. An MST switch can detect that a port is at the boundary of a region when it receives a legacy BPDU or an MST BPDU that is associated with a different region.
These mechanisms are not always able to revert to the most efficient mode. For example, a Rapid PVST+ switch that is designated for a legacy 802.1D bridge stays in 802.1D mode even after the legacy bridge has been removed from the link. Similarly, an MST port assumes that it is a boundary port when the bridges to which it is connected have joined the same region.
To force a port to renegotiate with its neighbors, enter the clear spanning-tree detected-protocol command.
This example shows how to restart the protocol migration on a specific interface:
switch#
clear spanning-tree detected-protocol interface ethernet 1/4
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree state. |
To set a delay value for an interface, use the delay command. To restore the default delay value, use the no form of this command.
delay tens-of-microseconds
no delay
tens-of-microseconds |
Throughput delay in tens of microseconds. |
10 microseconds
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to set a delay of 30,000 microseconds on an interface:
switch(config)# interface ethernet 1/1 switch(config-if)# delay 3000
|
|
---|---|
show interface |
Displays the interface configuration information. |
To add a description to an interface configuration, use the description command. To remove the description, use the no form of this command.
description description
no description
description |
String description of the interface configuration. This string is limited to 80 characters. |
No description is added.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The description command is meant to provide a reminder in the configuration to describe what certain interfaces are used for. The description appears in the output of the following commands such as show interface and show running-config.
This example shows how to add a description for an interface:
switch(config)# interface ethernet 1/1 switch(config-if)# description "10G Server Link"
|
|
---|---|
show interface ethernet |
Displays the interface configuration information. |
show running-config |
Displays the contents of the currently running configuration file. |
To enable error-disable (err-disabled) detection in an application, use the errdisable detect cause command. To disable error disable detection, use the no form of this command.
errdisable detect cause {all | link-flap | loopback}
no errdisable detect cause {all | link-flap | loopback}
all |
Enables error detection on all cases. |
link-flap |
Enables error disable detection on linkstate-flapping. |
loopback |
Enables error disable detection on loopback. |
Enabled
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
When error disable detection is enabled and a cause is detected on an interface, the interface is placed in an err-disabled state, which is an operational state that is similar to the link-down state.
This example shows how to enable the err-disabled detection on linkstate-flapping:
switch(config)# errdisable detect cause link-flap
switch(config)#
|
|
---|---|
errdisable recovery |
Configures recovery from the err-disabled state. |
show interface status err-disabled |
Displays the interface error disabled state. |
To configure the application to bring the interface out of the error-disabled (err-disabled) state and retry coming up, use the errdisable recovery cause command. To revert to the defaults, use the no form of this command.
errdisable recovery cause {all | bpduguard | link-flap-recovery | failed-port-state | pause-rate-limit | udld}
no errdisable recovery cause {all | bpduguard | link-flap-recovery | failed-port-state | pause-rate-limit | udld}
None
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
When error disable recovery is enabled, the interface automatically recovers from the err-disabled state, and the device retries bringing the interface up.
This example shows how to enable error disable recovery from linkstate-flapping:
switch(config)# errdisable recovery cause link-flap
switch(config)#
|
|
---|---|
errdisable detect cause |
Enables the errror disabled (err-disabled) detection. |
show interface status err-disabled |
Displays the interface error disabled state. |
To configure the recovery time interval to bring the interface out of the error-disabled (err-disabled) state, use the errdisable recovery interval command. To revert to the defaults, use the no form of this command.
errdisable recovery interval time
no errdisable recovery interval
time |
Error disable recovery time interval. The range is from 30 to 65535 seconds. |
Disabled
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
When error disable recovery is enabled, the interface automatically recovers from the err-disabled state, and the device retries bringing the interface up.
The device waits 300 seconds to retry.
This example shows how to enable error disable recovery time interval to 100 seconds:
switch(config)# errdisable recovery interval 100
switch(config)#
|
|
---|---|
errdisable recovery cause |
Enables errror disabled recovery on an interface. |
show interface status err-disabled |
Displays the interface error disabled state. |
To enable VLAN Trunking Protocol (VTP), use the feature vtp command. To disable VTP, use the no form of this command.
feature vtp
no feature vtp
This command has no arguments or keywords.
Disabled
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
This example shows how to enable VTP on the switch:
switch(config)# feature vtp
|
|
---|---|
show vtp status |
Displays the VTP information. |
vtp |
Configures VTP. |
To use hardware hashing for multicast traffic on an EtherChannel interface, use the hardware multicast hw-hash command. To restore the defaults, use the no form of this command.
hardware multicast hw-hash
no hardware multicast hw-hash
This command has no arguments or keywords.
The software selection method is used for multicast traffic.
Interface configuration mode
|
|
---|---|
4.2(1)N2(1) |
This command was introduced. |
By default, ingress multicast traffic on any port in the switch selects a particular EtherChannel member to egress the traffic. To reduce potential issues with the bandwidth and to provide effective load balancing of the ingress multicast traffic, hardware hashing is used for multicast traffic.
Note Hardware hashing is not available on a Cisco Nexus 2000 Series Fabric Extender HIF port (downlink port).
This example shows how to set the hardware hashing for multicast traffic on an EtherChannel interface:
switch(config)# interface port-channel 21
switch(config-if)# hardware multicast hw-hash
switch(config-if)#
This example shows how to restore the default software selection method for multicast traffic on an EtherChannel interface:
switch(config)# interface port-channel 21
switch(config-if)# hardware multicast hw-hash
switch(config-if)# no hardware multicast hw-hash
switch(config-if)#
|
|
---|---|
show interface port-channel |
Displays the status of the EtherChannel interface configuration. |
To map a VLAN or a set of VLANs to a Multiple Spanning Tree instance (MSTI), use the instance vlan command. To delete the instance and return the VLANs to the default instance (Common and Internal Spanning Tree [CIST]), use the no form of this command.
instance instance-id vlan vlan-id
no instance instance-id [vlan vlan-id]
No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).
MST configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The VLAN identifier is entered as a single value or a range.
The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added to or removed from the existing instances.
Any unmapped VLAN is mapped to the CIST instance.
This example shows how to map a range of VLANs to MSTI 4:
switch(config)#
spanning-tree mst configurationswitch(
config-mst)#
instance 4 vlan 100-200
|
|
---|---|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
spanning-tree mst configuration |
Enters MST configuration mode. |
To enter interface configuration mode for an Ethernet IEEE 802.3 interface, use the interface ethernet command.
interface ethernet [chassis_ID/] slot/port
None
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
4.0(1a)N2(1) |
This command was modified to provide the chassis ID argument. |
This example shows how to enter configuration mode for Ethernet interface 1/4:
switch(config)#
interface ethernet 1/4switch(config-if)#
This example shows how to enter configuration mode for a host interface on a Fabric Extender:
switch(config)#
interface ethernet 101/1/1switch(config-if)#
To create an EtherChannel interface and enter interface configuration mode, use the interface port-channel command. To remove an EtherChannel interface, use the no form of this command.
interface port-channel channel-number
no interface port-channel channel-number
channel-number |
Channel number that is assigned to this EtherChannel logical interface. The range is from 1 to 4096. |
None
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
A port can belong to only one channel group.
When you use the interface port-channel command, follow these guidelines:
•If you are using CDP, you must configure it only on the physical interface and not on the EtherChannel interface.
•If you do not assign a static MAC address on the EtherChannel interface, a MAC address is automatically assigned. If you assign a static MAC address and then later remove it, the MAC address is automatically assigned.
•The MAC address of the EtherChannel is the address of the first operational port added to the channel group. If this first-added port is removed from the channel, the MAC address comes from the next operational port added, if there is one.
This example shows how to create an EtherChannel group interface with channel-group number 50:
switch(config)# interface port-channel 50
switch(config-if)#
To enable Internet Group Management Protocol (IGMP), use the ip igmp snooping command. To disable IGMP snooping, use the no form of this command.
ip igmp snooping
no ip igmp snooping
This command has no arguments or keywords.
IGMP snooping is enabled.
Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not.
EXEC mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to enable IGMP snooping:
switch# ip igmp snooping
|
|
---|---|
Displays IGMP snooping information and configuration. |
To configure Internet Group Management Protocol (IGMP) on a VLAN, use the ip igmp snooping command. To negate the command or return to the default settings, use the no form of this command
ip igmp snooping parameter
no ip igmp snooping parameter
parameter |
Parameter to configure. See the "Usage Guidelines" section for additional information. |
The default settings are as follows:
•explicit-tracking—enabled
•fast-leave—disabled for all VLANs
•last-member-query-interval seconds—1
•querier IP-address—disabled
•report-suppression—enabled
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Table 2-1 lists the valid values for parameter.
This example shows how to configure IGMP snooping parameters for VLAN 5:
switch# configure terminal switch(config)# vlan 5 switch(config-vlan)# ip igmp snooping last-member-query-interval 3 switch(config-vlan)# ip igmp snooping querier 192.168.2.106 switch(config-vlan)# ip igmp snooping explicit-tracking switch(config-vlan)# ip igmp snooping fast-leave switch(config-vlan)# ip igmp snooping report-suppression switch(config-vlan)# ip igmp snooping mrouter interface ethernet 1/10 switch(config-vlan)# ip igmp snooping static-group 192.168.1.1 interface ethernet 1/10
|
|
---|---|
Displays the IGMP snooping information and configuration. |
To set the priority for the physical interfaces for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command. To return the port priority to the default value, use the no form of this command.
lacp port-priority priority
no lacp port-priority
priority |
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
System priority value is 32768.
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Each port configured to use LACP has an LACP port priority. You can configure a value between 1 and 65535. LACP uses the port priority in combination with the port number to form the port identifier. The port priority is used with the port number to form the port identifier. The port priority is used to decide which ports should be put into standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.
Note When setting the priority, note that a higher number means a lower priority.
This example shows how to set the LACP port priority for the interface to 2000:
switch(config-if)# lacp port-priority 2000
|
|
---|---|
show lacp |
Displays LACP information. |
To configure the rate at which control packets are sent by the Link Aggregation Control Protocol (LACP), use the lacp rate fast command. To restore the rate to 30 seconds, use the no form of this command or the lacp rate normal command.
lacp rate fast
no lacp rate
no lacp rate fast
lacp rate normal
This command has no arguments or keywords.
1 second.
Interface configuration mode
|
|
---|---|
4.2(1)N2(1) |
This command was introduced. |
You must enable LACP before using this command.
You can configure the LACP rate fast feature on the LACP ports of a Cisco Nexus 5000 Series switch or a Cisco Nexus 2000 Series Fabric Extender that is connected to a Cisco Nexus 5000 Series switch.
The LACP rate fast feature is used to set the rate (once every second) at which the LACP control packets are sent to an LACP-supported interface. The normal rate at which LACP packets are sent is 30 seconds.
This example shows how to configure the LACP fast rate feature on a specified Ethernet interface:
switch(config)# interface ethernet 1/1
switch(config-if)# lacp rate fast
This example shows how to remove the LACP fast rate configuration from a specified Ethernet interface:
switch(config)# interface ethernet 1/1
switch(config-if)# no lacp rate fast
|
|
---|---|
feature lacp |
Enables or disables LACP on the switch. |
interface ethernet |
Enters Ethernet interface configuration mode. |
show lacp |
Displays LACP configuration information. |
To set the system priority of the switch for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command. To return the system priority to the default value, use the no form of this command.
lacp system-priority priority
no lacp system-priority
priority |
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
System priority value is 32768.
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Each device that runs LACP has an LACP system priority value. You can configure a value between 1 and 65535. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems.
When setting the priority, note that a higher number means a lower priority.
This example shows how to set the LACP system priority for the device to 2500:
switch(config)# lacp system-priority 2500
|
|
---|---|
show lacp |
Displays LACP information. |
To enable the debounce timer on an interface, use the link debounce command. To disable the timer, use the no form of this command.
link debounce [time milliseconds]
no link debounce
time milliseconds |
(Optional) Specifies the extended debounce timer. The range is from 0 to 5000 milliseconds. A value of 0 milliseconds disables the debounce time. |
None
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
The port debounce time is the amount of time that an interface waits to notify the supervisor of a link going down. During this time, the interface waits to see if the link comes back up. The wait period is a time when traffic is stopped.
This example shows how to enable the debounce timer and set the debounce time to 1000 milliseconds for an Ethernet interface:
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# link debounce time 1000
This example shows how to disable the debounce timer for an Ethernet interface:
switch(config-if)# no link debounce
|
|
---|---|
show interface ethernet |
Displays the interface configuration information. |
show interface debounce |
Displays the debounce time information for all interfaces. |
To configure the aging time for entries in the MAC address table, use the mac address-table aging-time command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [vlan vlan-id]
no mac address-table aging-time [vlan vlan-id]
300 seconds
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
4.2(1)N1(1) |
The command syntax is changed to mac address-table aging-time. |
Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to a different value from that specified by the user (from the rounding process), the system returns an informational message.
When you use this command in EXEC mode, the age values of all VLANs for which a configuration has not been specified are modified and those VLANs with specifically modified aging times are not modified. When you use the no form of this command without the VLAN parameter, only those VLANs that have not been specifically configured for the aging time reset to the default value. Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only the specified VLAN is modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN is returned to the current global configuration for the aging time, which may or may not be the default value of 300 seconds depending if the global configuration of the switch for the aging time has been changed.
The aging time is counted from the last time that the switch detected the MAC address.
This example shows how to change the length of time an entry remains in the MAC address table to 500 seconds for the entire switch:
switch(config)#
mac address-table aging-time 500
|
|
---|---|
show mac address-table |
Displays information about the MAC address table. |
show mac address-table aging-time |
Displays information about the MAC address aging time. |
To configure a log message notification of MAC address table events, use the mac address-table notification command. To disable log message notifications, use the no form of this command.
mac address-table notification {mac-move | threshold [limit percentage interval seconds]}
no mac address-table notification {mac-move | threshold}
None
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
4.2(1)N1(1) |
The command syntax is changed to mac address-table notification. |
This example shows how to configure a log message notification when the threshold exceeds 45 percent, restricting the update interval to once every 1024 seconds:
switch(config)# mac address-table notification threshold limit 45 interval 1024
|
|
---|---|
show mac address-table |
Displays information about the MAC address table. |
To configure a static entry for the MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id {drop | interface {ethernet slot/port | port-channel number[.subinterface-number]} [auto-learn]
no mac address-table static mac-address {vlan vlan-id}
None
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
4.2(1)N1(1) |
The command syntax is changed to mac address-table static. |
You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast MAC address.
When you install a static MAC address, it is associated with a port. If the same MAC address is seen on a different port, the entry is updated with the new port if you enter the auto-learn keyword.
This example shows how to add a static entry to the MAC address table:
switch(config)# mac address-table static 0050.3e8d.6400 vlan 3 interface ethernet 1/4
|
|
---|---|
show mac address-table |
Displays information about the MAC address table. |
To create a new SPAN session configuration or add to an existing session configuration, use the monitor session command. To clear SPAN sessions, use the no form of this command.
monitor session {session-number [shut | type local] | all shut}
no monitor session {session-number | all} [shut]
None
Global configuration mode
To ensure that you are working with a completely new session, you can clear the desired session number or all SPAN sessions.
This example shows how to create a SPAN session:
switch# configure terminal
switch(config)# monitor session 2
This example shows how to enter the monitor configuration mode for configuring SPAN session number 9 for analyzing traffic between ports:
switch(config)# monitor session 9 type local
switch(config-monitor)# description A Local SPAN session
switch(config-monitor)# source interface ethernet 1/1
switch(config-monitor)# destination interface ethernet 1/2
switch(config-monitor)# no shut
This example shows how to configure any SPAN destination interfaces as Layer 2 SPAN monitor ports before activating the SPAN session:
switch(config)# interface ethernet 1/2
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shutdown
This example shows how to configure a typical SPAN destination trunk interface:
switch(config)# interface Ethernet1/2
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport monitor
switch(config-if)# switchport trunk allowed vlan 10-12
switch(config-if)# no shutdown
|
|
---|---|
show monitor session |
Displays SPAN session configuration information. |
To set the name for a VLAN, use the name command. To remove the user-configured name from a VLAN, use the no form of this command.
name vlan-name
no name
None
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You cannot change the name for the default VLAN, VLAN 1, or for the internally allocated VLANs.
This example shows how to name VLAN 2:
switch(config)#
vlan 2switch(
config-vlan)#
name accounting
|
|
---|---|
show vlan |
Displays VLAN information. |
To set the name of a Multiple Spanning Tree (MST) region, use the name command. To return to the default name, use the no form of this command.
name name
no name name
name |
Name to assign to the MST region. It can be any string with a maximum length of 32 alphanumeric characters. |
None
MST configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Two or more switches with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.
This example shows how to name a region:
switch(config)#
spanning-tree mst configurationswitch(
config-mst)#
name accounting
|
|
---|---|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
spanning-tree mst configuration |
Enters MST configuration mode. |
To configure the load-balancing method among the interfaces in the channel-group bundle, use the port-channel load-balance ethernet command. To return the system priority to the default value, use the no form of this command.
port-channel load-balance ethernet method
no port-channel load-balance ethernet [method]
method |
Load-balancing method. See the "Usage Guidelines" section for a list of valid values. |
Loads distribution on the source and destination MAC address.
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
The valid load-balancing method values are as follows:
•destination-ip—Loads distribution on the destination IP address.
•destination-mac—Loads distribution on the destination MAC address.
•destination-port—Loads distribution on the destination port.
•source-destination-ip—Loads distribution on the source and destination IP address.
•source-destination-mac—Loads distribution on the source and destination MAC address.
•source-destination-port—Loads distribution on the source and destination port.
•source-ip—Loads distribution on the source IP address.
•source-mac—Loads distribution on the source MAC address.
•source-port—Loads distribution on the source port.
Use the option that provides the balance criteria with the greatest variety in your configuration. For example, if the traffic on an EtherChannel is going only to a single MAC address and you use the destination MAC address as the basis of EtherChannel load balancing, the EtherChannel always chooses the same link in that EtherChannel; using source addresses or IP addresses might result in better load balancing.
This example shows how to set the load-balancing method to use the source IP:
switch(config)#
port-channel load-balance ethernet source-ip
|
|
---|---|
show port-channel load-balance |
Displays information on EtherChannel load balancing. |
To configure private VLANs, use the private-vlan command. To return the specified VLANs to normal VLAN mode, use the no form of this command.
private-vlan {isolated | community | primary}
no private-vlan {isolated | community | primary}
isolated |
Designates the VLAN as an isolated secondary VLAN. |
community |
Designates the VLAN as a community secondary VLAN. |
primary |
Designates the VLAN as the primary VLAN. |
None
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. When you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. If you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and are reenabled when you recreate the specified VLAN and configure it as the previous secondary VLAN.
You cannot configure VLAN1 or the internally allocated VLANs as private VLANs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
An isolated VLAN is a VLAN that is used by isolated ports to communicate with promiscuous ports. An isolated VLAN's traffic is blocked on all other private ports in the same VLAN. Its traffic can only be received by standard trunking ports and promiscuous ports that are assigned to the corresponding primary VLAN.
A promiscuous port is defined as a private port that is assigned to a primary VLAN.
A community VLAN is defined as the VLAN that carries the traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN.
A primary VLAN is defined as the VLAN that is used to convey the traffic from the routers to customer end stations on private ports.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to assign VLAN 5 to a private VLAN as the primary VLAN:
switch# configure terminal switch(config)# vlan 5 switch(config-vlan)# private-vlan primary
This example shows how to assign VLAN 100 to a private VLAN as a community VLAN:
switch(config-vlan)# exit switch(config)# vlan 100 switch(config-vlan)# private-vlan community
This example shows how to assign VLAN 109 to a private VLAN as an isolated VLAN:
switch(config-vlan)# exit switch(config)# vlan 109 switch(config-vlan)# private-vlan isolated
|
|
---|---|
Enables private VLANs. |
|
show vlan |
Displays information about VLANs. |
show vlan private-vlan |
Displays information about private VLANs. |
To configure the association between a primary VLAN and a secondary VLAN on a private VLAN, use the private-vlan association command. To remove the association, use the no form of this command.
private-vlan association {[add] secondary-vlan-list | remove secondary-vlan-list}
no private-vlan association
add |
(Optional) Associates a secondary VLAN to a primary VLAN. |
secondary-vlan-list |
Number of the secondary VLAN. |
remove |
Clears the association between a secondary VLAN and a primary VLAN. |
None
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple secondary VLAN IDs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Isolated and community VLANs can only be associated with one primary VLAN. You cannot configure a VLAN that is already associated to a primary VLAN as a primary VLAN.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to create a private VLAN relationship between the primary VLAN 14, the isolated VLAN 19, and the community VLANs 20 and 21:
switch(config)# vlan 19 switch(config-vlan)# private-vlan isolated switch(config)# vlan 20 switch(config-vlan)# private-vlan community switch(config)# vlan 21 switch(config-vlan)# private-vlan community switch(config)# vlan 14 switch(config-vlan)# private-vlan primary switch(config-vlan)# private-vlan association 19-21
This example shows how to remove isolated VLAN 18 and community VLAN 20 from the private VLAN association:
switch(config)# vlan 14 switch(config-vlan)# private-vlan association remove 18,20
|
|
---|---|
Enables private VLANs. |
|
show vlan |
Displays information about VLANs. |
show vlan private-vlan |
Displays information about private VLANs. |
To map the secondary VLANs to the same Multiple Spanning Tree (MST) instance as the primary VLAN, use the private-vlan synchronize command.
private-vlan synchronize
This command has no keywords or arguments.
None
MST configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
If you do not map secondary VLANs to the same MST instance as the associated primary VLAN when you exit the MST configuration mode, the device displays a warning message that lists the secondary VLANs that are not mapped to the same instance as the associated VLAN. The private-vlan synchronize command automatically maps all secondary VLANs to the same instance as the associated primary VLANs.
This example shows how to initialize private VLAN synchronization:
switch(config)# spanning-tree mst configuration switch(config-mst)# private-vlan synchronize
|
|
---|---|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
spanning-tree mst configuration |
Enters MST configuration mode. |
To set the revision number for the Multiple Spanning Tree (MST) region configuration, use the revision command. To return to the default settings, use the no form of this command.
revision version
no revision version
version |
Revision number for the MST region configuration. The range is from 0 to 65535. |
Revision 0
MST configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Two or more switches with the same VLAN mapping and name are considered to be in different MST regions if the configuration revision numbers are different.
This example shows how to set the revision number of the MST region configuration:
switch(config)#
spanning-tree mst configurationswitch(
config-mst)#
revision 5
|
|
---|---|
show spanning-tree mst |
Displays information about the MST protocol. |
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
shutdown
no shutdown
This command has no arguments or keywords.
Not shut down
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
After you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
•act/lshut—VLAN status is active and shut down internally.
•sus/lshut—VLAN status is suspended and shut down internally.
Note If the VLAN is suspended and shut down, you use both the no shutdown and state active commands to return the VLAN to the active state.
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config)#
vlan 2switch(
config-vlan)#
no shutdown
|
|
---|---|
show vlan |
Displays VLAN information. |
To enable bridge protocol data unit (BPDU) Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter {enable | disable}
no spanning-tree bpdufilter
enable |
Enables BPDU Filtering on this interface. |
disable |
Disables BPDU Filtering on this interface. |
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4:
switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpdufilter enable
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree state. |
To enable bridge protocol data unit (BPDU) Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard
enable |
Enables BPDU Guard on this interface. |
disable |
Disables BPDU Guard on this interface. |
The setting that is already configured when you enter the spanning-tree port type edge bpduguard default command.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See the spanning-tree port type edge bpduguard default command for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
•spanning-tree bpduguard enable—Unconditionally enables BPDU Guard on the interface.
•spanning-tree bpduguard disable—Unconditionally disables BPDU Guard on the interface.
•no spanning-tree bpduguard—Enables BPDU Guard on the interface if it is an operational spanning tree edge port and if the spanning-tree port type edge bpduguard default command is configured.
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
This example shows how to enable BPDU Guard on this interface:
switch(config-if)# spanning-tree bpduguard enable
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree state. |
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [vlan vlan-id] cost {value | auto}
no spanning-tree [vlan vlan-id] cost
vlan vlan-id |
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094. |
value |
Value of the port cost. The available cost range depends on the path-cost calculation method as follows: •short—The range is from 1 to 65536. •long—The range is from 1 to 200,000,000. |
auto |
Sets the value of the port cost by the media speed of the interface (see Table 2-2 for the values). |
Port cost is set by the media speed.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The STP port path cost default value is determined from the media speed and path cost calculation method of a LAN interface (see Table 2-2). See the spanning-tree pathcost method command for information on setting the path cost calculation method for Rapid per VLAN Spanning Tree Plus (Rapid PVST+).
When you configure the value, higher values will indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note Use this command to set the port cost for Rapid PVST+. Use the spanning-tree mst cost command to set the port cost for MST.
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
switch(config)#
interface ethernet 1/4 switch(config-if)#
spanning-tree cost 250
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree configuration. |
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard {loop | none | root}
no spanning-tree guard
loop |
Enables Loop Guard on the interface. |
none |
Sets the guard mode to none. |
root |
Enables Root Guard on the interface. |
Disabled
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You cannot enable Loop Guard if Root Guard is enabled, although the switch accepts the command to enable Loop Guard on spanning tree edge ports.
This example shows how to enable Root Guard:
switch(config-if)# spanning-tree guard root
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree state. |
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type {auto | point-to-point | shared}
no spanning-tree link-type
auto |
Sets the link type based on the duplex setting of the interface. |
point-to-point |
Specifies that the interface is a point-to-point link. |
shared |
Specifies that the interface is a shared medium. |
Link type set automatically based on the duplex setting.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Fast transition (specified in IEEE 802.1w) functions only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
Note On a Cisco Nexus 5000 Series switch, port duplex is not configurable.
This example shows how to configure the port as a shared link:
switch(config-if)# spanning-tree link-type shared
|
|
---|---|
show spanning-tree interface |
Displays information about the spanning tree state. |
To enable Loop Guard as a default on all spanning tree normal and network ports, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
This command has no arguments or keywords.
Disabled
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
Entering the spanning-tree guard loop command for the specified interface overrides this global Loop Guard command.
This example shows how to enable Loop Guard:
switch(config)# spanning-tree loopguard default
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree state. |
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode {rapid-pvst | mst}
no spanning-tree mode
rapid-pvst |
Sets the STP mode to Rapid PVST+. |
mst |
Sets the STP mode to MST. |
Rapid PVST+
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You cannot simultaneously run MST and Rapid PVST+ on the switch.
This example shows how to switch to MST mode:
switch(config)#
spanning-tree mode mstswitch(config-mst)#
|
|
---|---|
show spanning-tree summary |
Displays the information about the spanning tree configuration. |
To enter the Multiple Spanning Tree (MST) configuration mode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
This command has no keywords or arguments.
The default value for the MST configuration is the default value for all its parameters:
•No VLANs are mapped to any MST instance. All VLANs are mapped to the Common and Internal Spanning Tree (CIST) instance.
•The region name is an empty string.
•The revision number is 0.
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The MST configuration consists of three main parameters:
•Instance VLAN mapping—See the instance vlan command.
•Region name—See the name (MST configuration) command.
•Configuration revision number—See the revision command.
The abort and exit commands allow you to exit MST configuration mode. The difference between the two commands depends on whether you want to save your changes or not:
•The exit command commits all the changes before leaving MST configuration mode.
•The abort command leaves MST configuration mode without committing any changes.
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration mode, the following warning message is displayed:
These secondary vlans are not mapped to the same instance as their primary:
-> 3
See the switchport mode private-vlan host command to fix this problem.
Changing an MST configuration mode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST configuration mode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword.
In the unlikely event that two administrators commit a new configuration at exactly the same time, this warning message is displayed:
% MST CFG:Configuration change lost because of concurrent access
This example shows how to enter MST-configuration mode:
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
switch(config)#
no spanning-tree mst configuration
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost {cost | auto}
no spanning-tree mst instance-id cost
Automatically set port cost values:
•10 Mbps—2,000,000
•100 Mbps—200,000
•1-Gigabit Ethernet—20,000
•10-Gigabit Ethernet—2,000
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
This example shows how to set the interface path cost:
switch(config-if)#
spanning-tree mst 0 cost 17031970
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To set the forward-delay timer for all the instances on the switch, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
seconds |
Number of seconds to set the forward-delay timer for all the instances on the switch. The range is from 4 to 30 seconds. |
15 seconds
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to set the forward-delay timer:
switch(config)# spanning-tree mst forward-time 20
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To set the hello-time delay timer for all the instances on the switch, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
seconds |
Number of seconds to set the hello-time delay timer for all the instances on the switch. The range is from 1 to 10 seconds. |
2 seconds
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
If you do not specify the hello-time value, the value is calculated from the network diameter.
This example shows how to set the hello-time delay timer:
switch(config)# spanning-tree mst hello-time 3
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To set the max-age timer for all the instances on the switch, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
no spanning-tree mst max-age
seconds |
Number of seconds to set the max-age timer for all the instances on the switch. The range is from 6 to 40 seconds. |
20 seconds
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This parameter is used only by Instance 0 or the IST.
This example shows how to set the max-age timer:
switch(config)# spanning-tree mst max-age 40
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
no spanning-tree mst max-hops
hop-count |
Number of possible hops in the region before a BPDU is discarded. The range is from 1 to 255 hops. |
20 hops
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to set the number of possible hops:
switch(config)# spanning-tree mst max-hops 25
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance, including the Common and Internal Spanning Tree (CIST) with instance ID 0, use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
instance-id |
Instance ID number. The range is from 0 to 4094. |
priority |
Port priority for an instance. The range is from 0 to 224 in increments of 32. |
Port priority value is 128.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
This example shows how to set the interface priority:
switch(config-if)#
spanning-tree mst 0 port-priority 64
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
Configures the port priority for the default STP, which is Rapid PVST+. |
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst instance-id priority priority-value
no spanning-tree mst instance-id priority
instance-id |
Instance identification number. The range is from 0 to 4094. |
priority-value |
Bridge priority. See the "Usage Guidelines" section for valid values and additional information. |
Bridge priority default is 32768.
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority-value argument to 0 to make the switch root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This example shows how to set the bridge priority:
switch(config)# spanning-tree mst 0 priority 4096
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id root {primary | secondary} [diameter dia [hello-time hello-time]]
no spanning-tree mst instance-id root
None
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
If you do not specify the hello-time argument, the argument is calculated from the network diameter. You must first specify the diameter dia keyword and argument before you can specify the hello-time hello-time keyword and argument.
This example shows how to designate the primary root:
switch(config)# spanning-tree mst 0 root primary
This example shows how to set the priority and timer values for the bridge:
switch(config)# spanning-tree mst 0 root primary diameter 7 hello-time 2
|
|
---|---|
show spanning-tree mst |
Displays the information about the MST protocol. |
To reenable specific interfaces to automatically interoperate between Multiple Spanning Tree (MST) and Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst command. To prevent specific MST interfaces from automatically interoperating with a connecting device running Rapid PVST+, use the spanning-tree mst simulate pvst disable command. To return specific interfaces to the default settings that are set globally for the switch, use the no form of this command.
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst disable
no spanning-tree mst simulate pvst
This command has no keywords or arguments.
Enabled. By default, all interfaces on the switch interoperate seamlessly between MST and Rapid PVST+. See the spanning-tree mst simulate pvst global command to change this setting globally.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
MST interoperates with Rapid PVST+ with no need for user configuration. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
Note To block automatic MST and Rapid PVST+ interoperability for the entire switch, use no spanning-tree mst simulate pvst global command.
This command is useful when you want to prevent accidental connection with a device running Rapid PVST+.
To reenable seamless operation between MST and Rapid PVST+ on specific interfaces, use the spanning-tree mst simulate pvst command.
This example shows how to prevent specified ports from automatically interoperating with a connected device running Rapid PVST+:
switch(config-if)#
spanning-tree mst simulate pvst disable
|
|
---|---|
Enables global seamless interoperation between MST and Rapid PVST+. |
To prevent the Multiple Spanning Tree (MST) switch from automatically interoperating with a connecting device running Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst global command. To return to the default settings, which is a seamless operation between MST and Rapid PVST+ on the switch, use the no spanning-tree mst simulate pvst global command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
This command has no keywords or arguments.
Enabled. By default, the switch interoperates seamlessly between MST and Rapid PVST+.
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
MST does not require user configuration to interoperate with Rapid PVST+. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the no spanning-tree mst simulate pvst global command, the switch running in MST mode moves all interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) into the Spanning Tree Protocol (STP) blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
You can also use this command from the interface mode, and the configuration applies to the entire switch.
Note To block automatic MST and Rapid PVST+ interoperability for specific interfaces, see the spanning-tree mst simulate pvst command.
This command is useful when you want to prevent accidental connection with a device not running MST.
To return the switch to seamless operation between MST and Rapid PVST+, use the spanning-tree mst simulate pvst global command.
This example shows how to prevent all ports on the switch from automatically interoperating with a connected device running Rapid PVST+:
switch(config)#
no spanning-tree mst simulate pvst global
|
|
---|---|
Enables seamless interoperation between MST and Rapid PVST+ by the interface. |
To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.
spanning-tree pathcost method {long | short}
no spanning-tree pathcost method
long |
Specifies the 32-bit based values for port path costs. |
short |
Specifies the 16-bit based values for port path costs. |
Short
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
The long path-cost calculation method uses all 32 bits for path-cost calculations and yields valued in the range of 2 through 2,00,000,000.
The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.
Note This command applies only to the Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default mode. When you are using Multiple Spanning Tree (MST) spanning tree mode, the switch uses only the long method for calculating path cost; this is not user-configurable for MST.
This example shows how to set the default pathcost method to long:
switch(config)#
spanning-tree pathcost method long
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree state. |
To configure an interface connected to a host as an edge port, which automatically transitions the port to the spanning tree forwarding state without passing through the blocking or learning states, use the spanning-tree port type edge command. To return the port to a normal spanning tree port, use the the no spanning-tree port type command.
spanning-tree port type edge [trunk]
no spanning-tree port type
trunk |
(Optional) Configures the trunk port as a spanning tree edge port. |
The default is the global setting for the default port type edge that is configured when you entered the spanning-tree port type edge default command. If you did not configure a global setting, the default spanning tree port type is normal.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You can also use this command to configure a port in trunk mode as a spanning tree edge port.
When a linkup occurs, spanning tree edge ports are moved directly to the spanning tree forwarding state without waiting for the standard forward-time delay.
Note This is the same functionality that was previously provided by the Cisco-proprietary PortFast feature.
When you use this command, the system returns a message similar to the following:
Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
When you use this command without the trunk keyword, the system returns an additional message similar to the following:
%Portfast has been configured on Ethernet1/40 but will only have effect when the interface is in a non-trunking mode.
To configure trunk interfaces as spanning tree edge ports, use the spanning-tree port type trunk command. To remove the spanning tree edge port type setting, use the no spanning-tree port type command.
The default spanning tree port type is normal.
This example shows how to configure an interface connected to a host as an edge port, which automatically transitions that interface to the forwarding state on a linkup:
switch(config-if)#
spanning-tree port type edge
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree state. |
To enable bridge protocol data unit (BPDU) Filtering by default on all spanning tree edge ports, use the spanning-tree port type edge bpdufilter default command. To disable BPDU Filtering by default on all edge ports, use the no form of this command.
spanning-tree port type edge bpdufilter default
no spanning-tree port type edge bpdufilter default
This command has no keywords or arguments.
Disabled
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
To enable BPDU Filtering by default, you must do the following:
•Configure the interface as a spanning tree edge port, using the spanning-tree port type edge or the spanning-tree port type edge default command.
•Enable BPDU Filtering.
Use this command to enable BPDU Filtering globally on all spanning tree edge ports. BPDU Filtering prevents a port from sending or receiving any BPDUs.
You can override the global effects of this spanning-tree port type edge bpdufilter default command by configuring BPDU Filtering at the interface level. See the spanning-tree bpdufilter command for complete information on using this feature at the interface level.
Note The BPDU Filtering feature's functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU Filtering is applied only on ports that are operational spanning tree edge ports. Ports send a few BPDUs at a linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, that port immediately becomes a normal spanning tree port with all the normal transitions and BPDU Filtering is disabled. When enabled locally on a port, BPDU Filtering prevents the switch from receiving or sending BPDUs on this port.
This example shows how to enable BPDU Filtering globally on all spanning tree edge operational ports by default:
switch(config)#
spanning-tree port type edge bpdufilter default
To enable bridge protocol data unit (BPDU) Guard by default on all spanning tree edge ports, use the spanning-tree port type edge bpduguard default command. To disable BPDU Guard on all edge ports by default, use the no form of this command.
spanning-tree port type edge bpduguard default
no spanning-tree port type edge bpduguard default
This command has no keywords or arguments.
Disabled
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
To enable BPDU Guard by default, you must do the following:
•Configure the interface as spanning tree edge ports by entering the spanning-tree port type edge or the spanning-tree port type edge default command.
•Enable BPDU Guard.
Use this command to enable BPDU Guard globally on all spanning tree edge ports. BPDU Guard disables a port if it receives a BPDU.
Global BPDU Guard is applied only on spanning tree edge ports.
You can also enable BPDU Guard per interface; see the spanning-tree bpduguard command for more information.
Note We recommend that you enable BPDU Guard on all spanning tree edge ports.
This example shows how to enable BPDU Guard by default on all spanning tree edge ports:
switch(config)#
spanning-tree port type edge bpduguard default
To configure all access ports that are connected to hosts as edge ports by default, use the spanning-tree port type edge default command. To restore all ports connected to hosts as normal spanning tree ports by default, use the no form of this command.
spanning-tree port type edge default
no spanning-tree port type edge default
This command has no arguments or keywords.
Disabled
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Use this command to automatically configure all interfaces as spanning tree edge ports by default. This command will not work on trunk ports.
When a linkup occurs, an interface configured as an edge port automatically moves the interface directly to the spanning tree forwarding state without waiting for the standard forward-time delay. (This transition was previously configured as the Cisco-proprietary PortFast feature.)
When you use this command, the system returns a message similar to the following:
Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
You can configure individual interfaces as edge ports using the spanning-tree port type edge command.
The default spanning tree port type is normal.
This example shows how to globally configure all ports connected to hosts as spanning tree edge ports:
switch(config)#
spanning-tree port type edge default
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree configuration. |
Configures an interface as a spanning tree edge port. |
To configure the interface that connects to a switch as a network spanning tree port, regardless of the global configuration, use the spanning-tree port type network command. To return the port to a normal spanning tree port, use the use the no form of this command.
spanning-tree port type network
no spanning-tree port type
This command has no arguments or keywords.
The default is the global setting for the default port type network that is configured when you entered the spanning-tree port type network default command. If you did not configure a global setting, the default spanning tree port type is normal.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Use this command to configure an interface that connects to a switch as a spanning tree network port. Bridge Assurance runs only on Spanning Tree Protocol (STP) network ports.
Note If you mistakenly configure ports connected to hosts as STP network ports and enable Bridge Assurance, those ports will automatically move into the blocking state.
Note Bridge Assurance is enabled by default, and all interfaces configured as spanning tree network ports have Bridge Assurance enabled.
To configure a port as a spanning tree network port, use the spanning-tree port type network command. To remove this configuration, use the no spanning-tree port type command. When you use the no spanning-tree port type command, the software returns the port to the global default setting for network port types.
You can configure all ports that are connected to switches as spanning tree network ports by default by entering the spanning-tree port type network default command.
The default spanning tree port type is normal.
This example shows how to configure an interface connected to a switch or bridge as a spanning tree network port:
switch(config-if)#
spanning-tree port type network
|
|
---|---|
show spanning-tree interface |
Displays information about the spanning tree configuration per specified interface. |
To configure all ports as spanning tree network ports by default, use the spanning-tree port type network default command. To restore all ports to normal spanning tree ports by default, use the no form of this command.
spanning-tree port type network default
no spanning-tree port type network default
This command has no arguments or keywords.
Disabled
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Use this command to automatically configure all interfaces that are connected to switches as spanning tree network ports by default. You can then use the spanning-tree port type edge command to configure specified ports that are connected to hosts as spanning-tree edge ports.
Note If you mistakenly configure ports connected to hosts as Spanning Tree Protocol (STP) network ports and Bridge Assurance is enabled, those ports will automatically move into the blocking state.
Configure only the ports that connect to other switches as network ports because the Bridge Assurance feature causes network ports that are connected to hosts to move into the spanning tree blocking state.
You can identify individual interfaces as network ports by using the spanning-tree port type network command.
The default spanning tree port type is normal.
This example shows how to globally configure all ports connected to switches as spanning tree network ports:
switch(config)#
spanning-tree port type network default
|
|
---|---|
show spanning-tree summary |
Displays information about the spanning tree configuration. |
To set an interface priority when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.
spanning-tree [vlan vlan-id] port-priority value
no spanning-tree [vlan vlan-id] port-priority
vlan vlan-id |
(Optional) Specifies the VLAN identification number. The range is from 0 to 4094. |
value |
Port priority. The range is from 1 to 224, in increments of 32. |
Port priority default value is 128.
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Do not use the vlan vlan-id parameter on access ports. The software uses the port priority value for access ports and the VLAN port priority values for trunk ports.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Note Use this command to configure the port priority for Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default STP mode. To configure the port priority for Multiple Spanning Tree (MST) spanning tree mode, use the spacing-tree mst port-priority command.
This example shows how to increase the probability that the spanning tree instance on access port interface 2/0 is chosen as the root bridge by changing the port priority to 32:
switch(config-if)#
spanning-tree port-priority 32
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree state. |
spanning-tree interface priority |
Displays information on the spanning tree port priority for the interface. |
To configure Spanning Tree Protocol (STP) parameters on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [forward-time value | hello-time value | max-age value | priority value | [root {primary | secondary} [diameter dia [hello-time value]]]]
no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | root]
The defaults are as follows:
•forward-time—15 seconds
•hello-time—2 seconds
•max-age—20 seconds
•priority—32768
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
When setting the max-age seconds, if a bridge does not see BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary alters this switch's bridge priority to 24576. If you enter the spanning-tree root primary command and the switch does not become the root, then the bridge priority is changed to 4096 less than the bridge priority of the current bridge. The command fails if the value required to be the root bridge is less than 1. If the switch does not become the root, an error results.
If the network devices are set for the default bridge priority of 32768 and you enter the spanning-tree root secondary command, the software alters this switch's bridge priority to 28762. If the root switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on the backbone switches only.
This example shows how to enable spanning tree on VLAN 200:
switch(config)#
spanning-tree vlan 200
This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root primary diameter 4
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root secondary diameter 4
|
|
---|---|
show spanning-tree |
Displays information about the spanning tree state. |
To configure the transmit and receive speed for an Ethernet interface, use the speed command. To reset to the default speed, use the no form of this command.
speed {1000 | 10000}
no speed
1000 |
Sets the interface speed to 1 Gbps. |
10000 |
Sets the interface speed to 10 Gbps. This is the default speed. |
The default speed is 10000 (10-Gigabit).
Interface configuration mode
|
|
4.0(1a)N1(1) |
This command was introduced. |
The first 8 ports of a Nexus 5010 switch and the first 16 ports of a Nexus 5020 switch are switchable 1-Gigabit and 10-Gigabit ports. The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
Note If the interface and transceiver speed is mismatched, the SFP validation failed message is displayed when you enter the show interface ethernet slot/port command. For example, if you insert a 1-Gigabit SFP transceiver into a port without configuring the speed 1000 command, you will get this error.
By default, all ports on a Cisco Nexus 5000 Series switch are 10 Gigabits.
This example shows how to set the speed for a 1-Gigabit Ethernet port:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# speed 1000
|
|
---|---|
show interface |
Displays the interface configuration information. |
To set the operational state for a VLAN, use the state command. To return a VLAN to its default operational state, use the no form of this command.
state {active | suspend}
no state
active |
Specifies that the VLAN is actively passing traffic. |
suspend |
Specifies that the VLAN is not passing any packets. |
The VLAN is actively passing traffic.
VLAN configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You cannot suspend the state for VLAN 1 or VLANs 1006 to 4094.
VLANs in the suspended state do not pass packets.
This example shows how to suspend VLAN 2:
switch(config)#
vlan 2switch(
config-vlan)#
state suspend
|
|
---|---|
show vlan |
Displays VLAN information. |
To enable the creation of VLAN interfaces, use the svi enable command. To disable the VLAN interface feature, use the no form of this command.
svi enable
no svi enable
This command has no arguments or keywords.
VLAN interfaces are disabled.
Global configuration mode
You must use the feature interface-vlan command before you can create VLAN interfaces.
This example shows how to enable the interface VLAN feature on the switch:
switch(config)# svi enable
|
|
---|---|
interface vlan |
Creates a VLAN interface. |
To set the access VLAN when the interface is in access mode, use the switchport access vlan command. To reset the access-mode VLAN to the appropriate default VLAN for the switch, use the no form of this command.
switchport access vlan vlan-id
no switchport access vlan
vlan-id |
VLAN to set when the interface is in access mode. The range is from 1 to 4094, except for the VLANs reserved for internal use. |
VLAN 1
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Use the no form of the switchport access vlan command to reset the access-mode VLAN to the appropriate default VLAN for the switch. This action may generate messages on the device to which the port is connected.
This example shows how to configure an Ethernet interface to join VLAN 2:
switch(config)#
interface ethernet 1/7
switch(config-if)# switchport access vlan 2
|
|
---|---|
show interface switchport |
Displays the administrative and operational status of a port. |
To prevent the unknown multicast or unicast packets from being forwarded, use the switchport block command. To allow the unknown multicast or unicast packets to be forwarded, use the no form of this command.
switchport block {multicast | unicast}
no switchport block {multicast | unicast}
multicast |
Specifies that the unknown multicast traffic should be blocked. |
unicast |
Specifies that the unknown unicast traffic should be blocked. |
Unknown multicast and unicast traffic are not blocked. All traffic with unknown MAC addresses is sent to all ports.
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
You can block the unknown multicast or unicast traffic on the switch ports.
Blocking the unknown multicast or unicast traffic is not automatically enabled on the switch ports; you must explicitly configure it.
This example shows how to block the unknown multicast traffic on an interface:
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# switchport block multicast
|
|
---|---|
show interface switchport |
Displays the switch port information for a specified interface or all interfaces. |
To set the interface type to be a host port for a private VLAN, use the switchport mode private-vlan host command.
switchport mode private-vlan host
This command has no arguments or keywords.
None
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
When you configure a port as a host private VLAN port and one of the following applies, the port becomes inactive:
•The port does not have a valid private VLAN association configured.
•The port is a Switched Port Analyzer (SPAN) destination.
•The private VLAN association is suspended.
If you delete a private VLAN port association, or if you configure a private port as a SPAN destination, the deleted private VLAN port association or the private port that is configured as a SPAN destination becomes inactive.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
This example shows how to set a port to host mode for private VLANs:
switch(config-if)#
switchport mode private-vlan host
|
|
---|---|
show interface switchport |
Displays information on all interfaces configured as switch ports. |
show vlan private-vlan |
Displays the status of the private VLAN. |
To set the interface type to be a promiscuous port for a private VLAN, use the switchport mode private-vlan promiscuous command.
switchport mode private-vlan promiscuous
This command has no keywords or arguments.
None
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
When you configure a port as a promiscuous private VLAN port and one of the following applies, the port becomes inactive:
•The port does not have a valid private VLAN mapping configured.
•The port is a Switched Port Analyzer (SPAN) destination.
If you delete a private VLAN port mapping or if you configure a private port as a SPAN destination, the deleted private VLAN port mapping or the private port that is configured as a SPAN destination becomes inactive.
See the private-vlan command for more information on promiscuous ports.
This example shows how to set a port to promiscuous mode for private VLANs:
switch(config-if)#
switchport mode private-vlan promiscuous
|
|
---|---|
show interface switchport |
Displays information on all interfaces configured as switch ports. |
show vlan private-vlan |
Displays the status of the private VLAN. |
To configure the port as a secondary trunk port for a private VLAN, use the switchport mode private-vlan trunk command. To remove the isolated trunk port, use the no form of this command.
switchport mode private-vlan trunk [secondary]
no switchport mode private-vlan trunk [secondary]
secondary |
(Optional) Specifies the secondary port. |
None
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
In a private VLAN domain, isolated trunks are part of a secondary VLAN. Isolated trunk ports can carry multiple isolated VLANs.
This example shows how to configure Ethernet interface 1/1 as a promiscuous trunk port for a private VLAN:
switch(config)# interface ethernet 1/1
switch(config-if)# switchport mode private-vlan trunk secondary
switch(config-if)#
To associate an isolated trunk port with the primary and secondary VLANs of a private VLAN, use the switchport private-vlan association trunk command. To remove the isolated trunk port association, use the no form of this command.
switchport private-vlan association trunk primary-id secondary-id
no switchport private-vlan association trunk
primary-id |
Primary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
secondary-id |
Secondary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
None
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
The secondary VLAN should be an isolated VLAN. Only one isolated VLAN under a given primary VLAN can be associated to an isolated trunk port.
This example shows how to map the secondary VLANs to the primary VLAN:
switch(config)# interface ethernet 1/1
switch(config-if)# switchport mode private-vlan trunk secondary
switch(config-if)# switchport private-vlan association trunk 5 100
switch(config-if)#
To configure the allowed VLANs for the private trunk interface, use the switchport private-vlan trunk allowed vlan command. To remove the allowed VLANs, sue the no form of this command.
switchport private-vlan trunk allowed vlan {vlan-list | {add | all | except | remove} vlan-list | none}
no switchport private-vlan trunk allowed vlan {vlan-list | {add | all | except | remove} vlan-list | none}
Allows only associated VLANs on the private VLAN trunk interface.
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
The primary VLANs do not need to be explicitly added to the allowed VLAN list. They are added automatically once there is a mapping between primary and secondary VLANs.
This example shows how to add VLANs to the list of allowed VLANs on an Ethernet private VLAN trunk port:
switch(config)# interface ethernet 1/3
switch(config-if)# switchport private-vlan trunk allowed vlan 15-20
switch(config-if)#
To configure the native VLAN ID for the private VLAN trunk, use the switchport private-vlan trunk native command. To remove the native VLAN ID from the private VLAN trunk, use the no form of this command.
switchport private-vlan trunk native vlan vlan-list
no switchport private-vlan trunk native vlan vlan-list
vlan vlan-list |
Specifies the VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
VLAN 1.
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Secondary VLANs cannot be configured with a native VLAN ID on promiscuous trunk ports. Primary VLANs cannot be configured with a native VLAN ID on isolated trunk ports.
This example shows how to map the secondary VLANs to the primary VLAN:
switch(config)# interface ethernet 1/1
switch(config-if)# switchport private-vlan trunk native vlan 5
switch(config-if)#
To configure the interface to be an access host port, use the switchport host command. To remove the host port, use the no form of this command.
switchport host
no switchport host
This command has no arguments or keywords.
None
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Ensure that you are configuring the correct interface. It must be an interface that is connnected to an end station.
An access host port handles the Spanning Tree Protocol (STP) like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables EtherChannel on that interface.
This example shows how to set an interface as an Ethernet access host port with EtherChannel disabled:
switch(config)# interface ethernet 2/1
switch(config-if)# switchport host
switch(config-if)#
|
|
---|---|
show interface brief |
Displays a summary of the interface configuration information. |
show interface switchport |
Displays information on all interfaces configured as switch ports. |
To configure the interface as a nontrunking nontagged single-VLAN Ethernet interface, use the switchport mode command. To remove the configuration and restore the default, use the no form of this command.
switchport mode {access | trunk}
no switchport mode {access | trunk}
access |
Specifies that the interface is in access mode. |
trunk |
Specifies that the interface is in trunk mode. |
An access port carries traffic for VLAN 1.
Interface configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
An access port can carry traffic in one VLAN only. By default,an access port carries traffic for VLAN 1. To set the access port to carry traffic for a different VLAN, use the switchport access vlan command.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
This example shows how to set an interface as an Ethernet access port that carries traffic for a specific VLAN only:
switch(config)# interface ethernet 2/1
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 5
switch(config-if)#
|
|
---|---|
show interface switchport |
Displays information on all interfaces configured as switch ports. |
switchport access vlan |
Sets the access VLAN when the interface is in access mode. |
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan host-association
primary-vlan-id |
Number of the primary VLAN of the private VLAN relationship. |
secondary-vlan-id |
Number of the secondary VLAN of the private VLAN relationship. |
None
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on primary VLANs, secondary VLANs, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to configure a Layer 2 host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
switch(config-if)#
switchport private-vlan host-association 18 20
This example shows how to remove the private VLAN association from the port:
switch(config-if)#
no switchport private-vlan host-association
|
|
---|---|
show vlan private-vlan |
Displays information on private VLANs. |
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping {primary-vlan-id} {[add] secondary-vlan-id | remove secondary-vlan-id}
no switchport private-vlan mapping
None
Interface configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on primary VLANs, secondary VLANs, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to configure the associated primary VLAN 18 to secondary isolated VLAN 20 on a private VLAN promiscuous port:
switch(config-if)#
switchport private-vlan mapping 18 20
This example shows how to add a VLAN to the association on the promiscuous port:
switch(config-if)#
switchport private-vlan mapping 18 add 21
This example shows how to remove all private VLAN associations from the port:
switch(config-if)#
no switchport private-vlan mapping
To configure the Unidirectional Link Detection (UDLD) protocol on the switch, use the udld command. To disable UDLD, use the no form of this command.
udld {aggressive | message-time timer-time | reset}
no udld {aggressive | message-time | reset}
Global configuration mode
|
|
4.0(1a)N1(1) |
This command was introduced. |
UDLD aggressive mode is disabled by default. You can configure UDLD aggressive mode only on point-to-point links between network devices that support UDLD aggressive mode. If UDLD aggressive mode is enabled, when a port on a bidirectional link that has a UDLD neighbor relationship established stops receiving UDLD frames, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is disabled.
To prevent spanning tree loops, normal UDLD with the default interval of 15 seconds is fast enough to shut down a unidirectional link before a blocking port transitions to the forwarding state (with default spanning tree parameters).
When you enable the UDLD aggressive mode, the following occurs:
•One side of a link has a port stuck (both transmission and receive)
•One side of a link remains up while the other side of the link is down
In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic from being discarded.
This example shows how to enable the aggressive UDLD mode for the switch:
switch# configure terminal switch(config)# udld aggressive
This example shows how to reset all ports that were shut down by UDLD:
switch# configure terminal switch(config)# udld reset
|
|
---|---|
show udld |
Displays the administrative and operational UDLD status. |
To enable and configure the Unidirectional Link Detection (UDLD) protocol on an Ethernet interface, use the udld command. To disable UDLD, use the no form of this command.
udld {aggressive | disable | enable}
no udld {aggressive | disable | enable}
aggressive |
Enables UDLD in aggressive mode on the interface. |
disable |
Disables UDLD on the interface. |
enable |
Enables UDLD in normal mode on the interface. |
None
Interface configuration mode
|
|
4.0(1a)N1(1) |
This command was introduced. |
You can configure normal or aggressive UDLD modes for an Ethernet interface. Before you can enable a UDLD mode for an interface, you must make sure that UDLD is enabled on the switch. UDLD must also be enabled on the other linked interface and its device.
To use the normal UDLD mode on a link, you must configure one of the ports for normal mode and configure the port on the other end for the normal or aggressive mode. To use the aggressive UDLD mode, you must configure both ends of the link for aggressive mode.
This example shows how to enable the normal UDLD mode for an Ethernet port:
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# udld enable
This example shows how to enable the aggressive UDLD mode for an Ethernet port:
switch(config-if)# udld aggressive
This example shows how to disable UDLD for an Ethernet port:
switch(config-if)# udld disable
|
|
---|---|
show udld |
Displays the administrative and operational UDLD status. |
To add a VLAN or to enter the VLAN configuration mode, use the vlan command. To delete the VLAN and exit the VLAN configuration mode, use the no form of this command.
vlan {vlan-id | vlan-range}
no vlan {vlan-id | vlan-range}
None
Global configuration mode
Note You can also create and delete VLANs in the VLAN configuration mode using these same commands.
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
When you enter the vlan vlan-id command, a new VLAN is created with all default parameters and causes the CLI to enter VLAN configuration mode. If the vlan-id argument that you entered matches an existing VLAN, nothing happens except that you enter VLAN configuration mode.
You can enter the vlan-range using a comma (,), a dash (-), and the number.
VLAN 1 parameters are factory configured and cannot be changed; you cannot create or delete this VLAN. Additionally, you cannot create or delete VLAN 4095 or any of the internally allocated VLANs.
When you delete a VLAN, all the access ports in that VLAN are shut down and no traffic flows. On trunk ports, the traffic continues to flow for the other VLANs allowed on that port, but the packets for the deleted VLAN are dropped. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
This example shows how to add a new VLAN and enter VLAN configuration mode:
switch(config)#
vlan 2switch(config-vlan)#
This example shows how to add a range of new VLANs and enter VLAN configuration mode:
switch(config)#
vlan 2,5,10-12,20,25,4000switch(config-vlan)#
This example shows how to delete a VLAN:
switch(config)#
no vlan 2
|
|
---|---|
show vlan |
Displays VLAN information. |
To enable dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch, use the vlan dot1Q tag native command. To disable dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch, use the no form of this command.
vlan dot1Q tag native
no vlan dot1Q tag native
This comand has no arguments or keywords.
Disabled
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN.
To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command. The switch will tag the traffic received on the native VLAN and admit only 802.1Q-tagged frames, dropping any untagged traffic, including untagged traffic in the native VLAN.
Control traffic continues to be accepted as untagged on the native VLAN on a trunked port, even when the vlan dot1q tag native command is enabled.
Note The vlan dot1q tag native command is enabled on global basis
This example shows how to enable 802.1Q tagging on the switch:
switch(config)# vlan dot1q tag native
switch(config)#
This example shows how to disable 802.1Q tagging on the switch:
switch(config)# no vlan dot1q tag native
Turning off vlan dot1q tag native may impact the functioning of existing dot1q tunnel ports
switch(config)#
|
|
---|---|
show vlan dot1q tag nativet |
Displays the status of tagging on the native VLAN. |
To create a virtual routing and forwarding instance (VRF) and enter VRF configuration mode, use the vrf context command. To remove a VRF entry, use the no form of this command.
vrf context {name | management}
no vrf context {name | management}
name |
Name of the VRF. The name can be a maximum of 32 alphanumeric characters. |
management |
Specifies the management VRF. |
None
Global configuration mode
|
|
---|---|
4.0(0)N1(1a) |
This command was introduced. |
When you enter the VRF configuration mode, the following commands are available:
•exit—Exits from the current command mode.
•ip—Enables configuration of IP features.
Additional commands available in IP configuration mode:
–domain-list—Adds additional domain names.
–domain-lookup—Enables or disables DNS lookup.
–domain-name—Specifies the default domain name.
–host—Adds an entry to the IP hostname table
–name-server—Specifies the IP address of a DNS name server
–route—Adds route information by specifying IP addresses of the next hop servers.
•no—Negates a command or set its defaults.
•shutdown—Shuts down the current VRF context.
This example shows how to enter VRF context mode:
switch(config)#
vrf context management
switch(config-vrf)#
|
|
---|---|
show vrf |
Displays VRF information. |
To configure the name of the VLAN Trunking Protocol (VTP) administrative domain, use the vtp domain command. To remove the domain name, use the no form of this command.
vtp domain name
no vtp domain
name |
VTP domain name. The name can be a maximum of 32 ASCII characters. |
Blank
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
This example shows how to create a VTP domain:
switch(config)# vtp domain accounting
switch(config)#
|
|
---|---|
feature vtp |
Enables VTP on the switch. |
show vtp status |
Displays VTP information. |
To configure the VLAN Trunking Protocol (VTP) device mode, use the vtp mode command. To revert to the defaults, use the no form of this command.
vtp mode transparent
no vtp mode
transparent |
Specifies the device mode as transparent. |
Transparent
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
This example shows how to configure the VTP mode:
switch(config)# vtp mode transparent
switch(config)#
|
|
---|---|
feature vtp |
Enables VTP on the switch. |
show vtp status |
Displays VTP information. |
To configure the adminstrative domain to VLAN Trunking Protocol (VTP) version, use the vtp version command. To revert to the default version, use the no form of this command.
vtp version version
no vtp version
version |
VTP version. The range is from 1 to 2. |
Version 1 enabled
Version 2 disabled
Global configuration mode
|
|
---|---|
4.2(1)N1(1) |
This command was introduced. |
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.
This example shows how to create a VTP domain:
switch(config)# vtp version 2
switch(config)#
|
|
---|---|
feature vtp |
Enables VTP on the switch. |
show vtp status |
Displays VTP information. |