Feedback
Contents
show vlan through storm-control
- show vlan
- show vlan access-map
- show vlan mapping
- show vtp
- shutdown vlan
- spanning-tree backbonefast
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree cost
- spanning-tree etherchannel guard misconfig
- spanning-tree extend system-id
- spanning-tree guard
- spanning-tree link-type
- spanning-tree loopguard default
- spanning-tree mst
- spanning-tree mst configuration
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst max-age
- spanning-tree mst max-hops
- spanning-tree mst pre-standard
- spanning-tree mst priority
- spanning-tree mst root
- spanning-tree portfast (interface)
- spanning-tree port-priority
- spanning-tree transmit hold-count
- spanning-tree uplinkfast
- spanning-tree vlan
- storm-control
show vlan
Syntax Description
all
(Optional) Displays all VLAN information.
brief
(Optional) Displays only a single line for each VLAN, naming the VLAN, status, and ports.
id vlan-id
(Optional) Displays information about a single VLAN that is identified by a VLAN ID number; valid values are from 1 to 4094.
name name
(Optional) Displays information about a single VLAN that is identified by VLAN name; valid values are an ASCII string fro m 1 to 32 char acters.
ifindex
(Optional) Displays the VLAN’s ifIndex number.
Usage Guidelines
Each Ethernet switch port and Ethernet repeater group belong to only one VLAN. Trunk ports can be on multiple VLANs.
If you shut down a VLAN using the state suspend or the state activecommand, these values appear in the Status field:
If you shut down a VLAN using the shutdown command, these values appear in the Status field:
- act/lshut--VLAN status is active but shut down locally.
- sus/lshut--VLAN status is suspended but shut down locally.
This is an example of the output for a VLAN (VLAN0002) that is active but shut down locally:
Router# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa5/9 2 VLAN0002 act/lshut Fa5/9 <...Output truncated...>If a VLAN is shut down internally, these values appear in the Status field:
- act/ishut--VLAN status is active but shut down internally.
- sus/ishut--VLAN status is suspended but shut down internally.
This is an example of the output for a VLAN (VLAN0002) that is active but shut down internally:
Router# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa5/9 2 VLAN0002 act/ishut Fa5/9 <...Output truncated...>If a VLAN is shut down locally and internally, the value that is displayed in the Status field is act/ishut or sus/ishut. If a VLAN is shut down locally only, the value that is displayed in the Status field is act/lshut or sus/lshut.
Separate VLAN ranges with a hyphen, and separate VLANs with a comma and no spaces in between. For example, you can enter the following:
Router# show vlan id 1-4,3,7,5-20When displaying a single VLAN both trunk and non-trunk ports are displayed. A non-trunk port is a port that is not configured as pm_port_mode_trunk. If an interface is configured as "switchport port mode trunk" it is displayed whether the link is up or down.
When displaying multiple VLANs only non-trunk ports are displayed.
Examples
This example shows how to display the VLAN parameters for all VLANs within the administrative domain:
Router# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa5/9 2 VLAN0002 active Fa5/9 3 VLAN0003 active Fa5/9 4 VLAN0004 active Fa5/9 5 VLAN0005 active Fa5/9 6 VLAN0006 active Fa5/9 <...Output truncated...> 1004 fddinet-default active Fa5/9 1005 trbrf-default active Fa5/9 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 3 enet 100003 1500 - - - - - 303 0 4 enet 100004 1500 - - - - - 304 0 5 enet 100005 1500 - - - - - 305 0 6 enet 100006 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 <...Output truncated...> Remote SPAN VLANs ----------------- 2, 20 Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Router#This example shows how to display the VLAN name, status, and associated ports only:
Router# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa5/9 2 VLAN0002 active Fa5/9 3 VLAN0003 act/lshut Fa5/9 4 VLAN0004 act/lshut Fa5/9 5 VLAN0005 active Fa5/9 10 VLAN0010 active Fa5/9 . . . 999 VLAN0999 active Fa5/9 1002 fddi-default active Fa5/9 1003 trcrf-default active Fa5/9 1004 fddinet-default active Fa5/9 1005 trbrf-default active Fa5/9 Router#This example shows how to display the VLAN parameters for multiple VLANs:
Router# show vlan id 1-4,3,7,5-20 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------ 1 default active Fa5/7, Fa5/12 2 VLAN0002 active 3 VLAN0003 act/lshut 4 VLAN0004 act/lshut 5 VLAN0005 active 6 VLAN0006 active 10 VLAN0010 active 20 VLAN0020 active VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 3 enet 100003 1500 - - - - - 303 0 4 enet 100004 1500 - - - - - 304 0 5 enet 100005 1500 - - - - - 305 0 6 enet 100006 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Router#This example shows how to display the ifIndex number for VLAN 10 only:
Router# show vlan id 10 ifindex VLAN Ifindex ---- ------- 10 37 Router#The table below describes the fields that are shown in the example.
Table 1 show vlan Command Output Fields Field
Description
VLAN
VLAN number.
Name
Name, if configured, of the VLAN.
Status
Status of the VLAN (active or suspend, act/lshut or sus/lshut, or act/ishut or sus/ishut).
Ports
Ports that belong to the VLAN.
Type
Media type of the VLAN.
SAID
Security association ID value for the VLAN.
MTU
Maximum transmission unit size for the VLAN.
Parent
Parent VLAN, if one exists.
RingNo
Ring number for the VLAN, if applicable.
BrdgNo
Bridge number for the VLAN, if applicable.
Stp
Spanning Tree Protocol type that is used on the VLAN.
BrdgMode
Bridging mode for this VLAN--possible values are SRB and SRT; the default is SRB.
AREHops
Maximum number of hops for All-Routes Explorer frames--possible values are 1 through 13; the default is 7.
STEHops
Maximum number of hops for Spanning Tree Explorer frames--possible values are 1 through 13; the default is 7.
Backup CRF
Status of whether the TrCRF is a backup path for traffic.
Ifindex
Number of the ifIndex.
Remote SPAN VLAN
RSPAN status.
Primary
Number of the primary VLAN.
Secondary
Number of the secondary VLAN.
Ports
Indicates the ports within a VLAN.
Type
Type of VLAN--Possible values are primary, isolated, community, nonoperation, or normal.
show vlan access-map
To display the contents of a VLAN-access map, use the showvlanaccess-map command in privileged EXEC mode.
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
15.1.(1)SG
This command was integrated into Cisco IOS Release 15.1(1)SG.
Examples
The following example shows how to display the contents of a VLAN-access map. The fields shown in the display are self-explanatory.
Device# show vlan access-map access-map-example-1 Vlan access-map access-map-example-1 match: ip address 13 action: forward captureDevice# show vlan access-map vl10 match clauses: ipv6 address: v6acl Action: dropshow vlan mapping
To register a mapping of an 802.1Q VLAN to an Inter-Switch Link (ISL) VLAN, use the showvlanmapping command in privileged EXEC mode.
show vtp
To display general information about the VLAN Trunking Protocol (VTP) management domain, status, and counters, use theshowvtp command in privileged EXEC mode.
Syntax Description
counters
Displays the VTP counters for the switch.
interface
Displays information for all interfaces.
type / number
(Optional) A specific interface.
status
Displays general information about the VTP management domain.
password
Displays VTP password in VTP version 3 domain.
devices
Displays VTP version 3 domain information.
conflicts
(Optional) Displays only devices that have conflicting servers in a VTP version 3 domain.
Command History
Release
Modification
11.2(8)SA4
This command was introduced.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
This command was implemented on the Supervisor Engine 720.
12.2(17d)SXB
This command on the Supervisor Engine 2 was extended to Cisco IOS Release12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC
Thepassword,devices, and conflicts keywords were added to support VTP version 3 on the Cisco 7600 series routers.
12.2(33)SXI
The output for counters and status were updated to include VTPv3 information.
Usage Guidelines
In the output of the showvtpstatus command, the last modified time is of the modifier itself. For example, the time displayed in the line “Configuration last modified by 7.0.22.11 at 5-5-06 05:51:49”, is the time that the modifier (7.0.22.11) last modified the VLAN configuration.
Examples
The following is sample output from the showvtpcounters command:
Router# show vtp counters VTP statistics: Summary advertisements received : 0 Subset advertisements received : 0 Request advertisements received : 0 Summary advertisements transmitted : 6970 Subset advertisements transmitted : 0 Request advertisements transmitted : 0 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Gi1/11 0 0 0 Gi8/10 0 0 0 Gi8/15 0 0 0 Gi8/16 0 0 0 Fa3/1 0 0 0 Fa3/2 0 0 0 Router#This example shows how to display only those lines in the showvtp output that contain the word Summary:
Router# show vtp counters | include Summary Summary advertisements received : 1 Summary advertisements transmitted : 32 Trunk Join Transmitted Join Received Summary advts received from Router#This example shows how to display general information about the VTP management domain:
Router# show vtp status VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0012.44dc.b800 MD5 digest : 0x61 0x98 0xD0 0xAD 0xA4 0x8C 0x53 0x35 Configuration last modified by 10.10.0.0 at 8-7-06 06:56:27 Local updater ID is 10.10.0.0 on interface Lo0 (first layer3 interface found) Feature VLAN: -------------- VTP Mode : Server Maximum VLANs supported locally : 1005 Number if existing VLANs : 53 Revision : 1 Router#The table below describes the significant fields shown in the display.
Table 2 show vtp counters Field Descriptions Field
Description
Summary advertisements received
Number of summary advertisements received by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update time stamp and identity, the authentication checksum, and the number of subset advertisements to follow.
Subset advertisements received
Number of subset advertisements received by this switch on its trunk ports. Subset advertisements contain all the VTP information for one or more VLANs.
Request advertisements received
Number of advertisement requests received by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.
Summary advertisements transmitted
Number of summary advertisements sent by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update time stamp and identity, the authentication checksum, and the number of subset advertisements to follow.
Subset advertisements transmitted
Number of subset advertisements sent by this switch on its trunk ports. Subset advertisements contain all the VTP information for one or more VLANs.
Request advertisements transmitted
Number of advertisement requests sent by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.
Number of config revision errors
Number of revision errors.
Whenever you define a new VLAN, delete an existing VLAN, suspend or resume an existing VLAN, or modify the parameters on an existing VLAN, the configuration revision number of the switch increments.
Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the message digest algorithm 5 (MD5) values do not match. This error indicates that the VTP password in the two switches is different, or the switches have different configurations.
These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.
Number of config digest errors
Number of MD5 errors.
Digest errors increment whenever the MD5 digest in the summary packet and the MD5 digest of the received advertisement calculated by the switch do not match. This error usually indicates that the VTP passwords in the two switches are different. To solve this problem, make sure the VTP password on all switches is the same.
These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.
Number of V1 summary errors
Number of version 1 errors.
Version 1 summary errors increment whenever a switch in VTP V2 mode receives a VTP version 1 frame. These errors indicate that at least one neighboring switch is either running VTP version 1 or VTP version 2 with V2-mode disabled. To solve this problem, change the configuration of the switches in VTP V2-mode to disabled.
Trunk
Trunk port participating in VTP pruning.
Join Transmitted
Number of VTP pruning messages transmitted on the trunk.
Join Received
Number of VTP pruning messages received on the trunk.
Summary advts received from non-pruning-capable device
Number of VTP summary messages received on the trunk from devices that do not support pruning.
The following is sample output from the showvtpstatus command for VTP version 1 and VTP version 2:
Router# show vtp status VTP Version : 3 (capable) Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 37 VTP Operating Mode : Server VTP Domain Name : [smartports] VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x26 0xEE 0x0D 0x84 0x73 0x0E 0x1B 0x69 Configuration last modified by 172.20.52.19 at 7-25-08 14:33:43 Local updater ID is 172.20.52.19 on interface Gi5/2 (first layer3 interface fou) VTP version running : 2The table below describes the significant fields shown in the display.
The following is sample output from the showvtpstatus command for all three VTP versions on the Cisco 7600 series routers running Release 12.2(33)SRC and later.
This example shows how to verify the configuration when the device is running VTP version 1:
Router# show vtp status VTP Version capable : 1 to 3 VTP version running : 1 VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP Traps Generation : Disabled Device ID : 0016.9c6d.5300 Configuration last modified by 127.0.0.12 at 10-18-07 10:12:42 Local updater ID is 127.00.12 at 10-18-07 10:2:42 Feature VLAN: -------------- VTP Operating Mode : Server Maximum number of existing VLANs : 5 Configuration Revision : 1 MD5 digest : 0x92 0xF1 0xE8 0x52 0x2E ox5C 0x36 0x10 0x70 0x61 0xB8 0x24 0xB6 0x93 0x21 0x09 Router#This example shows how to verify the configuration when the device is running VTP version 2:
Router# show vtp status VTP Version capable : 1 to 3 VTP version running : 2 VTP Domain Name : Lab_Network VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0012.44dc.b800 Configuration lst modified by 127.0.0.12 at 10-18-07 10:38:45 Local updater ID is 127.0.0.12 on interface EO 0/0 (first interface found) Feature VLAN: -------------- VTP Operating Mode : Server Maximum VLANs supported locally: 1005 Number of existing VLANs : 1005 Configuration Revision : 1 MD5 digest : 0x2E 0x6B 0x99 0x58 0xA2 0x4F 0xD5 0x150x70 0x61 0xB8 0x24 0xB6 0x93 0x21 0x09 Router#This example shows how to verify the configuration when the device is running VTP version 3:
Router# show vtp status VTP Version capable : 1 to 3 VTP version running : 3 VTP Domain Name : Lab_Network VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0012.44dc.b800 Feature VLAN: -------------- VTP Operating Mode : Server Number of existing VLANs : 1005 Number of existing extended VLANs: 3074 Configuration Revision : 18 Primary ID : 0012.4371.9ec0 Primary Description : Router#The table below describes the significant fields shown in the displays.
Table 4 show vtp status Field Descriptions (Cisco 7600 Series Routers Release 12.2(33)SRC and Later) Field
Description
VTP Version capable
Versions of VTP that the device is capable of running.
VTP Version running
Version of VTP that the device is running.
VTP Domain Name
Name that identifies the administrative domain for the device.
VTP Pruning Mode
Displays whether pruning is enabled or disabled. Enabling pruning on a VTP server enables pruning for the entire management domain. Pruning restricts flooded traffic to those trunk lines that the traffic must use to access the appropriate network devices.
VTP Traps Generation
Displays whether VTP traps are transmitted to a network management station.
Device ID
MAC address of the local device.
Configuration last modified
Configuration lst modified
Displays the date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.
VTP Operating Mode
VTP Mode (Client, Server, Transparent, Off) listed by feature type.
Maximum VLANs supported locally
Maximum number of VLANs supported locally.
Maximum number of existing VLANs
Number of existing VLANs.
Number of existing extended VLANs
Number of existing extended VLANs.
Configuration Revision
Configuration revision number for the specific feature.
Primary ID
MAC address of primary server.
Primary Description
Name of primary server.
MD5 digest
32-bit checksum of the VTP configuration.
This example shows how to display information for a specific interface:
Router# show vtp interface GigabitEthernet2/4 Interface VTP Status ------------------------------------ GigabitEthernet2/4 enabledThis example shows how a password is displayed when it is configured using the hidden keyword (VTP version 3 only):
Router# show vtp password VTP Password: 89914640C8D90868B6A0D8103847A733 Router#This example shows how to display information about all VTP devices in the domain:
Router# show vtp devices Gathering information from the domain, please wait. VTP Database Conf switch ID Primary Server Revision System Name lict ------------ ---- -------------- ------------------------ ------------------ VLAN Yes 00b0.8e50.d000 000c.0412.6300 12354 main.cisco.com MST No 00b0.8e50.d000 0004.AB45.6000 24 main.cisco.com VLAN Yes 000c.0412.6300=000c.0412.6300 67 querty.cisco.comThe table below describes the significant fields shown in the display.
Table 5 show vtp devices Field Descriptions Field
Description
VTP Database
Displays the feature (database) type (VLAN or MST) of each server.
Conflict
Yes is displayed in this column if the server is in conflict with the local server for the feature. A conflict is detected when two devices in the same domain do not have the same primary server for the given database.
Switch ID
The MAC address of the server.
Primary Server
The MAC address of the primary server for the device identified in the Switch ID column. If a device is configured with a database that it originated, and equal sign (=) appears between the Primary Server field and the Switch ID field.
Revision
Revision number of the VTP database.
System Name
String provided to more easily identify the system.
shutdown vlan
spanning-tree backbonefast
To enable BackboneFast to allow a blocked port on a switch to change immediately to a listening mode, use the spanning-treebackbonefast command in global configuration mode. To return to the default setting, use the no form of this command.
Command History
Release
Modification
12.1(6)EA2
This command was introduced.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(15)ZJ
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
Usage Guidelines
BackboneFast should be enabled on all of the Cisco routers containing an Ethernet switch network module. BackboneFast provides for fast convergence in the network backbone after a spanning-tree topology change. It enables the switch to detect an indirect link failure and to start the spanning-tree reconfiguration sooner than it would under normal spanning-tree rules.
Use the showspanning-tree privileged EXEC command to verify your settings.
spanning-tree bpdufilter
To enable bridge protocol data unit (BPDU) filtering on the interface, use the spanning-treebpdufiltercommand in interface configuration mode. To return to the default settings, use the no form of this command.
Command Default
The setting that is already configured when you enter the spanning-treeportfastbpdufilterdefault command .
Usage Guidelines
Caution
Be careful when you enter the spanning-treebpdufilterenable command. Enabling BPDU filtering on an interface is similar to disabling the spanning tree for this interface. If you do not use this command correctly, you might create bridging loops.
Entering the spanning-treebpdufilterenable command to enable BPDU filtering overrides the PortFast configuration.
When configuring Layer 2-protocol tunneling on all the service-provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-treebpdufilterenable command.
BPDU filtering prevents a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:
- spanning-tree bpdufilter enable -- Unconditionally enables BPDU filtering on the interface.
- spanning-tree bpdufilter disable -- Unconditionally disables BPDU filtering on the interface.
- no spanning-tree bpdufilter -- Enables BPDU filtering on the interface if the interface is in operational PortFast state and if you configure the spanning-treeportfastbpdufilterdefault command.
Use the spanning-treeportfastbpdufilterdefaultcommand to enable BPDU filtering on all ports that are already configured for PortFast.
spanning-tree bpduguard
To enable bridge protocol data unit (BPDU) guard on the interface, use the spanning-treebpduguard command in interface configuration mode. To return to the default settings, use the no form of this command.
Command Default
The setting that is already configured when you enter the spanning-treeportfastbpduguarddefault command .
Usage Guidelines
BPDU guard prevents a port from receiving BPDUs. Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure. This command has three states:
- spanning-tree bpduguard enable -- Unconditionally enables BPDU guard on the interface.
- spanning-tree bpduguard disable -- Unconditionally disables BPDU guard on the interface.
- no spanning-tree bpduguard --E nables BPDU guard on the interface if it is in the operational PortFast state and if the spanning-treeportfastbpduguarddefault command is configured.
spanning-tree cost
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-treecost command in interface configuration mode. To revert to the default value, use the no form of this command.
Command Default
The default path cost is computed from the bandwidth setting of the interface; default path costs are:
Ethernet: 100 16-Mb Token Ring: 62 FDDI: 10 FastEthernet: 10 ATM 155: 6 GigibitEthernet: 1 HSSI: 647
Command History
Release
Modification
12.0(7)XE
This command was introduced on the Catalyst 6000 family switches.
12.1(3a)E
This command was modified to support 32-bit path cost.
12.2(2)XT
This command was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
When you specify a value for the cost argument, higher values indicate higher costs. This range applies regardless of the protocol type specified.
Examples
The following example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN associated with that interface:
Router(config)# interface ethernet 2/0 Router(config-if)# spanning-tree cost 250Related Commands
Command
Description
show spanning -tree
Displays spanning-tree information for the specified spanning-tree instances.
spanning -treeport-priority
Sets an interface priority when two bridges tie for position as the root bridge.
spanning-tree portfast (global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning-tree portfast (interface)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning -treeuplinkfast
Enables the UplinkFast feature.
spanning -treevlan
Configures STP on a per-VLAN basis.
spanning-tree etherchannel guard misconfig
To display an error message when a loop due to a channel misconfiguration is detected, use the spanning-treeetherchannelguardmisconfig command in global configuration mode. To disable the error message, use the no form of this command.
Usage Guidelines
EtherChannel uses either Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) and does not work if the EtherChannel mode of the interface is enabled using the channel-group group-number mode on command.
The spanning-treeetherchannelguardmisconfig command detects two types of errors: misconfiguration and misconnection errors. A misconfiguration error is an error between the port-channel and an individual port. A misconnection error is an error between a switch that is channeling more ports and a switch that is not using enough Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) to detect the error. In this case, the switch will only error disable an EtherChannel if the switch is a nonroot switch.
When an EtherChannel-guard misconfiguration is detected, this error message displays:
msgdef(CHNL_MISCFG, SPANTREE, LOG_CRIT, 0, “Detected loop due to etherchannel misconfiguration of %s %s”)To determine which local ports are involved in the misconfiguration, enter the showinterfacesstatuserr-disabled command. To check the EtherChannel configuration on the remote device, enter the showetherchannelsummarycommand on the remote device.
After you correct the configuration, enter the shutdown and the noshutdown commands on the associated port-channel interface.
spanning-tree extend system-id
To enable the extended-system ID feature on chassis that support 1024 MAC addresses, use the spanning-treeextendsystem-id command in global configuration mode. To disable the extended system identification, use the no form of this command.
Usage Guidelines
The Cisco 7600 series router can support 64 or up to 1024 MAC addresses. For a Cisco 7600 series router with 64 MAC addresses, STP uses the extended-system ID and a MAC address to make the bridge ID unique for each VLAN.
You cannot disable the extended-system ID on a Cisco 7600 series router that supports 64 MAC addresses.
Enabling or disabling the extended-system ID updates the bridge IDs of all active Spanning Tree Protocol (STP) instances, which might change the spanning-tree topology.
spanning-tree guard
To enable or disable the guard mode, use the spanning-treeguardcommand in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree link-type
To configure a link type for a port, use the spanning-treelink-type command in the interface configuration mode. To return to the default settings, use the no form of this command.
Command Default
Link type is automatically derived from the duplex setting unless you explicitly configure the link type.
Usage Guidelines
Rapid Spanning Tree Protocol Plus (RSTP+) fast transition works only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.
spanning-tree loopguard default
To enable loop guard as a default on all ports of a given bridge, use the spanning-treeloopguarddefault command in global configuration mode. To disable loop guard, use the no form of this command.
Usage Guidelines
Loop guard provides additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link.
Loop guard operates only on ports that are considered point to point by the spanning tree.
The individual loop-guard port configuration overrides this command.
spanning-tree mst
To set the path cost and port-priority parameters for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the spanning-treemst command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id { { cost cost | port-priority priority } | pre-standard }
no spanning-tree mst instance-id { { cost | port-priority } | pre-standard }
Syntax Description
instance-id
Instance ID number; valid values are from 0 to 15.
cost cost
Path cost for an instance; valid values are from 1 to 200000000.
port-priority priority
Port priority for an instance; valid values are from 0 to 240 in increments of 16.
pre-standard
Configures prestandard MST BPDU transmission on the interface.
Command Default
The defaults are as follows:
- cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
- priority is 128.
Usage Guidelines
Higher cost costvalues indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
Higher port-priority priorityvalues indicate smaller priorities.
spanning-tree mst configuration
To enter MST-configuration submode, use the spanning-treemstconfiguration command in global configuration mode. To return to the default settings, use the no form of this command.
Command Default
The default value for the Multiple Spanning Tree (MST) configuration is the default value for all its parameters:
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Cisco IOS XE Release XE 3.7S
This command was integrated into Cisco IOS XE Release XE 3.7S.
Usage Guidelines
The MST configuration consists of three main parameters:
- Instance VLAN mapping--See the instance command
- Region name--See the name(MSTconfigurationsubmode) command
- Configuration revision number--See the revision command
The abort and exit commands allow you to exit MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving MST configuration submode. If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST-configuration submode, a warning message displays and lists the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The warning message is as follows:
These secondary vlans are not mapped to the same instance as their primary: -> 3The abort command leaves MST-configuration submode without committing any changes.
Changing an MST-configuration submode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST-configuration submode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:
% MST CFG:Configuration change lost because of concurrent accessExamples
This example shows how to enter MST-configuration submode:
Device(config)# spanning-tree mst configuration Device(config-mst)#This example shows how to reset the MST configuration to the default settings:
Device(config)# no spanning-tree mst configuration Device(config)#spanning-tree mst forward-time
To set the forward-delay timer for all the instances on the Cisco 7600 series router, use the spanning-treemstforward-timecommand in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the Cisco 7600 series router, use the spanning-treemsthello-time command in global configuration mode. To return to the default settings, use the no form of this command.
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
spanning-tree mst max-age
To set the max-age timer for all the instances on the Cisco 7600 series router, use the spanning-treemstmax-age command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-treemstmax-hops command in global configuration mode. To return to the default settings, use the no form of this command.
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(18)SXF
This command was changed to increase the maximum number of possible hops from 40 to 255 hops.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
spanning-tree mst pre-standard
To configure a port to transmit only prestandard bridge protocol data units (BPDUs), use the spanning-treemstpre-standard command in interface configuration mode. To return to the default settings, use the no form of this command.
Usage Guidelines
Even with the default configuration, the port can receive both prestandard and standard BPDUs.
Prestandard BPDUs are based on the Cisco IOS Multiple Spanning Tree (MST) implementation that was created before the IEEE standard was finalized. Standard BPDUs are based on the finalized IEEE standard.
If you configure a port to transmit prestandard BPDUs only, the prestandard flag displays in the showspanning-treecommands. The variations of the prestandard flag are as follows:
- Pre-STD (or pre-standard in long format)--This flag displays if the port is configured to transmit prestandard BPDUs and if a prestandard neighbor bridge has been detected on this interface.
- Pre-STD-Cf (or pre-standard (config) in long format)--This flag displays if the port is configured to transmit prestandard BPDUs but a prestandard BPDU has not been received on the port, the autodetection mechanism has failed, or a misconfiguration, if there is no prestandard neighbor, has occurred.
- Pre-STD-Rx (or pre-standard (rcvd) in long format)--This flag displays when a prestandard BPDU has been received on the port but it has not been configured to send prestandard BPDUs. The port will send prestandard BPDUs, but we recommend that you change the port configuration so that the interaction with the prestandard neighbor does not rely only on the autodetection mechanism.
If the MST configuration is not compatible with the prestandard (if it includes an instance ID greater than 15), only standard MST BPDUs are transmitted, regardless of the STP configuration on the port.
spanning-tree mst priority
To set the bridge priority for an instance, use the spanning-treemstprioritycommand in global configuration mode. To return to the default setting, use the no form of this command.
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority to 0 to make the switch root.
You can enter instanceas a single instance or a range of instances, for example, 0-3,5,7-9.
spanning-tree mst root
To designate the primary and secondary root switch and set the timer value for an instance, use the spanning-treemstrootcommand in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree mst instance root { primary | secondary } [ diameter diameter [ hello-time seconds ] ]
no spanning-tree mst instance root
Syntax Description
instance
Instance identification number; valid values are from 0 to 4094.
primary
Specifies the high enough priority (low value) to make the root of the spanning-tree instance.
secondary
Specifies the switch as a secondary root, should the primary root fail.
diameter diameter
(Optional) Specifies the timer values for the root switch that are based on the network diameter; valid values are fro m 1 to 7.
hello-time seconds
(Optional) Specifies the duration between the generation of configuration messages by the root switch.
Usage Guidelines
You can enter instanceas a single instance or a range of instances, for example, 0-3,5,7-9.
The spanning-treemstrootsecondary value is 16384.
The diameterdiameter and hello-timesecondskeywords and arguments are available for instance 0 only.
If you do not specify the secondsargument, the value for it is calculated from the network diameter.
spanning-tree portfast (interface)
To enable PortFast mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-treeportfast command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree portfast
spanning-tree portfast { disable | edge [trunk] | network | trunk }
no spanning-tree portfast
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXI
Added edge [ trunk ] and network keywords.
Usage Guidelines
You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the Cisco 7600 series router and network operation.
An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-time delay.
Be careful when using the nospanning-treeportfast command. This command does not disable PortFast if the spanning-treeportfastdefault command is enabled.
This command has these states:
- spanning-tree portfast --This command enables PortFast unconditionally on the given port.
- spanning-tree portfast disable --This command explicitly disables PortFast for the given port. The configuration line shows up in the running configuration because it is not the default.
- spanning-tree portfast edge --This command allows you to configure PortFast edge mode on the given port.
- spanning-tree portfast network --This command allows you to configure PortFast network mode on the given port.
- spanning-tree portfast [edge] trunk--This command allows you to configure PortFast on trunk ports. The edgekeyword is required with trunkin Cisco IOS Release 12.2(33)SXI and later releases.
NoteIf you enter the spanning-treeportfasttrunk command, th e port is configured for PortFast even in the access mode.
- no spanning-tree portfast --This command implicitly enables PortFast if you define the spanning-treeportfastdefault command in global configuration mode and if the port is not a trunk port. If you do not configure PortFast globally, the nospanning-treeportfast command is equivalent to the spanning-treeportfastdisable command.
Examples
This example shows how to enable PortFast mode in releases earlier than Cisco IOS Release 12.2(33)SXI:
Router(config-if)# spanning-tree portfast Router(config-if)#This example shows how to enable PortFast edge mode in Cisco IOS Release 12.2(33)SXI and later releases:
Router(config-if)# spanning-tree portfast edge Router(config-if)#spanning-tree port-priority
To set an interface priority when two bridges tie for position as the root bridge, use the spanning-treeport-priority command in interface configuration mode. To revert to the default value, use the no form of this command.
Command History
Release
Modification
12.0(7)XE
This command was introduced on the Catalyst 6000 series switches.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Examples
The following example shows how to increase the likelihood that spanning-tree instance 20 is chosen as the root-bridge on interface Ethernet 2/0:
Router(config)# interface ethernet 2/0 Router(config-if)# spanning-tree port-priority 20 Router(config-if)#Related Commands
Command
Description
show spanning -tree
Displays spanning-tree information for the specified spanning-tree instances.
spanning -treecost
Sets the path cost of the interface for STP calculations.
spanning-tree mst
Sets the path cost and port-priority parameters for any MST instance (including the CIST with instance ID 0).
spanning-tree portfast (global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning-tree portfast (interface)
Enables PortFast mode, which places the interface immediately into the forwarding state upon linkup without waiting for the timer to expire.
spanning -treeuplinkfast
Enables the UplinkFast feature.
spanning -treevlan
Configures STP on a per-VLAN basis.
spanning-tree transmit hold-count
To specify the transmit hold count, use the spanning-treetransmithold-count command in global configuration mode. To return to the default settings, use the no form of this command.
Usage Guidelines
This command is supported on all spanning-tree modes.
The transmit hold count determines the number of BPDUs that can be sent before pausing for 1 second.
NoteChanging this parameter to a higher value may have a significant impact on CPU utilization, especially in rapid-Per-VLAN Spanning Tree (PVST) mode. Lowering this parameter could slow convergence in some scenarios. We recommend that you do not change the value from the default setting.
If you change the value setting, enter the showrunning-config command to verify the change.
If you delete the command, use the showspanning-treemstcommand to verify the deletion.
spanning-tree uplinkfast
To enable UplinkFast, use the spanning-treeuplinkfast command in global configuration mode. To disable UplinkFast, use the no form of this command.
spanning-tree uplinkfast [ max-update-rate packets-per-second ]
no spanning-tree uplinkfast [max-update-rate]
Command Default
The defaults are as follows:
- UplinkFast is disabled.
- packets-per-second is 150 packets per second.
Usage Guidelines
Use this command only on access switches.
When you configure UplinkFast, the bridge priority is changed to 49152 so that this switch is not selected as root. All interface path costs of all spanning-tree interfaces that belong to the specified spanning-tree instances also increase by 3000.
When spanning tree detects that the root interface has failed, UplinkFast causes an immediate switchover to an alternate root interface, transitioning the new root interface directly to the forwarding state. During this time, a topology change notification is sent. To minimize the disruption that is caused by the topology change, a multicast packet is sent to 01-00-0C-CD-CD-CD for each station address in the forwarding bridge except for those associated with the old root interface.
Use the spanning-treeuplinkfastmax-update-rate command to enable UplinkFast (if it is not already enabled) and change the rate at which update packets are sent. Use the no form of this command to return to the default rate.
spanning-tree vlan
To configure Spanning Tree Protocol (STP) on a per-virtual LAN (VLAN) basis, use the spanning-treevlan command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [ forward-time seconds | hello-time seconds | max-age seconds | priority priority | protocol protocol | [ root { primary | secondary } [ diameter net-diameter [ hello-time seconds ] ] ] ]
no spanning-tree vlan vlan-id [ forward-time | hello-time | max-age | priority | protocol | root ]
Syntax Description
vlan id
VLAN identification number; valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
forward -timeseconds
(Optional) Sets the STP forward delay time; valid values are from 4 to 30 seconds.
hello -timeseconds
(Optional) Specifies the duration, in seconds, between the generation of configuration messages by the root switch; valid values are from 1 to 10 seconds.
max -ageseconds
(Optional) Sets the maximum number of seconds the information in a bridge packet data unit (BPDU) is valid; valid values are from 6 to 40 seconds.
priority priority
(Optional) Sets the STP bridge priority; valid values are from 0 to 65535.
protocol protocol
(Optional) Sets the STP. See the “Usage Guidelines” section for a list of valid values.
root primary
(Optional) Forces this switch to be the root bridge.
root secondary
(Optional) Specifies this switch to act as the root switch should the primary root fail.
diameter net -diameter
(Optional) Specifies the maximum number of bridges between any two points of attachment of end stations; valid values are from 2 through 7.
Command Default
The defaults are:
- forward-time --15 seconds
- hello-time --2 seconds
- max-age --20 seconds
- priority --The default with IEEE STP enabled is 32768; the default with STP enabled is 128.
- protocol --IEEE
- root --No STP root
When you issue the nospanning-treevlanxxroot command the following parameters are reset to their defaults:
- priority --The default with IEEE STP enabled is 32768; the default with STP enabled is 128.
- hello-time --2 seconds
- forward-time --15 seconds
- max-age --20 seconds
Command History
Release
Modification
12.0(7)XE
This command was introduced on the Catalyst 6000 series switches.
12.1(1)E
Support for this command on the Catalyst 6000 series switches was extended to Cisco IOS Release 12.1(1)E.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T
This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.
Usage Guidelines
Caution
When disabling spanning tree on a VLAN using the no spanning-tree vlan vlan-id command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.
Caution
We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.
When you set the max-ageseconds parameter, if a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
Valid values for protocol are dec (Digital STP), ibm (IBM STP), ieee (IEEE Ethernet STP), and vlan-bridge (VLAN Bridge STP).
The spanning-treerootprimary command alters this switch’s bridge priority to 8192. If you enter the spanning-treerootprimary command and the switch does not become the root switch, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch still does not become the root, an error results.
The spanningtreerootsecondarycommand alters this switch’s bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.
Use the spanningtreeroot commands on backbone switches only.
The spanning-treeetherchannelguardmisconfig command detects two types of errors: misconfiguration and misconnection errors. A misconfiguration error is an error between the port-channel and an individual port. A misconnection error is an error between a switch that is channeling more ports and a switch that is not using enough Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) to detect the error. In this case, the switch will only error disable an EtherChannel if the switch is a nonroot switch.
Examples
The following example shows how to enable spanning tree on VLAN 200:
Router(config)# spanning-tree vlan 200The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
Router(config)# spanning-tree vlan 10 root primary diameter 4The following example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
Router(config)# spanning-tree vlan 10 root secondary diameter 4Related Commands
Command
Description
spanning -treecost
Sets the path cost of the interface for STP calculations.
spanning-tree etherchannel guard misconfig
Displays an error message when a loop due to a channel misconfiguration is detected
spanning -treeport-priority
Sets an interface priority when two bridges tie for position as the root bridge.
spanning -treeportfast(global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-tree portfast (interface)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning -treeuplinkfast
Enables the UplinkFast feature.
show spanning -tree
Displays spanning-tree information for the specified spanning-tree instances.
storm-control
To enable broadcast, multicast, or unicast storm control on a port or to specify the action when a storm occurs on a port, use the storm-control command in interface configuration mode. To disable storm control for broadcast, multicast, or unicast traffic or to disable the specified storm-control action, use the no form of this command.
storm-control { { broadcast | multicast | unicast } level level | action { shutdown | trap } }
no storm-control { { broadcast | multicast | unicast } level | action { shutdown | trap } }
Syntax Description
broadcast
Enables broadcast storm control on the port.
multicast
Enables multicast storm control on the port.
unicast
Enables unicast storm control on the port.
level level
Defines the rising and falling suppression levels.
action
Specifies the action to take when a storm occurs on a port. The default action is to filter traffic.
shutdown
Disables the port during a storm.
trap
Sends a Simple Network Management Protocol (SNMP) trap.
Command Default
Broadcast, multicast, and unicast storm control is disabled. The default action is to filter traffic.
Command History
Release
Modification
12.2(2)XT
This command was introduced.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T to support switchport creation.
12.2(15)ZJ
This command was integrated into Cisco IOS Release 12.2(15)ZJ.
The level level keyword-argument pair, and the action and shutdown keywords were added.
15.0(1)S
This command was modified. The trap keyword was added.
15.1(1)SY
This command was integrated into Cisco IOS Release 15.1(1)SY.
Usage Guidelines
Use the storm-control command to enable or disable broadcast, multicast, or unicast storm control on a port. After a port is disabled during a storm, use the no shutdown interface configuration command to enable the port.
The suppression levels are entered as a percentage of total bandwidth. A suppression value of 100 percent means that no limit is placed on the specified traffic type. This command is enabled only when the rising suppression level is less than 100 percent. If no other storm-control configuration is specified, the default action is to filter the traffic that is causing the storm.
When a storm occurs and the action is to filter traffic, and the falling suppression level is not specified, the networking device blocks all traffic until the traffic rate drops below the rising suppression level. If the falling suppression level is specified, the networking device blocks traffic until the traffic rate drops below this level.
When a multicast or unicast storm occurs and the action is to filter traffic, the networking device blocks all traffic (broadcast, multicast, and unicast traffic) and sends only Spanning Tree Protocol (STP) packets.
When a broadcast storm occurs and the action is to filter traffic, the networking device blocks only broadcast traffic.
The trap action is used to send an SNMP trap when a broadcast storm occurs.
Examples
The following example shows how to enable broadcast storm control on a port with a 75.67-percent rising suppression level:
Device(config-if)# storm-control broadcast level 75.67The following example shows how to enable multicast storm control on a port with an 87-percent rising suppression level:
Device(config-if)# storm-control multicast level 87The following example shows how to enable the shutdown action on a port:
Device(config-if)# storm-control action shutdownThe following example shows how to disable the shutdown action on a port:
Device(config-if)# no storm-control action shutdownThe following example shows how to enable the trap action on a port:
Device(config-if)# storm-control action trapThe following example shows how to disable the trap action on a port:
Device(config-if)# no storm-control action trap
