(Optional) Displays only a single line for each VLAN, naming the VLAN, status, and ports.
idvlan-id
(Optional) Displays information about a single VLAN that is identified by a VLAN ID number; valid values are from 1 to 4094.
namename
(Optional) Displays information about a single VLAN that is identified by VLAN name; valid values are an ASCII string fro m 1 to 32 char acters.
ifindex
(Optional) Displays the VLAN’s ifIndex number.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Each Ethernet switch port and Ethernet repeater group belong to only one VLAN. Trunk ports can be on multiple VLANs.
If you shut down a VLAN using the
state suspend or the
state activecommand, these values appear in the Status field:
suspended--VLAN is suspended.
active--VLAN is active.
If you shut down a VLAN using the
shutdown command, these values appear in the Status field:
act/lshut--VLAN status is active but shut down locally.
sus/lshut--VLAN status is suspended but shut down locally.
This is an example of the output for a VLAN (VLAN0002) that is active but shut down locally:
Router# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa5/9
2 VLAN0002 act/lshut Fa5/9
<...Output truncated...>
If a VLAN is shut down internally, these values appear in the Status field:
act/ishut--VLAN status is active but shut down internally.
sus/ishut--VLAN status is suspended but shut down internally.
This is an example of the output for a VLAN (VLAN0002) that is active but shut down internally:
Router# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa5/9
2 VLAN0002 act/ishut Fa5/9
<...Output truncated...>
If a VLAN is shut down locally and internally, the value that is displayed in the Status field is act/ishut or sus/ishut. If a VLAN is shut down locally only, the value that is displayed in the Status field is act/lshut or sus/lshut.
Separate VLAN ranges with a hyphen, and separate VLANs with a comma and no spaces in between. For example, you can enter the following:
Router# show vlan id 1-4,3,7,5-20
When displaying a single VLAN both trunk and non-trunk ports are displayed. A non-trunk port is a port that is not configured as pm_port_mode_trunk. If an interface is configured as
"switchport port mode trunk" it is displayed whether the link is up or down.
When displaying multiple VLANs only non-trunk ports are displayed.
Examples
This example shows how to display the VLAN parameters for all VLANs within the administrative domain:
This example shows how to display the VLAN name, status, and associated ports only:
Router# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa5/9
2 VLAN0002 active Fa5/9
3 VLAN0003
act/lshut
Fa5/9
4 VLAN0004
act/lshut
Fa5/9
5 VLAN0005 active Fa5/9
10 VLAN0010 active Fa5/9
.
.
.
999 VLAN0999 active Fa5/9
1002 fddi-default active Fa5/9
1003 trcrf-default active Fa5/9
1004 fddinet-default active Fa5/9
1005 trbrf-default active Fa5/9
Router#
This example shows how to display the VLAN parameters for multiple VLANs:
To display general information about the VLAN Trunking Protocol (VTP) management domain, status, and counters, use theshowvtp command in privileged EXEC mode.
show vtp { counters | interface | type/number | status | password | devices | [ conflicts ] }
Syntax Description
counters
Displays the VTP counters for the switch.
interface
Displays information for all interfaces.
type/number
(Optional) A specific interface.
status
Displays general information about the VTP management domain.
password
Displays VTP password in VTP version 3 domain.
devices
Displays VTP version 3 domain information.
conflicts
(Optional) Displays only devices that have conflicting servers in a VTP version 3 domain.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
11.2(8)SA4
This command was introduced.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
This command was implemented on the Supervisor Engine 720.
12.2(17d)SXB
This command on the Supervisor Engine 2 was extended to Cisco IOS Release12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC
Thepassword,devices, and
conflicts keywords were added to support VTP version 3 on the Cisco 7600 series routers.
12.2(33)SXI
The output for counters and status were updated to include VTPv3 information.
Usage Guidelines
In the output of the
showvtpstatus command, the last modified time is of the modifier itself. For example, the time displayed in the line “Configuration last modified by 7.0.22.11 at 5-5-06 05:51:49”, is the time that the modifier (7.0.22.11) last modified the VLAN configuration.
Examples
The following is sample output from the
showvtpcounters command:
Router# show vtp counters
VTP statistics:
Summary advertisements received : 0
Subset advertisements received : 0
Request advertisements received : 0
Summary advertisements transmitted : 6970
Subset advertisements transmitted : 0
Request advertisements transmitted : 0
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Gi1/11 0 0 0
Gi8/10 0 0 0
Gi8/15 0 0 0
Gi8/16 0 0 0
Fa3/1 0 0 0
Fa3/2 0 0 0
Router#
This example shows how to display only those lines in the
showvtp output that contain the word Summary:
Router# show vtp counters | include Summary
Summary advertisements received : 1
Summary advertisements transmitted : 32
Trunk Join Transmitted Join Received Summary advts received from
Router#
This example shows how to display general information about the VTP management domain:
Router# show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0012.44dc.b800
MD5 digest : 0x61 0x98 0xD0 0xAD 0xA4 0x8C 0x53 0x35
Configuration last modified by 10.10.0.0 at 8-7-06 06:56:27
Local updater ID is 10.10.0.0 on interface Lo0 (first layer3 interface found)
Feature VLAN:
--------------
VTP Mode : Server
Maximum VLANs supported locally : 1005
Number if existing VLANs : 53
Revision : 1
Router#
The table below describes the significant fields shown in the display.
Table 2 show vtp counters Field Descriptions
Field
Description
Summary advertisements received
Number of summary advertisements received by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update time stamp and identity, the authentication checksum, and the number of subset advertisements to follow.
Subset advertisements received
Number of subset advertisements received by this switch on its trunk ports. Subset advertisements contain all the VTP information for one or more VLANs.
Request advertisements received
Number of advertisement requests received by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.
Summary advertisements transmitted
Number of summary advertisements sent by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update time stamp and identity, the authentication checksum, and the number of subset advertisements to follow.
Subset advertisements transmitted
Number of subset advertisements sent by this switch on its trunk ports. Subset advertisements contain all the VTP information for one or more VLANs.
Request advertisements transmitted
Number of advertisement requests sent by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.
Number of config revision errors
Number of revision errors.
Whenever you define a new VLAN, delete an existing VLAN, suspend or resume an existing VLAN, or modify the parameters on an existing VLAN, the configuration revision number of the switch increments.
Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the message digest algorithm 5 (MD5) values do not match. This error indicates that the VTP password in the two switches is different, or the switches have different configurations.
These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.
Number of config digest errors
Number of MD5 errors.
Digest errors increment whenever the MD5 digest in the summary packet and the MD5 digest of the received advertisement calculated by the switch do not match. This error usually indicates that the VTP passwords in the two switches are different. To solve this problem, make sure the VTP password on all switches is the same.
These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.
Number of V1 summary errors
Number of version 1 errors.
Version 1 summary errors increment whenever a switch in VTP V2 mode receives a VTP version 1 frame. These errors indicate that at least one neighboring switch is either running VTP version 1 or VTP version 2 with V2-mode disabled. To solve this problem, change the configuration of the switches in VTP V2-mode to disabled.
Trunk
Trunk port participating in VTP pruning.
Join Transmitted
Number of VTP pruning messages transmitted on the trunk.
Join Received
Number of VTP pruning messages received on the trunk.
Summary advts received from non-pruning-capable device
Number of VTP summary messages received on the trunk from devices that do not support pruning.
The following is sample output from the
showvtpstatus command for VTP version 1 and VTP version 2:
Router# show vtp status
VTP Version : 3 (capable)
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 37
VTP Operating Mode : Server
VTP Domain Name : [smartports]
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x26 0xEE 0x0D 0x84 0x73 0x0E 0x1B 0x69
Configuration last modified by 172.20.52.19 at 7-25-08 14:33:43
Local updater ID is 172.20.52.19 on interface Gi5/2 (first layer3 interface fou)
VTP version running : 2
The table below describes the significant fields shown in the display.
Table 3 show vtp status Field Descriptions
Field
Description
VTP Version
Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers
Displays the VTP version operating on the switch. By default, switches implement version 1.
Catalyst Switches
Displays the VTP version operating on the switch. By default, Catalyst 2900 and 3500 XL switches implement version 1 but can be set to version 2.
Configuration Revision
Current configuration revision number on this switch.
Maximum VLANs supported locally
Maximum number of VLANs supported locally.
Number of existing VLANs
Number of existing VLANs.
VTP Operating Mode
Displays the VTP operating mode, which can be server, client, or transparent.
Server--A switch in VTP server mode is enabled for VTP and sends advertisements. You can configure VLANs on it. The switch guarantees that it can recover all VLAN information in the current VTP database from nonvolatile storage after reboot. By default, every switch is a VTP server.
Client--A switch in VTP client mode is enabled for VTP, can send advertisements, but does not have enough nonvolatile storage to store VLAN configurations. You cannot configure VLANs on it. When a VTP client starts up, it does not transmit VTP advertisements until it receives advertisements to initialize its VLAN database.
Transparent--A switch in VTP transparent mode is disabled for VTP, does not transmit advertisements or learn from advertisements sent by other devices, and cannot affect VLAN configurations on other devices in the network. The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received. The configuration of multi-VLAN ports causes the switch to automatically enter transparent mode.
Off--When VTP is disabled using off mode, the switch behaves the same as in VTP transparent mode except that VTP advertisements are not forwarded.
Note
Catalyst 2912MF, 2924M, and 3500 XL switches support up to 250 VLANs. All other Catalyst 2900 XL switches support up to 64 VLANs. For Catalyst 2912MF, 2924M, and 3500 XL switches, if you define more than 250 VLANs or if the switch receives an advertisement that contains more than 250 VLANs, the switch automatically enters VTP transparent mode and operates with the VLAN configuration preceding the one that sent it into transparent mode. For all other Catalyst 2900 XL switches, if you define more than 64 VLANs or if the switch receives an advertisement that contains more than 64 VLANs, the switch automatically enters VTP transparent mode and operates with the VLAN configuration preceding the one that sent it into transparent mode.
VTP Domain Name
Name that identifies the administrative domain for the switch.
VTP Pruning Mode
Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers
VTP pruning mode is not supported on the Cisco 2600, Cisco 3600, and 3700 series routers.
Catalyst Switches, Cisco 7600 Series Routers
Displays whether pruning is enabled or disabled. Enabling pruning on a VTP server enables pruning for the entire management domain. Pruning restricts flooded traffic to those trunk links that the traffic must use to access the appropriate network devices.
VTP V2 Mode
Displays if VTP version 2 mode is enabled. All VTP version 2 switches operate in version 1 mode by default. Each VTP switch automatically detects the capabilities of all other VTP devices. A network of VTP devices should be configured to version 2 only if all VTP switches in the network can operate in version 2 mode.
VTP Traps Generation
Displays whether VTP traps are transmitted to a network management station.
MD5 digest
16-byte checksum of the VTP configuration.
Configuration last modified
Displays the date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.
The following is sample output from the
showvtpstatus command for all three VTP versions on the Cisco 7600 series routers running Release 12.2(33)SRC and later.
This example shows how to verify the configuration when the device is running VTP version 1:
Router# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : Lab_Network
VTP Pruning Mode : Enabled
VTP Traps Generation : Disabled
Device ID : 0016.9c6d.5300
Configuration last modified by 127.0.0.12 at 10-18-07 10:12:42
Local updater ID is 127.00.12 at 10-18-07 10:2:42
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum number of existing VLANs : 5
Configuration Revision : 1
MD5 digest : 0x92 0xF1 0xE8 0x52 0x2E ox5C 0x36 0x10 0x70 0x61 0xB8 0x24 0xB6 0x93 0x21 0x09
Router#
This example shows how to verify the configuration when the device is running VTP version 2:
Router# show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : Lab_Network
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0012.44dc.b800
Configuration lst modified by 127.0.0.12 at 10-18-07 10:38:45
Local updater ID is 127.0.0.12 on interface EO 0/0 (first interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally: 1005
Number of existing VLANs : 1005
Configuration Revision : 1
MD5 digest : 0x2E 0x6B 0x99 0x58 0xA2 0x4F 0xD5 0x150x70 0x61 0xB8 0x24 0xB6 0x93 0x21 0x09
Router#
This example shows how to verify the configuration when the device is running VTP version 3:
Router# show vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : Lab_Network
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0012.44dc.b800
Feature VLAN:
--------------
VTP Operating Mode : Server
Number of existing VLANs : 1005
Number of existing extended VLANs: 3074
Configuration Revision : 18
Primary ID : 0012.4371.9ec0
Primary Description :
Router#
The table below describes the significant fields shown in the displays.
Table 4 show vtp status Field Descriptions (Cisco 7600 Series Routers Release 12.2(33)SRC and Later)
Field
Description
VTP Version capable
Versions of VTP that the device is capable of running.
VTP Version running
Version of VTP that the device is running.
VTP Domain Name
Name that identifies the administrative domain for the device.
VTP Pruning Mode
Displays whether pruning is enabled or disabled. Enabling pruning on a VTP server enables pruning for the entire management domain. Pruning restricts flooded traffic to those trunk lines that the traffic must use to access the appropriate network devices.
VTP Traps Generation
Displays whether VTP traps are transmitted to a network management station.
Device ID
MAC address of the local device.
Configuration last modified
Configuration lst modified
Displays the date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.
VTP Operating Mode
VTP Mode (Client, Server, Transparent, Off) listed by feature type.
Maximum VLANs supported locally
Maximum number of VLANs supported locally.
Maximum number of existing VLANs
Number of existing VLANs.
Number of existing extended VLANs
Number of existing extended VLANs.
Configuration Revision
Configuration revision number for the specific feature.
Primary ID
MAC address of primary server.
Primary Description
Name of primary server.
MD5 digest
32-bit checksum of the VTP configuration.
This example shows how to display information for a specific interface:
Router# show vtp interface GigabitEthernet2/4
Interface VTP Status
------------------------------------
GigabitEthernet2/4 enabled
This example shows how a password is displayed when it is configured using the
hidden keyword (VTP version 3 only):
Router# show vtp password
VTP Password: 89914640C8D90868B6A0D8103847A733
Router#
This example shows how to display information about all VTP devices in the domain:
Router# show vtp devices
Gathering information from the domain, please wait.
VTP Database Conf switch ID Primary Server Revision System Name
lict
------------ ---- -------------- ------------------------ ------------------
VLAN Yes 00b0.8e50.d000 000c.0412.6300 12354 main.cisco.com
MST No 00b0.8e50.d000 0004.AB45.6000 24 main.cisco.com
VLAN Yes 000c.0412.6300=000c.0412.6300 67 querty.cisco.com
The table below describes the significant fields shown in the display.
Table 5 show vtp devices Field Descriptions
Field
Description
VTP Database
Displays the feature (database) type (VLAN or MST) of each server.
Conflict
Yes is displayed in this column if the server is in conflict with the local server for the feature. A conflict is detected when two devices in the same domain do not have the same primary server for the given database.
Switch ID
The MAC address of the server.
Primary Server
The MAC address of the primary server for the device identified in the Switch ID column. If a device is configured with a database that it originated, and equal sign (=) appears between the Primary Server field and the Switch ID field.
Revision
Revision number of the VTP database.
System Name
String provided to more easily identify the system.
Related Commands
Command
Description
clearvtpcounters
Clears the VTP and pruning counters.
vtp
Configures the VTP mode.
shutdown vlan
To shut down local traffic on a specified VLAN, use the
shutdownvlan command in global configuration mode. To restart local traffic on the VLAN, use the
no form of this command.
shutdownvlanvlan-id
noshutdownvlanvlan-id
Syntax Description
vlan-id
VLAN number of the VLAN to be locally shut down; valid values are from 2 to 1001.
Command Default
Local traffic on a specified VLAN is not shut down.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
This command does not support extended-range VLANs.
Examples
This example shows how to shut down traffic on VLAN 2:
Router(config)#
shutdown vlan 2
spanning-tree backbonefast
To enable BackboneFast to allow a blocked port on a switch to change immediately to a listening mode, use the
spanning-treebackbonefast command in global configuration mode. To return to the default setting, use the
no form of this command.
spanning-treebackbonefast
nospanning-treebackbonefast
Syntax Description
This command has no arguments or keywords.
Command Default
BackboneFast is disabled.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.1(6)EA2
This command was introduced.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(15)ZJ
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
Usage Guidelines
BackboneFast should be enabled on all of the Cisco routers containing an Ethernet switch network module. BackboneFast provides for fast convergence in the network backbone after a spanning-tree topology change. It enables the switch to detect an indirect link failure and to start the spanning-tree reconfiguration sooner than it would under normal spanning-tree rules.
Use the
showspanning-tree privileged EXEC command to verify your settings.
Examples
The following example shows how to enable BackboneFast on the switch:
Router(config)# spanning-tree backbonefast
Related Commands
Command
Description
showspanning-tree
Displays information about the spanning-tree state.
spanning-tree bpdufilter
To enable bridge protocol data unit (BPDU) filtering on the interface, use the
spanning-treebpdufiltercommand in interface configuration mode. To return to the default settings, use the
no form of this command.
spanning-treebpdufilter
{ enable | disable }
nospanning-treebpdufilter
Syntax Description
enable
Enables BPDU filtering on this interface.
disable
Disables BPDU filtering on this interface.
Command Default
The setting that is already configured when you enter the
spanning-treeportfastbpdufilterdefault command .
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Caution
Be careful when you enter the
spanning-treebpdufilterenable command. Enabling BPDU filtering on an interface is similar to disabling the spanning tree for this interface. If you do not use this command correctly, you might create bridging loops.
Entering the
spanning-treebpdufilterenable command to enable BPDU filtering overrides the PortFast configuration.
When configuring Layer 2-protocol tunneling on all the service-provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the
spanning-treebpdufilterenable command.
BPDU filtering prevents a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:
spanning-treebpdufilterenable-- Unconditionally enables BPDU filtering on the interface.
spanning-treebpdufilterdisable-- Unconditionally disables BPDU filtering on the interface.
nospanning-treebpdufilter-- Enables BPDU filtering on the interface if the interface is in operational PortFast state and if you configure the
spanning-treeportfastbpdufilterdefault command.
Use the
spanning-treeportfastbpdufilterdefaultcommand to enable BPDU filtering on all ports that are already configured for PortFast.
Examples
This example shows how to enable BPDU filtering on this interface:
Displays information about the spanning-tree state.
spanning-treeportfastbpdufilterdefault
Enables BPDU filtering by default on all PortFast ports.
spanning-tree bpduguard
To enable bridge protocol data unit (BPDU) guard on the interface, use the
spanning-treebpduguard command in interface configuration mode. To return to the default settings, use the
no form of this command.
spanning-treebpduguard
{ enable | disable }
nospanning-treebpduguard
Syntax Description
enable
Enables BPDU guard on this interface.
disable
Disables BPDU guard on this interface.
Command Default
The setting that is already configured when you enter the
spanning-treeportfastbpduguarddefault command .
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
BPDU guard prevents a port from receiving BPDUs. Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure. This command has three states:
spanning-treebpduguardenable-- Unconditionally enables BPDU guard on the interface.
spanning-treebpduguarddisable-- Unconditionally disables BPDU guard on the interface.
nospanning-treebpduguard--E nables BPDU guard on the interface if it is in the operational PortFast state and if the
spanning-treeportfastbpduguarddefault command is configured.
Examples
This example shows how to enable BPDU guard on this interface:
Displays information about the spanning-tree state.
spanning-treeportfastbpduguarddefault
Enables BPDU guard by default on all PortFast ports.
spanning-tree cost
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the
spanning-treecost command in interface configuration mode. To revert to the default value, use the
no form of this command.
spanning-treecostcost
nospanning-treecost
Syntax Description
cost
Path cost; valid values are from 1 to 200000000 for Cisco IOS Releases 12.1(3a)E and later releases and from 1 to 65535 for Cisco IOS releases prior to Cisco IOS Release 12.1(3a)E.
Command Default
The default path cost is computed from the bandwidth setting of the interface; default path costs are:
Displays spanning-tree information for the specified spanning-tree instances.
spanning-treeport-priority
Sets an interface priority when two bridges tie for position as the root bridge.
spanning-treeportfast(global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning-treeportfast(interface)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning-treeuplinkfast
Enables the UplinkFast feature.
spanning-treevlan
Configures STP on a per-VLAN basis.
spanning-tree etherchannel guard misconfig
To display an error message when a loop due to a channel misconfiguration is detected, use the
spanning-treeetherchannelguardmisconfig command in global configuration mode. To disable the error message, use the
no form of this command.
spanning-treeetherchannelguardmisconfig
nospanning-treeetherchannelguardmisconfig
Syntax Description
This command has no arguments or keywords.
Command Default
Error messages are displayed.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
EtherChannel uses either Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) and does not work if the EtherChannel mode of the interface is enabled using the
channel-group group-number mode on command.
The
spanning-treeetherchannelguardmisconfig command detects two types of errors: misconfiguration and misconnection errors. A misconfiguration error is an error between the port-channel and an individual port. A misconnection error is an error between a switch that is channeling more ports and a switch that is not using enough Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) to detect the error. In this case, the switch will only error disable an EtherChannel if the switch is a nonroot switch.
When an EtherChannel-guard misconfiguration is detected, this error message displays:
msgdef(CHNL_MISCFG, SPANTREE, LOG_CRIT, 0, “Detected loop due to etherchannel misconfiguration of %s %s”)
To determine which local ports are involved in the misconfiguration, enter the
showinterfacesstatuserr-disabled command. To check the EtherChannel configuration on the remote device, enter the
showetherchannelsummarycommand on the remote device.
After you correct the configuration, enter the
shutdown and the
noshutdown commands on the associated port-channel interface.
Examples
This example shows how to enable the EtherChannel-guard misconfiguration:
Displays the EtherChannel information for a channel.
showinterfacesstatuserr-disabled
Displays the interface status or a list of interfaces in an error-disabled state on LAN ports only.
shutdown
Disables an interface.
spanning-tree extend system-id
To enable the extended-system ID feature on chassis that support 1024 MAC addresses, use the
spanning-treeextendsystem-id command in global configuration mode. To disable the extended system identification, use the
no form of this command.
spanning-treeextendsystem-id
nospanning-treeextendsystem-id
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled on systems that do not provide 1024 MAC addresses.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
The Cisco 7600 series router can support 64 or up to 1024 MAC addresses. For a Cisco 7600 series router with 64 MAC addresses, STP uses the extended-system ID and a MAC address to make the bridge ID unique for each VLAN.
You cannot disable the extended-system ID on a Cisco 7600 series router that supports 64 MAC addresses.
Enabling or disabling the extended-system ID updates the bridge IDs of all active Spanning Tree Protocol (STP) instances, which might change the spanning-tree topology.
Examples
This example shows how to enable the extended-system ID:
Displays information about the spanning-tree state.
spanning-tree guard
To enable or disable the guard mode, use the
spanning-treeguardcommand in interface configuration mode. To return to the default settings, use the
no form of this command.
spanning-treeguard
{ loop | root | none }
nospanning-treeguard
Syntax Description
loop
Enables the loop-guard mode on the interface.
root
Enables root-guard mode on the interface.
none
Sets the guard mode to none.
Command Default
Guard mode is disabled.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Displays information about the spanning-tree state.
spanning-treeloopguarddefault
Enables loop guard as a default on all ports of a given bridge.
spanning-tree link-type
To configure a link type for a port, use the
spanning-treelink-type command in the interface configuration mode. To return to the default settings, use the
no form of this command.
Specifies that the interface is a point-to-point link.
shared
Specifies that the interface is a shared medium.
Command Default
Link type is automatically derived from the duplex setting unless you explicitly configure the link type.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Rapid Spanning Tree Protocol Plus (RSTP+) fast transition works only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.
Examples
This example shows how to configure the port as a shared link:
Displays information about the spanning-tree state.
spanning-tree loopguard default
To enable loop guard as a default on all ports of a given bridge, use the
spanning-treeloopguarddefault command in global configuration mode. To disable loop guard, use the
no form of this command.
spanning-treeloopguarddefault
nospanning-treeloopguarddefault
Syntax Description
This command has no arguments or keywords.
Command Default
Loop guard is disabled.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Loop guard provides additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link.
Loop guard operates only on ports that are considered point to point by the spanning tree.
The individual loop-guard port configuration overrides this command.
Displays information about the spanning-tree state.
spanning-treeguard
Enables or disables the guard mode.
spanning-tree mst
To set the path cost and port-priority parameters for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the
spanning-treemst command in interface configuration mode. To return to the default settings, use the
no form of this command.
Sets an interface priority when two bridges vie for position as the root bridge.
spanning-tree mst configuration
To enter MST-configuration submode, use the
spanning-treemstconfiguration command in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemstconfiguration
nospanning-treemstconfiguration
Syntax Description
This command has no arguments or keywords.
Command Default
The default value for the Multiple Spanning Tree (MST) configuration is the default value for all its parameters:
No VLANs are mapped to any MST instance (all VLANs are mapped to the Common and Internal Spanning Tree [CIST] instance).
The region name is an empty string.
The revision number is 0.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Cisco IOS XE Release XE 3.7S
This command was integrated into Cisco IOS XE Release XE 3.7S.
Usage Guidelines
The MST configuration consists of three main parameters:
Instance VLAN mapping--See the
instance command
Region name--See the
name(MSTconfigurationsubmode) command
Configuration revision number--See the
revision command
The
abort and
exit commands allow you to exit MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The
exit command commits all the changes before leaving MST configuration submode. If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST-configuration submode, a warning message displays and lists the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The warning message is as follows:
These secondary vlans are not mapped to the same instance as their primary:
-> 3
The
abort command leaves MST-configuration submode without committing any changes.
Changing an MST-configuration submode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST-configuration submode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:
% MST CFG:Configuration change lost because of concurrent access
Examples
This example shows how to enter MST-configuration submode:
Sets the revision number for the MST configuration.
show
Verifies the MST configuration.
showspanning-treemst
Displays the information about the MST protocol.
spanning-tree mst forward-time
To set the forward-delay timer for all the instances on the Cisco 7600 series router, use the
spanning-treemstforward-timecommand in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemstforward-timeseconds
nospanning-treemstforward-time
Syntax Description
seconds
Number of seconds to set the forward-delay timer for all the instances on the Cisco 7600 series router; valid values are from 4 to 30 seconds.
Command Default
seconds is
15
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Examples
This example shows how to set the forward-delay timer:
Router(config)# spanning-tree mst forward-time 20
Router(config)#
Related Commands
Command
Description
showspanning-treemst
Displays the information about the MST protocol.
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the Cisco 7600 series router, use the
spanning-treemsthello-time command in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemsthello-timeseconds
nospanning-treemsthello-time
Syntax Description
seconds
Number of seconds to set the hello-time delay timer for all the instances on the Cisco 7600 series router; valid values are from 1 to 10 second s.
Command Default
2 seconds
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
If you do not specify the
hello-time value, the value is calculated from the network diameter.
Examples
This example shows how to set the hello-time delay timer:
Router(config)# spanning-tree mst hello-time 3
Router(config)#
Related Commands
Command
Description
showspanning-treemst
Displays the information about the MST protocol.
spanning-tree mst max-age
To set the max-age timer for all the instances on the Cisco 7600 series router, use the
spanning-treemstmax-age command in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemstmax-ageseconds
nospanning-treemstmax-age
Syntax Description
seconds
Number of seconds to set the max-age timer for all the instances on the Cisco 7600 series router; valid values are from 6 to 40 seconds.
Command Default
20 seconds
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Examples
This example shows how to set the max-age timer:
Router(config)# spanning-tree mst max-age 40
Router(config)#
Related Commands
Command
Description
showspanning-treemst
Displays the information about the MST protocol.
spanning-tree mst max-hops
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the
spanning-treemstmax-hops command in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemstmax-hopshopnumber
nospanning-treemstmax-hops
Syntax Description
hopnumber
Number of possible hops in the region before a BPDU is discarded; valid values are from 1 to 255 hops.
Command Default
20 hops
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(18)SXF
This command was changed to increase the maximum number of possible hops from 40 to 255 hops.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Examples
This example shows how to set the number of possible hops:
Router(config)# spanning-tree mst max-hops 25
Router(config)#
Related Commands
Command
Description
showspanning-treemst
Displays the information about the MST protocol.
spanning-tree mst pre-standard
To configure a port to transmit only prestandard bridge protocol data units (BPDUs), use the
spanning-treemstpre-standard command in interface configuration mode. To return to the default settings, use the
no form of this command.
spanning-treemstpre-standard
nospanning-treemstpre-standard
Syntax Description
This command has no arguments or keywords.
Command Default
The default is to automatically detect prestandard neighbors.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(18)SXF
Support for this command was introduced on the Supervisor Engine 720.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Even with the default configuration, the port can receive both prestandard and standard BPDUs.
Prestandard BPDUs are based on the Cisco IOS Multiple Spanning Tree (MST) implementation that was created before the IEEE standard was finalized. Standard BPDUs are based on the finalized IEEE standard.
If you configure a port to transmit prestandard BPDUs only, the prestandard flag displays in the
showspanning-treecommands. The variations of the prestandard flag are as follows:
Pre-STD (or pre-standard in long format)--This flag displays if the port is configured to transmit prestandard BPDUs and if a prestandard neighbor bridge has been detected on this interface.
Pre-STD-Cf (or pre-standard (config) in long format)--This flag displays if the port is configured to transmit prestandard BPDUs but a prestandard BPDU has not been received on the port, the autodetection mechanism has failed, or a misconfiguration, if there is no prestandard neighbor, has occurred.
Pre-STD-Rx (or pre-standard (rcvd) in long format)--This flag displays when a prestandard BPDU has been received on the port but it has not been configured to send prestandard BPDUs. The port will send prestandard BPDUs, but we recommend that you change the port configuration so that the interaction with the prestandard neighbor does not rely only on the autodetection mechanism.
If the MST configuration is not compatible with the prestandard (if it includes an instance ID greater than 15), only standard MST BPDUs are transmitted, regardless of the STP configuration on the port.
Examples
This example shows how to configure a port to transmit only prestandard BPDUs:
To set the bridge priority for an instance, use the
spanning-treemstprioritycommand in global configuration mode. To return to the default setting, use the
no form of this command.
spanning-treemstinstanceprioritypriority
nospanning-treemstpriority
Syntax Description
instance
Instance identification number; valid values are from 0 to 4094.
prioritypriority
Specifies the bridge priority; see the “Usage Guidelines” section for valid values and additional information.
Command Default
priority is
32768
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are
0,
4096,
8192,
12288,
16384,
20480,
24576,
28672,
32768,
36864,
40960,
45056,
49152,
53248,
57344, and
61440.
You can set the
priority to
0 to make the switch root.
You can enter
instanceas a single instance or a range of instances, for example, 0-3,5,7-9.
Examples
This example shows how to set the bridge priority:
To designate the primary and secondary root switch and set the timer value for an instance, use the
spanning-treemstrootcommand in global configuration mode. To return to the default settings, use the
no form of this command.
To enable PortFast mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the
spanning-treeportfast command in interface configuration mode. To return to the default settings, use the
no form of this command.
Enables PortFast on the interface even in the trunk mode.
Command Default
The settings that are configured by the
spanning-treeportfastdefault command.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXI
Added edge [ trunk ] and network keywords.
Usage Guidelines
You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the Cisco 7600 series router and network operation.
An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-time delay.
Be careful when using the
nospanning-treeportfast command. This command does not disable PortFast if the
spanning-treeportfastdefault command is enabled.
This command has these states:
spanning-treeportfast--This command enables PortFast unconditionally on the given port.
spanning-treeportfastdisable--This command explicitly disables PortFast for the given port. The configuration line shows up in the running configuration because it is not the default.
spanning-treeportfastedge--This command allows you to configure PortFast edge mode on the given port.
spanning-treeportfastnetwork--This command allows you to configure PortFast network mode on the given port.
spanning-treeportfast [edge]
trunk--This command allows you to configure PortFast on trunk ports. The
edgekeyword is required with
trunkin Cisco IOS Release 12.2(33)SXI and later releases.
Note
If you enter the
spanning-treeportfasttrunk command, th e port is configured for PortFast even in the access mode.
nospanning-treeportfast--This command implicitly enables PortFast if you define the
spanning-treeportfastdefault command in global configuration mode and if the port is not a trunk port. If you do not configure PortFast globally, the
nospanning-treeportfast command is equivalent to the
spanning-treeportfastdisable command.
Examples
This example shows how to enable PortFast mode in releases earlier than Cisco IOS Release 12.2(33)SXI:
Displays information about the spanning-tree state.
spanning-treeportfastdefault
Enables PortFast by default on all access ports.
spanning-tree port-priority
To set an interface priority when two bridges tie for position as the root bridge, use the
spanning-treeport-priority command in interface configuration mode. To revert to the default value, use the
no form of this command.
spanning-treeport-priorityport-priority
nospanning-treeport-priority
Syntax Description
port-priority
Port priority; valid values are from 2 to 255. The default is 128.
Command Default
The port priority is 128.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.0(7)XE
This command was introduced on the Catalyst 6000 series switches.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
The priority you set breaks the tie.
Examples
The following example shows how to increase the likelihood that spanning-tree instance 20 is chosen as the root-bridge on interface Ethernet 2/0:
Displays spanning-tree information for the specified spanning-tree instances.
spanning-treecost
Sets the path cost of the interface for STP calculations.
spanning-tree mst
Sets the path cost and port-priority parameters for any MST instance (including the CIST with instance ID 0).
spanning-treeportfast(global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire.
spanning-treeportfast(interface)
Enables PortFast mode, which places the interface immediately into the forwarding state upon linkup without waiting for the timer to expire.
spanning-treeuplinkfast
Enables the UplinkFast feature.
spanning-treevlan
Configures STP on a per-VLAN basis.
spanning-tree transmit hold-count
To specify the transmit hold count, use the
spanning-treetransmithold-count command in global configuration mode. To return to the default settings, use the
no form of this command.
spanning-treetransmithold-countvalue
nospanning-treetransmithold-count
Syntax Description
value
Number of bridge protocol data units (BPDUs) that can be sent before pausing for 1 second; valid values are from 1 to 20.
Command Default
value is
6
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(18)SXF
Support for this command was introduced on the Supervisor Engine 720.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
This command is supported on all spanning-tree modes.
The transmit hold count determines the number of BPDUs that can be sent before pausing for 1 second.
Note
Changing this parameter to a higher value may have a significant impact on CPU utilization, especially in rapid-Per-VLAN Spanning Tree (PVST) mode. Lowering this parameter could slow convergence in some scenarios. We recommend that you do not change the value from the default setting.
If you change the
value setting, enter the
showrunning-config command to verify the change.
If you delete the command, use the
showspanning-treemstcommand to verify the deletion.
Examples
This example shows how to specify the transmit hold count:
(Optional) Specifies the maximum rate (in packets per second) at which update packets are sent; valid values are from 0 to 65535.
Command Default
The defaults are as follows:
UplinkFast is disabled.
packets-per-second is 150 packets per second.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Use this command only on access switches.
When you configure UplinkFast, the bridge priority is changed to 49152 so that this switch is not selected as root. All interface path costs of all spanning-tree interfaces that belong to the specified spanning-tree instances also increase by 3000.
When spanning tree detects that the root interface has failed, UplinkFast causes an immediate switchover to an alternate root interface, transitioning the new root interface directly to the forwarding state. During this time, a topology change notification is sent. To minimize the disruption that is caused by the topology change, a multicast packet is sent to 01-00-0C-CD-CD-CD for each station address in the forwarding bridge except for those associated with the old root interface.
Use the
spanning-treeuplinkfastmax-update-rate command to enable UplinkFast (if it is not already enabled) and change the rate at which update packets are sent. Use the
no form of this command to return to the default rate.
Examples
This example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:
Displays information about the spanning-tree state.
spanning-tree vlan
To configure Spanning Tree Protocol (STP) on a per-virtual LAN (VLAN) basis, use the
spanning-treevlan command in global configuration mode. To return to the default settings, use the
no form of this command.
VLAN identification number; valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
forward-timeseconds
(Optional) Sets the STP forward delay time; valid values are from 4 to 30 seconds.
hello-timeseconds
(Optional) Specifies the duration, in seconds, between the generation of configuration messages by the root switch; valid values are from 1 to 10 seconds.
max-ageseconds
(Optional) Sets the maximum number of seconds the information in a bridge packet data unit (BPDU) is valid; valid values are from 6 to 40 seconds.
prioritypriority
(Optional) Sets the STP bridge priority; valid values are from 0 to 65535.
protocolprotocol
(Optional) Sets the STP. See the “Usage Guidelines” section for a list of valid values.
rootprimary
(Optional) Forces this switch to be the root bridge.
rootsecondary
(Optional) Specifies this switch to act as the root switch should the primary root fail.
diameternet-diameter
(Optional) Specifies the maximum number of bridges between any two points of attachment of end stations; valid values are from 2 through 7.
Command Default
The defaults are:
forward-time--15 seconds
hello-time--2 seconds
max-age--20 seconds
priority--The default with IEEE STP enabled is 32768; the default with STP enabled is 128.
protocol--IEEE
root--No STP root
When you issue the
nospanning-treevlanxxroot command the following parameters are reset to their defaults:
priority--The default with IEEE STP enabled is 32768; the default with STP enabled is 128.
hello-time--2 seconds
forward-time--15 seconds
max-age--20 seconds
Command Modes
Global configuration (config)
Command History
Release
Modification
12.0(7)XE
This command was introduced on the Catalyst 6000 series switches.
12.1(1)E
Support for this command on the Catalyst 6000 series switches was extended to Cisco IOS Release 12.1(1)E.
12.2(2)XT
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX
Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T
This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.
Usage Guidelines
Caution
When disabling spanning tree on a VLAN using the no spanning-tree vlan
vlan-id command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.
Caution
We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.
When you set the
max-ageseconds
parameter, if a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
Valid values for
protocol are
dec (Digital STP),
ibm (IBM STP),
ieee (IEEE Ethernet STP), and
vlan-bridge (VLAN Bridge STP).
The
spanning-treerootprimary command alters this switch’s bridge priority to 8192. If you enter the
spanning-treerootprimary command and the switch does not become the root switch, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch still does not become the root, an error results.
The
spanningtreerootsecondarycommand alters this switch’s bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.
Use the
spanningtreeroot commands on backbone switches only.
The
spanning-treeetherchannelguardmisconfig command detects two types of errors: misconfiguration and misconnection errors. A misconfiguration error is an error between the port-channel and an individual port. A misconnection error is an error between a switch that is channeling more ports and a switch that is not using enough Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) to detect the error. In this case, the switch will only error disable an EtherChannel if the switch is a nonroot switch.
Examples
The following example shows how to enable spanning tree on VLAN 200:
Router(config)# spanning-tree vlan 200
The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
Sets the path cost of the interface for STP calculations.
spanning-treeetherchannelguardmisconfig
Displays an error message when a loop due to a channel misconfiguration is detected
spanning-treeport-priority
Sets an interface priority when two bridges tie for position as the root bridge.
spanning-treeportfast(global)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-treeportfast(interface)
Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-treeuplinkfast
Enables the UplinkFast feature.
showspanning-tree
Displays spanning-tree information for the specified spanning-tree instances.
storm-control
To enable broadcast, multicast, or unicast storm control on a port or to specify the action when a storm occurs on a port, use the
storm-control command in interface configuration mode. To disable storm control for broadcast, multicast, or unicast traffic or to disable the specified storm-control action, use the
no form of this command.
Defines the rising and falling suppression levels.
level
—Rising suppression level as a percent of the total bandwidth (up to two decimal places). The valid values are from 0 to 100. When the value specified for a level is reached, the flooding of storm packets is blocked.
action
Specifies the action to take when a storm occurs on a port. The default action is to filter traffic.
shutdown
Disables the port during a storm.
trap
Sends a Simple Network Management Protocol (SNMP) trap.
Command Default
Broadcast, multicast, and unicast storm control is disabled. The default action is to filter traffic.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(2)XT
This command was introduced.
12.2(8)T
This command was integrated into Cisco IOS Release 12.2(8)T to support switchport creation.
12.2(15)ZJ
This command was integrated into Cisco IOS Release 12.2(15)ZJ.
The
levellevelkeyword-argument pair, and the
action and
shutdown keywords were added.
15.0(1)S
This command was modified. The
trap keyword was added.
15.1(1)SY
This command was integrated into Cisco IOS Release 15.1(1)SY.
Usage Guidelines
Use the
storm-control command to enable or disable broadcast, multicast, or unicast storm control on a port. After a port is disabled during a storm, use the
noshutdown interface configuration command to enable the port.
The suppression levels are entered as a percentage of total bandwidth. A suppression value of 100 percent means that no limit is placed on the specified traffic type. This command is enabled only when the rising suppression level is less than 100 percent. If no other storm-control configuration is specified, the default action is to filter the traffic that is causing the storm.
When a storm occurs and the action is to filter traffic, and the falling suppression level is not specified, the networking device blocks all traffic until the traffic rate drops below the rising suppression level. If the falling suppression level is specified, the networking device blocks traffic until the traffic rate drops below this level.
When a multicast or unicast storm occurs and the action is to filter traffic, the networking device blocks all traffic (broadcast, multicast, and unicast traffic) and sends only Spanning Tree Protocol (STP) packets.
When a broadcast storm occurs and the action is to filter traffic, the networking device blocks only broadcast traffic.
The trap action is used to send an SNMP trap when a broadcast storm occurs.
Examples
The following example shows how to enable broadcast storm control on a port with a 75.67-percent rising suppression level: