-
Cisco 7600 Series Router Cisco IOS Command Reference, 12.1E
-
Index
-
Preface
-
Command-Line Interface
-
action to cd
-
Cisco 7600 Series Router Cisco IOS Commands
-
BRC
-
channel-group to clear catalyst6000
-
clear counters to debug callback
-
debug cca to duplex
-
erase to mls aging
-
mls exclude to pagp port-priority
-
policy-map to protocol filtering
-
rcv-queue to show bootflash
-
shutdown vlan to time-range
-
show bootvar to show ip cache
-
show ip cef to show mls asic
-
show mls cef to show qm-sp
-
show queueing to show vtp
-
title
-
udld to username
-
verify to wrr-queue bandwidth
-
wrr-queue cos-map to wrr-queue threshold
-
Acronyms
-
Acknowledgments for Open-Source Software
-
Table Of Contents
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree loopguard default
spanning-tree mst configuration
spanning-tree mst forward-time
spanning-tree portfast (interface configuration mode)
spanning-tree portfast bpdufilter default
spanning-tree portfast bpduguard default
spanning-tree portfast default
switchport capture allowed vlan
switchport port-security aging time
switchport port-security mac-address
switchport port-security maximum
switchport port-security violation
switchport private-vlan host-association
switchport private-vlan mapping
22shutdown vlan
To shut down local traffic on a specified VLAN, use the shutdown vlan command. Use the no form of this command to restart local traffic on the VLAN.
shutdown vlan vlan-id
no shutdown vlan vlan-id
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
This command does not support extended-range VLANs.
Examples
This example shows how to cause traffic to be shut down on VLAN 2:
Router(config)# shutdown vlan 2Router(config)#snmp ifindex clear
To clear any previously configured snmp ifindex commands issued for a specific interface, use the snmp ifindex clear command.
snmp ifindex clear
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.
Use the snmp ifindex clear command on a specific interface when you want that interface to use the global configuration setting for ifIndex persistence. This command clears any ifIndex configuration commands previously entered for that specific interface.
Examples
This example shows how to enable ifIndex persistence for all interfaces:
Router(config)# snmp-server ifindex persistThis example shows how to disable IfIndex persistence for Ethernet 0/1 only:
Router(config)# interface ethernet 0/1Router(config-if)# no snmp ifindex persistRouter(config-if)# exitThis example shows how to clear the ifIndex configuration from the Ethernet 0/1 configuration:
Router(config)# interface ethernet 0/1Router(config-if)# snmp ifindex clearRouter(config-if)# exitThis leaves ifIndex persistence enabled for all interfaces as specified by the snmp-server ifindex persist global configuration command.
Related Commands
snmp ifindex persist
snmp-server ifindex persistsnmp ifindex persist
To enable ifIndex values in the Interfaces MIB (IF-MIB) that persist across reboots (ifIndex persistence) only on a specific interface, use the snmp ifindex persist command. Use the no form of this command to disable ifIndex persistence only on a specific interface.
snmp ifindex persist
no snmp ifindex persist
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.
The snmp ifindex persist interface configuration command enables and disables ifIndex persistence for individual entries (that correspond to individual interfaces) in the ifIndex table of the IF-MIB.
The snmp-server ifindex persist global configuration command enables and disables ifIndex persistence for all interfaces on the routing device. This action applies only to interfaces that have ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.
IfIndex commands that you configure for an interface apply to all subinterfaces on that interface.
Examples
This example shows how to enable ifIndex persistence for interface Ethernet 0/1 only:
Router(config)# interface ethernet 0/1Router(config-if)# snmp ifindex persistRouter(config-if)# exitThis example shows how to enable ifIndex persistence for all interfaces and then disable ifIndex persistence for interface Ethernet 0/1 only:
Router(config)# snmp-server ifindex persistRouter(config)# interface ethernet 0/1Router(config-if)# no snmp ifindex persistRouter(config-if)# exitRelated Commands
snmp-server enable traps
To enable SNMP notifications (traps or informs) that are available on your system, use the snmp-server enable traps command. To disable all available SNMP notifications, use the no form of this command.
snmp-server enable traps [notification-type]
no snmp-server enable traps [notification-type]
Syntax Description
notification-type
(Optional) Type of notification (trap or inform) to enable or disable. See the "Usage Guidelines" section for additional information.
Defaults
This command is disabled by default. Most notification types are disabled. However, some notification types cannot be controlled with this command.
Command Modes
Global configuration
Command History
Usage Guidelines
If you do not specify a notification-type, all notifications that are available on your device are enabled or disabled. The notification type can be one of the following keywords:
•
chassis—Controls the SNMP chassis trap notifications
•
–
–
•
•
•
•
•
•
•
•
For additional notification types, refer to the Cisco IOS Release 12.1 Command Reference.
SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [traps | informs] command.
If you do not enter an snmp-server enable traps command, no notifications that are controlled by this command are sent. To configure the router to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type that is related to that keyword is enabled. To enable multiple types of notifications, you must issue a separate snmp-server enable traps command for each notification type and notification option.
The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send notifications, you must configure at least one snmp-server host command.
The following is a list of the MIBs that are used for the traps:
•
•
–
–
•
•
•
•
•
•
Examples
This example shows how to send all traps to the host that are specified by the name myhost.cisco.com, using the community string that is defined as public:
Router(config)# snmp-server enable trapsRouter(config)# snmp-server host myhost.cisco.com publicRelated Commands
Refer to the Cisco IOS Release 12.1 Command Reference for additional snmp-server enable traps commands.
snmp-server ifindex persist
To globally enable ifIndex values that will remain constant across reboots for use by SNMP, use the snmp-server ifindex persist command. Use the no form of this command to globally disable ifIndex persistence.
snmp-server ifindex persist
no snmp-server ifindex persist
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.
The snmp-server ifindex persist global configuration command does not override interface-specific configuration. To override the interface-specific configuration of ifIndex persistence, enter the [no] snmp ifindex persist and snmp ifindex clear interface configuration commands.
Entering the [no] snmp-server ifindex persist global configuration command enables and disables ifIndex persistence for all interfaces on the routing device using ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.
Examples
This example shows how to enable ifIndex persistence for all interfaces:
Router(config)# snmp-server ifindex persist
Note
Related Commands
spanning-tree backbonefast
To enable the BackboneFast feature on all Ethernet VLANs, use the spanning-tree backbonefast command. Use the no form of this command to disable BackboneFast.
spanning-tree backbonefast
no spanning-tree backbonefast
Syntax Description
This command has no arguments or keywords.
Defaults
BackboneFast is disabled.
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Enable BackboneFast on all Cisco 7600 series routers to allow the detection of indirect link failures in order to start spanning tree reconfiguration sooner.
Examples
This example shows how to enable BackboneFast on all Ethernet VLANs:
Router(config)# spanning-tree backbonefast vlan all ethernetRouter(config)#Related Commands
spanning-tree bpdufilter
To enable BPDU filtering on the interface, use the spanning-tree bpdufilter command. Use the no form of this command to return to the default settings.
spanning-tree bpdufilter {enable | disable}
no spanning-tree bpdufilter
Syntax Description
Defaults
The setting that is already configured when you enter the spanning-tree portfast bpdufilter default command.
Command Modes
Interface configuration
Command History
12.1(11b)EX
Support for this command was introduced on the Cisco 7600 series routers.
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Caution
When configuring Layer 2 protocol tunneling on all the service provider edge switches, you must enable spanning tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter enable command.
BPDU filtering allows you to prevent a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:
•
•
•
Examples
This example shows how to enable the BPDU filter feature on this interface:
Router(config-if)# spanning-tree bpdufilter enableRouter(config-if)#Related Commands
show spanning-tree
spanning-tree portfast bpdufilter defaultspanning-tree bpduguard
To enable BPDU guard on the interface, use the spanning-tree bpduguard command. Use the no form of this command to return to the default settings.
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard
Syntax Description
Defaults
The setting that is already configured when you enter the spanning-tree portfast bpduguard default command.
Command Modes
Interface configuration
Command History
12.1(11b)EX
Support for this command was introduced on the Cisco 7600 series routers.
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
BPDU guard prevents a port from receiving BPDUs. Typically, this feature is used in a service provider environment where the administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the ErrDisable state as a protective measure. This command has three states:
•
•
•
Examples
This example shows how to enable BPDU guard on this interface:
Router(config-if)# spanning-tree bpduguard enableRouter(config-if)#Related Commands
show spanning-tree
spanning-tree portfast bpduguard defaultspanning-tree cost
To set the path cost of the interface for STP calculations, use the spanning-tree cost command. Use the no form of this command to revert to the default settings.
spanning-tree cost cost
no spanning-tree cost
Syntax Description
Defaults
The default path cost is computed from the interface's bandwidth setting; default path costs are as follows:
•
•
•
•
•
•
•
•
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(8a)EX
This command was modified to support 10-Gigabit Ethernet interfaces.
Usage Guidelines
Valid path cost values are from 1 to 200000000 for Releases 12.1(3a)E and later and from 1 to 65535 for releases prior to Release 12.1(3a)E.
When you configure the cost, higher values indicate higher costs. This range applies regardless of the protocol type specified.
Examples
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
Router(config)# interface ethernet 2/0Router(config-if)# spanning-tree cost 250Router(config-if)#Related Commands
spanning-tree etherchannel guard misconfig
To display an error message when a loop due to a channel misconfiguration is detected, use the spanning-tree etherchannel guard misconfig command. Use the no form of this command to disable the feature.
spanning-tree etherchannel guard misconfig
no spanning-tree etherchannel guard misconfig
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
When an EtherChannel guard misconfiguration is detected, this error message displays:
msgdef(CHNL_MISCFG, SPANTREE, LOG_CRIT, 0, "Detected loop due to etherchannel misconfiguration of %s %s")To determine which local ports are involved in the misconfiguration, enter the show interfaces status err-disabled command. To check the EtherChannel configuration on the remote device, enter the show etherchannel summary command on the remote device.
After you correct the configuration, enter the shutdown and the no shutdown commands on the associated port-channel interface.
Examples
This example shows how to enable the EtherChannel guard misconfiguration feature:
Router(config)# spanning-tree etherchannel guard misconfigRouter(config)#Related Commands
show interfaces status err-disabled
show etherchannel summary
shutdown (refer to the Cisco IOS Release 12.1 Command Reference)spanning-tree extend system-id
To enable the extended system ID feature on chassis that support 1024 MAC addresses, use the spanning-tree extend system-id command. Use the no form of this command to disable the feature.
spanning-tree extend system-id
no spanning-tree extend system-id
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled on systems that do not provide 1024 MAC addresses.
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Releases 12.1(8a)E and later support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, STP uses the extended system ID plus a MAC address to make the bridge ID unique for each VLAN.
You cannot disable the extended system ID on chassis that support 64 MAC addresses.
Enabling or disabling the extended system ID updates the bridge IDs of all active STP instances, which might change the spanning tree topology.
Examples
This example shows how to enable the extended system ID:
Router(config)# spanning-tree extend system-idRouter(config)#Related Commands
spanning-tree guard
To enable or disable the guard mode, use the spanning-tree guard command. Use the no form of this command to revert to the default settings.
spanning-tree guard {loop | root | none}
no spanning-tree guard
Syntax Description
loop
Enables the loop-guard mode on the interface.
root
Enables root-guard mode on the interface.
none
Sets the guard mode to none.
Defaults
Guard mode is disabled.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(11b)EX
This command was changed to support loop guard mode.
Examples
This example shows how to enable root guard:
Router(config-if)# spanning-tree guard rootRouter(config-if)#Related Commands
show spanning-tree
spanning-tree loopguard defaultspanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. Use the no form of this command to return to the default settings.
spanning-tree link-type {point-to-point | shared}
no spanning-tree link-type
Syntax Description
point-to-point
Specifies that the interface is a point-to-point link.
shared
Specifies that the interface is a shared medium.
Defaults
Link type is automatically derived from the duplex operational setting unless you explicitly configure the link type.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
RSTP+ fast transition only works on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.
Examples
This example shows how to configure the port as a shared link:
Router(config-if)# spanning-tree link-type sharedRouter(config-if)#Related Commands
show spanning-tree interface
spanning-tree loopguard default
To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command. Use the no form of this command to disable loop guard.
spanning-tree loopguard default
no spanning-tree loopguard default
Syntax Description
This command has no keywords or arguments.
Defaults
Loop guard is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Loop guard provides an additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link.
Loop guard only operates on ports that are considered point to point by the spanning tree.
The individual loop-guard port configuration overrides this command.
Examples
This example shows how to enable loop guard:
Router(config)# spanning-tree loopguard defaultRouter(config)#Related Commands
show spanning-tree
spanning-tree guardspanning-tree mode
To switch between PVST+, Rapid PVST, and MST modes, use the spanning-tree mode command. Use the no form of this command to return to the default settings.
spanning-tree mode [pvst | mst | rapid-pvst]
no spanning-tree mode
Syntax Description
Defaults
pvst
Command Modes
Global configuration
Command History
Usage Guidelines
Caution
This command is not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to switch to MST mode:
Router(config)# spanning-tree mode mstRouter(config)#This example shows how to return to the default mode (PVST):
Router(config)# no spanning-tree modeRouter(config)#Related Commands
spanning-tree mst
To set the path cost and port-priority parameters for any MST instance (including the CIST with instance ID 0), use the spanning-tree mst command. Use the no form of this command to return to the default settings.
spanning-tree mst instance-id {cost cost} | {port-priority prio}
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
Higher cost cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
Higher port-priority prio values indicate smaller priorities.
Examples
This example shows how to set the interface path cost:
Router(config-if)# spanning-tree mst 0 cost 17031970Router(config-if)#This example shows how to set the interface priority:
Router(config-if)# spanning-tree mst 0 port-priority 64Router(config-if)#Related Commands
show spanning-tree mst
spanning-tree port-priorityspanning-tree mst configuration
To enter MST configuration submode, use the spanning-tree mst configuration command. Use the no form of this command to return to the default MST configuration.
spanning-tree mst configuration
no spanning-tree mst configuration
Syntax Description
This command has no keywords or arguments.
Defaults
The default value for the MST configuration is the default value for all its parameters:
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
The MST configuration consists of three main parameters:
•
•
•
The abort and exit commands allow you to exit MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving MST configuration submode. If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration submode, a warning message displays and lists the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The warning message is as follows:
These secondary vlans are not mapped to the same instance as their primary:-> 3The abort command leaves MST configuration submode without committing any changes.
Whenever you change an MST configuration submode parameter, it can cause a loss of connectivity. To reduce the number of service disruptions, when you enter MST configuration submode, you are changing a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:
Router(config-mst)# exit% MST CFG:Configuration change lost because of concurrent accessRouter(config-mst)#Examples
This example shows how to enter MST configuration submode:
Router(config)# spanning-tree mst configurationRouter(config-mst)#This example shows how to reset the MST configuration to the default settings:
Router(config)# no spanning-tree mst configurationRouter(config)#Related Commands
spanning-tree mst forward-time
To set the forward delay timer for all the instances on the Cisco 7600 series router, use the spanning-tree mst forward-time command. Use the no form of this command to return to the default settings.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Syntax Description
seconds
Number of seconds to set the forward delay timer for all the instances on the Cisco 7600 series router; valid values are from 4 to 30 seconds.
Defaults
seconds is 15.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to set the forward-delay timer:
Router(config)# spanning-tree mst forward-time 20Router(config)#
Related Commands
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the Cisco 7600 series router, use the spanning-tree mst hello-time command. Use the no form of this command to return to the default settings.
spanning-tree mst hello-time seconds
no spanning-tree ms hello-time
Syntax Description
seconds
Number of seconds to set the hello-time delay timer for all the instances on the Cisco 7600 series router; valid values are from 1 to 10 seconds.
Defaults
2 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
If you do not specify the hello-time value, the value is calculated from the network diameter.
Examples
This example shows how to set the hello-time delay timer:
Router(config)# spanning-tree mst hello-time 3Router(config)#
Related Commands
spanning-tree mst max-age
To set the max-age timer for all the instances on the Cisco 7600 series router, use the spanning-tree mst max-age command. Use the no form of this command to return to the default settings.
spanning-tree mst max-age seconds
no spanning-tree mst max-age
Syntax Description
seconds
Number of seconds to set the max-age timer for all the instances on the Cisco 7600 series router; valid values are from 6 to 40 seconds.
Defaults
20 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to set the max-age:
Router(config)# spanning-tree mst max-age 40Router(config)#
Related Commands
spanning-tree mst max-hops
To specify the number of possible hops in the region before a BPDU is discarded, use the spanning-tree mst max-hops command. Use the no form of this command to return to the default settings.
spanning-tree mst max-hops hopnumber
no spanning-tree mst max-hops
Syntax Description
hopnumber
Number of possible hops in the region before a BPDU is discarded; valid values are from 1 to 40 hops.
Defaults
20 hops
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to set the max-hops:
Router(config)# spanning-tree mst max-hops 25Router(config)#
Related Commands
spanning-tree mst root
To designate the primary and secondary root, set the bridge priority, and set the timer value for an instance, use the spanning-tree mst root command. Use the no form of this command to return to the default settings.
spanning-tree mst instance-id {root {primary | secondary} | {priority prio}} [diameter dia] [hello-time hello-time]
no spanning-tree mst root
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on systems configured with a Supervisor Engine 1.
The bridge priority can be set in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority to 0 to make the switch root.
The spanning-tree root secondary bridge priority value is 16384.
The diameter dia and hello-time hello options are available for instance 0 only.
If you do not specify the hello_time value, the value is calculated from the network diameter.
Examples
This example shows how to set the bridge priority:
Router(config)# spanning-tree mst 0 root priority 4096Router(config)#This example shows how to set the priority and timer values for the bridge:
Router(config)# spanning-tree mst 0 root primary diameter 7 hello-time 2Router(config)# spanning-tree mst 5 root primaryRouter(config)#Related Commands
spanning-tree pathcost method
To set the default path cost calculation method, use the spanning-tree pathcost method command. Use the no form of this command to return to the default settings.
spanning-tree pathcost method {long | short}
no spanning-tree pathcost method
Syntax Description
long
32-bit based values for default port path costs.
short
16-bit based values for default port path costs.
Defaults
short
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
This command applies to all the spanning tree instances on the Cisco 7600 series router.
The long path cost calculation method utilizes all 32 bits for path cost calculation and yields values in the range of 1 through 200,000,000.
The short path cost calculation method (16 bits) yields values in the range of 1 through 65535.
Examples
This example shows how to set the default path cost calculation method to long:
Router(config)# spanning-tree pathcost method longRouter(config)#This example shows how to set the default path cost calculation method to short:
Router(config)# spanning-tree pathcost method shortRouter(config)#Related Commands
spanning-tree portfast (interface configuration mode)
To enable PortFast mode, where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-tree portfast command. Use the no form of this command to return to the default settings.
spanning-tree portfast
spanning-tree portfast {disable | trunk}
no spanning-tree portfast
Syntax Description
disable
Disables PortFast on the interface.
trunk
Enables PortFast on the interface even while in the trunk mode.
Defaults
The settings configured by the spanning-tree portfast default command.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(11b)EX
This command was changed to add the disable and trunk keywords.
Usage Guidelines
You should use this feature only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt the Cisco 7600 series router and network operation.
An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay.
Be careful when using the no spanning-tree portfast command. This command does not disable PortFast if the spanning-tree portfast default command is enabled.
This command has four states:
•
•
•
Note
•
Examples
This example shows how to enable PortFast mode:
Router(config-if)# spanning-tree portfastRouter(config-if)#Related Commands
show spanning-tree
spanning-tree portfast defaultspanning-tree portfast bpdufilter default
To enable BPDU filtering by default on all PortFast ports, use the spanning-tree portfast bpdufilter default command. Use the no form of this command to return to the default settings.
spanning-tree portfast bpdufilter default
no spanning-tree portfast bpdufilter default
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
The spanning-tree portfast bpdufilter command enables BPDU filtering globally on the Cisco 7600 series router. BPDU filtering prevents a port from sending or receiving any BPDUs.
You can override the effects of the portfast bpdufilter default command by configuring BPDU filtering at the interface level.
Note
When enabled locally on a port, BPDU filtering prevents the Cisco 7600 series router from receiving or sending BPDUs on this port.
Caution
Examples
This example shows how to enable BPDU filtering by default:
Router(config)# spanning-tree portfast bpdufilter defaultRouter(config)#Related Commands
show spanning-tree mst
spanning-tree bpdufilterspanning-tree portfast bpduguard default
To enable the BPDU guard feature by default on all PortFast ports, use the spanning-tree portfast bpduguard default command. Use the no form of this command to return to the default settings.
spanning-tree portfast bpduguard default
no spanning-tree portfast bpduguard default
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Caution
BPDU guard disables a port if it receives a BPDU. BPDU guard is applied only on ports that are PortFast enabled and are in an operational PortFast state.
Examples
This example shows how to enable BPDU guard by default:
Router(config)# spanning-tree portfast bpduguard defaultRouter(config)#Related Commands
show spanning-tree mst
spanning-tree bpduguardspanning-tree portfast default
To enable PortFast by default on all access ports, use the spanning-tree portfast default command. Use the no form of this command to disable PortFast by default on all access ports.
spanning-tree portfast default
no spanning-tree portfast default
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Caution
An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay.
You can enable PortFast mode on individual interfaces using the spanning-tree portfast (interface configuration mode) command.
Examples
This example shows how to globally enable PortFast by default on all access ports:
Router(config)# spanning-tree portfast defaultRouter(config)#Related Commands
show spanning-tree
spanning-tree portfast (interface configuration mode)
spanning-tree port-priority
To set an interface priority when two bridges vie for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. Use the no form of this command to return to the default settings.
spanning-tree port-priority port-priority
no spanning-tree port-priority
Syntax Description
Defaults
port-priority is 128.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Examples
This example shows how to increase the likelihood that the spanning tree instance 20 is chosen as the root-bridge on Ethernet interface 2/0:
Router(config-if)# spanning-tree port-priority 0Router(config-if)#Related Commands
show spanning-tree
spanning-tree mst
spanning-tree vlan
spanning-tree uplinkfast
To enable UplinkFast, use the spanning-tree uplinkfast command. Use the no form of this command to disable UplinkFast.
spanning-tree uplinkfast [max-update-rate packets-per-second]
no spanning-tree uplinkfast [max-update-rate]
Syntax Description
max-update-rate packets-per-second
(Optional) Maximum rate (in packets per second) at which update packets are sent; valid values are from 0 to 65535.
Defaults
The defaults are as follows:
•
•
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
This command should be used only on access switches.
When you configure UplinkFast, the bridge priority is changed to 49152 so that this switch will not be selected as root. All interface path costs of all spanning tree interfaces that belong to the specified spanning tree instances also increase by 3000.
When spanning tree detects that the root interface has failed, UplinkFast causes an immediate switchover to an alternate root interface, transitioning the new root interface directly to the forwarding state. During this time, a topology change notification is sent. To minimize the disruption caused by the topology change, a multicast packet is sent to 01-00-0C-CD-CD-CD for each station address in the forwarding bridge except for those associated with the old root interface.
Use the spanning-tree uplinkfast max-update-rate command to enable UplinkFast (if not already enabled) and change the rate at which update packets are sent. Use the no form of this command to return the default rate.
Examples
This example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:
Router(config)# spanning-tree uplinkfast max-update-rate 200Router(config)#Related Commands
spanning-tree vlan
To configure STP on a per-VLAN basis, use the spanning-tree vlan command. Use the no form of this command to return to the default settings.
spanning-tree vlan vlan-id [forward-time seconds | hello-time hello-time | max-age seconds | priority priority | protocol protocol | {root {primary | secondary} [diameter net-diameter [hello-time hello-time]]}]
no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | protocol | root]
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
•
•
Command Modes
Global configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(11b)EX
The command was changed to support extended-range VLANs.
Usage Guidelines
Caution
Caution
When setting the max-age seconds, if a bridge does not hear BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning tree topology.
Valid values for protocol are dec—Digital STP, ibm—IBM STP, ieee—IEEE Ethernet STP, and vlan-bridge—VLAN Bridge STP.
The spanning-tree root primary alters this switch's bridge priority to 8192. If you enter the spanning-tree root primary command and the switch does not become root, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch does not become root, an error will result.
The spanning-tree root secondary alters this switch's bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.
Use the spanning-tree root commands on backbone switches only.
If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to enable spanning tree on VLAN 200:
Router(config)# spanning-tree vlan 200Router(config)#This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
Router(config)# spanning-tree vlan 10 root primary diameter 4Router(config)#This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
Router(config)# spanning-tree vlan 10 root secondary diameter 4Router(config)#Related Commands
speed
To set the port speed for an Ethernet interface, use the speed command. Use the no form of this command to disable a speed setting.
speed [10 | 100 | auto]
speed [10 | 100 | 1000 | auto]
speed [1000 | nonegotiate]
no speed
Syntax Description
Defaults
See Table 2-47 for a list of default settings.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Use the speed [10 | 100 | auto] command for 10/100 ports, the speed [10 | 100 | 1000 | auto] command for 10/100/1000 ports, and the speed [1000 | nonegotiate] command for Gigabit Ethernet ports.
When you enable link negotiation, the speed, duplex, flow control, and clocking negotiations between two Gigabit Ethernet ports are automatically enabled.
Table 2-47 lists the supported command options by interface.
If you decide to configure the interface speed and duplex commands manually, and enter a value other than speed auto (for example, 10 or 100 Mbps), ensure that you configure the connecting interface speed command to a matching speed but do not use the auto parameter.
If you set the Ethernet interface speed to auto on a 10/100-Mbps or 10/100/1000-Mbps Ethernet interface, both speed and duplex are autonegotiated.
The Gigabit Ethernet interfaces are full duplex only. You cannot change the duplex mode on the Gigabit Ethernet interfaces or on a 10/100/1000-Mbps interface configured for Gigabit Ethernet.
When manually configuring the interface speed to either 10 or 100 Mbps, the switch prompts you to also configure duplex mode on the interface.
Note
Caution
You cannot set the duplex mode to half when the port speed is set at 1000 and similarly, you cannot set the port speed to 1000 when the mode is set to half duplex. In addition, if the port speed is set to auto, the duplex command is rejected.
Table 2-48 describes the relationship and resulting system action of the duplex and speed commands.
Examples
This example shows how to configure the interface to transmit at 100 Mbps:
Router(config-if)# speed 100Router(config-if)#Related Commands
duplex
interface (refer to the Cisco IOS Release 12.1 Command Reference)
show controllers (refer to the Cisco IOS Release 12.1 Command Reference)
show interfaces (refer to the Cisco IOS Release 12.1 Command Reference)squeeze
To permanently delete Flash files by squeezing a Flash file system, use the squeeze command.
squeeze filesystem:
Syntax Description
filesystem:
Flash file system; valid values are bootflash:, flash:, slot0:, , slot1:, sup-slot0:, and sup-bootflash:.
Defaults
This command has no default settings.
Command Modes
Privileged EXEC
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
When Flash memory is full, you might need to rearrange the files so that the space used by the files marked "deleted" can be reclaimed.
When you enter the squeeze command, the router copies all valid files to the beginning of Flash memory and erases all files marked "deleted." At this point, you cannot recover "deleted" files and you can write to the reclaimed Flash memory space.
In addition to removing deleted files, you can use the squeeze command to remove any files that the system has marked as "error." An error file is created when a file write fails (for example, the device is full). To remove error files, you must use the squeeze command. The squeeze operation might take as long as several minutes because it can involve erasing and rewriting almost an entire Flash memory space.
The colon is required when entering the filesystem.
Examples
This example shows how to permanently erase the files marked "deleted" from the Flash memory inserted in slot 1:
Router # squeeze slot1:Router #Related Commands
delete (refer to the Cisco IOS Release 12.1 Command Reference)
dir (refer to the Cisco IOS Release 12.1 Command Reference)
undeletestack-mib portname
To specify a name string for a port, use the stack-mib portname command.
stack-mib portname portname
Syntax Description
Defaults
This command has no default settings.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Using the stack-mib command to set a name string to a port corresponds to the portName MIB object in the portTable of CISCO-STACK-MIB. portName is the MIB object in the portTable of CISCO-STACK-MIB. You can set this object to be descriptive text describing the function of the interface.
Examples
This example shows how to set a name to a port:
Router(config-if)# stack-mib portname portal_to_paradiseRouter(config-if)#standby delay minimum reload
To configure the delay period before the initialization of HSRP groups, use the standby delay minimum reload command. Use the no form of this command to disable the delay period.
standby delay minimum [min-delay] reload [reload-delay]
no standby delay minimum [min-delay] reload [reload-delay]
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
If the active router fails or is removed from the network, the standby router automatically becomes the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.
However, even if the standby preempt command is not configured, the former active router resumes the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.
We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.
In most configurations, the default values provide sufficient time for the packets to get through and it is not necessary to configure longer delay values.
The delay is canceled if an HSRP packet is received on an interface.
Examples
This example shows how to set the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:
Router(config-if) # standby delay minimum 30 reload 120Router(config-if) #Related Commands
show standby delay
standby preempt (refer to the Cisco IOS Release 12.1 Command Reference)
standby timers (refer to the Cisco IOS Release 12.1 Command Reference)standby track
To configure an interface so that the Hot Standby priority changes are based on the availability of other interfaces, use the standby track command. Use the no standby group-number track command to delete all tracking configuration for a group.
standby [group-number] track {interface-type interface-number | designated-router} [priority-decrement]
no standby group-number track
Syntax Description
Defaults
The defaults are as follows:
•
•
•
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
12.1(13.05)E0
This command was changed to include the designated-router keyword.
Usage Guidelines
This command is supported on systems configured with an MSFC2 only. This command is not supported on systems configured with an MSFC1.
Prior to entering the designated-router keyword, you must ensure that the new designated router has a higher HSRP priority than the current designated router to take over.
When a tracked interface goes down, the Hot Standby priority decreases by the number specified by the priority-decrement argument. If an interface is not tracked, its state changes do not affect the Hot Standby priority. For each interface configured for Hot Standby, you can configure a separate list of interfaces to be tracked.
When multiple tracked interfaces are down, the decrements are cumulative whether they are configured with priority-decrement values or not.
A tracked interface is considered down if the IP address is disabled on that interface.
You must enter the group-number when using the no form of this command.
If you configure HSRP to track an interface, and that interface is physically removed as in the case of an OIR operation, then HSRP regards the interface as always down. You cannot remove the HSRP interface tracking configuration. To prevent this situation, use the no standby track interface-type interface-number command before you physically remove the interface.
When you enter a group-number 0, no group number is written to NVRAM, providing backward compatibility.
Examples
This example shows how to enable HSRP tracking for group 1 on an interface:
Router(config-if)# standby 1 track Ethernet0/2Router(config-if)#This example shows how to specify that if the designated router becomes nondesignated, the active HSRP router becomes the designated router:
Router(config-if)# standby 1 track designated-router 15Router(config-if)#Related Commands
show standby (refer to the Cisco IOS Release 12.1 Command Reference)
standby use-bia
To configure the HSRP to use the burned-in address of the interface as its virtual MAC address instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command. Use the no form of this command to return to the default virtual MAC address.
standby use-bia [scope interface]
no standby use-bia
Note
Syntax Description
scope interface
(Optional) Configures this command for the subinterface on which it was entered instead of the major interface.
Defaults
HSRP uses the preassigned MAC address on Ethernet and FDDI or the functional address on Token Ring.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
The PFC2 supports a maximum of 16 unique HSRP group numbers. You can use the same HSRP group numbers in different VLANs. If you configure more than 16 HSRP groups, this restriction prevents use of the VLAN number as the HSRP group number.
Note
Hardware Layer 3 switching supports the following ingress and egress encapsulations:
•
•
•
Hardware Layer 3 switching is permanently enabled on a Supervisor Engine 2 with a PFC2, an MSFC2, and a DFC. No configuration is required.
Examples
This example shows how to configure the HSRP to use the burned-in address of the interface as the virtual MAC address mapped to the virtual IP address:
Router(config-if) # standby use-biaRouter(config-if) #storm-control level
To set the suppression level, use the storm-control level command. Use the no form of this command to turn off the suppression mode.
storm-control {broadcast | multicast | unicast} level level[.level]
no storm-control {broadcast | multicast | unicast} level
Syntax Description
Defaults
All packets are passed.
Command Modes
Interface configuration
Command History
12.1(12c)E1
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
You can enter this command on switch ports and router ports.
Enter the storm-control level command to enable traffic storm control on the interface, configure the traffic storm control level, and apply the traffic storm control level to all traffic storm control modes enabled on the interface.
Only one suppression level is shared by all three suppression modes. For example, if you set the broadcast level to 30 and set the multicast level to 40, both levels are enabled and set to 40.
The Cisco 7600 series router supports multicast and unicast traffic storm control only on Gigabit Ethernet LAN ports. The switch supports broadcast traffic storm control on all LAN ports.
The multicast and unicast keywords are supported on Gigabit Ethernet LAN ports only. These keywords are not supported on 10 Mbps, 10/100 Mbps, 100 Mbps, or 10-Gigabit Ethernet modules.
The period is required when you enter the fractional suppression level.
The suppression level is entered as a percentage of the total bandwidth. A threshold value of 100 percent means that no limit is placed on traffic. A value of 0.0 means that all specified traffic on that port is blocked.
In Cisco IOS Release 12.1(12c)E1 and later releases, the storm-control level command replaces the broadcast suppression command.
Enter the show interfaces counters broadcast command to display the discard count.
Enter the show running-config command to display the enabled suppression mode and level setting.
To turn off suppression for the specified traffic type, you can do one of the following:
•
•
Examples
This example shows how to enable and set the suppression level:
Router(config-if)# storm-control broadcast level 30Router(config-if)#This example shows how to disable the suppression mode:
Router(config-if)# no storm-control multicast levelRouter(config-if)#Related Commands
switchport
To modify the switching characteristics of the Layer 2-switched interface, use the switchport command (without parameters). Use the no form of this command (without parameters) to return the interface to the routed-interface status and cause all further Layer 2 configuration to be erased. Use the switchport commands (with parameters) to configure the switching characteristics.
switchport
switchport {host | nonegotiate}
no switchport
no switchport nonegotiate
Syntax Description
host
Optimizes the port configuration for a host connection.
nonegotiate
Specifies that the device will not engage in negotiation protocol on this interface.
Defaults
The default access VLAN and trunk interface native VLAN are default VLANs that correspond to the platform or interface hardware.
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(8a)EX
This command was changed to add the host keyword.
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command for the interface.
Entering the no switchport command shuts the port down and then reenables it, which may generate messages on the device to which the port is connected.
To optimize the port configuration, the switchport host command sets switch port mode to access, enables spanning tree PortFast, and disables channel grouping. Only an end station can accept this configuration.
Because spanning tree PortFast is enabled, you should enter the switchport host command only on ports that are connected to a single host. Connecting other Cisco 7600 series routers, hubs, concentrators, switches, and bridges to a fast-start port can cause temporary spanning tree loops.
Enable the switchport host command to decrease the time that it takes to start up packet forwarding.
The no form of the switchport nonegotiate command removes nonegotiate status.
When using the nonegotiate keyword, DISL/DTP negotiation packets will not be sent on the interface. The device will trunk or not trunk according to the mode parameter given: access or trunk. This command will return an error if you attempt to execute it in dynamic (auto or desirable) mode.
You must force a port to trunk before you can configure it as a SPAN destination port. Use the switchport nonegotiate command to force the port to trunk.
Examples
This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:
Router(config-if)# switchportRouter(config-if)#
Note
This example shows how to optimize the port configuration for a host connection:
Router(config-if)# switchport hostswitchport mode will be set to accessspanning-tree portfast will be enabledchannel group will be disabledRouter(config-if)#This example shows how to cause a port interface that has already been configured as a switched interface to refrain from negotiating trunking mode and act as a trunk or access port (depending on the mode set):
Router(config-if)# switchport nonegotiateRouter(config-if)#Related Commands
switchport access vlan
To set the VLAN when the interface is in access mode, use the switchport access vlan command. Use the no form of this command to reset the access mode VLAN to the appropriate default VLAN for the device.
switchport access vlan vlan-id
no switchport access vlan
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
12.1(11b)EX
The command was changed to support extended-range VLANs.
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport access vlan command. This action is required only if you have not entered the switchport command for the interface.
Entering the no switchport command shuts the port down and then reenables it, which may generate messages on the device to which the port is connected.
The no form of the switchport access vlan command resets the access mode VLAN to the appropriate default VLAN for the device.
If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:
Router(config-if)# switchportRouter(config-if)#
Note
This example shows how to cause a port interface that has already been configured as a switched interface to operate in VLAN 2 instead of the platform's default VLAN when in access mode:
Router(config-if)# switchport access vlan 2Router(config-if)#Related Commands
switchport capture
To configure the port to capture VACL-filtered traffic, use the switchport capture command. Use the no form of this command to disable the capture mode on the port.
switchport capture
no switchport capture
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Interface configuration
Command History
12.1(8a)EX
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command for the interface.
Entering the no switchport command shuts the port down and then reenables it, which may generate messages on the device to which the port is connected.
Entering the switchport capture command sets the capture function on the interface so that the packets with the capture bit set is received by the interface.
There is no restriction on the order that you enter the switchport capture and switchport capture allowed vlan commands. The port does not become a capture port until you enter the switchport capture (with no arguments) command.
The capture port must allow the destination VLANs of the captured packets. Once you enable a capture port, the packets are allowed from all VLANs by default, the capture port is on longer in the originally configured mode, and the capture mode enters monitor mode. In monitor mode, the capture port does the following:
•
•
•
•
•
When configuring a capture port with Release 12.1(11b)EX, note the following:
•
•
•
With Release 12.1(11b)E or earlier, only the Gigabit Ethernet monitor port on the IDS module can be configured as a capture port.
Examples
This example shows how to configure an interface to capture VACL-filtered traffic:
Router(config-if)# switchport captureRouter(config-if)#Related Commands
show interfaces switchport
switchport capture allowed vlanswitchport capture allowed vlan
To specify the destination VLANs of the VACL-filtered traffic, use the switchport capture allowed vlan command. Use the no form of this command to clear the configured destination VLAN list and return to the default settings.
switchport capture allowed vlan {add | all | except | remove} vlan-id [,vlan-id[,vlan-id[,...]]
no switchport capture allowed vlan
Syntax Description
Defaults
all
Command Modes
Interface configuration
Command History
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command already for the interface.
Entering the no switchport command shuts the port down and then reenables it, which may generate messages on the device to which the port is connected.
The valid values for vlan-id are from 1 to 4094. You can enter the vlan-id as a single VLAN, a group of VLANs, or both. For example, switchport capture allowed vlan 1-1000, 2000, 3000-3100.
If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.
For systems with a Supervisor Engine 2, the redirect interface must be in the VLAN for which the VACL access map is configured. For systems with a Supervisor Engine 1, the redirect interface must be in the redirected packet's source VLAN.
SPAN and RSPAN destination ports can receive VACL-redirected traffic.
Capture ports can receive VACL-redirected traffic if the VLAN that traffic is redirected from is enabled on the capture port.
There is no restriction on the order that you enter the switchport capture and switchport capture allowed vlan commands. The port does not become a capture port until you enter the switchport capture (with no arguments) command.
Examples
This example shows how to add the specified VLAN to capture VACL-filtered traffic:
Router(config-if)# switchport capture allowed vlan add 100Router(config-if)#Related Commands
switchport dot1q
To set the trunk dot1q EtherType value, use the switchport dot1q command. Use the no form of this command to return to the default.
switchport dot1q {ethertype value}
no switchport dot1q
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
Follow these guidelines and restrictions when using 802.1Q trunks:
•
•
•
•
•
•
•
Do not enable the reserved VLAN range (1006 to 1024) on trunks when connecting a Cisco 7600 series router running Cisco IOS software on both the supervisor engine and the MSFC to a Cisco 7600 series router running Catalyst software. These VLANs are reserved in systems running Catalyst software. If enabled, systems running Catalyst software may error disable the ports if there is a trunking channel between these systems.
Examples
This example shows how to cause a port interface that is configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:
Router(config-if)# switchport dot1qRouter(config-if)#Related Commands
switchport mode
To set the interface type, use the switchport mode command. Use the no form of this command to reset the mode to the appropriate default mode for the device.
switchport mode {access | trunk | {dynamic {auto | desirable}} | dot1q-tunnel}
switchport mode private-vlan {host | promiscuous}
no switchport mode
no switchport mode private-vlan
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
802.1Q tunneling is not supported on systems configured with the following:
•
•
If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.
If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the link into a trunk link even if the neighboring interface does not agree to the change.
If you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode.
If you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
If you configure a port as a promiscuous or host PVLAN port and one of the following applies, the port becomes inactive:
•
•
Similarly, if a private port PVLAN association or mapping is deleted, or if a private port is configured as a SPAN destination, the deleted private port PVLAN association or mapping or the private port configured as a SPAN destination becomes inactive.
If you enter dot1-qtunnel mode, BPDU filtering is enabled and CDP is disabled on protocol tunneled interfaces.
Examples
This example shows how to set the interface to dynamic desirable mode:
Router(config-if)# switchport mode dynamic desirableRouter(config-if)#This example shows how to set a port to PVLAN host mode:
Router(config-if)# switchport mode private-vlan hostRouter(config-if)#This example shows how to set a port to PVLAN promiscuous mode:
Router(config-if)# switchport mode private-vlan promiscuousRouter(config-if)#Related Commands
show dot1q-tunnel
show interfaces switchport
switchport
switchport private-vlan host-association
switchport private-vlan mapping
switchport port-security
To enable port security on an interface, use the switchport port-security command. Use the no form of this command to disable port security.
switchport port-security
no switchport port-security
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Follow these guidelines when configuring port security:
•
•
•
•
Examples
This example shows how to enable port security:
Router(config-if)# switchport port-securityRouter(config-if)#This example shows how to disable port security:
Router(config-if)# no switchport port-securityRouter(config-if)#Related Commands
switchport port-security aging time
To set the duration for which all addresses are secured, use the switchport port-security aging time command. Use the no form of this command to disabling security aging.
switchport port-security aging time time
Syntax Description
time
Sets the duration for which all addresses are secured; valid values are from 1 to 1440 minutes.
Defaults
Disabled
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
12.1(19)E
Valid values for time were changed from 0 to 1440 minutes to 1 to 1440 minutes.
Usage Guidelines
All the secure addresses age out exactly after the time (minutes) specified lapses and are removed from the secure address list.
Examples
This example shows how to set the aging time as 2 hours:
Router(config-if)# switchport port-security aging time 120Router(config-if)#This example shows how to set the aging time as 2 minutes:
Router(config-if)# switchport port-security aging time 2Router(config-if)#Related Commands
switchport port-security mac-address
To enter the maximum number of secure MAC addresses on an interface, use the switchport-port-security mac-address command. Use the no form of this command to remove a MAC address from the list of secure MAC addresses.
switchport port-security mac-address mac-addr
no switchport port-security mac-address mac-addr
Syntax Description
Defaults
This command has no default settings.
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
If you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically learned.
To clear multiple MAC addresses, you must enter the no form of this command once for each MAC address to be cleared.
Examples
This example shows how to configure a secure MAC address:
Router(config-if)# switchport port-security mac-address 1000.2000.3000Router(config-if)#This example shows how to delete a secure MAC address from the address table:
Router(config-if)# no switchport port-security mac-address 1000.2000.3000Router(config-if)#Related Commands
switchport port-security maximum
To set the maximum number of MAC addresses to be secured for a port, use the switchport port-security maximum command. Use the no form of this command to return to the default settings.
switchport port-security maximum max-addr
no switchport port-security maximum
Syntax Description
Defaults
mac-addr is 1.
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
If you enter this command more than once, subsequent use of this command overrides the previous value of mac-addr. If the new mac-addr value is more than the current number of the secured addresses on this port, there is no effect except to increase the value of the mac-addr.
If the new mac-addr is less than the old mac-addr and there are more secure addresses on the old mac-addr, the command is rejected.
If you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically learned.
Examples
This example shows how to set the maximum number of secured addresses that are allowed on this port:
Router(config-if)# switchport port-security maximum 5Router(config-if)#Related Commands
switchport port-security violation
To set the action to be taken when a security violation is detected, use the switchport port-security violation command. Use the no form of this command to return to the default settings.
switchport port-security violation {shutdown | restrict | protect}
Syntax Description
Defaults
shutdown
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
When a security violation is detected, one of the following actions occurs:
•
•
•
Note
Examples
This example shows how to set the action to be taken when a security violation is detected:
Router(config-if)# switchport port-security violation restrictRouter(config-if)#Related Commands
switchport private-vlan host-association
To define a PVLAN association for an isolated or community port, use the switchport private-vlan host-association command. Use the no form of this command to remove the PVLAN mapping from the port.
switchport private-vlan host-association {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan host-association
Syntax Description
Defaults
No PVLAN is configured.
Command Modes
Interface configuration
Command History
Usage Guidelines
There is no runtime effect on the port unless it is in PVLAN host mode. If the port is in PVLAN host mode but neither of the VLANs exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):
Router(config-if)# switchport private-vlan host-association 18 20Router(config-if)#This example shows how to remove the PVLAN association from the port:
Router(config-if)# no switchport private-vlan host-associationRouter(config-if)#Related Commands
show interfaces switchport
switchport modeswitchport private-vlan mapping
To define the PVLAN mapping for a promiscuous port, use the switchport private-vlan mapping command. Use the no form of this command to clear all mapping from the primary VLAN.
switchport private-vlan mapping {primary-vlan-id} {secondary-vlan-list} | {add secondary-vlan-list} | {remove secondary-vlan-list}
no switchport private-vlan mapping
Syntax Description
Defaults
No PVLAN mappings are configured.
Command Modes
Interface configuration
Command History
Usage Guidelines
There is no runtime effect on the port unless it is in PVLAN promiscuous mode. If the port is in PVLAN promiscuous mode but the VLANs do not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.
Examples
This example shows how to configure the mapping of primary VLAN 18 to secondary isolated VLAN 20 on a port:
Router(config-if)# switchport private-vlan mapping 18 20Router(config-if)#This example shows how to add a VLAN to the mapping:
Router(config-if)# switchport private-vlan mapping 18 add 21Router(config-if)#This example shows how to remove the PVLAN mapping from the port:
Router(config-if)# no switchport private-vlan mappingRouter(config-if)#
Related Commands
show interfaces private-vlan mapping
switchport protocol
To modify the protocol filtering mode for each included protocol when the port is in access mode, use the switchport protocol command. Use the no form of this command to disable protocol filtering.
switchport protocol {ip | ipx | appletalk | other} {off | on | auto}
no switchport protocol
Syntax Description
Defaults
on for all other protocol types
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
You must use the protocol-filtering command to enable protocol filtering before setting the filtering mode.
The switchport protocol command is supported on platforms that support EARL 2 mode 1 address filtering only.
The no form of this command is synonymous with off.
Examples
This example shows how to set the protocol membership of an interface to receive IPX packets only:
Router(config-if)# switchport protocol appletalk offRouter(config-if)# switchport protocol ip offRouter(config-if)# switchport protocol ipx onRelated Commands
switchport trunk
To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command. Use the no form of this command to reset all of the trunking characteristics back to the original defaults.
switchport trunk encapsulation {isl | dot1q | negotiate}
switchport trunk native vlan vlan-id
switchport trunk allowed vlan vlan-list
switchport trunk pruning vlan vlan-list
switchport trunk dot1q ethertype value
no switchport trunk {{encapsulation {isl | dot1q | negotiate}} | {native vlan} | {allowed vlan} | {pruning vlan}}
Syntax Description
Defaults
The defaults are as follows:
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support both ISL and 802.1Q formats.
If you enter the switchport trunk encapsulation isl command on a port channel containing an interface that does not support ISL trunk encapsulation, the command is rejected.
Note
The dot1q ethertype value command is not supported.
If you enter the negotiate keywords and DISL and DTP negotiation do not resolve the encapsulation format, then ISL is the selected format. The no form of this command resets the trunk encapsulation format back to the default.
The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN for the device.
The no form of the allowed vlan command resets the list to the default list, which allows all VLANs.
The no form of the pruning vlan command resets the list to the default list, which enables all VLANs for VTP pruning.
The no form of the dot1q ethertype value command resets the list to the default settings.
The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] and is described as follows:
•
•
•
•
Note
•
•
Follow these guidelines and restrictions when using 802.1Q trunks:
•
•
•
•
•
•
•
Do not enable the reserved VLAN range (1006 to 1024) on trunks when connecting a Cisco 7600 series router running Cisco IOS software on both the supervisor engine and the MSFC to a Cisco 7600 series router running Catalyst software. These VLANs are reserved in systems running Catalyst software. If enabled, systems running Catalyst software may error disable the ports if there is a trunking channel between these systems.
Examples
This example shows how to cause a port interface that is configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:
Router(config-if)# switchport trunk encapsulation dot1qRouter(config-if)#Related Commands
switchport voice vlan
To configure a voice VLAN on a multiple VLAN access port, use the switchport voice vlan command. Use the no form of this command to remove the voice VLAN from the switch port.
switchport voice vlan {dot1p | none | untagged | vvid}
no switchport voice vlan
Syntax Description
Defaults
none
Command Modes
Interface configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
The default Layer 2 CoS is 5. The default Layer 3 IP precedence value is 5.
This command does not create a voice VLAN. You can create a voice VLAN in VLAN configuration mode by entering the vlan (global configuration mode) command. If you configure both the native VLAN and the voice VLAN in the VLAN database and set the switch port to multiple VLAN access mode, this command brings up the switch port as operational.
If you enter dot1p, the switch port is enabled to receive 802.1p packets only.
If you enter none, the switch port does not send CDP packets with VVID TLVs.
If you enter untagged, the switch port is enabled to receive untagged packets only.
If you enter vvid, the switch port receives packets tagged with the specified vvid.
Examples
This example shows how to create an operational multiple VLAN access port:
Router(config-if)# switchportRouter(config-if)# switchport mode accessRouter(config-if)# switchport access vlan 100Router(config-if)# switchport voice vlan 101Router(config-if)This example shows how to change the multiple VLAN access port to a normal access port:
Router(config-if)# interface fastethernet5/1Router(config-if)# no switchport voice vlanRouter(config-if)Related Commands
switchport access vlan
switchport modesync-restart-delay
To set the synchronization restart delay timer to ensure accurate status reporting, use the sync-restart-delay command.
sync-restart-delay timer
Syntax Description
Defaults
timer is 210 milliseconds.
Command Modes
Interface configuration
Command History
12.1(11b)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
This command is supported on Gigabit Ethernet fiber ports only.
The status register records the current status of the link partner.
Examples
This example shows how to set the Gigabit Ethernet synchronization restart delay timer:
Router(config-if)# sync-restart-delay 2000Router(config-if)#Related Commands
system jumbomtu
To set the maximum Layer 2 and Layer 3 packet size, use the system jumbomtu command. Use the no form of this command to revert to the default MTU setting.
system jumbomtu mtu-size
no system jumbomtu
Syntax Description
mtu-size
Specifies the maximum Layer 2 and Layer 3 packet size; valid values are from 1500 to 9216 bytes.
Defaults
mtu-size is 9216 bytes.
Command Modes
Global configuration
Command History
12.1(13)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
The mtu-size parameter specifies the Ethernet packet size, not the total Ethernet frame size, and the Layer 3 MTU is changed as a result of entering the system jumbomtu command.
The system jumbomtu command enables global MTU for port ASICs. On a port ASIC, once jumbo frames are enabled, it accepts any size packet on the ingress side and checks outgoing packets on the egress side. Packets on the egress side that exceed the global MTU are dropped by the port ASIC.
For example, if you have port A in VLAN1 and Port B in VLAN2, and if VLAN1 and VLAN2 are configured for mtu 9216 and you enter the system jumbomtu 4000 command, packets larger than 4000 bytes are not transmitted out because Ports B and A drop anything larger than 4000 bytes.
Examples
This example shows how to set the global MTU size to 1550 bytes:
Router(config)# system jumbomtu 1550Router(config)# endRouter#This example shows how to revert to the default MTU setting:
Router(config)# no system jumbomtuRouter(config)#Related Commands
mtu
show interfaces
show running-configtcam priority
To prioritize the interfaces for forwarding to software in the event of TCAM entry or label exhaustion, use the tcam priority command.
tcam priority {high | normal | low}
Syntax Description
Defaults
normal
Command Modes
Interface configuration
Command History
12.1(8a)E3
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
This command is supported on systems configured with a Supervisor Engine 2 only.
The interfaces are chosen in this order:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Examples
This example shows how to set the priority:
Router(config-if)# tcam priority lowRouter(config-if)#Related Commands
test cable-diagnostics
To test the condition of 10-Gigabit Ethernet links or copper cables on 48-port 10/100/1000 BASE-T modules, use the test cable-diagnostics command.
test cable-diagnostics tdr interface {interface interface-number}
test cable-diagnostics prbs {start | stop} interface {interface interface-number}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Privileged EXEC
Command History
12.1(19)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
Cable diagnostics can help you detect whether your cable has connectivity problems.
The PRBS test guidelines are as follows:
•
•
•
•
Interface Te*** is being shutdown before PRBS test•
–
–
–
If you attempt to change the configuration mode while the PRBS test is running, the following message is displayed
%This interface cannot be modifiedThe TDR test guidelines are as follows:
•
–
–
•
•
•
•
Router# test cable-diagnostics tdr interface gigabitethernet2/12% Interface Gi2/12 is administratively down% Use 'no shutdown' to enable interface before TDR test start.•
•
•
•
•
Examples
This example shows how to start the PRBS test:
Router# test cable-diagnostics prbs start interface tenGigabitEthernet 9/1PRBS test started on interface te9/1Please make sure PRBS test is also started on the other endUse 'show cable-diagnostics prbs' to read the error counter.Router#This example shows how to stop the PRBS test:
Router# test cable-diagnostics prbs stop interface tenGigabitEthernet 5/1PRBS test stopped on interface te5/1Please make sure PRBS test is also stopped on the other endRouter#This example shows how to run the TDR cable diagnostics:
Router # test cable-diagnostics tdr interface gigabitethernet2/1TDR test started on interface Gi2/1A TDR test can take a few seconds to run on an interfaceUse 'show cable-diagnostics tdr' to read the TDR results.Router #Related Commands
show cable-diagnostics prbs
show cable-diagnostics tdrtime-range
To enable time-range configuration mode and define time ranges for functions (such as extended access lists), use the time-range command. Use the no form of this command to remove the time limitation.
time-range time-range-name
no time-range time-range-name
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
12.1(19)E
Support for this command was introduced on the Cisco 7600 series routers.
Usage Guidelines
The time-range entries are identified by a name, which is referred to by one or more other configuration commands. Multiple time ranges can occur in a single access list or other feature.
The time-range-name cannot contain a space or quotation mark, and must begin with a letter.
Note
After the time-range command, use the periodic time-range configuration command, the absolute time-range configuration command, or some combination of those commands to define when the feature is in effect. Multiple periodic commands are allowed in a time range; only one absolute command is allowed.
Tips
Examples
This example shows how to deny HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m and allow UDP traffic on Saturday and Sunday from noon to midnight only:
Router(config)# time-range no-httpRouter(config)# periodic weekdays 8:00 to 18:00!Router(config)# time-range udp-yesRouter(config)# periodic weekend 12:00 to 24:00!Router(config)# ip access-list extended strictRouter(config)# deny tcp any any eq http time-range no-httpRouter(config)# permit udp any any time-range udp-yes!Router(config)# interface ethernet 0Router(config)# ip access-group strict inRelated Commands
absolute (refer to the Cisco IOS Release 12.1 Command Reference)
ip access-list (refer to the Cisco IOS Release 12.1 Command Reference)
periodic (refer to the Cisco IOS Release 12.1 Command Reference)
permit (IP) (refer to the Cisco IOS Release 12.1 Command Reference)
