Table Of Contents
clear mac address-table dynamic
clear spanning-tree detected-protocol
show hardware mac address-table
show interface private-vlan mapping
show mac address-table aging-time
show running-config spanning-tree
spanning-tree bridge assurance
spanning-tree loopguard default
spanning-tree mst configuration
spanning-tree mst forward-time
spanning-tree mst port-priority
spanning-tree mst pre-standard
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst global
spanning-tree port type edge bpdufilter default
spanning-tree port type edge bpduguard default
spanning-tree port type edge default
spanning-tree port type network
spanning-tree port type network default
switchport mode private-vlan host
switchport mode private-vlan promiscuous
switchport private-vlan host-association
switchport private-vlan mapping
vlan (global configuration mode)
Cisco NX-OS Layer 2 Commands
This chapter describes the Cisco NX-OS Layer 2 commands.
clear mac address-table dynamic
To clear the dynamic address entries from the MAC address table in Layer 2, use the clear mac address-table dynamic command.
clear mac address-table dynamic [[address mac_addr] [vlan vlan_id] [interface {type slot/port | port-channel number}]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries from the table.
To clear static MAC addresses from the table, use the no mac address-table static command in configuration mode.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, the device removes all addresses on the specified interfaces.
This command does not require a license.
Examples
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table:
switch(config)# clear mac address-table dynamicswitch(config) #This example shows how to clear all the dynamic Layer 2 entries from the MAC address table for VLAN 20 on port 2/20:
switch(config)# clear mac address-table dynamic vlan 20 interface ethernet 2/20switch(config)#Related Commands
clear spanning-tree counters
To clear the counters for the Spanning Tree Protocol (STP), use the clear spanning-tree counters command.
clear spanning-tree counters [vlan vlan-id] [interface {ethernet {interface-num} | port-channel {channel-num}}]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can clear all the STP counters on the entire device, per VLAN, or per interface.
This command does not require a license.
Examples
This example shows how to clear the STP counters for VLAN 5:
switch# clear spanning-tree counters vlan 5Related Commands
show spanning-tree
Displays information about the spanning tree state.
show spanning-tree mst
Displays information about MST spanning tree state.
clear spanning-tree detected-protocol
To restart the protocol migration, use the clear spanning-tree detected-protocol command.
clear spanning-tree detected-protocol [interface {ethernet {interface-num} | port-channel {channel-num}}]
Syntax Description
interface
(Optional) Specifies the interface type.
ethernet interface-num
Module and port number.
port-channel channel-num
Port-channel number.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) have built-in compatibility mechanisms that allow them to interact properly with other versions of IEEE spanning tree or other regions. For example, a bridge running Rapid PVST+ can send 802.1D bridge protocol data units (BPDUs) on one of its ports when it is connected to a legacy bridge. An MST bridge can detect that a port is at the boundary of a region when it receives a legacy BPDU or an MST BPDU that is associated with a different region.
These mechanisms are not always able to revert to the most efficient mode. For example, a Rapid PVST+ bridge that is designated for a legacy 802.1D bridge stays in 802.1D mode even after the legacy bridge has been removed from the link. Similarly, an MST port assumes that it is a boundary port when the bridges to which it is connected have joined the same region.
To force the MST port to renegotiate with the neighbors, enter the clear spanning-tree detected-protocol command.
If you enter the clear spanning-tree detected-protocol command with no arguments, the command is applied to every port of the device.
This command does not require a license.
Examples
This example shows how to restart the protocol migration on a specific interface:
switch# clear spanning-tree detected-protocol interface gigabitethernet5/8Related Commands
show spanning-tree
Displays information about the spanning tree state.
show spanning-tree mst
Displays information about MST spanning tree state.
clear vlan counters
To clear the counters for a specified VLAN or all VLANs, use the clear vlan counters command.
clear vlan [id {vlan-id}] counters
Syntax Description
id
(Optional) VLAN ID you want to clear. Valid values are from 1 to 4096.
vlan-id
VLAN that you want to clear.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
If you do not specify a VLAN ID, the system clears the counters for all the VLANs, including private VLANs.
This command does not require a license.
Examples
This example shows how to clear the counters for VLAN 50:
switch# clear vlan 50 countersRelated Commands
feature private-vlan
To enable private VLANs, use the feature private-vlan command. To return to the default settings, use the no form of this command.
feature private-vlan
no feature private-vlan
Syntax Description
None
Defaults
Disabled
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You must use this command to enable private VLAN functionality. You must enable private VLANs before the private VLANs are visible to the user. When private VLANs are disabled, all of the configuration on the feature is removed from the interfaces.
You cannot apply the no feature private-vlan command if the device has any operational ports in private VLAN mode. You must shut down all operational ports in private VLAN mode before you use the no feature private-vlan command. After you shut down the interfaces and enter the no feature private-vlan command, these port return to the default mode.
This command does not require a license.
Examples
This example shows how to enable private VLAN functionality on the device:
switch(config)# feature private-vlanswitch(config)#Related Commands
show vlan private-vlan
Displays information on private VLANs. If the feature is not enabled, this command returns an error.
instance vlan
To map a VLAN or a set of VLANs to a Multiple Spanning Tree instance (MSTI), use the instance vlan command. To delete the instance and return the VLANs to the default instance (CIST), use the no form of this command.
instance instance-id vlan vlan-id
no instance instance-id vlan vlan-id
Syntax Description5
Defaults
No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).
Command Modes
mst configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The vlans vlan-range is entered as a single value or a range.
You cannot map VLANs 3968 to 4047 or 4094 to an MST instance. These VLANs are reserved for internal use by the device.
The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added to or removed from the existing instances.
Any unmapped VLAN is mapped to the CIST instance.
CautionWhen you change the VLAN-to-MSTI mapping, the system restarts MST.
This command does not require a license.
Examples
This example shows how to map a range of VLANs to MSTI 4:
switch(config)# spanning-tree mst configurationswitch(config-mst)# instance 4 vlan 100-200switch(config-mst)#Related Commands
show spanning-tree mst configuration
Displays information about the MST protocol.
spanning-tree mst configuration
Enters MST configuration submode.
mac address-table aging-time
To configure the aging time for entries in the Layer 2 table, use the mac address-table aging-time command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [vlan vlan_id]
no mac address-table aging-time [vlan vlan_id]
Syntax Description
Defaults
1800 seconds
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to a different value from that specified by the user (from the rounding process), the system returns an informational message.
When you use this command in the global configuration mode, the age values of all VLANs for which a configuration has not been specified are modified and those VLANs with specifically modified aging times are not modified. When you use the no form of this command without the VLAN parameter, only those VLANs that have not been specifically configured for the aging time reset to the default value. Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only the specified VLAN is modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN is returned to the current global configuration for the aging time, which may or may not be the default value of 300 seconds depending if the global configuration of the device for aging time has been changed.
Aging time is counted from the last time that the switch detected the MAC address.
This command does not require a license.
Examples
This example shows how to change the length of time an entry remains in the MAC address table to 500 seconds for the entire device:
switch(config)# mac address-table aging-time 500switch(config)#Related Commands
show mac address-table
Displays information about the MAC address table.
clear mac address-table aging-time
Displays information about the MAC address aging time.
mac address-table static
To configure a static entry for the Layer 2 MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port | port-channel number]}
no mac address-table static {address mac_addr} {vlan vlan_id}
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast MAC address.
The output interface specified cannot be a VLAN interface or a Switched Virtual Interface (SVI).
Use the no form to remove entries that are profiled by the combination of specified entry information.
This command does not require a license.
Examples
This example shows how to add a static entry to the MAC address table:
switch(config)# mac address-table static 0050.3e8d.6400 vlan 3 interface ethernet 2/1switch(config)#Related Commands
media ethernet
Note
To set the media type for a VLAN to Ethernet, use the media ethernet command. Use the no form of this command to return to the default value.
media ethernet
no media
Syntax Description
This command has no arguments or keywords.
Defaults
Ethernet is the only media type supported.
Command Modes
VLAN configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Usage Guidelines
The media ethernet command is not supported in 4.0.
This command does not require a license.
Examples
This example shows how to set the media type to Ethernet for VLAN 2:
switch(config)# vlan 2switch(config-vlan)# media ethernetswitch(config-mst)#Related Commands
name (VLAN configuration)
To set the name for a VLAN, use the name command. To remove the user-configured name from a VLAN, use the no form of this command.
name vlan-name
no name
Syntax Description
vlan-name
Name of the VLAN; you can use up to 32 alphanumeric, case-sensitive characters.
Note
Defaults
The vlan-name argument is VLANxxxx where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number.
Command Modes
VLAN configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The name must be unique within the VDC, and the same name can be reused in a separate VDC.
You cannot change the name for the default VLAN, VLAN 1, or for the internally allocated VLANs.
This command does not require a license.
Examples
This example shows how to name VLAN 2:
switch(config)# vlan 2switch(config-vlan)# name accountingswitch(config-mst)#Related Commands
name (mst configuration)
To set the name of a Multiple Spanning Tree (MST) region, use the name command. To return to the default name, use the no form of this command.
name name
no name name
Syntax Description
name
Name to assign to the MST region. It can be any string with a maximum length of 32 alphanumeric characters.
Defaults
None
Command Modes
mst configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Two or more devices with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.
Caution
This command does not require a license.
Examples
This example shows how to name a region:
switch(config)# spanning-tree mst configurationswitch(config-mst)# name accountingswitch(config-mst)#Related Commands
show spanning-tree mst configuration
Displays information about the MST protocol.
spanning-tree mst configuration
Enters MST configuration submode.
private-vlan
To configure private VLANs, use the private-vlan command. To return the specified VLAN(s) to normal VLAN mode, use the no form of this command.
private-vlan {isolated | community | primary}
no private-vlan {isolated | community | primary}
Syntax Description
isolated
Designates the VLAN as an isolated secondary VLAN.
community
Designates the VLAN as a community secondary VLAN.
primary
Designates the VLAN as the primary VLAN.
Defaults
None
Command Modes
VLAN configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
Note
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
You cannot configure VLAN1 or the internally allocated VLANs as private VLANs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
An isolated VLAN is a VLAN that is used by isolated ports to communicate with promiscuous ports. An isolated VLAN's traffic is blocked on all other private ports in the same VLAN. Its traffic can only be received by standard trunking ports and promiscuous ports that are assigned to the corresponding primary VLAN.
A promiscuous port is defined as a private port that is assigned to a primary VLAN.
A community VLAN is defined as the VLAN that carries the traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN.
A primary VLAN is defined as the VLAN that is used to convey the traffic from the routers to customer end stations on private ports.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Examples
This example shows how to remove a private VLAN relationship from the primary VLAN. The associated secondary VLANs are not deleted.
switch(config-vlan)# no private-vlan associationswitch(config-vlan)#Related Commands
show vlan
Displays information about VLANs.
show vlan private-vlan [type]
Displays information about private VLANs.
private-vlan association
To configure the association between a primary VLAN and a secondary VLAN on a private VLAN, use the private-vlan association command. To remove the association, use the no form of this command.
private-vlan association {[add] secondary-vlan-list | remove secondary-vlan-list}
no private-vlan association
Syntax Description
add
Associates a secondary VLAN to a primary VLAN.
secondary-vlan-list
Number of the secondary VLAN.
remove
Clears the association between a secondary VLAN and a primary VLAN.
Defaults
None
Command Modes
VLAN configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
Note
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple secondary VLAN IDs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Isolated and community VLANs can only be associated with one primary VLAN. You cannot configure a VLAN that is already associated to a primary VLAN as a primary VLAN.
See the Cisco DC-OS Layer 2 Switching Configuration Guide for additional configuration guidelines.
This command does not require a license.
Examples
This example shows how to create a private VLAN relationship between the primary VLAN 14, the isolated VLAN 19, and the community VLANs 20 and 21:
switch(config)# vlan 19switch(config-vlan)# private-vlan isolatedswitch(config)# vlan 20switch(config-vlan)# private-vlan communityswitch(config)# vlan 21switch(config-vlan)# private-vlan communityswitch(config)# vlan 14switch(config-vlan)# private-vlan primaryswitch(config-vlan)# private-vlan association 19-21This example shows how to remove isolated VLAN 18 and community VLAN 20 from the private VLAN association:
switch(config)# vlan 14switch(config-vlan)# private-vlan association remove 18,20switch(config-vlan)#Related Commands
show vlan
Displays information about VLANs.
show vlan private-vlan [type]
Displays information about private VLANs.
private-vlan mapping
To create a mapping between the primary and the secondary VLANs so that both VLANs share the same Layer 3 VLAN interface, or switched virtual interface (SVI), use the private-vlan mapping command under the SVI. To remove all private VLAN mappings from the Layer 3 VLAN interface, use the no form of this command.
private-vlan mapping {[add] secondary-vlan-list | remove secondary-vlan-list}
no private-vlan mapping
Syntax Description
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
The private-vlan mapping command is valid in the interface configuration mode of the primary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs.
Note
See the Cisco NX-OS Interfaces Configuration Guide for information on creating and configuring VLAN interfaces.Traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN.
When you configure VLANs as secondary private VLANs, the SVIs of those existing VLANs do not function and are considered as down after you enter this command.
You can map a secondary VLAN to only one primary SVI. If you configure the primary VLAN as a secondary VLAN, all the mappings that are specified in this command are suspended.
You must first associate all secondary VLANs with the primary VLAN using the private-vlan command. If you configure a mapping between two VLANs that do not have a valid Layer 2 association, the mapping configuration does not take effect.
See the private-vlan command for more information about primary and secondary VLANs.
This command does not require a license.
Examples
This example shows how to map the interface of VLAN 20 to the Layer 3 VLAN interface, or SVI, of VLAN 18:
switch(config)# interface vlan 18switch(config-if)# private-vlan mapping 20switch(config-if)#This example shows how to permit routing of secondary VLAN-ingress traffic from private VLANs 303 through 307, 309, and 440:
switch# configure terminalswitch(config)# interface vlan 202switch(config-if)# private-vlan mapping add 303-307,309,440switch(config-if)# endThis example shows how to remove all private VLAN mappings from the SVI of VLAN 19:
switch(config)# interface vlan 19switch(config-if)# no private-vlan mappingswitch(config-if)#
Related Commands
show interface private-vlan mapping
Displays information on secondary private VLAN mapping to VLAN interface.
private-vlan synchronize
To map the secondary VLANs to the same MST instance as the primary VLAN, use the private-vlan synchronize command.
private-vlan synchronize
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
mst configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
If you do not map secondary VLANs to the same MST instance as the associated primary VLAN when you exit the MST configuration submode, the device displays a warning message that lists the secondary VLANs that are not mapped to the same instance as the associated VLAN. The private-vlan synchronize command automatically maps all secondary VLANs to the same instance as the associated primary VLANs.
This command does not require a license.
Examples
This example assumes that a primary VLAN 2 and a secondary VLAN 3 are associated to VLAN 2, and that all VLANs are mapped to the CIST instance 1. This example also shows the output if you try to change the mapping for the primary VLAN 2 only:
switch(config)# spanning-tree mst configurationswitch(config-mst)# instance 1 vlan 2switch(config-mst)# exitThese secondary vlans are not mapped to the same instance as their primary:-> 3This example shows how to initialize PVLAN synchronization:
switch(config-mst)# private-vlan synchronizeswitch(config-mst)#Related Commands
show spanning-tree mst configuration
Displays information about the MST protocol.
spanning-tree mst configuration
Enters MST configuration submode.
revision
To set the revision number for the Multiple Spanning Tree (MST) region configuration, use the revision command. To return to the default settings, use the no form of this command.
revision version
no revision version
Syntax Description
version
Revision number for the MST region configuration; the range of valid values is from 0 to 65535.
Defaults
0
Command Modes
mst configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Two or more devices with the same VLAN mapping and name are considered to be in different MST regions if the configuration revision numbers are different.
Caution
This command does not require a license.
Examples
This example shows how to set the revision number of the MST region configuration:
switch(config)# spanning-tree mst configurationswitch(config-mst)# revision 5switch(config-mst)#Related Commands
show hardware mac address-table
To display information about the hardware MAC addresses, use the show hardware mac address-table command.
show hardware mac address table {module}
[address {mac-address}{[interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[dynamic [address {mac-address}] [interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[interface {ethernet slot/port | port-channel channel-number}] [address {mac-address}] [vlan vlan-id]]
[static [address {mac-address}] [interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[vlan {vlan-id} [address mac-address] [interface {ethernet slot/port | port-channel channel-number}]
Syntax Description
Defaults
None
Command Modes
Any command mode.
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The fields are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note
•
•
•
This command does not require a license.
Examples
This example shows how to display hardware information about all the MAC addresses VLAN 1 on module 2:
switch# show hardware mac address-table 2 vlan 1Valid| PI| BD | MAC | Index |Stat| SW| Modi| Age| Tmr| GM| Sec| TR | NT | RM | RMA | Cap|Fld| Always| | | | | ic| | fied|Byte| Sel| |ure| AP | FY | | |TURE| | Learn-----+---+----+---------------+--------+----+---+-----+----+----+----+----+---+----+----+-----+----+---+-------1 0 1 0100.0cff.fffe 0x00421 1 1 0 152 0 0 0 0 0 0 0 1 0 0Related Commands
show interface mac-address
To display information about the MAC address and the burned-in MAC address, use the show interface mac-address command.
show interface [type slot/port] mac-address
Syntax Description
Defaults
None
Command Modes
Any command mode.
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
If you do not specify the interface, the system displays all the MAC addresses. This command displays both the burned-in MAC address and the configured MAC address.
This command does not require a license.
Examples
This example shows how to display information about all the MAC addresses for the device:
switch# show interface mac-address-----------------------------------------------------------------------------Interface Mac-Address Burn-in Mac-Address-----------------------------------------------------------------------------mgmt0 0019.076c.1a78 0019.076c.1a78Ethernet2/1 0000.0000.0000 0019.076c.4dacEthernet2/2 0000.0000.0000 0019.076c.4dadEthernet2/3 0000.0000.0000 0019.076c.4daeEthernet2/4 0000.0000.0000 0019.076c.4dafEthernet2/5 0000.0000.0000 0019.076c.4db0Ethernet2/6 0000.0000.0000 0019.076c.4db1Ethernet2/7 0000.0000.0000 0019.076c.4db2Ethernet2/8 0000.0000.0000 0019.076c.4db3Ethernet2/9 0000.0000.0000 0019.076c.4db4Ethernet2/10 0000.0000.0000 0019.076c.4db5Ethernet2/11 0000.0000.0000 0019.076c.4db6Ethernet2/12 0000.0000.0000 0019.076c.4db7Ethernet2/13 0000.0000.0000 0019.076c.4db8Ethernet2/14 0000.0000.0000 0019.076c.4db9Ethernet2/15 0000.0000.0000 0019.076c.4dbaEthernet2/16 0000.0000.0000 0019.076c.4dbbEthernet2/17 0000.0000.0000 0019.076c.4dbcEthernet2/18 0000.0000.0000 0019.076c.4dbdEthernet2/19 0000.0000.0000 0019.076c.4dbeEthernet2/20 0000.0000.0000 0019.076c.4dbfEthernet2/21 0000.0000.0000 0019.076c.4dc0Ethernet2/22 0000.0000.0000 0019.076c.4dc1Ethernet2/23 0000.0000.0000 0019.076c.4dc2Ethernet2/24 0000.0000.0000 0019.076c.4dc3Ethernet2/25 0000.0000.0000 0019.076c.4dc4Ethernet2/26 0000.0000.0000 0019.076c.4dc5Ethernet2/27 0000.0000.0000 0019.076c.4dc6Ethernet2/28 0000.0000.0000 0019.076c.4dc7Ethernet2/29 0000.0000.0000 0019.076c.4dc8Ethernet2/30 0000.0000.0000 0019.076c.4dc9Ethernet2/31 0000.0000.0000 0019.076c.4dcaEthernet2/32 0000.0000.0000 0019.076c.4dcbEthernet2/33 0000.0000.0000 0019.076c.4dccEthernet2/34 0000.0000.0000 0019.076c.4dcdEthernet2/35 0000.0000.0000 0019.076c.4dceEthernet2/36 0000.0000.0000 0019.076c.4dcfEthernet2/37 0000.0000.0000 0019.076c.4dd0Ethernet2/38 0000.0000.0000 0019.076c.4dd1Ethernet2/39 0000.0000.0000 0019.076c.4dd2Ethernet2/40 0000.0000.0000 0019.076c.4dd3Ethernet2/41 0000.0000.0000 0019.076c.4dd4Ethernet2/42 0000.0000.0000 0019.076c.4dd5Ethernet2/43 0000.0000.0000 0019.076c.4dd6Ethernet2/44 0000.0000.0000 0019.076c.4dd7Ethernet2/45 0000.0000.0000 0019.076c.4dd8Ethernet2/46 0000.0000.0000 0019.076c.4dd9Ethernet2/47 0000.0000.0000 0019.076c.4ddaEthernet2/48 0000.0000.0000 0019.076c.4ddbport-channel5 0000.0000.0000 0000.0000.0000port-channel20 0000.0000.0000 0000.0000.0000port-channel30 0000.0000.0000 0000.0000.0000port-channel50 0000.0000.0000 0000.0000.0000Related Commands
show interface private-vlan mapping
To display information about the private VLAN mapping for the primary VLAN interfaces, use the show interface private-vlan mapping command.
show interface private-vlan mapping
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can use this command to display the primary and secondary VLAN mapping that allows both VLANs to share the VLAN interface of the primary VLAN.
This command does not require a license.
Examples
This example shows how to display information about the primary and secondary private VLAN mapping:
switch# show interface private-vlan mappingswitch(config)# show interface private-vlan mappingInterface Secondary VLAN Type--------- -------------- -----------------vlan200 201 isolatedvlan200 202 communityRelated Commands
private-vlan mapping
Creates a mapping between the primary and secondary VLANs so that both VLANs share the same primary VLAN interface.
show interface vlan
To display information about specified VLANs, use the show interface vlan command.
show interface vlan vlan-id [brief | description | private-vlan mapping | status]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can use this command to display information about a specified VLAN, including the private VLANs.
The information is gathered at 1-minute intervals.
When you specify a primary VLAN, the device displays all secondary VLANs mapped to the specified primary VLAN.
The device displays the output for the private-vlan mapping keyword only when you specify a primary private VLAN. If you specify a secondary private VLAN and enter the private-vlan mapping keyword, the output is blank.
Note
To display more information about private VLANs, see the show interface private-vlan commands.This command does not require a license.
Examples
This example shows how to display information about the specified VLAN. This command displays statistical information gathered on the VLAN at 1-minute intervals:
switch# show interface vlan 5Vlan5 is administratively down, line protocol is downHardware is EtherSVI, address is 0000.0000.0000MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive not supportedARP type: ARPALast clearing of "show interface" counters 01:21:555 minute input rate 0 bytes/sec, 0 packets/sec5 minute output rate 0 bytes/sec, 0 packets/secL3 Switched:input: 0 pkts, 0 bytes - output: 0 pkts, 0 bytesL3 in Switched:ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytesL3 out Switched:ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytesThis example shows how to display a brief description for a specified VLAN. This displays shows the secondary VLAN and type, if configured, and the status:
switch# show interface vlan 5 brief-------------------------------------------------------------------------------Interface Secondary VLAN(Type) Status Reason-------------------------------------------------------------------------------Vlan5 -- down noneThis example shows how to display the description for a specified VLAN:
switch# show interface vlan 100 description------------------------------------------Interface Description------------------------------------------Vlan100This example shows how to display information about the private VLAN mapping, if any, for a specified VLAN:
switch# show interface vlan 200 private-vlan mappingInterface Secondary VLAN--------- ----------------------------------------------------------------vlan200 201 202This example shows how to display the status for a specified VLAN:
switch# show interface vlan 5 status------------------------------------------Interface Status Protocol------------------------------------------Vlan5 admin down shutRelated Commands
show interface switchport
Displays information about the switchports, including those configured for private VLANs,
show interface vlan counters
Displays the statistics for VLANs.
show vlan
Displays summary information for all VLANs.
show vlan private-vlan
Displays summary information for all private VLANs.
show interface vlan counters
To display the statistics for a specified VLAN, use the show interface vlan counters command.
show interface vlan {vlan-id} counters [detailed [all] | snmp]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can use this command to display information about the received octets, unicast packets, multicast packets, and broadcast packets as well as the transmitted octets, unicast packets, multicast packets, and broadcast packets for all VLANs, including private VLANs.
This command does not require a license.
Examples
This example shows how to display the statistics for a specified VLAN:
switch# show interface vlan 9 counters--------------------------------------------------------------------------------Port InOctets InUcastPkts InMcastPkts InBcastPkts--------------------------------------------------------------------------------Vlan9 0 0 0 ----------------------------------------------------------------------------------Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts--------------------------------------------------------------------------------Vlan9 0 0 0 --This example shows how to display only the nonzero counters for a specified VLAN:
switch# show interface vlan 2 counters detailedVlan2counters:l3_average_input_bits 9947168160l3_average_input_packets 20723267l3_routed_bytes_in 39054410460l3_routed_pkts_in 650906841l3_ucast_bytes_in 39054410460l3_ucast_pkts_in 650906841This example shows how to display all detailed statistics for a specified VLAN:
switch(config)# show interface vlan 9 counters detailed allVlan9counters:0. l3_ipv4_ucast_bytes_in = 01. l3_ipv4_ucast_pkts_in = 02. l3_ipv4_mcast_bytes_in = 03. l3_ipv4_mcast_pkts_in = 04. l3_ipv6_ucast_bytes_in = 05. l3_ipv6_ucast_pkts_in = 06. l3_ipv6_mcast_bytes_in = 07. l3_ipv6_mcast_pkts_in = 08. l3_ipv4_ucast_bytes_out = 09. l3_ipv4_ucast_pkts_out = 010. l3_ipv4_mcast_bytes_out = 011. l3_ipv4_mcast_pkts_out = 012. l3_ipv6_ucast_bytes_out = 013. l3_ipv6_ucast_pkts_out = 014. l3_ipv6_mcast_bytes_out = 015. l3_ipv6_mcast_pkts_out = 016. l3_average_input_bytes = 017. l3_average_input_packets = 018. l3_average_output_bytes = 019. l3_average_output_packets = 020. l3_routed_bytes_in = 021. l3_routed_pkts_in = 022. l3_ucast_bytes_in = 023. l3_ucast_pkts_in = 024. l3_mcast_bytes_in = 025. l3_mcast_pkts_in = 026. l3_routed_bytes_out = 027. l3_routed_pkts_out = 028. l3_ucast_bytes_out = 029. l3_ucast_pkts_out = 030. l3_mcast_bytes_out = 031. l3_mcast_pkts_out = 0This example shows how to display the MIB values for a specified VLAN:
switch(config)# show interface vlan 9 counters snmp-------------------------------------------------------------------------------Port InOctets InUcastPkts InMcastPkts InBcastPkts-------------------------------------------------------------------------------Vlan9 0 0 0 ---------------------------------------------------------------------------------Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts-------------------------------------------------------------------------------Vlan9 0 0 0 --Ethernet2/28 0000.0000.0000 0019.076c.4dc7Ethernet2/29 0000.0000.0000 0019.076c.4dc8Ethernet2/30 0000.0000.0000 0019.076c.4dc9Related Commands
show mac address-table
To display the information about the MAC address table, use the show mac address-table command.
show mac address-table [num] [dynamic | static] [address mac-address | interface {type slot/port | port-channel number} | vlan vlan-id]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
A primary entry is a MAC address learned on that interface.
Note
The device maintains static MAC address entries saved in the startup-config file across reboots and flushes the dynamic entries.
The MAC address table for each virtual device context (VDC) is separate and distinct.
Note
This command does not require a license.
Examples
Note
This example shows how to display the information about the entries for the Layer 2 MAC address table:
switch# show mac address-tableLegend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------G - 0018.bad8.3fbd static - False False sup-eth1(R)* 3 1234.dd56.ee89 static - False False Eth2/1NTFY means notify.
This example shows how to display the information about the entries for the Layer 2 MAC address table for a specific module:
switch# show mac address-table 2Legend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------G - 0018.bad8.3fbd static - False False sup-eth1(R)* 3 1234.dd56.ee89 static - False False Eth2/13 0000.23bd.4fda dynamic 70 False False Eth1/1This example shows how to display the information about the entries for the Layer 2 MAC address table for a specific MAC address:
switch# show mac address-table address 0018.bad8.3fbdLegend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------G - 0018.bad8.3fbd static - False False sup-eth1(R)This example shows how to display the information about the dynamic entries for the Layer 2 MAC address table:
switch# show mac address-table dynamicLegend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------* 3 0010.fcbc.3fbd dynamic 1265 False False Eth2/12* 3 1234.dd56.ee89 dynamic 850 False False Eth2/1This example shows how to display the information about the Layer 2 MAC address table for a specific interface:
switch# show mac address-table interface ethernet 2/13Legend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------* 1 1234.dd56.ee89 dynamic 0 False False Eth2/13This example shows how to display the static entries in the Layer 2 MAC address table:
switch# show mac address-table staticLegend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------G - 0018.bad8.3fbd static - False False sup-eth1(R)* 3 1234.dd56.ee89 static - False False Eth2/1This example shows how to display the entries in the Layer 2 MAC address table for a specific VLAN:
switch# show mac address-table vlan 3Legend:* - primary entry, G - Gateway MAC, (R) - Routed MACage - seconds since last seenVLAN MAC Address Type age Secure NTFY Ports---------+-----------------+--------+---------+------+------+----------------* 3 1234.dd56.ee89 static - False False Eth2/1Related Commands
mac address-table static
Adds static entries to the MAC address table or configures a static MAC address with IGMP snooping disabled for that address.
show mac address-table aging-time
To display information about the timeout values for the MAC address table, use the show mac-address-table aging-time command.
show mac address-table aging-time [vlan vlan-id]
Syntax Description
vlan vlan-id
(Optional) Displays information for a specific VLAN only; the range of valid values is from 1 to 4094.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can configure the MAC address aging time per VLAN or for the entire device. The valid range is from 120 to 918000, Entering 0 disables MAC aging time.
This command does not require a license.
Examples
This example shows how to display MAC address aging times:
switch# show mac address-table aging-timeVlan Aging Time---- ----------1 180050 1200100 1800Related Commands
mac address-table aging-time
Configures the aging time for entries in the Layer 2 table.
show running-config spanning-tree
To display the running configuration for the Spanning Tree Protocol (STP), use the show running-config spanning-tree command.
show running-config spanning-tree [all]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command provides information about the Spanning Tree Protocol.
Note
This command does not require a license.
Examples
This example shows how to display information about the running STP configuration when you are running MST:
switch# show running-config spanning-treespanning-tree mode mstThis example shows how to display detailed information about the running STP configuration when you are running MST:
switch# show running-config spanning-tree allspanning-tree mode mstno spanning-tree port type edge defaultno spanning-tree port type network defaultspanning-tree bridge assuranceno spanning-tree loopguard defaultspanning-tree mst simulate pvst globalno snmp-server enable traps bridge topologychangeno snmp-server enable traps bridge newrootno snmp-server enable traps stpx inconsistencyno snmp-server enable traps stpx loop-inconsistencyno snmp-server enable traps stpx root-inconsistencyspanning-tree mst hello-time 2spanning-tree mst forward-time 15spanning-tree mst max-age 20spanning-tree mst max-hops 20spanning-tree mst 0 priority 32768spanning-tree mst configurationnamerevision 0instance 0 vlan 1-4094configure interface Ethernet8/1spanning-tree port-priority 128Related Commands
show running-config vlan
To display the running configuration for a specified VLAN, use the show running-config vlan command.
show running-config vlan {vlan-id}
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command provides information about the specified VLAN, including private VLANs.
The display varies with your configuration. If you configure the name, shutdown status, or suspended status, these are also displayed.
This command does not require a license.
Examples
This example shows how to display the running configuration for VLAN50:
switch(config)# show running-config vlan 50version 4.0(1)vlan 50Related Commands
show spanning-tree
To display information about the Spanning Tree Protocol (STP), use the show spanning-tree command.
show spanning-tree [blockedports | inconsistentports | pathcost method]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
Note
This command does not require a license.
Examples
This example shows how to display STP when you are running Rapid PVST+:
switch# show spanning-treeVLAN0001Spanning tree enabled protocol rstpRoot ID Priority 4097Address 0004.9b78.0800This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 4097 (priority 4096 sys-id-ext 1)Address 0004.9b78.0800Hello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Prio.Nbr Type---------------- ----- --- --------- -------- ------------------------------------Eth2/1 Altn BKN 4 128.257 Network, P2pEth2/2 Desg FWD 4 128.270 P2pThis example shows how to display STP information when you are running MST:
switch# show spanning-treeMST0000Spanning tree enabled protocol mstpRoot ID Priority 32768Address 0018.bad8.fc150Cost 0Port 258 (Ethernet 2/2)Hello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32768 (priority 32768 sys-id-ext 0)Address 0018.bad8.239dHello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Prio.Nbr Type---------------- ----- --- --------- -------- ------------------------------------Eth2/1 Altn BKN 20000 128.257 Network, P2p BA_Inc.Eth2/2 Root FWD 20000 128.258 Edge, P2pEth3/48 Desg FWD 20000 128.43228 P2pThis example shows how to display the blocked ports in spanning tree:
switch(config)# show spanning-tree blockedportsName Blocked Interfaces List-------------------- ------------------------------------VLAN0001 Eth8/2VLAN0002 Eth8/2VLAN0003 Eth8/2VLAN0004 Eth8/2VLAN0005 Eth8/2VLAN0006 Eth8/2VLAN0007 Eth8/2VLAN0008 Eth8/2VLAN0009 Eth8/2VLAN0010 Eth8/2This example shows how to determine if any ports are in any STP-inconsistent state:
switch# show spanning-tree inconsistentportsName Interface Inconsistency-------------------- ---------------------- ------------------MST0000 Eth8/1 Bridge Assurance InconsistentMST0000 Eth8/2 Bridge Assurance InconsistentThis example shows how to display the path-cost method when you are running Rapid PVST+:
switch(config)# show spanning-tree pathcost methodSpanning tree default pathcost method used is shortThis example shows how to display the path-cost method when you are running MST:
switch(config)# show spanning-tree pathcost methodSpanning tree default pathcost method used is short (Operational value is long)Table 1-1 describes the fields that are shown in the examples.
Related Commands
show spanning-tree active
To display Spanning Tree Protocol (STP) information on STP-active interfaces only, use the show spanning-tree active command.
show spanning-tree active [brief | detail]
Syntax Description
brief
(Optional) Displays a brief summary of STP interface information.
detail
(Optional) Displays a detailed summary of STP interface information.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information on the STP active interfaces:
switch# show spanning-tree activeMST0000Spanning tree enabled protocol mstpRoot ID Priority 32768Address 0018.bad7.fc15This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32768 (priority 32768 sys-id-ext 0)Address 0018.bad7.fc15Hello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Eth8/1 Desg FWD 20000 128.1025 P2pEth8/2 Desg FWD 20000 128.1026 P2pRelated Commands
show spanning-tree bridge
To display the status and configuration of the Spanning-Tree Protocol (STP) local bridge, use the show spanning-tree bridge command.
show spanning-tree bridge [address | brief | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information for the bridge:
switch(config)# show spanning-tree bridgeHello Max FwdMST Instance Bridge ID Time Age Dly Protocol---------------- --------------------------------- ----- --- --- --------MST0000 32768 (32768,0) 0018.bad7.fc15 2 20 15 mstpRelated Commands
show spanning-tree brief
To display a brief summary of the Spanning Tree Protocol (STP) status and configuration on the device, use the show spanning-tree brief command.
show spanning-tree brief [active]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display a brief summary of STP information:
switch(config)# show spanning-tree briefMST0000Spanning tree enabled protocol mstpRoot ID Priority 32768Address 0018.bad7.fc15This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32768 (priority 32768 sys-id-ext 0)Address 0018.bad7.fc15Hello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Eth8/1 Desg FWD 20000 128.1025 P2pEth8/2 Desg FWD 20000 128.1026 P2pRelated Commands
show spanning-tree detail
To display detailed information on the Spanning Tree Protocol (STP) status and configuration on the device, use the show spanning-tree detail command.
show spanning-tree detail [active]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display detailed information about the STP configuration:
switch(config)# show spanning-tree detailMST0000 is executing the mstp compatible Spanning Tree protocolBridge Identifier has priority 32768, sysid 0, address 0018.bad7.fc15Configured hello time 2, max age 20, forward delay 15We are the root of the spanning treeTopology change flag not set, detected flag not setNumber of topology changes 3 last change occurred 0:19:16 agofrom Ethernet8/1Times: hold 1, topology change 35, notification 2hello 2, max age 20, forward delay 15Timers: hello 0, topology change 0, notification 0Port 1025 (Ethernet8/1) of MST0000 is designated forwardingPort path cost 20000, Port priority 128, Port Identifier 128.1025Designated root has priority 32768, address 0018.bad7.fc15Designated bridge has priority 32768, address 0018.bad7.fc15Designated port id is 128.1025, designated path cost 0Timers: message age 0, forward delay 0, hold 0Number of transitions to forwarding state: 1Link type is point-to-point by default, InternalPVST Simulation is enabled by defaultBPDU: sent 581, received 3Port 1026 (Ethernet8/2) of MST0000 is designated forwardingPort path cost 20000, Port priority 128, Port Identifier 128.1026Designated root has priority 32768, address 0018.bad7.fc15Designated bridge has priority 32768, address 0018.bad7.fc15Designated port id is 128.1026, designated path cost 0Timers: message age 0, forward delay 0, hold 0Number of transitions to forwarding state: 1Link type is point-to-point by default, InternalPVST Simulation is enabled by defaultBPDU: sent 582, received 2Related Commands
show spanning-tree interface
To display information about the Spanning Tree Protocol (STP) interface status and configuration of specified interfaces, use the show spanning-tree interface command.
show spanning-tree interface {ethernet {slot/port} | port-channel {channel-number}} [active [brief | detail] | brief [active] | cost | detail [active] | edge | inconsistency | priority | rootcost | state]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
If you specify an interface that is not running STP, the device returns an error message.
When you are running MST, this command displays the PVST simulation setting.
Note
This command does not require a license.
Examples
This example shows how to display STP information about a specified interface when you are running Rapid PVST+:
switch(config)# show spanning-tree interface ethernet 8/2Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Altn BLK 20000 128.1025 P2pVLAN0002 Desg FWD 20000 128.1025 P2pThis example shows how to display STP information about a specified interface when you are running MST:
switch(config)# show spanning-tree interface ethernet 2/50Mst Instance Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------MST0000 Desg FWD 20000 128.1281 P2pThis example shows how to display detailed STP information about a specified interface when you are running Rapid PVST+:
switch(config)# show spanning-tree interface ethernet 8/1 detailPort 1025 (Ethernet8/1) of VLAN0001 is alternate blockingPort path cost 20000, Port priority 128, Port Identifier 128.1025Designated root has priority 28672, address 0018.bad8.239dDesignated bridge has priority 28672, address 0018.bad8.239dDesignated port id is 128.1281, designated path cost 0Timers: message age 15, forward delay 0, hold 0Number of transitions to forwarding state: 1Link type is point-to-point by defaultThe port type is network by default.BPDU: sent 4657, received 188Port 1025 (Ethernet8/1) of VLAN0002 is designated forwardingPort path cost 20000, Port priority 128, Port Identifier 128.1025Designated root has priority 32770, address 0018.bad7.fc15Designated bridge has priority 32770, address 0018.bad7.fc15Designated port id is 128.1025, designated path cost 0Timers: message age 0, forward delay 0, hold 0Number of transitions to forwarding state: 1Link type is point-to-point by default The port type is network by default.BPDU: sent 4838, received 0This example shows how to display detailed STP information about a specified interface when you are running MST:
switch(config)# show spanning-tree interface ethernet 10/1 detailPort 1281 (Ethernet10/1) of MST0000 is designated forwardingPort path cost 20000, Port priority 128, Port Identifier 128.1281Designated root has priority 28672, address 0018.bad8.239dDesignated bridge has priority 28672, address 0018.bad8.239dDesignated port id is 128.1281, designated path cost 0Timers: message age 0, forward delay 0, hold 0Number of transitions to forwarding state: 1Link type is point-to-point by default, InternalPVST Simulation is enabled by defaultBPDU: sent 290, received 0Related Commands
show spanning-tree mst
To display information on MST status and configuration, use the show spanning-tree mst command.
show spanning-tree mst [instance-id [detail | interface {ethernet {slot/port} | port-channel {channel-number}} [detail]]] | [configuration [digest]] | [detail] | [interface {ethernet {slot/port} | port-channel {channel-number}} [detail]]
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
If you are not running in Spanning Tree Protocol (STP) Multiple Spanning Tree (MST) mode, but are running in STP Rapid Per VLAN Spanning Tree (Rapid PVST+) mode, when you enter this command, the device returns the following message:
ERROR: Switch is not in mst modeSee Table 1-1 for information on valid values for fields.
This command does not require a license.
Examples
This example shows how to display STP information about MST instance information for the VLAN ports that are currently active:
switch# show spanning-tree mst##### MST0 vlans mapped: 1-4094Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)Root this switch for the CISTRegional Root this switchOperational hello time 2 , forward delay 15, max age 20, txholdcount 6Configured hello time 2 , forward delay 15, max age 20, max hops 20Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Eth8/1 Desg FWD 20000 128.1025 P2pEth8/2 Desg FWD 20000 128.1026 P2pThis example shows how to display STP information about a specific MST instance:
switch)# show spanning-tree mst 0##### MST0 vlans mapped: 1-4094Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)Root this switch for the CISTRegional Root this switchOperational hello time 2 , forward delay 15, max age 20, txholdcount 6Configured hello time 2 , forward delay 15, max age 20, max hops 20Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Eth8/1 Desg FWD 20000 128.1025 P2pEth8/2 Desg FWD 20000 128.1026 P2pThis example shows how to display detailed STP information about the MST protocol:
switch)# show spanning-tree mst detail##### MST0 vlans mapped: 1-4094Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)Root this switch for the CISTRegional Root this switchOperational hello time 2 , forward delay 15, max age 20, txholdcount 6Configured hello time 2 , forward delay 15, max age 20, max hops 20Eth8/1 of MST0 is designated forwardingPort info port id 128.1025 priority 128 cost 20000Designated root address 0018.bad7.fc15 priority 32768 cost 0Design. regional root address 0018.bad7.fc15 priority 32768 cost 0Designated bridge address 0018.bad7.fc15 priority 32768 port id 128.1025Timers: message expires in 0 sec, forward delay 0, forward transitions 1Bpdus sent 1379, received 3Eth8/2 of MST0 is designated forwardingPort info port id 128.1026 priority 128 cost 20000Designated root address 0018.bad7.fc15 priority 32768 cost 0Design. regional root address 0018.bad7.fc15 priority 32768 cost 0Designated bridge address 0018.bad7.fc15 priority 32768 port id 128.1026Timers: message expires in 0 sec, forward delay 0, forward transitions 1Bpdus sent 1380, received 2This example shows how to display STP information about specified MST interfaces:
switch)# show spanning-tree mst interface ethernet 8/2Eth8/2 of MST0 is designated forwardingPort Type: normal (default) port guard : none (default)Link type: point-to-point (auto) bpdu filter: disable (default)Boundary : internal bpdu guard : disable (default)Bpdus sent 1423, received 2Instance Role Sts Cost Prio.Nbr Vlans mapped-------- ---- --- --------- -------- -------------------------------0 Desg FWD 20000 128.1026 1-4094This example shows how to display information about the MST configuration:
switch)# show spanning-tree mst configurationName: [mst-bldg-sj6/3]Revision: 1 Instances Configured: 3Instance Vlans mapped--------- --------------------------------------------------0 12000 2-20004094 2001-4094----------------------------------------------------------------This example shows how to display the MD5 digest included in the current MST configuration:
switch)# show spanning-tree mst configuration digestName [mst-config]Revision 10 Instances configured 25Digest 0x40D5ECA178C657835C83BBCB16723192Pre-std Digest 0x27BF112A75B72781ED928D9EC5BB4251Related Commands
show spanning-tree root
To display the status and configuration of the Spanning Tree Protocol (STP) root bridge, use the show spanning-tree root command.
show spanning-tree root [address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id]]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information for the root bridge:
switch(config)# show spanning-tree rootMST Instance Root ID Cost Time Age Dly Root Port---------------- -------------------- ------ ----- --- --- ----------------MST0000 32768 0018.bad7.fc15 0 2 20 15 This bridge is rootRelated Commands
show spanning-tree summary
To display summary Spanning Tree Protocol (STP) information on the device, use the show spanning-tree summary command.
show spanning-tree summary [totals]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The display output for this command differs when you are running Rapid Per VLAN Spanning Tree (Rapid PVST+) or Multiple Spanning Tree (MST).
This command does not require a license.
Examples
This example shows how to display a summary of STP information about the device when you are running Rapid PVST+:
switch(config)# show spanning-tree summarySwitch is in rapid-pvst modeRoot bridge for: VLAN0002Port Type Default is disableEdge Port [PortFast] BPDU Guard Default is disabledEdge Port [PortFast] BPDU Filter Default is disabledBridge Assurance is enabledLoopguard Default is disabledPathcost method used is shortName Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------VLAN0001 41 0 0 1 42VLAN0002 0 0 0 42 42---------------------- -------- --------- -------- ---------- ----------2 vlans 41 0 0 43 84This example shows how to display a summary of STP information about the device when you are running MST:
switch(config)# show spanning-tree summarySwitch is in mst mode (IEEE Standard)Root bridge for: MST0000Port Type Default is disableEdge Port [PortFast] BPDU Guard Default is disabledEdge Port [PortFast] BPDU Filter Default is disabledBridge Assurance is enabledLoopguard Default is disabledPathcost method used is longPVST Simulation is enabledName Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------MST0000 0 0 0 2 2---------------------- -------- --------- -------- ---------- ----------1 mst 0 0 0 2 2Related Commands
show spanning-tree vlan
To display Spanning Tree Protocol (STP) information for specified VLANs, use the show spanning-tree vlan command.
show spanning-tree vlan {vlan-id}
[active [brief | detail]
| blockedports
| bridge [address] | brief | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol}
| brief [active]
| detail
| inconsistentports
| interface {ethernet {slot/port} | port-channel {channel-number}} [active [brief | detail]] | brief [active] | cost | detail [active] | edge | inconsistency | priority | rootcost | state]]
| root [address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id]]
| summary}Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information about VLAN 1:
switch# show spanning-tree vlan 1MST0000Spanning tree enabled protocol mstpRoot ID Priority 32768Address 0018.bad7.fc15This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 32768 (priority 32768 sys-id-ext 0)Address 0018.bad7.fc15Hello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Eth8/1 Desg FWD 20000 128.1025 P2pEth8/2 Desg FWD 20000 128.1026 P2pRelated Commands
show vlan
To display VLAN information, use the show vlan command.
show vlan [all-ports | brief | {name name} | summary]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command displays information for all VLANs, including private VLANs, on the device.
Each access port can belong to only one VLAN. Trunk ports can be on multiple VLANs.
Note
If you shut down a VLAN using the state suspend or the state active command, these values appear in the Status field:
•
•
If you shut down a VLAN using the shutdown command, these values appear in the Status field:
•
•
If a VLAN is shut down internally, these values appear in the Status field:
•
•
If a VLAN is shut down locally and internally, the value that is displayed in the Status field is act/ishut or sus/ishut. If a VLAN is shut down locally only, the value that is displayed in the Status field is act/lshut or sus/lshut.
Examples
This example shows how to display information for all VLANs on the device:
switch# show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Eth2/5, Eth2/7, Eth2/8, Eth2/9Eth2/10, Eth2/15, Eth2/47Eth2/485 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 test active9 VLAN0009 active10 VLAN0010 active50 VLAN0050 active Eth2/6100 trunked activeVLAN Type---- -----1 enet5 enet6 enet7 enet8 enet9 enet10 enet50 enet100 enetRemote SPAN VLANs-------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- --------------- -------------------------------------------This example shows how to display the VLANs and all ports for each VLAN:
switch# show vlan all-portsVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Po5, Po37, Po50, Eth2/1, Eth2/2Eth2/3, Eth2/5, Eth2/7, Eth2/8Eth2/9, Eth2/10, Eth2/15Eth2/21, Eth2/22, Eth2/23Eth2/24, Eth2/25, Eth2/26Eth2/27, Eth2/28, Eth2/46Eth2/47, Eth2/485 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 test active9 VLAN0009 active10 VLAN0010 active50 VLAN0050 active Eth2/6100 trunked active200 VLAN0200 active201 VLAN0201 active202 VLAN0202 activeThis example shows how to display the VLAN name, status, and associated ports only:
switch# show vlan briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Eth2/5, Eth2/7, Eth2/8, Eth2/9Eth2/10, Eth2/15, Eth2/47Eth2/485 VLAN0005 active6 VLAN0006 active7 VLAN0007 active8 test active9 VLAN0009 active10 VLAN0010 active50 VLAN0050 active Eth2/6100 trunked active.This example shows how to display the VLAN information for a specific VLAN by name:
switch# show vlan name testVLAN Name Status Ports---- -------------------------------- --------- -------------------------------8 test activeVLAN Type---- -----8 enetRemote SPAN VLAN----------------DisabledPrimary Secondary Type Ports------- --------- --------------- -------------------------------------------100This example shows how to display information about the number of VLANs configured on the device:
switch# show vlan summaryNumber of existing VLANs : 9Number of existing user VLANs : 9Number of existing extended VLANs : 0Related Commands
show interface switchport
Displays information about the switch ports, including those switch ports in private VLANs,
show vlan private-vlan
Displays private VLAN information.
show vlan counters
To display statistic for a specified VLAN or for all VLANs, use the show vlan counters command.
show vlan [id {vlan-id}] counters
Syntax Description
id
(Optional) VLAN ID you want to clear. Valid values are from 1 to 4096.
vlan-id
VLAN that you want to clear.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command displays the counters for all the VLANs, including the private VLANs, on the device.
If you omit the VLAN ID, the system displays statistics for all the VLANs on the device. This command displays:
•
•
Separate VLAN ranges with a hyphen, and separate VLANs with a comma and no spaces in between. For example, you can enter the following:
switch# show vlan id 1-4,3,7,5-20This command does not require a license.
Examples
This example shows how to display statistics for VLAN 9:
switch(config)# show vlan id 9 countersVlan Id :10L2 IPv4 Unicast Octets :0L2 IPv4 Unicast Packets :0L2 IPv4 Multicast Octets :0L2 IPv4 Multicast Packets :0L2 IPv6 Unicast Octets :0L2 IPv6 Unicast Packets :0L2 IPv6 Multicast Octets :0L2 IPv6 Multicast Packets :0L2 Unicast Octets :25600000L2 Unicast Packets :400000L2 Multicast Octets :0L2 Multicast Packets :0L2 Broadcast Octets :12800000L2 Broadcast Packets :200000L2 Unknown Unicast Octets :19200000L2 Unknown Unicast Packets :300000L3 Routed Octets In :0L3 Routed Packets In :0L3 Routed Octets Out :0L3 Routed Packets Out :0L3 Multicast Octets In :0L3 Multicast Packets In :0L3 Multicast Octets Out :0L3 Multicast Packets Out :0L3 Unicast Octets In :0L3 Unicast Packets In :0L3 Unicast Octets Out :0L3 Unicast Packets Out :0Related Commands
clear vlan counters
Clears the counters for all or specified VLANs on the device.
show vlan dot1q tag native
To display the status of tagging on the native VLANs, use the show vlan dot1q tag native command.
show vlan dot1q tag native
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the status of native VLAN tagging on the device:
switch# show vlan dot1q tag nativevlan dot1q native tag is disabledRelated Commands
vlan dot1q tag native
Enables 802.1Q tagging for all the VLANs in a trunk on the device.
show vlan id
To display information and statistics for an individual VLAN or a range of VLANs, use the show vlan id command.
show vlan id [counters]
Syntax Description
id
Number of VLAN or range of VLANs. Valid numbers are 1 to 4096.
counters
Statistics about specified VLANs.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Use this command to display information and statistics about an individual VLAN or a range of VLANs, including private VLANs.
When you use the counters argument, this command displays the following statistics for the individual VLAN or range of VLANs:
•
•
Note
This command does not require a license.
Examples
This example shows how to display information for VLAN 50:
switch# show vlan id 50VLAN Name Status Ports---- -------------------------------- --------- -------------------------------50 VLAN0050 active Eth2/6VLAN Type---- -----50 enetRemote SPAN VLAN----------------DisabledPrimary Secondary Type Ports------- --------- --------------- -------------------------------------------#This example shows how to display statistics for VLAN 10:
switch(config)# show vlan id 10 countersVlan Id :10L2 IPv4 Unicast Octets :0L2 IPv4 Unicast Packets :0L2 IPv4 Multicast Octets :0L2 IPv4 Multicast Packets :0L2 IPv6 Unicast Octets :0L2 IPv6 Unicast Packets :0L2 IPv6 Multicast Octets :0L2 IPv6 Multicast Packets :0L2 Unicast Octets :25600000L2 Unicast Packets :400000L2 Multicast Octets :0L2 Multicast Packets :0L2 Broadcast Octets :12800000L2 Broadcast Packets :200000L2 Unknown Unicast Octets :19200000L2 Unknown Unicast Packets :300000L3 Routed Octets In :0L3 Routed Packets In :0L3 Routed Octets Out :0L3 Routed Packets Out :0L3 Multicast Octets In :0L3 Multicast Packets In :0L3 Multicast Octets Out :0L3 Multicast Packets Out :0L3 Unicast Octets In :0L3 Unicast Packets In :0L3 Unicast Octets Out :0L3 Unicast Packets Out :0Related Commands
clear vlan counters
Clears the counters for all or specified VLANs on the device.
show vlan private-vlan
To display private VLAN information, use the show vlan private-vlan command.
show vlan [id {vlan-id}] private-vlan [type]
Syntax Description
vlan-id
(Optional) Private VLAN information for the specified VLAN. The range is from 1 to 4096.
type
(Optional) Displays the private VLAN type (primary, isolated, or community).
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information about all private VLANs on the device:
switch(config)# show vlan private-vlanPrimary Secondary Type Ports------- --------- --------------- ------------------------200 201 isolated Eth2/26, Eth2/27200 202 community Eth2/26, Eth2/28This example shows how to display information for a specific private VLAN:
switch(config)# show vlan id 202 private-vlanPrimary Secondary Type Ports------- --------- --------------- ---------------------------200 202 community Eth2/26, Eth2/28This example shows how to display information about the types of all private VLANs on the device:
switch(config)# show vlan private-vlan typeVlan Type---- -----------------200 primary201 isolated202 communityThis example shows how to display information on the type for the specified private VLAN:
switch(config)# show vlan id 202 private-vlan typeVlan Type---- -----------------202 communityRelated Commands
shutdown (VLAN configuration)
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
no shutdown
Command Modes
VLAN configuration submode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
Once you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the device automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
•
•
Note
This command does not require a license.
Examples
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config)# vlan 2switch(config-vlan)# no shutdownswitch(config-vlan)#Related Commands
spanning-tree bpdufilter
To enable BPDU Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter {enable | disable}
no spanning-tree bpdufilter
Syntax Description
Defaults
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Caution
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
This command does not require a license.
Examples
This example shows how to enable BPDU Filtering on this interface:
switch(config-if)# spanning-tree bpdufilter enableswitch(config-if)#Related Commands
spanning-tree bpduguard
To enable BPDU Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard
Syntax Description
Defaults
The setting that is already configured when you enter the spanning-tree port type edge bpduguard default command.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
Caution
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See spanning-tree port type edge bpduguard default for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
•
•
•
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
This command does not require a license.
Examples
This example shows how to enable BPDU Guard on this interface:
switch(config-if)# spanning-tree bpduguard enableswitch(config-if)#Related Commands
spanning-tree bridge assurance
To enable Bridge Assurance on the device, use the spanning-tree bridge assurance command. To disable Bridge Assurance, use the no form of this command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Use this command to enable Bridge Assurance on the device.
Bridge Assurance is active only on spanning tree network interfaces. To configure an interface as a spanning tree network interface, use either the spanning-tree port type network command or the spanning-tree port type network default command.
Note
When Bridge Assurance is enabled on network ports, all ports send BPDUs. When a Bridge Assurance-enabled network port does not receive any BPDUs for a specified period, that interface moves into the blocking state. After the network port receives a BPDU again, the port begins its normal spanning tree transitions.
An interface that is connected to a Layer 2 host and misconfigured as a spanning tree network port moves into the blocking state.
Note
This command does not require a license.
Examples
This example shows how to enable Bridge Assurance on the device:
switch(config)# spanning-tree bridge assuranceswitch(config)#Related Commands
spanning-tree cost
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [vlan vlan-id] cost {value | auto}
no spanning-tree [vlan vlan-id] cost
Syntax Description
vlan vlan-id
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094.
value
Value of the port cost. The available cost range depends on the path-cost calculation method as follows:
•
•
auto
Sets the value of the port cost by the media speed of the interface (see to Table 1-2 for the values).
Defaults
auto
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The STP port path cost default value is determined from the media speed and path-cost calculation method of a LAN interface (see Table 1-2). See the spanning-tree pathcost method command for information on setting the pathcost calculation method for Rapid PVST+.
When you configure the value, note that higher values indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The port channel bundle is considered a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note
This command does not require a license.
Examples
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
switch(config)# interface ethernet 2/0switch(config-if)# spanning-tree cost 250switch(config-if)#Related Commands
spanning-tree guard
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard {loop | root | none}
no spanning-tree guard
Syntax Description
loop
Enables Loop Guard on the interface.
root
Enables Root Guard on the interface.
none
Sets the guard mode to none.
Defaults
Disabled
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You cannot enable Loop Guard if Root Guard is enabled, although the device accepts the command to enable Loop Guard on spanning tree edge ports.
This command does not require a license.
Examples
This example shows how to enable Root Guard:
switch(config-if)# spanning-tree guard rootswitch(config-if)#Related Commands
spanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type {auto | point-to-point | shared}
no spanning-tree link-type
Syntax Description
auto
Sets the link type based on the duplex setting of the interface.
point-to-point
Specifies that the interface is a point-to-point link.
shared
Specifies that the interface is a shared medium.
Defaults
auto
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Fast transition (specified in IEEE 802.1w) works only on point-to-point links between two bridges.
By default, the device derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, you cannot use the fast transition feature, regardless of the duplex setting.
This command does not require a license.
Examples
This example shows how to configure the port as a shared link:
switch(config-if)# spanning-tree link-type sharedswitch(config-if)#Related Commands
show spanning-tree interface
Displays information about the spanning tree state.
spanning-tree loopguard default
To enable Loop Guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
When you enter the Loop Guard command for the specified interface, that spanning-tree guard loop command overrides this command.
This command does not require a license.
Examples
This example shows how to enable Loop Guard:
switch(config)# spanning-tree loopguard defaultswitch(config#Related Commands
spanning-tree mode
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode {rapid-pvst | mst}
no spanning-tree mode
Syntax Description
Defaults
Rapid PVST+
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You cannot use both Rapid PVST+ and MST in a single VDC. You can, however, use Rapid PVST+ in one VDC and MST in another VDC.
Caution
This command does not require a license.
Examples
This example shows how to switch to MST mode:
switch(config)# spanning-tree mode mstswitch(config-mst)#This example shows how to return to the default mode (Rapid PVST+):
switch(config)# no spanning-tree modeswitch(config)#Related Commands
show spanning-tree summary
Displays the information about the spanning tree configuration.
spanning-tree mst configuration
To enter the Multiple Spanning Tree (MST) configuration submode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
Syntax Description
This command has no keywords or arguments.
Defaults
The default value for the MST configuration is the default value for all its parameters:
•
•
•
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The MST configuration consists of three main parameters:
•
•
•
The abort and exit commands allow you to exit mst configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving mst configuration submode.
The abort command leaves mst configuration submode without committing any changes.
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit mst configuration submode, the following warning message is displayed:
These secondary vlans are not mapped to the same instance as their primary:-> 3See the switchport mode private-vlan host command to fix this problem.
Changing an mst configuration submode parameter can cause connectivity loss. To reduce service disruptions, when you enter mst configuration submode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:
% MST CFG:Configuration change lost because of concurrent accessThis command does not require a license.
Examples
This example shows how to enter MST-configuration submode:
switch(config)# spanning-tree mst configurationswitch(config-mst)#This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
switch(config)# no spanning-tree mst configurationswitch(config)#Related Commands
spanning-tree mst cost
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the common and internal spanning tree [CIST] with instance ID 0) use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost {cost | auto}
no spanning-tree mst instance-id cost
Syntax Description
Defaults
auto
•
•
•
•
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The port-channel bundle is considered a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
This command has no licensing requirements.
Examples
This example shows how to set the interface path cost:
switch(config-if)# spanning-tree mst 0 cost 17031970switch(config-if)#Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst forward-time
To set the forward-delay timer for all the instances on the device, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Syntax Description
seconds
Number of seconds to set the forward-delay timer for all the instances on the device; the range of valid values is from 4 to 30 seconds.
Defaults
15
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the forward-delay timer:
switch(config)# spanning-tree mst forward-time 20switch(config)#
Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the device, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Syntax Description
seconds
Number of seconds to set the hello-time delay timer for all the instances on the device; the range of valid values is from 1 to 10 seconds.
Defaults
2
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
This command does not require a license.
Examples
This example shows how to set the hello-time delay timer:
switch(config)# spanning-tree mst hello-time 3switch(config)#
Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst max-age
To set the max-age timer for all the instances on the device, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
no spanning-tree mst max-age
Syntax Description
seconds
Number of seconds to set the max-age timer for all the instances on the device; the range of valid values is from 6 to 40 seconds.
Defaults
20
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This parameter is used only by Instance 0 or the IST.
This command does not require a license.
Examples
This example shows how to set the max-age timer:
switch(config)# spanning-tree mst max-age 40switch(config)#
Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst max-hops
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
no spanning-tree mst max-hops
Syntax Description
hop-count
Number of possible hops in the region before a BPDU is discarded; the range of valid values is from 1 to 255 hops.
Defaults
20
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the number of possible hops:
switch(config)# spanning-tree mst max-hops 25switch(config)#
Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst port-priority
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance—including the common and internal spanning tree (CIST) with instance ID 0—use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
Syntax Description
instance-id
Instance ID number; valid values are from 0 to 4094.
priority
Port priority for an instance; the range of valid values is from 0 to 224 in increments of 32.
Defaults
priority is 128.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Examples
This example shows how to set the interface priority:
switch(config-if)# spanning-tree mst 0 port-priority 64switch(config-if)#Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
Configures port priority for default STP, which is Rapid PVST+.
spanning-tree mst pre-standard
To force the specified interface to send pre-standard, rather than standard, MST messages, use the spanning-tree mst pre-standard command. To return to the default setting, use the no form of this command.
spanning-tree mst pre-standard
no spanning-tree mst pre-standard
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority argument to 0 to make the device root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This command does not require a license.
Examples
This example shows how to set the bridge priority:
switch(config)# spanning-tree mst 0 root priority 4096switch(config)#Related Commands
show spanning-tree mst [interface {interface}] [detail]
Displays detailed information about the MST protocol for the specified interface.
spanning-tree mst priority
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst {instance-id} priority priority-value
no spanning-tree mst {instance-id} priority
Syntax Description
Defaults
priority-value default is 32768.
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority argument to 0 to make the device root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This command does not require a license.
Examples
This example shows how to set the bridge priority:
switch(config)# spanning-tree mst 0 root priority 4096switch(config)#Related Commands
show spanning-tree mst [detail]
Displays the information about the MST protocol.
spanning-tree mst root
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst {instance-id} root {primary | secondary} [diameter dia [hello-time hello-time]]
no spanning-tree mst {instance-id} root
Syntax Description
Defaults
spanning-tree mst root has no default settings.
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-admin
Command History
