Table Of Contents

shutdown

shutdown vlan

snmp-server enable traps

snmp-server host

snmp trap mac-notification

spanning-tree backbonefast

spanning-tree bpdufilter

spanning-tree bpduguard

spanning-tree cost

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree guard

spanning-tree link-type

spanning-tree loopguard default

spanning-tree mode

spanning-tree mst configuration

spanning-tree mst cost

spanning-tree mst forward-time

spanning-tree mst hello-time

spanning-tree mst max-age

spanning-tree mst max-hops

spanning-tree mst port-priority

spanning-tree mst pre-standard

spanning-tree mst priority

spanning-tree mst root

spanning-tree port-priority

spanning-tree portfast (global configuration)

spanning-tree portfast (interface configuration)

spanning-tree transmit hold-count

spanning-tree uplinkfast

spanning-tree vlan

speed

srr-queue bandwidth limit

srr-queue bandwidth shape

srr-queue bandwidth share

storm-control

switchport access

switchport backup interface

switchport block

switchport host

switchport mode

switchport nonegotiate

switchport port-security

switchport port-security aging

switchport priority extend

switchport protected

switchport trunk

switchport voice detect

switchport voice vlan

system mtu

test cable-diagnostics tdr

traceroute mac

traceroute mac ip

trust

udld

udld port

udld reset

vlan (global configuration)

vlan (VLAN configuration)

vlan database

vmps reconfirm (privileged EXEC)

vmps reconfirm (global configuration)

vmps retry

vmps server

vtp (global configuration)

vtp (VLAN configuration)

2V]

shutdown

Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.

shutdown

no shutdown

Syntax Description

This command has no arguments or keywords.

Defaults

The port is enabled (not shut down).

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

The shutdown command causes a port to stop forwarding. You can enable the port with the no shutdown command.

The no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shut down. The port must first be a member of an active VLAN before it can be re-enabled.

The shutdown command disables all functions on the specified interface.

This command also marks the interface as unavailable. To see if an interface is disabled, use the show interfaces privileged EXEC command. An interface that has been shut down is shown as administratively down in the display.

Examples

These examples show how to disable and re-enable a port:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# shutdown

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# no shutdown

You can verify your settings by entering the show interfaces privileged EXEC command.

Related Commands

Command	Description
show interfaces	Displays the statistical information specific to all interfaces or to a specific interface.

shutdown vlan

Use the shutdown vlan global configuration command to shut down (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN.

shutdown vlan vlan-id

no shutdown vlan vlan-id

Syntax Description

vlan-id

ID of the VLAN to be locally shut down. The range is 2 to 1001. VLANs defined as default VLANs under the VLAN Trunking Protocol (VTP), as well as extended-range VLANs (greater than 1005) cannot be shut down. The default VLANs are 1 and 1002 to 1005.

Defaults

No default is defined.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

The shutdown vlan command does not change the VLAN information in the VTP database. The command shuts down local traffic, but the switch still advertises VTP information.

Examples

This example shows how to shut down traffic on VLAN 2:

Switch(config)# shutdown vlan 2

You can verify your setting by entering the show vlan privileged EXEC command.

Related Commands

Command	Description
shutdown (config-vlan mode)	Shuts down local traffic on the VLAN when in config-VLAN mode (accessed by the vlan vlan-id global configuration command).
vlan database	Enters VLAN configuration mode.

snmp-server enable traps

Use the snmp-server enable traps global configuration command to enable the switch to send Simple Network Management Protocol (SNMP) notifications for various traps or inform requests to the network management system (NMS). Use the no form of this command to return to the default setting.

snmp-server enable traps [bridge [newroot] [topologychange] | cluster | config | copy-config | entity | envmon [fan | shutdown | status | supply | temperature] | errdisable [notification-rate value] | flash | hsrp | ipmulticast | mac-notification | msdp | ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change] | pim [invalid-pim-message | neighbor-change | rp-mapping-change] | port-security [trap-rate value] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | storm-control trap-rate value | stpx [inconsistency] [root-inconsistency] [loop-inconsistency] | syslog | tty | vlan-membership | vlancreate | vlandelete | vtp]

no snmp-server enable traps [bridge [newroot] [topologychange] | cluster | config | copy-config | entity | envmon [fan | shutdown | status | supply | temperature] | errdisable [notification-rate] | flash | hsrp | ipmulticast | mac-notification | msdp | ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change] | pim [invalid-pim-message | neighbor-change | rp-mapping-change] | port-security [trap-rate] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | storm-control trap-rate | stpx [inconsistency] [root-inconsistency] [loop-inconsistency] | syslog | tty | vlan-membership | vlancreate | vlandelete | vtp]

Syntax Description

bridge [newroot] [topologychange]	(Optional) Generate STP bridge MIB traps. The keywords have these meanings: •newroot—(Optional) Enable SNMP STP Bridge MIB new root traps. •topologychange—(Optional) Enable SNMP STP Bridge MIB topology change traps.
cluster	(Optional) Enable cluster traps.
config	(Optional) Enable SNMP configuration traps.
copy-config	(Optional) Enable SNMP copy-configuration traps.
entity	(Optional) Enable SNMP entity traps.
envmon [fan | shutdown | status | supply | temperature]	Optional) Enable SNMP environmental traps. The keywords have these meanings: •fan—(Optional) Enable fan traps. •shutdown—(Optional) Enable environmental monitor shutdown traps. •status—(Optional) Enable SNMP environmental status-change traps. •supply—(Optional) Enable environmental monitor power-supply traps. •temperature—(Optional) Enable environmental monitor temperature traps.
errdisable [notification-rate value]	(Optional) Enable errdisable traps. Use notification-rate keyword to set the maximum value of errdisable traps sent per minute. The range is 0 to 10000; the default is 0 (no limit imposed; a trap is sent at every occurrence).
flash	(Optional) Enable SNMP FLASH notifications.
hsrp	(Optional) Enable Hot Standby Router Protocol (HSRP) traps.
ipmulticast	(Optional) Enable IP multicast routing traps.
mac-notification	(Optional) Enable MAC address notification traps.
msdp	(Optional) Enable Multicast Source Discovery Protocol (MSDP) traps.
ospf [cisco-specific | errors | lsa | rate-limit | retransmit | state-change]	(Optional) Enable Open Shortest Path First (OSPF) traps. The keywords have these meanings: •cisco-specific—(Optional) Enable Cisco-specific traps. •errors—(Optional) Enable error traps. •lsa—(Optional) Enable link-state advertisement (LSA) traps. •rate-limit—(Optional) Enable rate-limit traps. •retransmit—(Optional) Enable packet-retransmit traps. •state-change—(Optional) Enable state-change traps.
pim [invalid-pim-message | neighbor-change | rp-mapping-change]	(Optional) Enable Protocol-Independent Multicast (PIM) traps. The keywords have these meanings: •invalid-pim-message—(Optional) Enable invalid PIM message traps. •neighbor-change—(Optional) Enable PIM neighbor-change traps. •rp-mapping-change—(Optional) Enable rendezvous point (RP)-mapping change traps.
port-security [trap-rate value]	(Optional) Enable port security traps. Use the trap-rate keyword to set the maximum number of port-security traps sent per second. The range is from 0 to 1000; the default is 0 (no limit imposed; a trap is sent at every occurrence).
rtr	(Optional) Enable SNMP Response Time Reporter traps.
snmp [authentication | coldstart | linkdown | linkup | warmstart]	(Optional) Enable SNMP traps. The keywords have these meanings: •authentication—(Optional) Enable authentication trap. •coldstart—(Optional) Enable cold start trap. •linkdown—(Optional) Enable linkdown trap. •linkup—(Optional) Enable linkup trap. •warmstart—(Optional) Enable warmstart trap.
storm-control trap-rate value	(Optional) Enable storm-control traps. Use the trap-rate keyword to set the maximum number of storm-control traps sent per second. The range is 0 to 1000; the default is 0 (no limit is imposed; a trap is sent at every occurrence).
stpx	(Optional) Enable SNMP STPX MIB traps. The keywords have these meanings: •inconsistency—(Optional) Enable SNMP STPX MIB Inconsistency Update traps. •root-inconsistency—(Optional) Enable SNMP STPX MIB Root Inconsistency Update traps. •loop-inconsistency—(Optional) Enable SNMP STPX MIB Loop Inconsistency Update traps.
syslog	(Optional) Enable SNMP syslog traps.
tty	(Optional) Send TCP connection traps. This is enabled by default.
vlan-membership	(Optional) Enable SNMP VLAN membership traps.
vlancreate	(Optional) Enable SNMP VLAN-created traps.
vlandelete	(Optional) Enable SNMP VLAN-deleted traps.
vtp	(Optional) Enable VLAN Trunking Protocol (VTP) traps.

---

Note Though visible in the command-line help strings, the cpu [threshold], insertion, and removal keywords are not supported. The snmp-server enable informs global configuration command is not supported. To enable the sending of SNMP inform notifications, use the snmp-server enable traps global configuration command combined with the snmp-server host host-addr informs global configuration command.

---

Defaults

The sending of SNMP traps is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.
12.2(37)SE	The errdisable notification-rate value keywords were added.

Usage Guidelines

Specify the host (NMS) that receives the traps by using the snmp-server host global configuration command. If no trap types are specified, all trap types are sent.

When supported, use the snmp-server enable traps command to enable sending of traps or informs.

---

Note Informs are not supported in SNMPv1.

---

To enable more than one type of trap, you must enter a separate snmp-server enable traps command for each trap type.

Examples

This example shows how to send VTP traps to the NMS:

Switch(config)# snmp-server enable traps vtp

You can verify your setting by entering the show vtp status or the show running-config privileged EXEC command.

Related Commands

Command	Description
show running-config	Displays the running configuration on the switch. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.
snmp-server host	Specifies the host that receives SNMP traps.

snmp-server host

Use the snmp-server host global configuration command to specify the recipient (host) of a Simple Network Management Protocol (SNMP) notification operation. Use the no form of this command to remove the specified host.

snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth| priv}] [vrf vrf-instance] {community-string [notification-type]}

no snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}] [vrf vrf-instance] community-string

Syntax Description

host-addr	Name or Internet address of the host (the targeted recipient).
udp-port port	(Optional) Configure the User Datagram Protocol (UDP) port number of the host to receive the traps. The range is 0 to 65535.
informs | traps	(Optional) Send SNMP traps or informs to this host.
version 1 | 2c | 3	(Optional) Version of the SNMP used to send the traps. These keywords are supported: 1—SNMPv1. This option is not available with informs. 2c—SNMPv2C. 3—SNMPv3. These optional keywords can follow the Version 3 keyword: •auth (Optional). Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication. •noauth (Default). The noAuthNoPriv security level. This is the default if the [auth | noauth | priv] keyword choice is not specified. •priv (Optional). Enables Data Encryption Standard (DES) packet encryption (also called privacy). Note The priv keyword is available only when the cryptographic (encrypted) software image is installed.
vrf vrf-instance	(Optional) Virtual private network (VPN) routing instance and name for this host.
community-string	Password-like community string sent with the notification operation. Though you can set this string by using the snmp-server host command, we recommend that you define this string by using the snmp-server community global configuration command before using the snmp-server host command.
notification-type	(Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the these keywords: •bridge—Send SNMP Spanning Tree Protocol (STP) bridge MIB traps. •cluster—Send cluster member status traps. •config—Send SNMP configuration traps. •copy-config—Send SNMP copy configuration traps. •entity— Send SNMP entity traps. •envmon—Send environmental monitor traps. •errdisable—Send SNMP errdisable notifications. •flash—Send SNMP FLASH notifications. •hsrp—Send SNMP Hot Standby Router Protocol (HSRP) traps. •ipmulticast—Send SNMP IP multicast routing traps. •mac-notification—Send SNMP MAC notification traps. •msdp—Send SNMP Multicast Source Discovery Protocol (MSDP) traps. •ospf—Send Open Shortest Path First (OSPF) traps. •pim—Send SNMP Protocol-Independent Multicast (PIM) traps. •port-security—Send SNMP port-security traps. •rtr—Send SNMP Response Time Reporter traps. •snmp—Send SNMP-type traps. •storm-control—Send SNMP storm-control traps. •stpx—Send SNMP STP extended MIB traps. •syslog—Send SNMP syslog traps. •tty—Send TCP connection traps. •udp-port port—Configure the User Datagram Protocol (UDP) port number of the host to receive the traps. The range is from 0 to 65535. •vlan-membership— Send SNMP VLAN membership traps. •vlancreate—Send SNMP VLAN-created traps. •vlandelete—Send SNMP VLAN-deleted traps. •vtp—Send SNMP VLAN Trunking Protocol (VTP) traps.

Defaults

This command is disabled by default. No notifications are sent.

If you enter this command with no keywords, the default is to send all trap types to the host. No informs are sent to this host.

If no version keyword is present, the default is Version 1.

If Version 3 is selected and no authentication keyword is entered, the default is the noauth (noAuthNoPriv) security level.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.
12.2(37)SE	The errdisable notification-rate value keywords were added.

Usage Guidelines

SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Thus, informs are more likely to reach their intended destinations.

However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Traps are also sent only once, but an inform might be retried several times. The retries increase traffic and contribute to a higher overhead on the network.

If you do not enter an snmp-server host command, no notifications are sent. To configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. If you enter the command with no keywords, all trap types are enabled for the host. To enable multiple hosts, you must enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.

If a local user is not associated with a remote host, the switch does not send informs for the auth (authNoPriv) and the priv (authPriv) authentication levels.

When multiple snmp-server host commands are given for the same host and kind of notification (trap or inform), each succeeding command overwrites the previous command. Only the last snmp-server host command is in effect. For example, if you enter an snmp-server host inform command for a host and then enter another snmp-server host inform command for the same host, the second command replaces the first.

The snmp-server host command is used with the snmp-server enable traps global configuration command. Use the snmp-server enable traps command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled. Some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Other notification types are enabled by a different command.

The no snmp-server host command with no keywords disables traps, but not informs, to the host. To disable informs, use the no snmp-server host informs command.

Examples

This example shows how to configure a unique SNMP community string named comaccess for traps and prevent SNMP polling access with this string through access-list 10:

Switch(config)# snmp-server community comaccess ro 10

Switch(config)# snmp-server host 172.20.2.160 comaccess

Switch(config)# access-list 10 deny any

This example shows how to send the SNMP traps to the host specified by the name myhost.cisco.com. The community string is defined as comaccess:

Switch(config)# snmp-server enable traps

Switch(config)# snmp-server host myhost.cisco.com comaccess snmp 

This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public:

Switch(config)# snmp-server enable traps

Switch(config)# snmp-server host myhost.cisco.com public

You can verify your settings by entering the show running-config privileged EXEC command.

Related Commands

Command	Description
show running-config	Displays the running configuration on the switch. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.
snmp-server enable traps	Enables SNMP notification for various trap types or inform requests.

snmp trap mac-notification

Use the snmp trap mac-notification interface configuration command to enable the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific Layer 2 interface. Use the no form of this command to return to the default setting.

snmp trap mac-notification {added | removed}

no snmp trap mac-notification {added | removed}

Syntax Description

added	Enable the MAC notification trap whenever a MAC address is added on this interface.
removed	Enable the MAC notification trap whenever a MAC address is removed from this interface.

Defaults

By default, the traps for both address addition and address removal are disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

Even though you enable the notification trap for a specific interface by using the snmp trap mac-notification command, the trap is generated only when you enable the snmp-server enable traps mac-notification and the mac address-table notification global configuration commands.

Examples

This example shows how to enable the MAC notification trap when a MAC address is added to a port:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# snmp trap mac-notification added

You can verify your settings by entering the show mac address-table notification interface privileged EXEC command.

Related Commands

Command	Description
clear mac address-table notification	Clears the MAC address notification global counters.
mac address-table notification	Enables the MAC address notification feature.
show mac address-table notification	Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended.
snmp-server enable traps	Sends the SNMP MAC notification traps when the mac-notification keyword is appended.

spanning-tree backbonefast

Use the spanning-tree backbonefast global configuration command to enable the BackboneFast feature. Use the no form of the command to return to the default setting.

spanning-tree backbonefast

no spanning-tree backbonefast

Syntax Description

This command has no arguments or keywords.

Defaults

BackboneFast is disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

You can configure the BackboneFast feature for rapid PVST+ or for multiple spanning-tree (MST) mode, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+.

BackboneFast starts when a root port or blocked port on a switch receives inferior BPDUs from its designated switch. An inferior BPDU identifies a switch that declares itself as both the root bridge and the designated switch. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root switch. If there are alternate paths to the root switch, BackboneFast causes the maximum aging time on the interfaces on which it received the inferior BPDU to expire and allows a blocked port to move immediately to the listening state. BackboneFast then transitions the interface to the forwarding state. For more information, see the software configuration guide for this release.

Enable BackboneFast on all supported switches to allow the detection of indirect link failures and to start the spanning-tree reconfiguration sooner.

Examples

This example shows how to enable BackboneFast on the switch:

Switch(config)# spanning-tree backbonefast

You can verify your setting by entering the show spanning-tree summary privileged EXEC command.

Related Commands

Command	Description
show spanning-tree summary	Displays a summary of the spanning-tree interface states.

spanning-tree bpdufilter

Use the spanning-tree bpdufilter interface configuration command to prevent an interface from sending or receiving bridge protocol data units (BPDUs). Use the no form of this command to return to the default setting.

spanning-tree bpdufilter {disable | enable}

no spanning-tree bpdufilter

Syntax Description

disable	Disable BPDU filtering on the specified interface.
enable	Enable BPDU filtering on the specified interface.

Defaults

BPDU filtering is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

You can enable the BPDU filtering feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.

---

Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.

---

You can globally enable BPDU filtering on all Port Fast-enabled interfaces by using the spanning-tree portfast bpdufilter default global configuration command.

You can use the spanning-tree bpdufilter interface configuration command to override the setting of the spanning-tree portfast bpdufilter default global configuration command.

Examples

This example shows how to enable the BPDU filtering feature on a port:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# spanning-tree bpdufilter enable

You can verify your setting by entering the show running-config privileged EXEC command.

Related Commands

Command	Description
show running-config	Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.
spanning-tree portfast (global configuration)	Globally enables the BPDU filtering or the BPDU guard feature on Port Fast-enabled interface or enables the Port Fast feature on all nontrunking interfaces.
spanning-tree portfast (interface configuration)	Enables the Port Fast feature on an interface and all its associated VLANs.

spanning-tree bpduguard

Use the spanning-tree bpduguard interface configuration command to put an interface in the error-disabled state when it receives a bridge protocol data unit (BPDU). Use the no form of this command to return to the default setting.

spanning-tree bpduguard {disable | enable}

no spanning-tree bpduguard

Syntax Description

disable	Disable BPDU guard on the specified interface.
enable	Enable BPDU guard on the specified interface.

Defaults

BPDU guard is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an interface from being included in the spanning-tree topology.

You can enable the BPDU guard feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.

You can globally enable BPDU guard on all Port Fast-enabled interfaces by using the spanning-tree portfast bpduguard default global configuration command.

You can use the spanning-tree bpduguard interface configuration command to override the setting of the spanning-tree portfast bpduguard default global configuration command.

Examples

This example shows how to enable the BPDU guard feature on a port:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# spanning-tree bpduguard enable

You can verify your setting by entering the show running-config privileged EXEC command.

Related Commands

Command	Description
show running-config	Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.
spanning-tree portfast (global configuration)	Globally enables the BPDU filtering or the BPDU guard feature on Port Fast-enabled interfaces or enables the Port Fast feature on all nontrunking interfaces.
spanning-tree portfast (interface configuration)	Enables the Port Fast feature on an interface and all its associated VLANs.

spanning-tree cost

Use the spanning-tree cost interface configuration command to set the path cost for spanning-tree calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to place in the forwarding state. Use the no form of this command to return to the default setting.

spanning-tree [vlan vlan-id] cost cost

no spanning-tree [vlan vlan-id] cost

Syntax Description

vlan vlan-id	(Optional) VLAN range associated with a spanning-tree instance. You can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
cost	Path cost. The range is 1 to 200000000, with higher values meaning higher costs.

Defaults

The default path cost is computed from the interface bandwidth setting. These are the IEEE default path cost values:

•1000 Mb/s—4

•100 Mb/s—19

•10 Mb/s—100

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

When you configure the cost, higher values represent higher costs.

If you configure an interface with both the spanning-tree vlan vlan-id cost cost command and the spanning-tree cost cost command, the spanning-tree vlan vlan-id cost cost command takes effect.

Examples

This example shows how to set the path cost to 250 on a port:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# spanning-tree cost 250

This example shows how to set a path cost to 300 for VLANs 10, 12 to 15, and 20:

Switch(config-if)# spanning-tree vlan 10,12-15,20 cost 300

You can verify your settings by entering the show spanning-tree interface interface-id privileged EXEC command.

Related Commands

Command	Description
show spanning-tree interface interface-id	Displays spanning-tree information for the specified interface.
spanning-tree port-priority	Configures an interface priority.
spanning-tree vlan priority	Sets the switch priority for the specified spanning-tree instance.

spanning-tree etherchannel guard misconfig

Use the spanning-tree etherchannel guard misconfig global configuration command to display an error message when the switch detects an EtherChannel misconfiguration. Use the no form of this command to disable the feature.

spanning-tree etherchannel guard misconfig

no spanning-tree etherchannel guard misconfig

Syntax Description

This command has no arguments or keywords.

Defaults

EtherChannel guard is enabled on the switch.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

When the switch detects an EtherChannel misconfiguration, this error message appears:

PM-4-ERR_DISABLE: Channel-misconfig error detected on [chars], putting [chars] in 
err-disable state.

To show switch ports that are in the misconfigured EtherChannel, use the show interfaces status err-disabled privileged EXEC command. To verify the EtherChannel configuration on a remote device, use the show etherchannel summary privileged EXEC command on the remote device.

When a port is in the error-disabled state because of an EtherChannel misconfiguration, you can bring it out of this state by entering the errdisable recovery cause channel-misconfig global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands.

Examples

This example shows how to enable the EtherChannel guard misconfiguration feature:

Switch(config)# spanning-tree etherchannel guard misconfig

You can verify your settings by entering the show spanning-tree summary privileged EXEC command.

Related Commands

Command	Description
errdisable recovery cause channel-misconfig	Enables the timer to recover from the EtherChannel misconfiguration error-disabled state.
show etherchannel summary	Displays EtherChannel information for a channel as a one-line summary per channel-group.
show interfaces status err-disabled	Displays the interfaces in the error-disabled state.

spanning-tree extend system-id

Use the spanning-tree extend system-id global configuration command to enable the extended system ID feature.

spanning-tree extend system-id

---

Note Though visible in the command-line help strings, the no version of this command is not supported. You cannot disable the extended system ID feature.

---

Syntax Description

This command has no arguments or keywords.

Defaults

The extended system ID is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

The switch supports the IEEE 802.1t spanning-tree extensions. Some of the bits previously used for the switch priority are now used for the extended system ID (VLAN identifier for the per-VLAN spanning-tree plus [PVST+] and rapid PVST+ or as an instance identifier for the multiple spanning tree [MST]).

The spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the bridge ID unique for each VLAN or multiple spanning-tree instance.

Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN. For more information, see the "spanning-tree mst root" and the "spanning-tree vlan" sections.

If your network consists of switches that do not support the extended system ID and switches that do support it, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches.

Related Commands

Command	Description
show spanning-tree summary	Displays a summary of spanning-tree interface states.
spanning-tree mst root	Configures the MST root switch priority and timers based on the network diameter.
spanning-tree vlan priority	Sets the switch priority for the specified spanning-tree instance.

spanning-tree guard

Use the spanning-tree guard interface configuration command to enable root guard or loop guard on all the VLANs associated with the selected interface. Root guard restricts which interface is allowed to be the spanning-tree root port or the path-to-the root for the switch. Loop guard prevents alternate or root ports from becoming designated ports when a failure creates a unidirectional link. Use the no form of this command to return to the default setting.

spanning-tree guard {loop | none | root}

no spanning-tree guard

Syntax Description

loop	Enable loop guard.
none	Disable root guard or loop guard.
root	Enable root guard.

Defaults

Root guard is disabled.

Loop guard is configured according to the spanning-tree loopguard default global configuration command (globally disabled).

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

You can enable root guard or loop guard when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.

When root guard is enabled, if spanning-tree calculations cause an interface to be selected as the root port, the interface transitions to the root-inconsistent (blocked) state to prevent the customer's switch from becoming the root switch or being in the path to the root. The root port provides the best path from the switch to the root switch.

When the no spanning-tree guard or the no spanning-tree guard none command is entered, root guard is disabled for all VLANs on the selected interface. If this interface is in the root-inconsistent (blocked) state, it automatically transitions to the listening state.

Do not enable root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state. The UplinkFast feature is not available when the switch is operating in the rapid-PVST+ or MST mode.

Loop guard is most effective when it is configured on the entire switched network. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send bridge protocol data units (BPDUs) on root or alternate ports. When the switch is operating in MST mode, BPDUs are not sent on nonboundary interfaces if the interface is blocked by loop guard in all MST instances. On a boundary interface, loop guard blocks the interface in all MST instances.

To disable root guard or loop guard, use the spanning-tree guard none interface configuration command. You cannot enable both root guard and loop guard at the same time.

You can override the setting of the spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command.

Examples

This example shows how to enable root guard on all the VLANs associated with the specified port:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# spanning-tree guard root

This example shows how to enable loop guard on all the VLANs associated with the specified port:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# spanning-tree guard loop

You can verify your settings by entering the show running-config privileged EXEC command.

Related Commands

Command	Description
show running-config	Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands > Configuration File Management Commands.
spanning-tree cost	Sets the path cost for spanning-tree calculations.
spanning-tree loopguard default	Prevents alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link.
spanning-tree mst cost	Configures the path cost for MST calculations.
spanning-tree mst port-priority	Configures an interface priority.
spanning-tree mst root	Configures the MST root switch priority and timers based on the network diameter.
spanning-tree port-priority	Configures an interface priority.
spanning-tree vlan priority	Sets the switch priority for the specified spanning-tree instance.

spanning-tree link-type

Use the spanning-tree link-type interface configuration command to override the default link-type setting, which is determined by the duplex mode of the interface, and to enable rapid spanning-tree transitions to the forwarding state. Use the no form of this command to return to the default setting.

spanning-tree link-type {point-to-point | shared}

no spanning-tree link-type

Syntax Description

point-to-point	Specify that the link type of an interface is point-to-point.
shared	Specify that the link type of an interface is shared.

Defaults

The switch derives the link type of an interface from the duplex mode. A full-duplex interface is considered a point-to-point link, and a half-duplex interface is considered a shared link.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(25)FX	This command was introduced.

Usage Guidelines

You can override the default setting of the link type by using the spanning-tree link-type command. For example, a half-duplex link can be physically connected point-to-point to a single interface on a remote switch running the Multiple Spanning Tree Protocol (MSTP) or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol and be enabled for rapid transitions.

Examples

This example shows how to specify the link type as shared (regardless of the duplex setting) and to prevent rapid transitions to the forwarding state:

Switch(config-if)# spanning-tree link-type shared

You can verify your setting by entering the show spanning-tree mst interface interface-id or the show spanning-tree interface interface-id privileged EXEC command.

Related Commands

Command	Description
clear spanning-tree detected-protocols	Restarts the protocol migration process (force the renegotiation with neighboring switches) on all i