The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Use the rmon collection stats interface configuration command on the switch stack or on a standalone switch to collect Ethernet group statistics, which include utilization statistics about broadcast and multicast packets, and error statistics about Cyclic Redundancy Check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
rmon collection stats index [owner name]
no rmon collection stats index [owner name]
index |
Remote Network Monitoring (RMON) collection control index. The range is 1 to 65535. |
owner name |
(Optional) Owner of the RMON collection. |
The RMON statistics collection is disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The RMON statistics collection command is based on hardware counters.
This example shows how to collect RMON statistics for the owner root on Gigabit Ethernet interface 0/1 of stack member 2:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# rmon collection stats 2 owner root
You can verify your setting by entering the show rmon statistics privileged EXEC command.
Use the sdm prefer global configuration command on the switch stack or on a standalone switch to configure the template used in Switch Database Management (SDM) resource allocation. You can use a template to allocate system resources to best support the features being used in your application. Use a template to provide maximum system utilization for unicast routing or for VLAN configuration or to change an aggregator template (Catalyst 3750-12S only) to a desktop template. Use the no form of this command to return to the default template.
sdm prefer {default | routing | vlan} [desktop]
no sdm prefer
The default template provides a balance to all features.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The aggregator templates were added. |
You must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
Desktop switches support only desktop templates; an aggregator switch (Catalyst 3750-12S) supports both desktop and aggregator templates. On an aggregator switch, if you do not enter the desktop keyword, the aggregator templates are selected.
All stack members use the same SDM desktop or aggregator template, stored on the stack master. When a new switch member is added to a stack, as with the switch configuration file and VLAN database file, the SDM configuration that is stored on the stack master overrides the template configured on an individual switch.
If a stack member cannot support the template that is running on the master switch, the switch goes into SDM mismatch mode, the master switch does not attempt to change the SDM template, and the switch cannot be a functioning member of the stack.
•If the master switch is a Catalyst 3750-12S, and you change the template from an aggregator template to a desktop template and reload the switch, the entire stack operates with the selected desktop template. This could cause configuration losses if the number of ternary content addressable memory (TCAM) entries exceeds the desktop template sizes.
•If you change the template on a Catalyst 3750-12S master from a desktop template to an aggregator template and reload the switch, any desktop switches that were part of the stack go into SDM mismatch mode.
•If you add a Catalyst 3750-12S switch that is running the aggregator template to a stack that has a desktop switch as the stack master, the stack operates with the desktop template selected on the stack master. This could cause configuration losses on the Catalyst 3750-12S stack member if the number of TCAM entries on it exceeds desktop template sizes.
Note For more information about stacking, refer to the "Managing Switch Stacks" chapter in the software configuration guide.
Use the sdm prefer vlan [desktop] global configuration command only on switches intended for Layer 2 switching with no routing. When you use the VLAN template, no system resources are reserved for routing entries and any routing is done through software. This overloads the central processing unit (CPU) and severely degrades routing performance.
Do not use the routing template if you do not have routing enabled on your switch. Entering the sdm prefer routing [desktop] global configuration command prevents other features from using the memory allocated to unicast routing in the routing template.
Table 2-15 lists the approximate number of each resource supported in each of the three templates for a desktop or aggregator switch. The first eight rows in the tables (unicast MAC addresses through security ACEs) represent approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance. The last row is a guideline used to calculate hardware resource consumption related to the number of Layer 3 VLANs configured.
This example shows how to configure the routing template on a desktop switch:
Switch(config)# sdm prefer routing
Switch(config)# exit
Switch# reload
This example shows how to configure the desktop routing template on an aggregator switch:
Switch(config)# sdm prefer routing desktop
Switch(config)# exit
Switch# reload
This example shows how to change a switch template to the default template. On an aggregator switch, this is the default aggregator template; on a desktop switch, this is the default desktop template.
Switch(config)# no sdm prefer
Switch(config)# exit
Switch# reload
This example shows how to configure the desktop default template on an aggregator switch:
Switch(config)# sdm prefer default desktop
Switch(config)# exit
Switch# reload
You can verify your settings by entering the show sdm prefer privileged EXEC command.
|
|
---|---|
Displays the current SDM template in use or displays the templates that can be used, with approximate resource allocation per feature. |
Use the service password-recovery global configuration command on the switch stack or on a standalone switch to enable the password-recovery mechanism (the default). This mechanism allows an end user with physical access to the switch to hold down the Mode button and interrupt the boot process while the switch is powering up and to assign a new password. Use the no form of this command to disable part of the password-recovery functionality. When the password-recovery mechanism is disabled, interrupting the boot process is allowed only if the user agrees to set the system back to the default configuration.
service password-recovery
no service password-recovery
This command has no arguments or keywords.
The password-recovery mechanism is enabled.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
As a system administrator, you can use the no service password-recovery command to disable some of the functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration.
The password-recovery mechanism has been triggered, but
is currently disabled. Access to the boot loader prompt
through the password-recovery mechanism is disallowed at
this point. However, if you agree to let the system be
reset back to the default system configuration, access
to the boot loader prompt can still be allowed.
Would you like to reset the system back to the default configuration (y/n)?
If the user chooses not to reset the system back to the default configuration, the normal boot process continues, as if the Mode button had not been pressed. If you choose to reset the system back to the default configuration, the configuration file in flash memory is deleted and the VLAN database file, flash:vlan.dat (if present) is deleted.
Note If you use the no service password-recovery command to control end user access to passwords, we recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to default values. Do not keep a backup copy of the config file on the switch.
If the switch is operating in VTP transparent mode, we recommend that you also save a copy of the vlan.dat file in a location away from the switch.
When you enter the service password-recovery or no service password-recovery command on the stack master, it is propagated throughout the stack and applied to all switches in the stack.
You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command.
This example shows how to disable password recovery on a switch or switch stack so that a user can only reset a password by agreeing to return to the default configuration.
Switch(config)# no service-password recovery
Switch(config)# exit
|
|
---|---|
Displays version information for the hardware and firmware. |
Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a particular interface. Use the no form of this command to remove the policy map and interface association.
service-policy input policy-map-name
no service-policy input policy-map-name
input policy-map-name |
Apply the specified policy-map to the input of an interface. |
Note Though visible in the command-line help strings, the history keyword is not supported, and you should ignore the statistics it gathers. The output keyword is also not supported.
No policy maps are attached to the interface.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Only one policy map per ingress interface is supported.
Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and a policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last one configured overwrites the previous configuration.
This example shows how to apply plcmap1 to an ingress interface on stack member 2:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# service-policy input plcmap1
This example shows how to detach plcmap2 from an interface on stack member 2:
Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# no service-policy input plcmap2
You can verify your settings by entering the show running-config privileged EXEC command.
|
|
---|---|
Creates or modifies a policy map that can be attached to multiple interfaces to specify a service policy. |
|
Displays quality of service (QoS) policy maps. |
Use the session privileged EXEC command on the stack master to access a specific stack member.
session stack-member-number
stack-member-number |
Specify the current stack member number. The stack member number is in the range from 1 through 9. |
No default is defined.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
When you access the stack member, its stack member number is appended to the system prompt.
This example shows how to access stack member 6:
Switch(config)# session 6
Switch-6#
Use the set policy-map class configuration command on the switch stack or on a standalone switch to classify IP traffic by setting a Differentiated Services Code Point (DSCP) or IP-precedence value in the packet. Use the no form of this command to remove traffic classification.
set {ip dscp new-dscp | ip precedence new-precedence}
no set {ip dscp new-dscp | ip precedence new-precedence}
Note Though visible in the command-line help strings, the mpls keyword is not supported.
No traffic classification is defined.
Policy-map class configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The set command is mutually exclusive with the trust policy-map class configuration command within the same policy map.
For the set ip dscp new-dscp or the set ip precedence new-precedence command, you can enter a mnemonic name for a commonly-used value. For example, you can enter the set ip dscp af11 command, which is the as same entering the set ip dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set ip dscp ? or the set ip precedence ? command to see the command-line help strings.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
This example shows how to assign DSCP 10 to all FTP traffic without any policers:
Switch(config)# policy-map policy_ftp
Switch(config-pmap)# class ftp_class
Switch(config-pmap-c)# set ip dscp 10
Switch(config-pmap)# exit
You can verify your settings by entering the show policy-map privileged EXEC command.
Use the setup privileged EXEC command to configure the switch with its initial configuration.
setup
This command has no arguments or keywords.
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
When you use the setup command, make sure that you have this information:
•IP address and network mask
•Password strategy for your environment
•Whether the switch will be used as the cluster command switch and the cluster name
When you enter the setup command, an interactive dialog, called the System Configuration Dialog, appears. It guides you through the configuration process and prompts you for information. The values shown in brackets next to each prompt are the default values last set by using either the setup command facility or the configure privileged EXEC command.
Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt.
To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
When you complete your changes, the setup program shows you the configuration command script that was created during the setup session. You can save the configuration in nonvolatile RAM (NVRAM), return to the setup program without saving, or return to the command-line prompt without saving the configuration.
This is an example of output from the setup command:
Switch# setup
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system.
Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:
Enter host name [Switch]:host-name
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: enable-secret-password
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: enable-password
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: terminal-password
Configure SNMP Network Management? [no]: yes
Community string [public]:
Current interface summary
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Vlan1 172.20.135.202 YES NVRAM up up
GigabitEthernet6/0/1 unassigned YES unset up up
GigabitEthernet6/0/2 unassigned YES unset up down
GigabitEthernet6/0/3 unassigned YES unset administratively down down
GigabitEthernet6/0/4 unassigned YES unset up down
GigabitEthernet6/0/5 unassigned YES NVRAM up down
GigabitEthernet6/0/6 unassigned YES NVRAM up down
GigabitEthernet6/0/7 unassigned YES unset up down
GigabitEthernet6/0/8 unassigned YES unset up down
GigabitEthernet6/0/9 unassigned YES unset administratively down down
GigabitEthernet6/0/10 10.1.2.3 YES NVRAM up down
GigabitEthernet6/0/11 unassigned YES unset up down
GigabitEthernet6/0/12 unassigned YES unset up down
Port-channel1 unassigned YES unset up down
Enter interface name used to connect to the
management network from the above interface summary: vlan1
Configuring interface vlan1:
Configure IP on this interface? [yes]: yes
IP address for this interface: ip_address
Subnet mask for this interface [255.0.0.0]: subnet_mask
Would you like to enable as a cluster command switch? [yes/no]: yes
Enter cluster name: cluster-name
The following configuration command script was created:
hostname host-name
enable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0
enable password enable-password
line vty 0 15
password terminal-password
snmp-server community public
!
no ip routing
!
interface GigabitEthernet6/0/1
no ip address
!
interface GigabitEthernet6/0/2
no ip address
!
...
interface GigabitEthernet6/0/12
no ip address
cluster enable cluster-name
!
end
Use this configuration? [yes/no]: yes
!
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]:
Use the setup express global configuration command to enable Express Setup mode on the switch stack or on a standalone switch. Use the no form of this command to disable Express Setup mode.
setup express
no setup express
This command has no arguments or keywords.
Express Setup is enabled.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
When Express Setup is enabled on a new (unconfigured) switch, pressing the Mode button for 2 seconds activates Express Setup. You can access the switch through an Ethernet port by using the IP address 10.0.0.1 and then can configure the switch with the web-based Express Setup program or the command-line interface (CLI)-based setup program.
When you press the Mode button for 2 seconds on a configured switch, the mode LEDs start flashing. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots. The switch can then be configured like a new switch, either through the web-based Express Setup program or the CLI-based setup program.
Note As soon as you make any change to the switch configuration (including entering no at the beginning of the CLI-based setup program), configuration by Express Setup is no longer available. You can only run Express Setup again by pressing the Mode button for 10 seconds. This deletes the switch configuration and reboots the switch.
If Express Setup is active on the switch, entering the write memory or copy running-configuration startup-configuration privileged EXEC commands deactivates Express Setup. The IP address 10.0.0.1 is no longer valid on the switch, and your connection using this IP address ends.
The primary purpose of the no setup express command is to prevent someone from deleting the switch configuration by pressing the Mode button for 10 seconds.
This example shows how to enable Express Setup mode:
Switch(config)# setup express
You can verify that Express Setup mode is enabled by pressing the Mode button:
•On an unconfigured switch, the mode LEDs turn solid green after 3 seconds.
•On a configured switch, the mode LEDs begin flashing after 2 seconds and turn solid green after 10 seconds.
This example shows how to disable Express Setup mode:
Switch(config)# no setup express
You can verify that Express Setup mode is disabled by pressing the Mode button. The mode LEDs do not turn solid green or begin flashing green if Express Setup mode is not enabled on the switch.
|
|
---|---|
Exits Express Setup mode. |
|
Displays if Express Setup mode is active. |
Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch.
show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression]
Note Though visible in the command-line help strings, the rate-limit keywords are not supported.
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The ipc keyword was added. |
The switch supports only IP standard and extended access lists. Therefore, the allowed numbers are only 1 to 199 and 1300 to 2699.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show access-lists command:
Switch# show access-lists
Standard IP access list 1
permit 1.1.1.1
permit 2.2.2.2
permit any
permit 0.255.255.255, wildcard bits 12.0.0.0
Standard IP access list videowizard_1-1-1-1
permit 1.1.1.1
Standard IP access list videowizard_10-10-10-10
permit 10.10.10.10
Extended IP access list 121
permit ahp host 10.10.10.10 host 20.20.10.10 precedence routine
Extended IP access list CMP-NAT-ACL
Dynamic Cluster-HSRP deny ip any any
deny ip any host 19.19.11.11
deny ip any host 10.11.12.13
Dynamic Cluster-NAT permit ip any any
permit ip host 10.99.100.128 any
permit ip host 10.46.22.128 any
permit ip host 10.45.101.64 any
permit ip host 10.45.20.64 any
permit ip host 10.213.43.128 any
permit ip host 10.91.28.64 any
permit ip host 10.99.75.128 any
permit ip host 10.38.49.0 any
This is an example of output from the show access-lists hardware counters command:
Switch# show access-lists hardware counters
L2 ACL INPUT Statistics
Drop: All frame count: 855
Drop: All bytes count: 94143
Drop And Log: All frame count: 0
Drop And Log: All bytes count: 0
Bridge Only: All frame count: 0
Bridge Only: All bytes count: 0
Bridge Only And Log: All frame count: 0
Bridge Only And Log: All bytes count: 0
Forwarding To CPU: All frame count: 0
Forwarding To CPU: All bytes count: 0
Forwarded: All frame count: 2121
Forwarded: All bytes count: 180762
Forwarded And Log: All frame count: 0
Forwarded And Log: All bytes count: 0
L3 ACL INPUT Statistics
Drop: All frame count: 0
Drop: All bytes count: 0
Drop And Log: All frame count: 0
Drop And Log: All bytes count: 0
Bridge Only: All frame count: 0
Bridge Only: All bytes count: 0
Bridge Only And Log: All frame count: 0
Bridge Only And Log: All bytes count: 0
Forwarding To CPU: All frame count: 0
Forwarding To CPU: All bytes count: 0
Forwarded: All frame count: 13586
Forwarded: All bytes count: 1236182
Forwarded And Log: All frame count: 0
Forwarded And Log: All bytes count: 0
L2 ACL OUTPUT Statistics
Drop: All frame count: 0
Drop: All bytes count: 0
Drop And Log: All frame count: 0
Drop And Log: All bytes count: 0
Bridge Only: All frame count: 0
Bridge Only: All bytes count: 0
Bridge Only And Log: All frame count: 0
Bridge Only And Log: All bytes count: 0
Forwarding To CPU: All frame count: 0
Forwarding To CPU: All bytes count: 0
Forwarded: All frame count: 232983
Forwarded: All bytes count: 16825661
Forwarded And Log: All frame count: 0
Forwarded And Log: All bytes count: 0
L3 ACL OUTPUT Statistics
Drop: All frame count: 0
Drop: All bytes count: 0
Drop And Log: All frame count: 0
Drop And Log: All bytes count: 0
Bridge Only: All frame count: 0
Bridge Only: All bytes count: 0
Bridge Only And Log: All frame count: 0
Bridge Only And Log: All bytes count: 0
Forwarding To CPU: All frame count: 0
Forwarding To CPU: All bytes count: 0
Forwarded: All frame count: 514434
Forwarded: All bytes count: 39048748
Forwarded And Log: All frame count: 0
Forwarded And Log: All bytes count: 0
Use the show auto qos user EXEC command to display the initial configuration that is generated by the automatic quality of service (auto-QoS) feature.
show auto qos [interface [interface-id]] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
The show auto qos [interface [interface-id]] command displays the initial auto-QoS configuration; it does not display any user changes to the configuration that might be in effect. Use the show running-config privileged EXEC command to display the auto-QoS configuration and the user modifications.
To display information about the QoS configuration that might be affected by auto-QoS, use one of these commands:
•show mls qos
•show mls qos maps cos-dscp
•show mls qos interface [interface-id] [buffers | queueing]
•show mls qos maps [cos-dscp | cos-input-q | cos-output-q | dscp-cos | dscp-input-q | dscp-output-q]
•show mls qos input-queue
•show running-config
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show auto qos command when auto-QoS is enabled:
Switch# show auto qos
Initial configuration applied by AutoQoS:
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos
no mls qos srr-queue input cos-map
no mls qos srr-queue output cos-map
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
no mls qos srr-queue input dscp-map
no mls qos srr-queue output dscp-map
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 26 33 34 35 36 37 38 39
mls qos srr-queue input dscp-map queue 2 threshold 2 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 2 threshold 2 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 27 28 29 30 31 40
mls qos srr-queue input dscp-map queue 2 threshold 3 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
no mls qos srr-queue input priority-queue 1
no mls qos srr-queue input priority-queue 2
mls qos srr-queue input bandwidth 90 10
no mls qos srr-queue input buffers
mls qos queue-set output 1 buffers 20 20 20 40
!
interface GigabitEthernet2/0/2
mls qos trust device cisco-phone
mls qos trust cos
no queue-set 1
srr-queue bandwidth shape 10 0 0 0
srr-queue bandwidth share 10 10 60 20
This is an example of output from the show auto qos interface command after the auto qos voip cisco-phone interface configuration command is entered:
Switch# show auto qos interface
Initial configuration applied by AutoQoS:
!
interface GigabitEthernet2/0/2
mls qos trust device cisco-phone
mls qos trust cos
no queue-set 1
srr-queue bandwidth shape 10 0 0 0
srr-queue bandwidth share 10 10 60 20
This is an example of output from the show auto qos interface gigabitethernet2/0/2 command after the auto qos voip cisco-phone interface configuration command is entered:
Switch# show auto qos interface gigabitethernet2/0/2
mls qos trust device cisco-phone
mls qos trust cos
no queue-set 1
srr-queue bandwidth shape 10 0 0 0
srr-queue bandwidth share 10 10 60 20
|
|
---|---|
Automatically configures QoS for VoIP within a QoS domain. |
|
Enables debugging of the auto-QoS feature. |
Use the show boot privileged EXEC command to display the settings of the boot environment variables.
show boot [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show boot command. Table 2-16 describes each field in the display.
Switch# show boot
BOOT path-list: flash:c29703750-i5q3l2-mz-121.11.AX/c29703750-i5q3l2-mz-121.11.AX.bin
Config file: flash:config.text
Private Config file: private-config
Enable Break: no
Manual Boot: yes
HELPER path-list:
Auto upgrade : yes
NVRAM/Config file
buffer size: 32768
|
|
---|---|
BOOT path-list |
Displays a semicolon separated list of executable files to try to load and execute when automatically booting. If the BOOT environment variable is not set, the system attempts to load and execute the first executable image it can find by using a recursive, depth-first search through the Flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. If the BOOT variable is set but the specified images cannot be loaded, the system attempts to boot the first bootable file that it can find in the Flash file system. |
Config file |
Displays the filename that IOS uses to read and write a nonvolatile copy of the system configuration. |
Private Config file |
Displays the filename that IOS uses to read and write a nonvolatile copy of the system configuration. |
Enable Break |
Displays whether a break during booting is enabled or disabled. If it is set to yes, on, or 1, you can interrupt the automatic boot process by pressing the Break key on the console after the Flash file system is initialized. |
Manual Boot |
Displays whether the switch automatically or manually boots. If it is set to no or 0, the boot loader attempts to automatically boot the system. If it is set to anything else, you must manually boot the switch from the boot loader mode. |
Helper path-list |
Displays a semicolon separated list of loadable files to dynamically load during the boot loader initialization. Helper files extend or patch the functionality of the boot loader. |
Auto upgrade |
Displays whether the switch stack is set to automatically copy its software version to an incompatible switch so that it can join the stack. A switch in version-mismatch (VM) mode is a switch that has a different stack protocol version than the version on the switch stack. Switches in VM mode cannot join the switch stack. If the switch stack has an image that can be copied to a switch in VM mode, and if the boot auto-copy-sw feature is enabled, the switch stack automatically copies the image from another stack member to the switch in VM mode. The switch then exits VM mode, reboots, and joins the switch stack. |
NVRAM/Config file buffer size |
Displays the buffer size that IOS uses to hold a copy of the configuration file in memory. The configuration file cannot be larger than the buffer size allocation. |
Use the show cable-diagnostics tdr privileged EXEC command to display the Time Domain Reflector (TDR) results.
show cable-diagnostics tdr interface interface-id [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(19)EA1 |
This command was introduced. |
TDR is supported only on copper Ethernet 10/100/1000 ports. It is not supported on 10/100 ports or small form-factor pluggable (SFP) module ports. For more information about TDR, refer to the software configuration guide for this release
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show cable-diagnostics tdr interface interface-id command:
Switch# show cable-diagnostics tdr interface gigabitethernet1/0/2
TDR test last run on: March 01 20:15:40
Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/2 auto Pair A 0 +/- 2 meters N/A Open
Pair B 0 +/- 2 meters N/A Open
Pair C 0 +/- 2 meters N/A Open
Pair D 0 +/- 2 meters N/A Open
Table 2-17 lists the descriptions of the fields in the show cable-diagnostics tdr command output.
For more examples of output from the show cable-diagnostics tdr interface interface-id command, refer to the software configuration guide for this release.
|
|
---|---|
Enables and runs TDR on an interface. |
Use the show class-map user EXEC command to display quality of service (QoS) class maps, which define the match criteria to classify traffic.
show class-map [class-map-name] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show class-map command:
Switch> show class-map
Class Map match-all videowizard_10-10-10-10 (id 2)
Match access-group name videowizard_10-10-10-10
Class Map match-any class-default (id 0)
Match any
Class Map match-all dscp5 (id 3)
Match ip dscp 5
|
|
---|---|
Creates a class map to be used for matching packets to the class whose name you specify. |
|
Defines the match criteria to classify traffic. |
Use the show cluster user EXEC command to display the cluster status and a summary of the cluster to which the switch belongs. This command can be entered on the cluster command switch and cluster member switches.
show cluster [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you enter this command on a switch that is not a cluster member, the error message Not a management cluster member
appears.
On a cluster member switch, this command displays the identity of the cluster command switch, the switch member number, and the state of its connectivity with the cluster command switch.
On a cluster command switch stack or cluster command switch, this command displays the cluster name and the total number of members. It also shows the cluster status and time since the status changed. If redundancy is enabled, it displays the primary and secondary command-switch information.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output when the show cluster command is entered on the active cluster command switch:
Switch> show cluster
Command switch for cluster "Ajang"
Total number of members: 7
Status: 1 members are unreachable
Time since last status change: 0 days, 0 hours, 2 minutes
Redundancy: Enabled
Standby command switch: Member 1
Standby Group: Ajang_standby
Standby Group Number: 110
Heartbeat interval: 8
Heartbeat hold-time: 80
Extended discovery hop count: 3
This is an example of output when the show cluster command is entered on a cluster member switch:
Switch1> show cluster
Member switch for cluster "hapuna"
Member number: 3
Management IP address: 192.192.192.192
Command switch mac address: 0000.0c07.ac14
Heartbeat interval: 8
Heartbeat hold-time: 80
This is an example of output when the show cluster command is entered on a cluster member switch that is configured as the standby cluster command switch:
Switch> show cluster
Member switch for cluster "hapuna"
Member number: 3 (Standby command switch)
Management IP address: 192.192.192.192
Command switch mac address: 0000.0c07.ac14
Heartbeat interval: 8
Heartbeat hold-time: 80
This is an example of output when the show cluster command is entered on the cluster command switch that has lost connectivity with member 1:
Switch> show cluster
Command switch for cluster "Ajang"
Total number of members: 7
Status: 1 members are unreachable
Time since last status change: 0 days, 0 hours, 5 minutes
Redundancy: Disabled
Heartbeat interval: 8
Heartbeat hold-time: 80
Extended discovery hop count: 3
This is an example of output when the show cluster command is entered on a cluster member switch that has lost connectivity with the cluster command switch:
Switch> show cluster
Member switch for cluster "hapuna"
Member number: <UNKNOWN>
Management IP address: 192.192.192.192
Command switch mac address: 0000.0c07.ac14
Heartbeat interval: 8
Heartbeat hold-time: 80
Use the show cluster candidates privileged EXEC command on a switch stack or on a cluster command switch to display a list of candidate switches.
show cluster candidates [detail | mac-address H.H.H.] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
This command is available only on the cluster command switch stack or cluster command switch.
If the switch is not a cluster command switch, the command displays an empty line at the prompt.
The SN in the display means switch member number. If E appears in the SN column, it means that the switch is discovered through extended discovery. If E does not appear in the SN column, it means that the switch member number is the upstream neighbor of the candidate switch. The hop count is the number of devices the candidate is from the cluster command switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show cluster candidates command:
Switch> show cluster candidates
|---Upstream---|
MAC Address Name Device Type PortIf FEC Hops SN PortIf FEC
00d0.7961.c4c0 StLouis-2 WS-C37502970-12T Gi6/0/1 2 1 Fa0/11
00d0.bbf5.e900 ldf-dist-128 WS-C3524-XL Fa0/7 1 0 Fa0/24
00e0.1e7e.be80 1900_Switch 1900 3 0 1 0 Fa0/11
00e0.1e9f.7a00 Surfers-24 WS-C2924-XL Fa0/5 1 0 Fa0/3
00e0.1e9f.8c00 Surfers-12-2 WS-C2912-XL Fa0/4 1 0 Fa0/7
00e0.1e9f.8c40 Surfers-12-1 WS-C2912-XL Fa0/1 1 0 Fa0/9
This is an example of output from the show cluster candidates command that uses the MAC address of a cluster member switch directly connected to the cluster command switch:
Switch> show cluster candidates mac-address 00d0.7961.c4c0
Device 'Tahiti-12' with mac address number 00d0.7961.c4c0
Device type: cisco WS-C37502970-12T
Upstream MAC address: 00d0.796d.2f00 (Cluster Member 0)
Local port: Gi6/0/1 FEC number:
Upstream port: GI6/0/11 FEC Number:
Hops from cluster edge: 1
Hops from command device: 1
This is an example of output from the show cluster candidates command that uses the MAC address of a cluster member switch three hops from the cluster edge:
Switch> show cluster candidates mac-address 0010.7bb6.1cc0
Device 'Ventura' with mac address number 0010.7bb6.1cc0
Device type: cisco WS-C2912MF-XL
Upstream MAC address: 0010.7bb6.1cd4
Local port: Fa2/1 FEC number:
Upstream port: Fa0/24 FEC Number:
Hops from cluster edge: 3
Hops from command device: -
This is an example of output from the show cluster candidates detail command:
Switch> show cluster candidates detail
Device 'Tahiti-12' with mac address number 00d0.7961.c4c0
Device type: cisco WS-C3512-XL
Upstream MAC address: 00d0.796d.2f00 (Cluster Member 1)
Local port: Fa0/3 FEC number:
Upstream port: Fa0/13 FEC Number:
Hops from cluster edge: 1
Hops from command device: 2
Device '1900_Switch' with mac address number 00e0.1e7e.be80
Device type: cisco 1900
Upstream MAC address: 00d0.796d.2f00 (Cluster Member 2)
Local port: 3 FEC number: 0
Upstream port: Fa0/11 FEC Number:
Hops from cluster edge: 1
Hops from command device: 2
Device 'Surfers-24' with mac address number 00e0.1e9f.7a00
Device type: cisco WS-C2924-XL
Upstream MAC address: 00d0.796d.2f00 (Cluster Member 3)
Local port: Fa0/5 FEC number:
Upstream port: Fa0/3 FEC Number:
Hops from cluster edge: 1
Hops from command device: 2
|
|
---|---|
Displays the cluster status and a summary of the cluster to which the switch belongs. |
|
Displays information about the cluster members. |
Use the show cluster members privileged EXEC command on a switch stack or on a cluster command switch to display information about the cluster members.
show cluster members [n | detail] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
This command is available only on the cluster command switch stack or cluster command switch.
If the cluster has no members, this command displays an empty line at the prompt.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show cluster members command. The SN in the display means switch number.
Switch# show cluster members
|---Upstream---|
SN MAC Address Name PortIf FEC Hops SN PortIf FEC State
0 0002.4b29.2e00 StLouis1 0 Up (Cmdr)
1 0030.946c.d740 tal-switch-1 Fa0/13 1 0 Gi0/1 Up
2 0002.b922.7180 nms-2820 10 0 2 1 Fa0/18 Up
3 0002.4b29.4400 SanJuan2 Gi0/1 2 1 Fa0/11 Up
4 0002.4b28.c480 GenieTest Gi0/2 2 1 Fa0/9 Up
This is an example of output from the show cluster members for cluster member 3:
Switch# show cluster members 3
Device 'SanJuan2' with member number 3
Device type: cisco WS-C37502970-12T
MAC address: 0002.4b29.4400
Upstream MAC address: 0030.946c.d740 (Cluster member 1)
Local port: Gi6/0/1 FEC number:
Upstream port: GI6/0/11 FEC Number:
Hops from command device: 2
This is an example of output from the show cluster members detail command:
Switch# show cluster members detail
Device 'StLouis1' with member number 0 (Command Switch)
Device type: cisco WS-C37502970-12T
MAC address: 0002.4b29.2e00
Upstream MAC address:
Local port: FEC number:
Upstream port: FEC Number:
Hops from command device: 0
Device 'tal-switch-14' with member number 1
Device type: cisco WS-C3548-XL
MAC address: 0030.946c.d740
Upstream MAC address: 0002.4b29.2e00 (Cluster member 0)
Local port: Fa0/13 FEC number:
Upstream port: Gi0/1 FEC Number:
Hops from command device: 1
Device 'nms-2820' with member number 2
Device type: cisco 2820
MAC address: 0002.b922.7180
Upstream MAC address: 0030.946c.d740 (Cluster member 1)
Local port: 10 FEC number: 0
Upstream port: Fa0/18 FEC Number:
Hops from command device: 2
Device 'SanJuan2' with member number 3
Device type: cisco WS-C37502970-12T
MAC address: 0002.4b29.4400
Upstream MAC address: 0030.946c.d740 (Cluster member 1)
Local port: Gi6/0/1 FEC number:
Upstream port: Fa6/0/11 FEC Number:
Hops from command device: 2
Device 'GenieTest' with member number 4
Device type: cisco SeaHorse
MAC address: 0002.4b28.c480
Upstream MAC address: 0030.946c.d740 (Cluster member 1)
Local port: Gi0/2 FEC number:
Upstream port: Fa0/9 FEC Number:
Hops from command device: 2
Device 'Palpatine' with member number 5
Device type: cisco WS-C2924M-XL
MAC address: 00b0.6404.f8c0
Upstream MAC address: 0002.4b29.2e00 (Cluster member 0)
Local port: Gi2/1 FEC number:
Upstream port: Gi0/7 FEC Number:
Hops from command device: 1
|
|
---|---|
Displays the cluster status and a summary of the cluster to which the switch belongs. |
|
Displays a list of candidate switches. |
Use the show controllers cpu-interface privileged EXEC command to display the state of the CPU network interface application-specific integrated circuit (ASIC) and the send and receive statistics for packets reaching the CPU.
show controllers cpu-interface [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
This display provides information that might be useful for Cisco technical support representatives troubleshooting the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is a partial output example from the show controllers cpu-interface command:
Switch# show controllers cpu-interface
cpu-queue-frames retrieved dropped invalid hol-block
----------------- ---------- ---------- ---------- ----------
rpc 4523063 0 0 0
stp 1545035 0 0 0
ipc 1903047 0 0 0
routing protocol 96145 0 0 0
L2 protocol 79596 0 0 0
remote console 0 0 0 0
sw forwarding 5756 0 0 0
host 225646 0 0 0
broadcast 46472 0 0 0
cbt-to-spt 0 0 0 0
igmp snooping 68411 0 0 0
icmp 0 0 0 0
logging 0 0 0 0
rpf-fail 0 0 0 0
queue14 0 0 0 0
cpu heartbeat 1710501 0 0 0
Supervisor ASIC receive-queue parameters
----------------------------------------
queue 0 maxrecevsize 5EE pakhead 1419A20 paktail 13EAED4
queue 1 maxrecevsize 5EE pakhead 15828E0 paktail 157FBFC
queue 2 maxrecevsize 5EE pakhead 1470D40 paktail 1470FE4
queue 3 maxrecevsize 5EE pakhead 19CDDD0 paktail 19D02C8
<output truncated>
Supervisor ASIC Mic Registers
------------------------------
MicDirectPollInfo 80000800
MicIndicationsReceived 00000000
MicInterruptsReceived 00000000
MicPcsInfo 0001001F
MicPlbMasterConfiguration 00000000
MicRxFifosAvailable 00000000
MicRxFifosReady 0000BFFF
MicTimeOutPeriod: FrameTOPeriod: 00000EA6 DirectTOPeriod: 00004000
<output truncated>
MicTransmitFifoInfo:
Fifo0: StartPtrs: 038C2800 ReadPtr: 038C2C38
WritePtrs: 038C2C38 Fifo_Flag: 8A800800
Weights: 001E001E
Fifo1: StartPtr: 03A9BC00 ReadPtr: 03A9BC60
WritePtrs: 03A9BC60 Fifo_Flag: 89800400
writeHeaderPtr: 03A9BC60
Fifo2: StartPtr: 038C8800 ReadPtr: 038C88E0
WritePtrs: 038C88E0 Fifo_Flag: 88800200
writeHeaderPtr: 038C88E0
Fifo3: StartPtr: 03C30400 ReadPtr: 03C30638
WritePtrs: 03C30638 Fifo_Flag: 89800400
writeHeaderPtr: 03C30638
Fifo4: StartPtr: 03AD5000 ReadPtr: 03AD50A0
WritePtrs: 03AD50A0 Fifo_Flag: 89800400
writeHeaderPtr: 03AD50A0
Fifo5: StartPtr: 03A7A600 ReadPtr: 03A7A600
WritePtrs: 03A7A600 Fifo_Flag: 88800200
writeHeaderPtr: 03A7A600
Fifo6: StartPtr: 03BF8400 ReadPtr: 03BF87F0
WritePtrs: 03BF87F0 Fifo_Flag: 89800400
<output truncated>
Use the show controllers ethernet-controller privileged EXEC command without keywords to display per-interface send and receive statistics read from the hardware. Use with the phy keyword to display the interface internal registers or the port-asic keyword to display information about the port application-specific integrated circuit (ASIC).
show controllers ethernet-controller [interface-id] [phy[detail]] [port-asic {configuration | statistics}] [ | {begin | exclude | include} expression]
Privileged EXEC (supported with only the interface-id keywords in user EXEC mode)
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
This display without keywords provides traffic statistics, basically the RMON statistics for all interfaces or for the specified interface.
When you enter the phy or port-asic keywords, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show controllers ethernet-controller command for an interface. Table 2-18 describes the Transmit fields, and Table 2-19 describes the Receive fields.
Switch# show controllers ethernet-controller GigabitEthernet6/0/1
Transmit GigabitEthernet6/0/1 Receive
0 Bytes 0 Bytes
0 Unicast frames 0 Unicast frames
0 Multicast frames 0 Multicast frames
0 Broadcast frames 0 Broadcast frames
0 Too old frames 0 Unicast bytes
0 Deferred frames 0 Multicast bytes
0 MTU exceeded frames 0 Broadcast bytes
0 1 collision frames 0 Alignment errors
0 2 collision frames 0 FCS errors
0 3 collision frames 0 Oversize frames
0 4 collision frames 0 Undersize frames
0 5 collision frames 0 Collision fragments
0 6 collision frames
0 7 collision frames 0 Minimum size frames
0 8 collision frames 0 65 to 127 byte frames
0 9 collision frames 0 128 to 255 byte frames
0 10 collision frames 0 256 to 511 byte frames
0 11 collision frames 0 512 to 1023 byte frames
0 12 collision frames 0 1024 to 1518 byte frames
0 13 collision frames 0 Overrun frames
0 14 collision frames 0 Pause frames
0 15 collision frames 0 Symbol error frames
0 Excessive collisions
0 Late collisions 0 Invalid frames, too large
0 VLAN discard frames 0 Valid frames, too large
0 Excess defer frames 0 Invalid frames, too small
0 64 byte frames 0 Valid frames, too small
0 127 byte frames
0 255 byte frames 0 Too old frames
0 511 byte frames 0 Valid oversize frames
0 1023 byte frames 0 System FCS error frames
0 1518 byte frames 0 RxPortFifoFull drop frame
0 Too large frames
0 Good (1 coll) frames
|
|
---|---|
Bytes |
The total number of bytes transmitted on an interface. |
Unicast Frames |
The total number of frames transmitted to unicast addresses. |
Multicast frames |
The total number of frames transmitted to multicast addresses. |
Broadcast frames |
The total number of frames transmitted to broadcast addresses. |
Too old frames |
The number of frames dropped on the egress port because the packet is aged out. |
Deferred frames |
The number of frames that are not transmitted after the time exceeds 2*maximum-packet time. |
MTU exceeded frames |
The number of frames that are larger than the maximum allowed frame size. |
1 collision frames |
The number of frames that are successfully transmitted on an interface after one collision occurs. |
2 collision frames |
The number of frames that are successfully transmitted on an interface after two collisions occur. |
3 collision frames |
The number of frames that are successfully transmitted on an interface after three collisions occur. |
4 collision frames |
The number of frames that are successfully transmitted on an interface after four collisions occur. |
5 collision frames |
The number of frames that are successfully transmitted on an interface after five collisions occur. |
6 collision frames |
The number of frames that are successfully transmitted on an interface after six collisions occur. |
7 collision frames |
The number of frames that are successfully transmitted on an interface after seven collisions occur. |
8 collision frames |
The number of frames that are successfully transmitted on an interface after eight collisions occur. |
9 collision frames |
The number of frames that are successfully transmitted on an interface after nine collisions occur. |
10 collision frames |
The number of frames that are successfully transmitted on an interface after ten collisions occur. |
11 collision frames |
The number of frames that are successfully transmitted on an interface after 11 collisions occur. |
12 collision frames |
The number of frames that are successfully transmitted on an interface after 12 collisions occur. |
13 collision frames |
The number of frames that are successfully transmitted on an interface after 13 collisions occur. |
14 collision frames |
The number of frames that are successfully transmitted on an interface after 14 collisions occur. |
15 collision frames |
The number of frames that are successfully transmitted on an interface after 15 collisions occur. |
Excessive collisions |
The number of frames that could not be transmitted on an interface because 16 collisions occurred. |
Late collisions |
After a frame is transmitted, the number of of frames dropped because late collisions were detected while the frame was transmitted. |
VLAN discard frames |
The number of frames dropped on an interface because the CFI1 bit is set. |
Excess defer frames |
The number of frames that are not transmitted after the time exceeds the maximum-packet time. |
64 byte frames |
The total number of frames transmitted on an interface that are 64 bytes. |
127 byte frames |
The total number of frames transmitted on an interface that are from 65 to 127 bytes. |
255 byte frames |
The total number of frames transmitted on an interface that are from 128 to 255 bytes. |
511 byte frames |
The total number of frames transmitted on an interface that are from 256 to 511 bytes. |
1023 byte frames |
The total number of frames transmitted on an interface that are from 512 to 1023 bytes. |
1518 byte frames |
The total number of frames transmitted on an interface that are from 1024 to 1518 bytes. |
Too large frames |
The number of frames transmitted on an interface that are larger than the maximum allowed frame size. |
Good (1 coll) frames |
The number of frames that are successfully transmitted on an interface after one collision occurs. This value does not include the number of frames that are not successfully transmitted after one collision occurs. |
1 CFI = Canonical Format Indicator |
|
|
---|---|
Bytes |
The total amount of memory (in bytes) used by frames received on an interface, including the FCS1 value and the incorrectly-formed frames. This value excludes the frame header bits. |
Unicast frames |
The total number of frames successfully received on the interface that are directed to unicast addresses. |
Multicast frames |
The total number of frames successfully received on the interface that are directed to multicast addresses. |
Broadcast frames |
The total number of frames successfully received on an interface that are directed to broadcast addresses. |
Unicast bytes |
The total amount of memory (in bytes) used by unicast frames received on an interface, including the FCS value and the incorrectly-formed frames. This value excludes the frame header bits. |
Multicast bytes |
The total amount of memory (in bytes) used by multicast frames received on an interface, including the FCS value and the incorrectly-formed frames. This value excludes the frame header bits. |
Broadcast bytes |
The total amount of memory (in bytes) used by broadcast frames received on an interface, including the FCS value and the incorrectly-formed frames. This value excludes the frame header bits. |
Alignment errors |
The total number of frames received on an interface that have alignment errors. |
FCS errors |
The total number of frames received on an interface that have a valid length (in bytes) but do not have the correct FCS values. |
Oversize frames |
The number of frames received on an interface that are larger than the maximum allowed frame size. |
Undersize frames |
The number of frames received on an interface that are smaller than 64 bytes. |
Collision fragments |
The number of collision fragments received on an interface. |
Minimum size frames |
The total number of frames that are the minimum frame size. |
65 to 127 byte frames |
The total number of frames that are from 65 to 127 bytes. |
128 to 255 byte frames |
The total number of frames that are from 128 to 255 bytes. |
256 to 511 byte frames |
The total number of frames that are from 256 to 511 bytes. |
512 to 1023 byte frames |
The total number of frames that are from 512 to 1023 bytes. |
1024 to 1518 byte frames |
The total number of frames that are from 1024 to 1518 bytes. |
Overrun frames |
The total number of overrun frames received on an interface. |
Pause frames |
The number of pause frames received on an interface. |
Symbol error frames |
The number of frames received on an interface that have symbol errors. |
Invalid frames, too large |
The number of frames received that were larger than maximum allowed MTU2 size (including the FCS bits and excluding the frame header) and have either an FCS error or an alignment error. |
Valid frames, too large |
The number of frames received on an interface that are larger than the maximum allowed frame size. |
Invalid frames, too small |
The number of frames received that are smaller than 64 bytes (including the FCS bits and excluding the frame header) and have either an FCS error or an alignment error. |
Valid frames, too small |
The number of frames received on an interface that are smaller than 64 bytes (or 68 bytes for VLAN tagged frames) and have valid FCS values. The frame size includes the FCS bits but excludes the frame header bits. |
Too old frames |
The number of frames dropped on the ingress port because the packet is aged out. |
Valid oversize frames |
The number of frames received on an interface that are larger than the maximum allowed frame size and have valid FCS values. The frame size includes the FCS value but does not include the VLAN tag. |
System FCS error frames |
The total number of frames received on an interface that have a valid length (in bytes) but do not have the correct FCS values. |
RxPortFifoFull drop frames |
The total number of frames received on an interface that are dropped because the ingress queue is full. |
1 FCS = frame check sequence 2 MTU = maximum transmission unit |
This is an example of output from the show controllers ethernet-controller phy command for a specific interface. Note that the last line of the display is the setting for automatic media-dependent-interface crossover (Auto-MDIX) for the interface.
Switch# show controllers ethernet-controller gigabitethernet1/0/3 phy
Control Register : 0001 0001 0100 0000
Control STATUS : 0111 1001 0100 1001
Phy ID 1 : 0000 0001 0100 0001
Phy ID 2 : 0000 1100 0010 0100
Auto-Negotiation Advertisement : 0000 0011 1110 0001
Auto-Negotiation Link Partner : 0000 0000 0000 0000
Auto-Negotiation Expansion Reg : 0000 0000 0000 0100
Next Page Transmit Register : 0010 0000 0000 0001
Link Partner Next page Registe : 0000 0000 0000 0000
1000BASE-T Control Register : 0000 1111 0000 0000
1000BASE-T Status Register : 0100 0000 0000 0000
Extended Status Register : 0011 0000 0000 0000
PHY Specific Control Register : 0000 0000 0111 1000
PHY Specific Status Register : 1000 0001 0100 0000
Interrupt Enable : 0000 0000 0000 0000
Interrupt Status : 0000 0000 0100 0000
Extended PHY Specific Control : 0000 1100 0110 1000
Receive Error Counter : 0000 0000 0000 0000
Reserved Register 1 : 0000 0000 0000 0000
Global Status : 0000 0000 0000 0000
LED Control : 0100 0001 0000 0000
Manual LED Override : 0000 1000 0010 1010
Extended PHY Specific Control : 0000 0000 0001 1010
Disable Receiver 1 : 0000 0000 0000 1011
Disable Receiver 2 : 1000 0000 0000 0100
Extended PHY Specific Status : 1000 0100 1000 0000
Auto-MDIX : On [AdminState=1 Flags=0x00052248]
This is an example of output from the show controllers ethernet-controller port-asic configuration command:
Switch# show controllers ethernet-controller port-asic configuration
========================================================================
Switch 4, PortASIC 0 Registers
------------------------------------------------------------------------
DeviceType : 000101BC
Reset : 00000000
PmadMicConfig : 00000001
PmadMicDiag : 00000003
SupervisorReceiveFifoSramInfo : 000007D0 000007D0 40000000
SupervisorTransmitFifoSramInfo : 000001D0 000001D0 40000000
GlobalStatus : 00000800
IndicationStatus : 00000000
IndicationStatusMask : FFFFFFFF
InterruptStatus : 00000000
InterruptStatusMask : 01FFE800
SupervisorDiag : 00000000
SupervisorFrameSizeLimit : 000007C8
SupervisorBroadcast : 000A0F01
GeneralIO : 000003F9 00000000 00000004
StackPcsInfo : FFFF1000 860329BD 5555FFFF FFFFFFFF
FF0FFF00 86020000 5555FFFF 00000000
StackRacInfo : 73001630 00000003 7F001644 00000003
24140003 FD632B00 18E418E0 FFFFFFFF
StackControlStatus : 18E418E0
stackControlStatusMask : FFFFFFFF
TransmitBufferFreeListInfo : 00000854 00000800 00000FF8 00000000
0000088A 0000085D 00000FF8 00000000
TransmitRingFifoInfo : 00000016 00000016 40000000 00000000
0000000C 0000000C 40000000 00000000
TransmitBufferInfo : 00012000 00000FFF 00000000 00000030
TransmitBufferCommonCount : 00000F7A
TransmitBufferCommonCountPeak : 0000001E
TransmitBufferCommonCommonEmpty : 000000FF
NetworkActivity : 00000000 00000000 00000000 02400000
DroppedStatistics : 00000000
FrameLengthDeltaSelect : 00000001
SneakPortFifoInfo : 00000000
MacInfo : 0EC0801C 00000001 0EC0801B 00000001
00C0001D 00000001 00C0001E 00000001
<output truncated>
This is an example of output from the show controllers ethernet-controller port-asic statistics command:
Switch# show controllers ethernet-controller port-asic statistics
===========================================================================
Switch 1, PortASIC 0 Statistics
---------------------------------------------------------------------------
0 RxQ-0, wt-0 enqueue frames 0 RxQ-0, wt-0 drop frames
4118966 RxQ-0, wt-1 enqueue frames 0 RxQ-0, wt-1 drop frames
0 RxQ-0, wt-2 enqueue frames 0 RxQ-0, wt-2 drop frames
0 RxQ-1, wt-0 enqueue frames 0 RxQ-1, wt-0 drop frames
296 RxQ-1, wt-1 enqueue frames 0 RxQ-1, wt-1 drop frames
2836036 RxQ-1, wt-2 enqueue frames 0 RxQ-1, wt-2 drop frames
0 RxQ-2, wt-0 enqueue frames 0 RxQ-2, wt-0 drop frames
0 RxQ-2, wt-1 enqueue frames 0 RxQ-2, wt-1 drop frames
158377 RxQ-2, wt-2 enqueue frames 0 RxQ-2, wt-2 drop frames
0 RxQ-3, wt-0 enqueue frames 0 RxQ-3, wt-0 drop frames
0 RxQ-3, wt-1 enqueue frames 0 RxQ-3, wt-1 drop frames
0 RxQ-3, wt-2 enqueue frames 0 RxQ-3, wt-2 drop frames
15 TxBufferFull Drop Count 0 Rx Fcs Error Frames
0 TxBufferFrameDesc BadCrc16 0 Rx Invalid Oversize Frames
0 TxBuffer Bandwidth Drop Cou 0 Rx Invalid Too Large Frames
0 TxQueue Bandwidth Drop Coun 0 Rx Invalid Too Large Frames
0 TxQueue Missed Drop Statist 0 Rx Invalid Too Small Frames
74 RxBuffer Drop DestIndex Cou 0 Rx Too Old Frames
0 SneakQueue Drop Count 0 Tx Too Old Frames
0 Learning Queue Overflow Fra 0 System Fcs Error Frames
0 Learning Cam Skip Count
15 Sup Queue 0 Drop Frames 0 Sup Queue 8 Drop Frames
0 Sup Queue 1 Drop Frames 0 Sup Queue 9 Drop Frames
0 Sup Queue 2 Drop Frames 0 Sup Queue 10 Drop Frames
0 Sup Queue 3 Drop Frames 0 Sup Queue 11 Drop Frames
0 Sup Queue 4 Drop Frames 0 Sup Queue 12 Drop Frames
0 Sup Queue 5 Drop Frames 0 Sup Queue 13 Drop Frames
0 Sup Queue 6 Drop Frames 0 Sup Queue 14 Drop Frames
0 Sup Queue 7 Drop Frames 0 Sup Queue 15 Drop Frames
===========================================================================
Switch 1, PortASIC 1 Statistics
---------------------------------------------------------------------------
0 RxQ-0, wt-0 enqueue frames 0 RxQ-0, wt-0 drop frames
52 RxQ-0, wt-1 enqueue frames 0 RxQ-0, wt-1 drop frames
0 RxQ-0, wt-2 enqueue frames 0 RxQ-0, wt-2 drop frames
<output truncated>
Use the show controllers tcam privileged EXEC command to display the state of the registers for all ternary content addressable memory (TCAM) in the system and for all TCAM interface application-specific integrated circuits (ASICs) that are CAM controllers.
show controllers tcam [asic [number]] [detail] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The asic [number] keywords were added. |
This display provides information that might be useful for Cisco technical support representatives troubleshooting the switch.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show controllers tcam command:
Switch# show controllers tcam
------------------------------------------------------------------------
TCAM-0 Registers
------------------------------------------------------------------------
REV: 00B30103
SIZE: 00080040
ID: 00000000
CCR: 00000000_F0000020
RPID0: 00000000_00000000
RPID1: 00000000_00000000
RPID2: 00000000_00000000
RPID3: 00000000_00000000
HRR0: 00000000_E000CAFC
HRR1: 00000000_00000000
HRR2: 00000000_00000000
HRR3: 00000000_00000000
HRR4: 00000000_00000000
HRR5: 00000000_00000000
HRR6: 00000000_00000000
HRR7: 00000000_00000000
<output truncated>
GMR31: FF_FFFFFFFF_FFFFFFFF
GMR32: FF_FFFFFFFF_FFFFFFFF
GMR33: FF_FFFFFFFF_FFFFFFFF
=============================================================================
TCAM related PortASIC 1 registers
=============================================================================
LookupType: 89A1C67D_24E35F00
LastCamIndex: 0000FFE0
LocalNoMatch: 000069E0
ForwardingRamBaseAddress:
00022A00 0002FE00 00040600 0002FE00 0000D400
00000000 003FBA00 00009000 00009000 00040600
00000000 00012800 00012900
Use the show dot1x privileged EXEC command to display 802.1X statistics, administrative status, and operational status for the switch or for the specified interface.
show dot1x [all | interface interface-id | statistics interface interface-id] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The all keyword was added. |
If you do not specify an interface, global parameters and a summary are displayed. If you specify an interface, details for that interface are displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show dot1x and the show dot1x all privileged EXEC commands:
Switch# show dot1x
Sysauthcontrol = Enabled
Dot1x Protocol Version = 1
Dot1x Oper Controlled Directions = Both
Dot1x Admin Controlled Directions = Both
Switch# show dot1x all
Dot1x Info for interface GigabitEthernet1/0/3
----------------------------------------------------
Supplicant MAC 00d0.b71b.35de
AuthSM State = CONNECTING
BendSM State = IDLE
PortStatus = UNAUTHORIZED
MaxReq = 2
HostMode = Single
Port Control = Auto
QuietPeriod = 60 Seconds
Re-authentication = Disabled
ReAuthPeriod = 3600 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 0
Dot1x Info for interface GigabitEthernet1/0/7
----------------------------------------------------
PortStatus = UNAUTHORIZED
MaxReq = 2
HostMode = Multi
Port Control = Auto
QuietPeriod = 60 Seconds
Re-authentication = Disabled
ReAuthPeriod = 3600 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 0
This is an example of output from the show dot1x interface gigabitethernet1/0/3 privileged EXEC command:
Switch# show dot1x interface gigabitethernet1/0/3
Supplicant MAC 00d0.b71b.35de
AuthSM State = AUTHENTICATED
BendSM State = IDLE
PortStatus = AUTHORIZED
MaxReq = 2
HostMode = Single
Port Control = Auto
QuietPeriod = 60 Seconds
Re-authentication = Disabled
ReAuthPeriod = 3600 Seconds
ServerTimeout = 30 Seconds
SuppTimeout = 30 Seconds
TxPeriod = 30 Seconds
Guest-Vlan = 0
This is an example of output from the show dot1x statistics interface gigabitethernet1/0/3 command. Table 2-20 describes the fields in the display.
Switch# show dot1x statistics interface gigabitethernet1/0/3
PortStatistics Parameters for Dot1x
--------------------------------------------
TxReqId = 15 TxReq = 0 TxTotal = 15
RxStart = 4 RxLogoff = 0 RxRespId = 1 RxResp = 1
RxInvalid = 0 RxLenErr = 0 RxTotal= 6
RxVersion = 1 LastRxSrcMac 00d0.b71b.35de
|
|
---|---|
Resets the configurable 802.1X parameters to their default values. |
Use the show dtp privileged EXEC command to display Dynamic Trunking Protocol (DTP) information for the switch or for a specified interface.
show dtp [interface interface-id] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show dtp command:
Switch# show dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
21 interfaces using DTP
This is an example of output from the show dtp interface command:
Switch# show dtp interface gigabitethernet1/0/1
DTP information for GigabitEthernet1/0/1:
TOS/TAS/TNS: ACCESS/AUTO/ACCESS
TOT/TAT/TNT: NATIVE/NEGOTIATE/NATIVE
Neighbor address 1: 000943A7D081
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 1/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
3160 packets received (3160 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 other
6320 packets output (6320 good)
3160 native, 3160 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Mon Mar 01 1993, 01:02:29
0 link downs
|
|
---|---|
show interfaces trunk |
Displays interface trunking information. |
Use the show env user EXEC command to display fan, temperature, redundant power system (RPS) availability, and power information for the switch being accessed (standalone switch or stack master or stack member). Use with the stack keyword to display all information for the stack or for a specified switch in the stack.
show env {all | fan | power | rps | stack [switch-number] | temperature} [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Use the show access-lists privileged EXEC command to access information from a specific switch other than the master.
You can use the show env stack [switch-number] command to display information about any switch in the stack from any switch member.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show env all command entered from the master switch or a standalone switch:
Switch> show env all
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is AVAILABLE
This is an example of output from the show env fan command:
Switch> show env fan
FAN is OK
This is an example of output from the show env stack command:
Switch> show env stack
SWITCH: 1
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
SWITCH: 2
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
SWITCH: 3
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
SWITCH: 4
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
SWITCH: 5
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
SWITCH: 6
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
This example shows how to display information about stack member 3 from the master switch:
Switch> show env stack 3
SWITCH: 3
FAN is OK
TEMPERATURE is OK
POWER is OK
RPS is NOT PRESENT
Use the show errdisable detect user EXEC command to display error-disable detection status.
show errdisable detect [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
A displayed gbic-invalid error reason refers to an invalid small form-factor pluggable (SFP) module.
This is an example of output from the show errdisable detect command:
Switch> show errdisable detect
ErrDisable Reason Detection status
----------------- ----------------
udld Enabled
bpduguard Enabled
security-violation Enabled
channel-misconfig Enabled
psecure-violation Enabled
dhcp-rate-limit Enabled
unicast-flood Enabled
vmps Enabled
pagp-flap Enabled
dtp-flap Enabled
link-flap Enabled
gbic-invalid Enabled
loopback Enabled
Note Though visible in the output, the dhcp-rate-limit and unicast-flood fields are not valid.
|
|
---|---|
Enables error-disable detection for a specific cause or all causes. |
|
Displays error condition recognition information. |
|
Displays error-disable recovery timer information. |
|
show interfaces status |
Displays interface status or a list of interfaces in error-disabled state. |
Use the show errdisable flap-values user EXEC command to display conditions that cause an error to be recognized for a cause.
show errdisable flap-values [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The Flaps column in the display shows how many changes to the state within the specified time interval will cause an error to be detected and a port to be disabled. For example, the display shows that an error will be assumed and the port shut down if three Dynamic Trunking Protocol (DTP)-state (port mode access/trunk) or Port Aggregation Protocol (PAgP) flap changes occur during a 30-second interval, or if 5 link-state (link up/down) changes occur during a 10-second interval.
ErrDisable Reason Flaps Time (sec)
----------------- ------ ----------
pagp-flap 3 30
dtp-flap 3 30
link-flap 5 10
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show errdisable flap-values command:
Switch> show errdisable flap-values
ErrDisable Reason Flaps Time (sec)
----------------- ------ ----------
pagp-flap 3 30
dtp-flap 3 30
link-flap 5 10
|
|
---|---|
Enables error-disable detection for a specific cause or all causes. |
|
Displays error-disable detection status. |
|
Displays error-disable recovery timer information. |
|
show interfaces status |
Displays interface status or a list of interfaces in error-disabled state. |
Use the show errdisable recovery user EXEC command to display the error-disable recovery timer information.
show errdisable recovery [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
A gbic-invalid error-disable reason refers to an invalid small form-factor pluggable (SFP) interface.
This is an example of output from the show errdisable recovery command:
Switch> show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
udld Disabled
bpduguard Disabled
security-violatio Disabled
channel-misconfig Disabled
vmps Disabled
pagp-flap Disabled
dtp-flap Disabled
link-flap Disabled
gbic-invalid Disabled
psecure-violation Disabled
gbic-invalid Disabled
dhcp-rate-limit Disabled
unicast-flood Disabled
loopback Disabled
Timer interval:300 seconds
Interfaces that will be enabled at the next timeout:
Interface Errdisable reason Time left(sec)
--------- ----------------- --------------
Gi1/0/4 link-flap 279
|
|
---|---|
Configures the recover mechanism variables. |
|
Displays error disable detection status. |
|
Displays error condition recognition information. |
|
show interfaces status |
Displays interface status or a list of interfaces in error-disabled state. |
Use the show etherchannel user EXEC command to display EtherChannel information for a channel.
show etherchannel [channel-group-number {detail | port | port-channel | protocol | summary}] {detail | load-balance | port | port-channel | protocol | summary} [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The protocol keyword was added. |
If you do not specify a channel-group, all channel groups are displayed.
In the output, the Passive port list field is displayed only for Layer 3 port channels. This field means that the physical interface, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show etherchannel 1 detail command:
Switch>
show etherchannel 1 detail
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
Ports in the group:
-------------------
Port: Gi1/0/1
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = Active Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDU
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/1 SA bndl 32768 0x1 0x1 0x101 0x3D
Gi1/0/2 SA bndl 32768 0x0 0x1 0x0 0x3D
Gi0/1 SA bndl 32768 0x0 0x1 0x0 0x3D
Age of the port in the current state: 01d:20h:06m:04s
Port-channels in the group:
----------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 01d:20h:20m:26s
Logical slot/port = 10/1 Number of ports = 2
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/1 Active 0
0 00 Gi1/0/2 Active 0
0 00 Gi0/1 Active 0
0 00 Gi0/2 Active 0
Time since last port bundled: 01d:20h:20m:20s Gi1/0/2
This is an example of output from the show etherchannel 1 summary command:
Switch
> show etherchannel 1 summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------
1 Po1(SU) LACP Gi1/0/1(P) Gi1/0/2(P)
1 Po1(SU) LACP Gi0/1(P) Gi0/2(P)
This is an example of output from the show etherchannel 1 port-channel command:
Switch> show etherchannel 1 port-channel
Port-channels in the group:
----------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 01d:20h:24m:50s
Logical slot/port = 10/1 Number of ports = 2
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/1 Active 0
0 00 Gi1/0/2 Active 0
0 00 Gi0/1 Active 0
0 00 Gi0/2 Active 0
Time since last port bundled: 01d:20h:24m:44s Gi1/0/2
This is an example of output from show etherchannel protocol command:
Switch# show etherchannel protocol
Channel-group listing:
-----------------------
Group: 1
----------
Protocol: LACP
Group: 2
----------
Protocol: PAgP
|
|
---|---|
Assigns an Ethernet interface to an EtherChannel group. |
|
Restricts the protocol used on an interface to manage channeling. |
|
Accesses or creates the port channel. |
Use the show interfaces privileged EXEC command to display the administrative and operational status of all interfaces or a specified interface.
show interfaces [interface-id | vlan vlan-id] [accounting | capabilities [module number] | counters | description | etherchannel | flowcontrol | pruning | stats | status [err-disabled] | switchport | trunk] [ | {begin | exclude | include} expression]
interface-id |
(Optional) Valid interfaces include physical ports (including type, stack member, module, and port number) and port channels. The valid port-channel range is 1 to 12. |
vlan vlan-id |
(Optional) VLAN identification. The range is 1 to 4094. |
accounting |
(Optional) Display accounting information on the interface, including active protocols and input and output packets and octets. |
capabilities |
(Optional) Display the capabilities of all interfaces or the specified interface, including the features and options that you can configure on the interface. Though visible in the command line help, this option is not available for VLAN IDs. |
module number |
(Optional) Display capabilities of all interfaces on the specified stack member switch. The range is from 1 to 9. Although the indicated range is from 1 to 9, entering only module 1 displays the switch capabilities. This option is not available if you enter a specific interface ID before the capabilities keyword. |
counters |
(Optional) See the show interfaces counters command. |
description |
(Optional) Display the administrative status and description set for an interface. |
etherchannel |
(Optional) Display interface EtherChannel information. |
flowcontrol |
(Optional) Display interface flowcontrol information |
pruning |
(Optional) Display interface trunk VTP pruning information. |
stats |
(Optional) Display the input and output packets by switching path for the interface. |
status |
(Optional) Display the status of the interface. |
err-disabled |
(Optional) Display interfaces in error-disabled state. |
switchport |
(Optional) Display the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
trunk |
Display interface trunk information. If you do not specify an interface, information for only active trunking ports is displayed. |
| begin |
(Optional) Display begins with the line that matches the expression. |
| exclude |
(Optional) Display excludes lines that match the expression. |
| include |
(Optional) Display includes lines that match the specified expression. |
expression |
Expression in the output to use as a reference point. |
Note Though visible in the command-line help strings, the crb, fair-queue, irb, mac-accounting, precedence, private-vlan mapping, random-detect, rate-limit, and shape keywords are not supported.
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
Support for the capabilities keyword was added. |
The show interfaces capabilities command with different keywords has these results:
•Entering show interface capabilities module number displays the capabilities of all interfaces on that switch in the stack. If there is no switch with that module number in the stack, the output is blank. 1 displays the capabilities of all interfaces on the switch. If you enter any other number, the output is blank.
•Entering show interfaces interface-id capabilities displays the capabilities of the specified interface.
•Entering show interfaces capabilities (with no module number or interface ID) displays the capabilities of all interfaces on the switch in the stack.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show interfaces command for Gigabit Ethernet interface 3 on stack member 3:
Switch# show interfaces gigabitethernet3/0/3
GigabitEthernet3/0/3 is down, line protocol is down
Hardware is Gigabit Ethernet, address is 0009.43a7.d085 (bia 0009.43a7.d085)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 1040 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
4 packets output, 1040 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
This is an example of output from the show interfaces accounting command.
Switch# show interfaces accounting
Vlan1
Protocol Pkts In Chars In Pkts Out Chars Out
IP 1094395 131900022 559555 84077157
Spanning Tree 283896 17033760 42 2520
ARP 63738 3825680 231 13860
Interface Vlan2 is disabled
Vlan7
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
Vlan31
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
GigabitEthernet1/0/1
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
GigabitEthernet1/0/2
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
GigabitEthernet1/0/3
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
<output truncated>
This is an example of output from the show interfaces capabilities command for an interface.
Switch# show interfaces gigabitethernet1/0/3 capabilities
GigabitEthernet1/0/3
Model: WS-C3750G-24TS
Type: 10/100/1000BaseTX
Speed: 10,100,1000,auto
Duplex: full,auto
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),tx-(4q2t)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Dot1x: yes
Switch# show interfaces gigabitethernet0/1 capabilities
GigabitEthernet0/1
Model: WS-C2970G-24T-E
Type: 10/100/1000BaseTX
Speed: 10,100,1000,auto
Duplex: full,auto
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),tx-(4q2t)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
This is an example of output from the show interfaces gigabitethernet1/0/4 description command when the interface has been described as Connects to Marketing by using the description interface configuration command.
Switch# show interfaces gigabitethernet1/0/4 description
Interface Status Protocol Description
Gi1/0/4 up down Connects to Marketing
Gi0/4 up down Connects to Marketing
This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch:
Switch# show interfaces etherchannel
----
Port-channel1:
Age of the Port-channel = 03d:20h:17m:29s
Logical slot/port = 10/1 Number of ports = 0
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Not-Inuse
Port-channel2:
Age of the Port-channel = 03d:20h:17m:29s
Logical slot/port = 10/2 Number of ports = 0
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Not-Inuse
Port-channel3:
Age of the Port-channel = 03d:20h:17m:29s
Logical slot/port = 10/3 Number of ports = 0
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Not-Inuse
This is an example of output from the show interfaces gigabitethernet1/0/6 pruning command when pruning is enabled in the VTP domain:
Switch# show interfaces gigibitethernet1/0/6 pruning
Port Vlans pruned for lack of request by neighbor
Gi1/0/6 3,4
Gi0/6 3,4
Port Vlans traffic requested of neighbor
Gi1/0/6 1-3
Gi0/6 1-3
This is an example of output from the show interfaces stats command for a specified interface.
Switch# show interfaces vlan 1 stats
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1165354 136205310 570800 91731594
Route cache 0 0 0 0
Total 1165354 136205310 570800 91731594
This is an example of partial output from the show interfaces status command. It displays the status of all interfaces.
Switch#
show interfaces status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 notconnect 1 auto auto 10/100BaseTX
Fa1/0/2 notconnect 1 auto auto 10/100BaseTX
Fa1/0/3 notconnect 1 auto auto 10/100BaseTX
Fa1/0/4 Test notconnect 1 auto auto 10/100BaseTX
Fa1/0/5 notconnect 1 auto auto 10/100BaseTX
Port Name Status Vlan Duplex Speed Type
Gi0/1 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/2 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/3 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/6 notconnect 1 auto auto 10/100/1000BaseTX
<output truncated>
This is an example of output from the show interfaces status err-disabled command. It displays the status of interfaces in the error-disabled state.
Switch#
show interfaces status err-disabled
Port Name Status Reason
Gi2/0/26 err-disabled gbic-invalid
Gi0/6 err-disabled dtp-flap
This is an example of output from the show interfaces switchport command for a single interface. Table 2-21 describes the fields in the display.
Note Private VLANs are not supported in this release, so those fields are not applicable.
Switch# show interfaces gigabitethernet1/0/3 switchport
Name: Gi1/0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
This is an example of output from the show interfaces interface trunk command. It displays trunking information for the interface.
Switch#
show interfaces fastethernet1/0/17 trunk
Port Mode Encapsulation Status Native vlan
Fa1/0/17 desirable n-isl trunking 1
Port Vlans allowed on trunk
Fa1/0/17 1-4094
Port Vlans allowed and active in management domain
Fa1/0/17 1-4,20,34-36,38-55,57-58,66-67,100,139,200-201,1000
Port Vlans in spanning tree forwarding state and not pruned
Fa1/0/17 1-4,20,34-36,38-55,57-58,66-67,100,139,200-201,1000
e
Switch#
show interfaces gigabitethernet0/1 trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 auto negotiate trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1-4
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-4
|
|
---|---|
Configures a port as a static-access or dynamic-access port. |
|
Blocks unknown unicast or multicast traffic on an interface. |
|
Configures the VLAN membership mode of a port. |
|
Isolates unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch. |
|
switchport trunk pruning |
Configures the VLAN pruning-eligible list for ports in trunking mode. |
Use the show interfaces counters privileged EXEC command to display various counters for the switch or for a specific interface.
show interfaces [interface-id | vlan vlan-id] counters [broadcast | errors | module switch- number | multicast | trunk | unicast] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you do not enter any keywords, all counters for all interfaces are included.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of partial output from the show interfaces counters command. It displays all counters for the switch.
Switch# show interfaces counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Fa6/0/1 0 0 0 0
Fa6/0/2 0 0 0 0
Fa6/0/3 0 0 0 0
Fa6/0/4 0 0 0 0
Fa6/0/5 0 0 0 0
<output truncated>
Fa6/0/24 0 0 0 0
Gi6/0/1 0 0 0 0
Gi6/0/2 0 0 0 0
Fa8/0/1 0 0 0 0
Fa8/0/2 0 0 0 0
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi0/1 0 0 0 0
Gi0/2 0 0 0 0
Gi0/3 0 0 0 0
Gi0/4 0 0 0 0
Gi0/5 0 0 0 0
Gi0/6 0 0 0 0
Gi0/7 0 0 0 0
Gi0/8 0 0 0 0
Gi0/9 0 0 0 0
<output truncated>
This is an example of partial output from the show interfaces counters broadcast command. It displays dropped broadcast traffic for all interfaces.
Switch# show interfaces counters broadcast
Port BcastSuppDiscards
Fa1/0/1 0
Fa1/0/2 0
Fa1/0/3 0
Fa1/0/4 0
Fa1/0/5 0
Fa1/0/6 0
Gi0/1 0
Gi0/2 0
Gi0/3 0
Gi0/4 0
Gi0/5 0
Gi0/6 0
<output truncated>
This is an example of partial output from the show interfaces counters module command for stack member 2. It displays all counters for the specified switch in the stack.
Switch# show interfaces counters module 2
Sauron#show interface counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Fa2/0/1 520 2 0 0
Fa2/0/2 520 2 0 0
Fa2/0/3 520 2 0 0
Fa2/0/4 520 2 0 0
Fa2/0/5 520 2 0 0
Fa2/0/6 520 2 0 0
Fa2/0/7 520 2 0 0
Fa2/0/8 520 2 0 0
<output truncated>
This is an example of output from the show interfaces counters trunk command. It displays trunk counters for all interfaces.
Switch# show interfaces counters trunk
Port TrunkFramesTx TrunkFramesRx WrongEncap
Fa1/0/1 0 0 0
Fa1/0/2 0 0 0
Fa1/0/3 80678 4155 0
Fa1/0/4 82320 126 0
Fa1/0/5 0 0 0
Gi0/1 0 0 0
Gi0/2 0 0 0
Gi0/3 80678 4155 0
Gi0/4 82320 126 0
Gi0/5 0 0 0
<output truncated>
Use the show ip igmp profile privileged EXEC command to view all configured Internet Group Management Protocol (IGMP) profiles or a specified IGMP profile.
show ip igmp profile [profile number] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
These are examples of output from the show ip igmp profile privileged EXEC command, with and without specifying a profile number. If no profile number is entered, the display includes all profiles configured on the switch.
Switch# show ip igmp profile 40
IGMP Profile 40
permit
range 233.1.1.1 233.255.255.255
Switch# show ip igmp profile
IGMP Profile 3
range 230.9.9.0 230.9.9.0
IGMP Profile 4
permit
range 229.9.9.0 229.255.255.255
|
|
---|---|
Configures the specified IGMP profile number. |
Use the show ip igmp snooping user EXEC command to display the Internet Group Management Protocol (IGMP) snooping configuration of the switch or the VLAN.
show ip igmp snooping [group | mrouter | multicast | querier] [vlan vlan-id] [ | {begin | exclude | include} expression]
group |
(Optional) Display information about the IGMP multicast groups, the compatibility mode, and the ports that are assoicated with each group. |
mrouter |
(Optional) See the show ip igmp snooping mrouter command. |
multicast |
(Optional) See the show ip igmp snooping multicast command. |
querier |
(Optional) Display information about the IGMP version that an interface supports. |
vlan vlan-id |
(Optional) Specify a VLAN; the range is 1 to 4094. |
| begin |
(Optional) Display begins with the line that matches the expression. |
| exclude |
(Optional) Display excludes lines that match the expression. |
| include |
(Optional) Display includes lines that match the specified expression. |
expression |
Expression in the output to use as a reference point. |
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The group and querier keywords were added. |
Use this command to display snooping configuration for the switch or for a specific VLAN.
Although visible in the output display, output lines related to topology change notification (TCN) and source-only learning are not supported.
Use the show ip igmp snooping group command to display the multicast groups, the compatibility mode, and the ports that are assoicated with each group.
Use the show ip igmp snooping querier command to display the IGMP version and ports that are associated with a multicast IP address.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show ip igmp snooping vlan 1 command. It shows snooping characteristics for a specific VLAN.
Switch> show ip igmp snooping vlan 1
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping :Enabled
IGMPv3 snooping support :Basic
Report suppression :Enabled
TCN solicit query :Disabled
TCN flood query count :2
Vlan 1:
--------
IGMP snooping :Enabled
Immediate leave :Disabled
Multicast router learning mode :pim-dvmrp
Source only learning age timer :10
CGMP interoperability mode :IGMP_ONLY
Note TCN and source-only learning are not supported, and information displayed about these features is not valid.
This is an example of output from the show ip igmp snooping command. It displays snooping characteristics for all VLANs on the switch.
Switch> show ip igmp snooping
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Vlan 1:
--------
IGMP snooping :Enabled
Immediate leave :Disabled
Multicast router learning mode :pim-dvmrp
Source only learning age timer :10
CGMP interoperability mode :IGMP_ONLY
Vlan 2:
--------
IGMP snooping :Enabled
Immediate leave :Disabled
Multicast router learning mode :pim-dvmrp
Source only learning age timer :10
CGMP interoperability mode :IGMP_ONLY
<output truncated>
This is an example of output from the show ip igmp snooping group vlan 1 command:
Switch> show ip igmp snooping group vlan 1
Vlan Group Version Port List
---------------------------------------------------------
1 229.2.3.4 v3 gi1/0/1 gi1/0/3
1 224.1.1.1 v2 gi1/0/8
This is an example of output from the show ip igmp snooping querier command:
Switch> show ip igmp snooping querier
Vlan IP Address IGMP Version Port
---------------------------------------------------
1 172.20.50.11 v3 gi1/0/1
2 172.20.40.20 v2 Router
Use the show ip igmp snooping mrouter privileged EXEC command to display the Internet Group Management Protocol (IGMP) snooping dynamically learned and manually configured multicast router ports for the switch or for the specified multicast VLAN.
show ip igmp snooping mrouter [vlan vlan-id] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12/1(11)AX |
This command was first introduced. |
Use this command to display multicast router ports on the switch or for a specific VLAN.
When multicast VLAN registration (MVR) is enabled, the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show ip igmp snooping mrouter command. It shows how to display multicast router ports on the switch.
Switch#
show ip igmp snooping mrouter
Vlan ports
---- -----
1 Gi2/0/1(dynamic)
Use the show ip igmp snooping multicast privileged EXEC command to display the Internet Group Management Protocol (IGMP) snooping multicast table for the switch or multicast information for the selected parameter. Use with the vlan keyword to display the multicast table for a specified multicast VLAN or information about the selected parameter for the VLAN.
show ip igmp snooping multicast [vlan vlan-id] [count | dynamic [count | group ip_address] | group ip_address | user [count | group ip_address]] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Use this command to display multicast information and the multicast table for specified parameters.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show ip igmp snooping multicast command without any keywords. It displays the multicast table for the switch.
Switch#
show ip igmp snooping multicast
Vlan Group Address Type Ports
---- ------------- ---- -----
1 224.1.2.30 IGMP Fa3/0/31, Fa4/0/1 Gi0/3, Gi0/4
1 224.1.2.1 IGMP Fa3/0/31, Fa4/0/1 Gi0/3, Gi0/4
1 224.4.4.4 USER Fa1/0/4, Fa4/0/1 Gi0/10, Gi0/11
This is an example of output from the show ip igmp snooping multicast count command. It displays the total number of multicast groups on the switch.
Switch#
show ip igmp snooping multicast count
Total number of multicast groups: 3
This is an example of output from the show ip igmp snooping multicast dynamic command. It shows only the entries learned through IGMP snooping.
Switch#
show ip igmp snooping multicast dynamic
Vlan Group Address Type Ports
---- ------------- ---- -----
1 224.1.2.30 IGMP Fa4/0/1, Fa4/0/37 Gi0/3, Gi0/4
1 224.1.2.1 IGMP Fa4/0/1, Fa4/0/37 Gi0/3, Gi0/4
This is an example of output from the show ip igmp snooping multicast group command. It shows the entries for the group with the specified IP address.
Switch#
show ip igmp snooping multicast group 224.1.2.30
Vlan Group Address Type Ports
---- ------------- ---- -----
1 224.1.2.30 IGMP Fa4/0/1, Fa4/0/37 Gi0/3, Gi0/4
This is an example of output from the show ip igmp snooping multicast vlan command. It displays all entries belonging to the specified VLAN.
Switch# show ip igmp snooping multicast vlan 1
Vlan Group Address Type Ports
---- ------------- ---- -----
1 224.1.2.30 IGMP Fa4/0/1, Fa4/0/37 Gi0/3, Gi0/4
1 224.1.2.1 IGMP Fa4/0/1, Fa4/0/37 Gi0/3, Gi0/4
Use the show lacp user EXEC command to display Link Aggregation Control Protocol (LACP) channel-group information.
show lacp [channel-group-number] {counters | internal | neighbor | sys-id} [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
You can enter any show lacp command to display the active channel-group information. To display specific channel information, enter the show lacp command with a channel-group number.
If you do not specify a channel group, information for all channel groups appears.
You can enter the channel-group-number option to specify a channel group for all keywords except sys-id.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
This is an example of output from the show lacp counters command user EXEC command. Table 2-22 describes the fields in the display.
Switch>
show lacp counters
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
Channel group:1
Gi2/0/5 19 10 0 0 0 0 0
Gi2/0/6 14 6 0 0 0 0 0
Gi2/0/7 8 7 0 0 0 0 0
This is an example of output from the show lacp internal command:
Switch> show lacp 1 internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi2/0/5 SA bndl 32768 0x3 0x3 0x4 0x3D
Gi2/0/6 SA bndl 32768 0x3 0x3 0x5 0x3D
Gi2/0/7 SA bndl 32768 0x3 0x3 0x6 0x3D
Table 2-23 describes the fields in the display:
This is an example of output from the show lacp neighbor command:
Switch> show lacp neighbor
Flags: S - Device is sending Slow LACPDUs F - Device is sending Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 3 neighbors
Partner's information:
Partner Partner Partner
Port System ID Port Number Age Flags
Gi2/0/3 32768,0007.eb49.5e80 0xC 19s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x3 0x3C
Partner's information:
Partner Partner Partner
Port System ID Port Number Age Flags
Gi2/0/4 32768,0007.eb49.5e80 0xD 15s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x3 0x3C
This is an example of output from the show lacp sys-id command:
Switch> show lacp sys-id
32765,0002.4b29.3a00
The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.
|
|
---|---|
Clears LACP channel-group information. |
|
Configures the LACP port priority. |
|
Configures the LACP system priority. |
Use the show mac access-group user EXEC command to display the MAC access control lists (ACLs) configured for an interface or a switch.
show mac access-group [interface interface-id] [ | {begin | exclude | include} expression]
User EXEC; the interface keyword is available only in privileged EXEC mode.
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac-access group user EXEC command. In this display, Gigabit Ethernet interface 1/0/12 has the MAC access list macl_e1 applied; no MAC ACLs are applied to other interfaces.
Switch> show mac access-group
Interface GigabitEthernet1/0/1:
Inbound access-list is not set
Interface GigabitEthernet1/0/2:
Inbound access-list is macl_e1
Interface GigabitEthernet1/0/3:
Inbound access-list is not set
Interface GigabitEthernet1/0/4:
Inbound access-list is not set
<output truncated>
Interface GigabitEthernet1/0/10:
Inbound access-list is not set
Interface GigabitEthernet1/0/11:
Inbound access-list is not set
Interface GigabitEthernet1/0/12:
Inbound access-list is macl_e1
<output truncated>
This is an example of output from the show mac access-group interface gigabitethernet1/ 0/12 command:
Switch# show mac access-group interface gigabitethernet1/0/12
Interface GigabitEthernet1/0/12:
Inbound access-list is macl_e1
|
|
---|---|
Applies a MAC access group to an interface. |
Use the show mac address-table user EXEC command to display a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN.
show mac address-table [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table command replaces the show mac-address-table command (with the hyphen). The show mac-address-table command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table command was replaced by the show mac address-table command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table command:
Switch> show mac address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
All 0000.0000.0001 STATIC CPU
All 0000.0000.0002 STATIC CPU
All 0000.0000.0003 STATIC CPU
All 0000.0000.0009 STATIC CPU
All 0000.0000.0012 STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
1 0030.9441.6327 DYNAMIC Gi6/0/23
Total Mac Addresses for this criterion: 12
|
|
---|---|
clear mac address-table dynamic |
Deletes from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN. |
Displays the aging time in all VLANs or the specified VLAN. |
|
Displays the number of addresses present in all VLANs or the specified VLAN. |
|
Displays dynamic MAC address table entries only. |
|
Displays the MAC address table information for the specified interface. |
|
Displays the Layer 2 multicast entries for all VLANs or the specified VLAN. |
|
Displays the MAC address notification settings for all interfaces or the specified interface. |
|
Displays static MAC address table entries only. |
|
Displays the MAC address table information for the specified VLAN. |
Use the show mac address-table address user EXEC command to display MAC address table information for the specified MAC address.
show mac address-table address mac-address [interface interface-id] [vlan vlan-id] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table address command replaces the show mac-address-table address command (with the hyphen). The show mac-address-table address command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table address command was replaced by the show mac address-table address command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table address command:
Switch# show mac address-table address 0002.4b28.c482
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
All 0002.4b28.c482 STATIC CPU
Total Mac Addresses for this criterion: 1
Use the show mac address-table aging-time user EXEC command to display the aging time of a specific address table instance, all address table instances on a specified VLAN or, if a specific VLAN is not specified, on all VLANs.
show mac address-table aging-time [vlan vlan-id] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table aging-time command replaces the show mac-address-table aging-time command (with the hyphen). The show mac-address-table aging-time command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table aging-time command was replaced by the show mac address-table aging-time command. |
If no VLAN number is specified, then the aging time for all VLANs is displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table aging-time command:
Switch> show mac address-table aging-time
Vlan Aging Time
---- ----------
1 300
This is an example of output from the show mac address-table aging-time vlan 10 command:
Switch> show mac address-table aging-time vlan 10
Vlan Aging Time
---- ----------
10 300
Use the show mac address-table count user EXEC command to display the number of addresses present in all VLANs or the specified VLAN.
show mac address-table count [vlan vlan-id] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table count command replaces the show mac-address-table count command (with the hyphen). The show mac-address-table count command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table count command was replaced by the show mac address-table count command. |
If no VLAN number is specified, the address count for all VLANs is displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table count command:
Switch# show mac address-table count
Mac Entries for Vlan : 1
---------------------------
Dynamic Address Count : 2
Static Address Count : 0
Total Mac Addresses : 2
Use the show mac address-table dynamic user EXEC command to display only dynamic MAC address table entries.
show mac address-table dynamic [address mac-address] [interface interface-id] [vlan vlan-id]
[ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table dynamic command replaces the show mac-address-table dynamic command (with the hyphen). The show mac-address-table dynamic command (with the hyphen) will become obsolete in a future release.
User EXEC; address keyword available only in privileged EXEC mode.
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table dynamic command was replaced by the show mac address-table dynamic command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table dynamic command:
Switch> show mac address-table dynamic
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0030.b635.7862 DYNAMIC Gi6/0/2
1 00b0.6496.2741 DYNAMIC Gi6/0/2
Total Mac Addresses for this criterion: 2
|
|
---|---|
clear mac address-table dynamic |
Deletes from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a particular VLAN. |
Displays MAC address table information for the specified MAC address. |
|
Displays the aging time in all VLANs or the specified VLAN. |
|
Displays the number of addresses present in all VLANs or the specified VLAN. |
|
Displays the MAC address table information for the specified interface. |
|
Displays the Layer 2 multicast entries for all VLANs or the specified VLAN. |
|
Displays static MAC address table entries only. |
|
Displays the MAC address table information for the specified VLAN. |
Use the show mac address-table interface user command to display the MAC address table information for the specified interface in the specified VLAN.
show mac address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table interface command replaces the show mac-address-table interface command (with the hyphen). The show mac-address-table interface command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table interface command was replaced by the show mac address-table interface command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table interface command:
Switch> show mac address-table interface gigabitethernet6/0/2
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0030.b635.7862 DYNAMIC Gi6/0/2
1 00b0.6496.2741 DYNAMIC Gi6/0/2
Total Mac Addresses for this criterion: 2
Use the show mac address-table multicast user EXEC command to display the Layer 2 multicast entries for all VLANs. Use the command in privileged EXEC mode to display specific multicast entries.
show mac address-table multicast [vlan-id] [count | user [count]] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table multicast command replaces the show mac-address-table multicast command (with the hyphen). The show mac-address-table multicast command (with the hyphen) will become obsolete in a future release.
Note Though visible in the command-line help string, the igmp-snooping keyword is not supported. Use the show ip igmp snooping multicast privileged EXEC command to display the Internet Group Management Protocol (IGMP) snooping multicast table.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table multicast command was replaced by the show mac address-table multicast command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table multicast command. It shows how to display all multicast entries for the switch.
Switch> show mac address-table multicast
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0100.5e00.0128 IGMP Gi1/0/1
This is an example of output from the show mac address-table multicast count command. It shows how to display a total count of MAC address entries for the switch.
Switch>
show mac address-table multicast count
Multicast MAC Entries for all vlans: 10
This is an example of output from the show mac address-table multicast vlan 1 count command. It shows how to display a total count of MAC address entries for a VLAN.
Switch>
show mac address-table multicast vlan 1 count
Multicast MAC Entries for vlan 1: 4
Use the show mac address-table notification user EXEC command to display the MAC address notification settings for all interfaces or the specified interface.
show mac address-table notification [interface [interface-id]] [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table notification command replaces the show mac-address-table notification command (with the hyphen). The show mac-address-table notification command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table notification command was replaced by the show mac address-table notification command. |
Use the show mac address-table notification command without any keywords to display whether the feature is enabled or disabled, the MAC notification interval, the maximum number of entries allowed in the history table, and the history table contents.
Use the interface keyword to display the flags for all interfaces. If the interface-id is included, only the flags for that interface are displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table notification command:
Switch> show mac address-table notification
MAC Notification Feature is Enabled on the switch
Interval between Notification Traps : 60 secs
Number of MAC Addresses Added : 4
Number of MAC Addresses Removed : 4
Number of Notifications sent to NMS : 3
Maximum Number of entries configured in History Table : 100
Current History Table Length : 3
MAC Notification Traps are Enabled
History Table contents
----------------------
History Index 0, Entry Timestamp 1032254, Despatch Timestamp 1032254
MAC Changed Message :
Operation: Added Vlan: 2 MAC Addr: 0000.0000.0001 Module: 0 Port: 1
History Index 1, Entry Timestamp 1038254, Despatch Timestamp 1038254
MAC Changed Message :
Operation: Added Vlan: 2 MAC Addr: 0000.0000.0000 Module: 0 Port: 1
Operation: Added Vlan: 2 MAC Addr: 0000.0000.0002 Module: 0 Port: 1
Operation: Added Vlan: 2 MAC Addr: 0000.0000.0003 Module: 0 Port: 1
History Index 2, Entry Timestamp 1074254, Despatch Timestamp 1074254
MAC Changed Message :
Operation: Deleted Vlan: 2 MAC Addr: 0000.0000.0000 Module: 0 Port: 1
Operation: Deleted Vlan: 2 MAC Addr: 0000.0000.0001 Module: 0 Port: 1
Operation: Deleted Vlan: 2 MAC Addr: 0000.0000.0002 Module: 0 Port: 1
Operation: Deleted Vlan: 2 MAC Addr: 0000.0000.0003 Module: 0 Port: 1
|
|
---|---|
clear mac address-table notification |
Clears the MAC address notification global counters. |
Displays MAC address table information for the specified MAC address. |
|
Displays the aging time in all VLANs or the specified VLAN. |
|
Displays the number of addresses present in all VLANs or the specified VLAN. |
|
Displays dynamic MAC address table entries only. |
|
Displays the MAC address table information for the specified interface. |
|
Displays the Layer 2 multicast entries for all VLANs or the specified VLAN. |
|
Displays static MAC address table entries only. |
|
Displays the MAC address table information for the specified VLAN. |
Use the show mac address-table static user EXEC command to display static MAC address table entries only.
show mac address-table static [address mac-address] [interface interface-id] [vlan vlan-id]
[ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table static command replaces the show mac-address-table static command (with the hyphen). The show mac-address-table static command (with the hyphen) will become obsolete in a future release.
User EXEC; address keyword available only in privileged EXEC mode.
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table static command was replaced by the show mac address-table static command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table static command:
Switch> show mac address-table static
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
All 0100.0ccc.cccc STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
4 0001.0002.0004 STATIC Drop
6 0001.0002.0007 STATIC Drop
Total Mac Addresses for this criterion: 10
Use the show mac address-table vlan user EXEC command to display the MAC address table information for the specified VLAN.
show mac address-table vlan vlan-id [ | {begin | exclude | include} expression]
Note Beginning with Cisco IOS Release 12.1(19)EA1, the show mac address-table vlan command replaces the show mac-address-table vlan command (with the hyphen). The show mac-address-table vlan command (with the hyphen) will become obsolete in a future release.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(19)EA1 |
The show mac-address-table vlan command was replaced by the show mac address-table vlan command. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mac address-table vlan 1 command:
Switch> show mac address-table vlan 1
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0100.0ccc.cccc STATIC CPU
1 0180.c200.0000 STATIC CPU
1 0100.0ccc.cccd STATIC CPU
1 0180.c200.0001 STATIC CPU
1 0180.c200.0002 STATIC CPU
1 0180.c200.0003 STATIC CPU
1 0180.c200.0004 STATIC CPU
1 0180.c200.0005 STATIC CPU
1 0180.c200.0006 STATIC CPU
1 0180.c200.0007 STATIC CPU
Total Mac Addresses for this criterion: 10
Use the show mls qos user EXEC command to display global quality of service (QoS) configuration information.
show mls qos [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mls qos command:
Switch> show mls qos
Qos is enabled
|
|
---|---|
Enables quality of service (QoS) for the entire switch. |
Use the show mls qos aggregate-policer user EXEC command to display the quality of service (QoS) aggregate policer configuration. A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded.
show mls qos aggregate-policer [aggregate-policer-name] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mls qos aggregate-policer command:
Switch> show mls qos aggregate-policer policer1
aggregate-policer policer1 88000 2000000 exceed-action drop
Not used by any policy map
|
|
---|---|
Defines policer parameters that can be shared by multiple classes within a policy map. |
Use the show mls qos input-queue user EXEC command to display quality of service (QoS) settings for the ingress queues.
show mls qos input-queue [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mls qos input-queue command:
Switch> show mls qos input-queue
Queue : 1 2
----------------------------------------------
buffers : 90 10
bandwidth : 4 4
priority : 0 10
threshold1: 100 100
threshold2: 100 100
Use the show mls qos interface user EXEC command to display quality of service (QoS) information at the interface level.
show mls qos interface [interface-id] [buffers | queueing | statistics]
[ | {begin | exclude | include} expression]
Note Though visible in the command-line help string, the policers keyword is not supported.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mls qos interface command:
Switch# show mls qos interface fastethernet1/0/7
FastEthernet1/0/7
Switch# show mls qos interface gigabitethernet0/7
GigabitEthernet0/7
Attached policy-map for Ingress: videowizard_policy
trust state: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
This is an example of output from the show mls qos interface fastethernet1/0/7 buffersshow mls qos interface gigabitethernet0/7 buffers command:
Switch> show mls qos interface fastethernet1/0/7 buffers
Switch> show mls qos interface gigabitethernet0/7 buffers
FastEthernet1/0/7
GigabitEthernet0/7
The port is mapped to qset : 1
The allocations between the queues are : 25 25 25 25
This is an example of output from the show mls qos interface fastethernet1/0/7 queueingshow mls qos interface gigabitethernet0/7 queueing command. The egress expedite queue overrides the configured SRR weights.
Switch> show mls qos interface fastethernet1/0/7 queueing
Switch> show mls qos interface gigabitethernet0/7 queueing
FastEthernet1/0/7
Egress Priority Queue :enabled
GigabitEthernet0/7
Shaped queue weights (absolute) : 25 0 0 0
Shared queue weights : 25 25 25 25
The port bandwidth is limited to: 100%
The port is mapped to qset : 1
This is an example of output from the show mls qos interface fastethernet1/0/7 statisticsshow mls qos interface gigabitethernet0/7 statistics command. Table 2-24 describes the fields in this display.
Switch> show mls qos interface fastethernet1/0/7 statistics
Switch> show mls qos interface gigabitethernet0/7 statistics
FastEthernet1/0/7
GigabitEthernet0/7
dscp: incoming
-------------------------------
0 - 4 : 4213 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 6 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 363949 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 132067 0 0 0 0
5 - 9 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 739155 0 0 0 0
5 - 9 : 90 0 0
Policer: Inprofile: 0 OutofProfile: 0
Use the show mls qos maps user EXEC command to display quality of service (QoS) mapping information. During classification, QoS uses the mapping tables to represent the priority of the traffic and to derive a corresponding class of service (CoS) or Differentiated Services Code Point (DSCP) value from the received CoS, DSCP, or IP precedence value.
show mls qos maps [cos-dscp | cos-input-q | cos-output-q | dscp-cos | dscp-input-q | dscp-mutation dscp-mutation-name | dscp-output-q | ip-prec-dscp | policed-dscp] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
The policed-DSCP, DSCP-to-CoS, and the DSCP-to-DSCP-mutation maps are displayed as a matrix. The d1 column specifies the most-significant digit in the DSCP. The d2 row specifies the least-significant digit in the DSCP. The intersection of the d1 and d2 values provides the policed-DSCP, the CoS, or the mutated-DSCP value. For example, in the DSCP-to-CoS map, a DSCP value of 43 corresponds to a CoS value of 5.
The DSCP input queue threshold and the DSCP output queue threshold maps are displayed as a matrix. The d1 column specifies the most-significant digit of the DSCP number. The d2 row specifies the least-significant digit in the DSCP number. The intersection of the d1 and the d2 values provides the queue ID and threshold ID. For example, in the DSCP input queue threshold map, a DSCP value of 43 corresponds to queue 2 and threshold 1 (02-01).
The CoS input queue threshold and the CoS output queue threshold maps show the CoS value in the top row and the corresponding queue ID and threshold ID in the second row. For example, in the CoS input queue threshold map, a CoS value of 5 corresponds to queue 2 and threshold 1 (2-1).
This is an example of output from the show mls qos maps command:
Switch> show mls qos maps
Policed-dscp map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
Dscp-outputq-threshold map:
d1 :d2 0 1 2 3 4 5 6 7 8 9
--------------------------------------------------------------------
0 : 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01
1 : 02-01 02-01 02-01 02-01 02-01 02-01 03-01 03-01 03-01 03-01
2 : 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01
3 : 03-01 03-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01
4 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 04-01 04-01
5 : 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01
6 : 04-01 04-01 04-01 04-01
Dscp-inputq-threshold map:
d1 :d2 0 1 2 3 4 5 6 7 8 9
--------------------------------------------------------------------
0 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
1 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
2 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
3 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
4 : 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 01-01 01-01
5 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
6 : 01-01 01-01 01-01 01-01
Cos-outputq-threshold map:
cos: 0 1 2 3 4 5 6 7
------------------------------------
queue-threshold: 2-1 2-1 3-1 3-1 4-1 1-1 4-1 4-1
Cos-inputq-threshold map:
cos: 0 1 2 3 4 5 6 7
------------------------------------
queue-threshold: 1-1 1-1 1-1 1-1 1-1 2-1 1-1 1-1
Dscp-dscp mutation map:
Default DSCP Mutation Map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Use the show mls qos queue-set user EXEC command to display quality of service (QoS) settings for the egress queues.
show mls qos queue-set [qset-id] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mls qos queue-set command:
Switch> show mls qos queue-set
Queueset: 1
Queue : 1 2 3 4
----------------------------------------------
buffers : 25 25 25 25
threshold1: 100 50 100 100
threshold2: 100 50 100 100
reserved : 50 100 50 50
maximum : 400 400 400 400
Queueset: 2
Queue : 1 2 3 4
----------------------------------------------
buffers : 25 25 25 25
threshold1: 100 50 100 100
threshold2: 100 50 100 100
reserved : 50 100 50 50
maximum : 400 400 400 400
Use the show monitor user EXEC command to display information about all Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) sessions on the switch. Use the command with keywords to show a specific session, all sessions, all local sessions, or all remote sessions.
show monitor [session {session_number | all | local | range list | remote} [detail]] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The range list and detail keywords were added. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
The output is the same for the show monitor command and the show monitor session all command.
This is an example of output for the show monitor user EXEC command:
Switch# show monitor
Session 1
---------
Type :Local Session
Source Ports:
RX Only: Fa4/0/24 Gi0/24
TX Only: None
Both: Fa2/0/1-2,Fa4/0/1-5 Gi0/1-2,Gi0/4-5
Source VLANs:
RX Only: None
TX Only: None
Both: None
Source RSPAN VLAN:None
Destination Ports:Fa2/0/18 Gi0/10
Encapsulation:Replicate
Filter VLANs: None
Dest RSPAN VLAN: None
Session 2
---------
Type :Remote Source Session
Source Ports:
RX Only: None
TX Only: None
Both: None
Source VLANs:
RX Only: None
TX Only: 10
Both: 1-9
Source RSPAN VLAN:None
Destination Ports:None
Filter VLANs: None
Dest RSPAN VLAN: 105
This is an example of output for the show monitor user EXEC command for RSPAN source session 1:
Switch# show monitor session 1
Session 1
---------
Type :Local Session
Source Ports:
RX Only: Fa4/0/24 Gi0/24
TX Only: None
Both: Fa2/0/1-2,Fa4/0/1-5 Gi0/1-2,Gi0/4-5
Source VLANs:
RX Only: None
TX Only: None
Both: None
Source RSPAN VLAN:None
Destination Ports:Fa2/0/18 Gi0/10
Encapsulation:Replicate
Filter VLANs: None
Dest RSPAN VLAN: None
This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled:
Switch# show monitor session all
Session 1
---------
Type :Local Session
Source Ports :
Both :Fa1/0/2 Gi0/2
Destination Ports :Fa2/0/2 Gi0/3
Encapsulation :Replicate
Ingress:Enabled, default VLAN = 5
Ingress encapsulation:DOT1Q
Session 2
---------
Type :Local Session
Source Ports :
Both :Fa3/0/2 Gi0/5
Destination Ports :Fa3/0/4 Gi0/7
Encapsulation :Replicate
Ingress:Enabled
Ingress encapsulation:ISL
|
|
---|---|
Starts or modifies a SPAN or RSPAN session. |
Use the show mvr privileged EXEC command without keywords to display the current Multicast VLAN Registration (MVR) global parameter values, including whether or not MVR is enabled, the MVR multicast VLAN, the maximum query response time, the number of multicast groups, and the MVR mode (dynamic or compatible).
show mvr [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mvr command:
Switch# show mvr
MVR Running: TRUE
MVR multicast VLAN: 1
MVR Max Multicast Groups: 256
MVR Current multicast groups: 0
MVR Global query response time: 5 (tenths of sec)
MVR Mode: compatible
In the preceding display, the maximum number of multicast groups is fixed at 256. The MVR mode is either compatible (for inter-operability with Catalyst 2900 XL and Catalyst 3500 XL switches) or dynamic (where operation is consistent with IGMP snooping operation and dynamic MVR membership on source ports is supported).
Use the show mvr interface privileged EXEC command without keywords to display the Multicast VLAN Registration (MVR) receiver and source ports. Use the command with keywords to display MVR parameters for a specific receiver port.
show mvr interface [interface-id [members [vlan vlan-id]]] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If the entered port identification is a non-MVR port or a source port, the command returns an error message. For receiver ports, it displays the port type, per port status, and Immediate-Leave setting.
If you enter the members keyword, all MVR group members on the interface are displayed. If you enter a VLAN ID, all MVR group members in the VLAN are displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mvr interface command:
Switch# show mvr interface
Port Type Status Immediate Leave
---- ---- ------- ---------------
Gi1/0/1 SOURCE ACTIVE/UP DISABLED
Gi1/0/2 RECEIVER ACTIVE/DOWN DISABLED
Gi1/0/5 RECEIVER ACTIVE/UP ENABLED
In the preceding display, Status is defined as follows:
•Active means the port is part of a VLAN
•Up/Down means that the port is forwarding/nonforwarding
•Inactive means that the port is not yet part of any VLAN.
This is an example of output from the show mvr interface gigabitethernet 1/0/2 command:
Switch# show mvr interface gigabitethernet1/0/2
Type: RECEIVER Status: ACTIVE Immediate Leave: DISABLED
This is an example of output from the show mvr interface gigabitethernet1/0/6 members command:
Switch# show mvr interface gigabitethernet1/0/6 members
239.255.0.0 DYNAMIC ACTIVE
239.255.0.1 DYNAMIC ACTIVE
239.255.0.2 DYNAMIC ACTIVE
239.255.0.3 DYNAMIC ACTIVE
239.255.0.4 DYNAMIC ACTIVE
239.255.0.5 DYNAMIC ACTIVE
239.255.0.6 DYNAMIC ACTIVE
239.255.0.7 DYNAMIC ACTIVE
239.255.0.8 DYNAMIC ACTIVE
239.255.0.9 DYNAMIC ACTIVE
Use the show mvr members privileged EXEC command to display all receiver and source ports that are currently members of an IP multicast group.
show mvr members [ip-address] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The show mvr members command applies to receiver and source ports. For MVR compatible mode, all source ports are members of all multicast groups.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show mvr members command:
Switch# show mvr members
MVR Group IP Status Members
------------ ------ -------
239.255.0.1 ACTIVE Gi1/0/1(d), Gi1/0/5(s)
239.255.0.2 INACTIVE None
239.255.0.3 INACTIVE None
239.255.0.4 INACTIVE None
239.255.0.5 INACTIVE None
239.255.0.6 INACTIVE None
239.255.0.7 INACTIVE None
239.255.0.8 INACTIVE None
239.255.0.9 INACTIVE None
239.255.0.10 INACTIVE None
<output truncated>
239.255.0.255 INACTIVE None
239.255.1.0 INACTIVE None
This is an example of output from the show mvr members 239.255.0.2 command. It shows how to view the members of the IP multicast group 239.255.0.2:
Switch# show mvr members 239.255.0.2
239.255.003.--22 ACTIVE Gi1/0/1(d), Gi1/0/2(d), Gi1/0/3(d),
Gi1/0/4(d), Gi1/0/5(s)
Use the show pagp user EXEC command to display Port Aggregation Protocol (PAgP) channel-group information.
show pagp [channel-group-number] {counters | internal | neighbor} [ | {begin | exclude | include} expression]]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show pagp 1 counters command:
Switch>
show pagp 1 counters
Information Flush
Port Sent Recv Sent Recv
--------------------------------------
Channel group: 1
Gi1/0/1 45 42 0 0
Gi1/0/2 45 41 0 0
Gi0/1 45 42 0 0
Gi0/2 45 41 0 0
This is an example of output from the show pagp 1 internal command:
Switch> show pagp 1 internal
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.
Channel group 1
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi1/0/1 SC U6/S7 H 30s 1 128 Any 16
Gi1/0/2 SC U6/S7 H 30s 1 128 Any 16
Gi0/1 SC U6/S7 H 30s 1 128 Any 16
Gi0/2 SC U6/S7 H 30s 1 128 Any 16
This is an example of output from the show pagp 1 neighbor command:
Switch> show pagp 1 neighbor
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
Channel group 1 neighbors
Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Gi0/1 vegas-p2 0002.4b29.4600 Gi0/1 9s SC 10001
Gi0/2 vegas-p2 0002.4b29.4600 Gi0/2 24s SC 10001
|
|
---|---|
Clears PAgP channel-group information. |
Use the show policy-map user EXEC command to display quality of service (QoS) policy maps, which define classification criteria for incoming traffic. Policy maps can include policers that specify the bandwidth limitations and the action to take if the limits are exceeded.
show policy-map [policy-map-name [class class-map-name]] [ | {begin | exclude | include} expression]
Note Though visible in the command-line help string, the interface keyword is not supported, and the statistics shown in the display should be ignored.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show policy-map command:
Switch> show policy-map
Policy Map videowizard_policy2
class videowizard_10-10-10-10
set ip dscp 34
police 100000000 2000000 exceed-action drop
Policy Map mypolicy
class dscp5
set ip dscp 6
|
|
---|---|
Creates or modifies a policy map that can be attached to multiple interfaces to specify a service policy. |
Use the show port-security privileged EXEC command to display port-security settings for an interface or for the switch.
show port-security [interface interface-id] [address | vlan] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The vlan keyword was added (visible only on trunk ports). |
If you enter the command without keywords, the output includes the administrative and operational status of all secure ports on the switch.
If you enter an interface-id, the command displays port security settings for the interface.
If you enter the address keyword, the show port-security address command displays the secure MAC addresses for all interfaces and the aging information for each secure address.
If you enter an interface-id and the address keyword, the show port-security interface interface-id address command displays all the MAC addresses for the interface with aging information for each secure address. You can also use this command to display all the MAC addresses for an interface even if you have not enabled port security on it.
If you enter the vlan keyword, the show port-security address interface interface-id vlan command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface. This option is visible only on interfaces that have the switchport mode set to trunk.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of the output from the show port-security command:
Switch# show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-------------------------------------------------------------------------------
Gi1/ 0/1 1 0 0 Shutdown
-------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 6272
This is an example of output from the show port-security interface gigabitethernet1/0/1 command:
Switch# show port-security interface gigabitethernet1/0/1
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0
This is an example of output from the show port-security address command:
Switch# show port-security address
Secure Mac Address Table
-------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0006.0700.0800 SecureConfigured Gi1/ 0/2 1
-------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 6272
This is an example of output from the show port-security interface gigabitethernet1/0/2 address command:
Switch# show port-security interface gigabitethernet1/0/2 address
Secure Mac Address Table
-------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0006.0700.0800 SecureConfigured Gi1/ 0/2 1
-------------------------------------------------------------------
Total Addresses: 1
This is an example of output from the show port-security interface gigabitethernet1/0/2 vlan command:
Switch# show port-security interface gigabitethernet1/0/2 vlan
Default maximum:not set, using 5120
VLAN Maximum Current
5 default 1
10 default 54
11 default 101
12 default 101
13 default 201
14 default 501
|
|
---|---|
Enables port security on a port, restricts the use of the port to a user-defined group of stations, and configures secure MAC addresses. |
Use the show running-config vlan privileged EXEC command to display all or a range of VLAN-related configurations on the switch.
show running-config vlan [vlan-ids] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show running-config vlan command:
Switch# show running-config vlan 220-2000
Building configuration...
Current configuration:
!
vlan 239
!
vlan 501
!
vlan 1000
!
vlan 1002
tb-vlan1 1
tb-vlan2 1003
!
vlan 1003
tb-vlan1 1
tb-vlan2 1002
!
vlan 1004
bridge 1
end
Use the show sdm prefer privileged EXEC command to display information about the Switch Database Management (SDM) templates that can be used to maximize used for allocating system resources for a particular feature, or use the command without a keyword to display the template in use.
show sdm prefer [default | routing | vlan [desktop]] [| {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The desktop keyword was added. |
When you change the SDM template by using the sdm prefer global configuration command, you must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
The numbers displayed for each the template represent an approximate maximum number for each feature resource. The actual number might vary, depending on the actual number of other features configured.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show sdm prefer command, displaying the template in use:
Switch# show sdm prefer
"default" template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 12K
number of igmp groups + multicast routes: 1K
number of unicast routes: 0
number of qos aces: 512
number of security aces: 1K
Switch# show sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of igmp groups + multicast routes: 1K
number of unicast routes: 8K
number of directly connected hosts: 6K
number of indirect routes: 2K
number of policy based routing aces: 0
number of qos aces: 512
number of security aces: 1K
This is an example of output from the show sdm prefer routing command entered on an aggregator switch:
Switch# show sdm prefer routing
"aggregate routing" template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of igmp groups + multicast routes: 1K
number of unicast routes: 20K
number of directly connected hosts: 6K
number of indirect routes: 14K
number of policy based routing aces: 512
number of qos aces: 512
number of security aces: 1K
This is an example of output from the show sdm prefer routing command entered on a desktop switch:
Switch# show sdm prefer routing
"desktop routing" template:
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of igmp groups + multicast routes: 1K
number of unicast routes: 11K
number of directly connected hosts: 3K
number of indirect routes: 8K
number of policy based routing aces: 512
number of qos aces: 512
number of security aces: 1K
This is an example of output from the show sdm prefer command when you have configured a new template but have not reloaded the switch:
Switch# show sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of igmp groups + multicast routes: 1K
number of unicast routes: 11K
number of directly connected hosts: 3K
number of indirect routes: 8K
number of qos aces: 512
number of security aces: 1K
On next reload, template will be "aggregate routing" template.
|
|
---|---|
Sets the SDM template to maximize resources for routing or VLANs or to the default template, or to select the desktop or aggregator templates. |
Use the show setup express privileged EXEC command to display if Express Setup mode is active on the switch.
show setup express [ | {begin | exclude | include} expression]
No default is defined.
Privileged EXEC
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
This is an example of output from the show setup express command:
Switch# show setup express
express setup mode is active
|
|
---|---|
Exits Express Setup mode. |
|
Enables Express Setup mode. |
Use the show spanning-tree user EXEC command to display spanning-tree state information.
show spanning-tree [bridge-group | active [detail] | backbonefast | blockedports | bridge | detail [active] | inconsistentports | interface interface-id | mst | pathcost method | root | summary [totals] | uplinkfast | vlan vlan-id] [ | {begin | exclude | include} expression]
show spanning-tree bridge-group [active [detail] | blockedports | bridge | detail [active] | inconsistentports | interface interface-id | root | summary] [| {begin | exclude | include} expression]
show spanning-tree vlan vlan-id [active [detail] | blockedports | bridge | detail [active] | inconsistentports | interface interface-id | root | summary] [ | {begin | exclude | include} expression]
show spanning-tree {vlan vlan-id | bridge-group} bridge [address | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol] [ | {begin | exclude | include} expression]
show spanning-tree {vlan vlan-id | bridge-group} root [address | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id] [ | {begin | exclude | include} expression]
show spanning-tree interface interface-id [active [detail] | cost | detail [active] | inconsistency | portfast | priority | rootcost | state] [ | {begin | exclude | include} expression]
show spanning-tree mst [configuration] | [instance-id [detail | interface interface-id [detail]]
[ | {begin | exclude | include} expression]
User EXEC; indicated keywords available only in privileged EXEC mode.
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The mst keyword and options were added. |
If the vlan-id variable is omitted, the command applies to the spanning-tree instance for all VLANs.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show spanning-tree active command:
Switch#
show spanning-tree active
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0001.42e2.cdd0
Cost 3038
Port 24 (GigabitEthernet2/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49153 (priority 49152 sys-id-ext 1)
Address 0003.fd63.9580
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi2/0/1 Root FWD 3019 128.24 P2p
<output truncated>
This is an example of output from the show spanning-tree detail command:
Switch#
show spanning-tree detail
VLAN0001 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 49152, sysid 1, address 0003.fd63.9580
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0001.42e2.cdd0
Root port is 24 (GigabitEthernet2/0/1), cost of root path is 3038
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 1d16h ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Uplinkfast enabled
Port 1 (GigabitEthernet2/0/1) of VLAN0001 is forwarding
Port path cost 3019, Port priority 128, Port Identifier 128.24.
Designated root has priority 32768, address 0001.42e2.cdd0
Designated bridge has priority 32768, address 00d0.bbf5.c680
Designated port id is 128.25, designated path cost 19
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 0, received 72364
<output truncated>
This is an example of output from the show spanning-tree interface gigabitethernet2/0/1 command:
Switch# show spanning-tree interface gigabitethernet2/0/1
Vlan Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
VLAN0001 Root FWD 3019 128.24 P2p
Switch# show spanning-tree summary
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfiguration guard is enabled
Extended system ID is enabled
Portfast is disabled by default
PortFast BPDU Guard is disabled by default
Portfast BPDU Filter is disabled by default
Loopguard is disabled by default
UplinkFast is enabled
BackboneFast is enabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 11 12
VLAN0002 3 0 0 1 4
VLAN0004 3 0 0 1 4
VLAN0006 3 0 0 1 4
VLAN0031 3 0 0 1 4
VLAN0032 3 0 0 1 4
<output truncated>
---------------------- -------- --------- -------- ---------- ----------
37 vlans 109 0 0 47 156
Station update rate set to 150 packets/sec.
UplinkFast statistics
-----------------------
Number of transitions via uplinkFast (all VLANs) : 0
Number of proxy multicast addresses transmitted (all VLANs) : 0
BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs) : 0
Number of inferior BPDUs received (all VLANs) : 0
Number of RLQ request PDUs received (all VLANs) : 0
Number of RLQ response PDUs received (all VLANs) : 0
Number of RLQ request PDUs sent (all VLANs) : 0
Number of RLQ response PDUs sent (all VLANs) : 0
This is an example of output from the show spanning-tree mst configuration command:
Switch# show spanning-tree mst configuration
Name [region1]
Revision 1
Instance Vlans Mapped
-------- ------------------
0 1-9,21-4094
1 10-20
----------------------------
This is an example of output from the show spanning-tree mst interface gigabitethernet2/0/1 command:
Switch# show spanning-tree mst interface gigabitethernet2/0/1
GigabitEthernet2/0/1 of MST00 is root forwarding
Edge port: no (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : boundary (STP) bpdu guard : disable (default)
Bpdus sent 5, received 74
Instance role state cost prio vlans mapped
0 root FWD 200000 128 1,12,14-4094
This is an example of output from the show spanning-tree mst 0 command:
Switch# show spanning-tree mst 0
###### MST00 vlans mapped: 1-9,21-4094
Bridge address 0002.4b29.7a00 priority 32768 (32768 sysid 0)
Root address 0001.4297.e000 priority 32768 (32768 sysid 0)
port Gi1/0/1 path cost 200038
IST master *this switch
Operational hello time 2, forward delay 15, max age 20, max hops 20
Configured hello time 2, forward delay 15, max age 20, max hops 20
Interface role state cost prio type
-------------------- ---- ----- --------- ---- --------------------------------
GigabitEthernet2/0/1 root FWD 200000 128 P2P bound(STP)
GigabitEthernet2/0/2 desg FWD 200000 128 P2P bound(STP)
Port-channel1 desg FWD 200000 128 P2P bound(STP)
Use the show storm-control user EXEC command to display broadcast, multicast, or unicast storm control settings on the switch or on the specified interface or to display storm-control history.
show storm-control [interface-id] [broadcast | multicast | unicast] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
When you enter an interface-id, the storm control thresholds are displayed for the specified interface.
If you do not enter an interface-id, settings are displayed for one traffic type for all ports on the switch.
If you do not enter a traffic type, settings are displayed for broadcast storm control.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of a partial output from the show storm-control command when no keywords are entered. Because no traffic type keyword was entered, the broadcast storm control settings are displayed.
Switch> show storm-control
Interface Filter State Level Current
--------- ------------- ------- -------
Gi1/0/1 inactive 100.00% N/A
Gi1/0/2 inactive 100.00% N/A
Gi1/0/3 inactive 100.00% N/A
Gi1/0/4 inactive 100.00% N/A
Gi1/0/5 inactive 100.00% N/A
Gi1/0/6 inactive 100.00% N/A
Gi1/0/7 inactive 100.00% N/A
Gi1/0/8 inactive 100.00% N/A
Gi1/0/9 inactive 100.00% N/A
Gi1/0/10 inactive 100.00% N/A
Gi1/0/11 inactive 100.00% N/A
Gi1/0/12 inactive 100.00% N/A
Gi1/0/13 inactive 100.00% N/A
Gi1/0/14 inactive 100.00% N/A
<output truncated>
This is an example of output from the show storm-control command for a specified interface. Because no traffic type keyword was entered, the broadcast storm control settings are displayed.
Switch> show storm-control gigabitethernet 2/0/1
Interface Filter State Level Current
--------- ------------- ------- -------
Gi2/0/1 inactive 100.00% N/A
This is an example of output from the show storm-control command for a specified interface and traffic type, where no storm control threshold has been set for that traffic type on the specified interface.
Switch> show storm-control gigabitethernet1/0/5 multicast
Interface Filter State Level Current
--------- ------------- ------- -------
Gi1/0/5 inactive 100.00% N/A
Table 2-25 describes the fields in the show storm-control display.
|
|
---|---|
Sets the broadcast, multicast, or unicast storm control levels for the switch. |
Use the show switch user EXEC command to display information related to the stack member or the switch stack.
show switch [stack-member-number | detail | neighbors | stack-ports] [ | {begin | exclude | include} expression
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The output for this command was expanded to include Switch Database Management (SDM) mismatch. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
These are the states displayed from this command:
•Waiting—The stage when a switch is booting up and waiting for communication from other switches in the stack. The switch has not yet determined whether it is a stack master or not.
Stack members not participating in a stack master election remain in the waiting state until the stack master is elected and ready.
•Initializing—The stage when a switch has determined whether it is the stack master or not. If the switch is not the stack master, it is receiving its system- and interface-level configuration from the stack master and loading it.
•Ready—The stage when the stack member has completed loading the system- and interface-level configuration and is ready to forward traffic.
•Master Re-Init—The stage immediately after a stack master re-election and a different stack member is elected stack master. The new stack master is re-initializing its configuration. This state applies only to the new stack master.
•Ver Mismatch—The stage of a switch in version mismatch (VM) mode. VM mode is when a switch joining the switch stack has a different stack protocol minor version number from the stack master.
•SDM Mismatch—The stage of a switch in Switch Database Management (SDM) mismatch mode. SDM mismatch is when a stack member does not support the SDM template running on the stack master.
A typical state transition for a stack member (including a stack master) booting up is Waiting -> Initializing -> Ready.
A typical state transition for a stack member becoming a stack master after a stack master election is Ready -> Master Re-Init -> Ready.
A typical state transition for a stack member in version mismatch (VM) mode is Waiting -> Ver Mismatch.
The word slave in the output refers to a stack member other than the stack master.
This example shows how to display summary information about stack member 6:
Switch(config)# show switch 6
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
6 Slave 0003.e31a.1e00 1 Ready
This example shows how to display summary information about a switch stack:
Switch(config)# show switch
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
6 Slave 0003.e31a.1e00 1 Ready
*8 Master 0003.e31a.1200 1 Ready
This example shows detailed information about a switch stack:
Switch(config)# show switch detail
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
6 Slave 0003.e31a.1e00 1 Ready
*8 Master 0003.e31a.1200 1 Ready
Stack Port Status Neighbors
Switch# Port A Port B Port A Port B
--------------------------------------------------------
6 Down Ok None 8
8 Ok Down 6 None
This example shows how to display neighbor information for a switch stack:
Switch(config)# show switch neighbors
Switch # Port A Port B
-------- ------ ------
6 None 8
8 6 None
This example shows how to display stack-port information for a switch stack:
Switch(config)# show switch stack-ports
Switch # Port A Port B
-------- ------ ------
6 Down Ok
8 Ok Down
Use the show system mtu privileged EXEC command to display the global maximum transmission unit (MTU) or maximum packet size set for the switch.
show system mtu [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you have used the system mtu or system mtu jumbo global configuration command to change the MTU setting, the new setting does not take effect until you reset the switch.
The system MTU refers to 10/100 ports; the system jumbo MTU refers to Gigabit ports.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show system mtu command:
Switch# show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 1500 bytes
|
|
---|---|
Sets the MTU size for the Fast Ethernet or Gigabit Ethernet ports. |
Use the show udld user EXEC command to display UniDirectional Link Detection (UDLD) administrative and operational status for all ports or the specified port.
show udld [interface-id] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you do not enter an interface-id, administrative and operational UDLD status for all interfaces are displayed.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show udld gigabitethernet6/0/11 command. For this display, UDLD is enabled on both ends of the link, and UDLD detects that the link is bidirectional. Table 2-26 describes the fields in this display.
Switch> show udld gigabitethernet6/0/11
Interface gi6/0/11
---
Port enable administrative configuration setting: Follows device default
Port enable operational state: Enabled
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single Neighbor detected
Message interval: 60
Time out interval: 5
Entry 1
Expiration time: 146
Device ID: 1
Current neighbor state: Bidirectional
Device name: 0050e2826000
Port ID: Gi6/0/12
Neighbor echo 1 device: SAD03160954
Neighbor echo 1 port: Gi6/0/11
Message interval: 5
CDP Device name: 066527791
Use the show version user EXEC command to display version information for the hardware and firmware.
show version [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show version command:
Switch> show version
Cisco Internetwork Operating System Software
IOS (tm) C3750 Software (C3750-I5-M), Version 12.1(0.0.709)EA1, CISCO DEVELOPMENT TEST VERSION
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 02-May-03 21:09 by antonino
Image text-base: 0x00003000, data-base: 0x008E36A4
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(0.0.130)EA1, CISCO DEVELOPMENT TEST VERSION
Switch uptime is 2 days, 11 hours, 16 minutes
System returned to ROM by power-on
System image file is "flash:i5.709"
cisco WS-C3750-48TS (PowerPC405) processor with 120822K/10240K bytes of memory.
Last reset from power-on
Bridging software.
Target IOS Version 12.1(14)EA1
1 Virtual Ethernet/IEEE 802.3 interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
32 Gigabit Ethernet/IEEE 802.3 interface(s)
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:09:43:A7:F2:00
Motherboard assembly number : 73-7056-05
Motherboard serial number : CSJ0638004U
Motherboard revision number : 05
Model number : 73-7056-05
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 28 WS-C3750G-24TS 12.1(0.0.709)EA1 C3750-I5-M
* 8 52 WS-C3750-48TS 12.1(0.0.709)EA1 C3750-I5-M
Switch 01
---------
Switch Uptime : 2 days, 11 hours, 17 minutes
Base ethernet MAC Address : 00:0B:46:2E:35:80
Motherboard assembly number : 73-7058-04
Power supply part number : 341-0045-01
Motherboard serial number : CSJ0640010L
Model number : WS-C3750-24TS-SMI
System serial number : CSJ0642U00A
Configuration register is 0xF
<output truncated>
Switch> show version
Cisco Internetwork Operating System Software
IOS (tm) C2970 Software (C2970-I6K2L2-M), Version 12.1(0.0.711)EA1, CISCO DEVELOPMENT TEST VERSION
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 12-May-03 15:58 by antonino
Image text-base: 0x00003000, data-base: 0x007743AC
ROM: Bootstrap program is C2970 boot loader
BOOTLDR: C2970 Boot Loader (C2970-HBOOT-M) Version 12.1(0.0.26)EA1, CISCO DEVELOPMENT TEST VERSION
Switch uptime is 50 minutes
System returned to ROM by power-on
System image file is "flash:c2970-i6k2l2-mz"
cisco WS-C2970G-24T-E (PowerPC405) processor with 120822K/10240K bytes of memo
.
Last reset from power-on
Target IOS Version 12.1(14)EA1
1 Virtual Ethernet/IEEE 802.3 interface(s)
24 Gigabit Ethernet/IEEE 802.3 interface(s)
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:0B:46:2E:58:80
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 24 WS-C2970G-24T-E 12.1(0.0.711)EA1 C2970-I6K2L2-M
Configuration register is 0xF
Use the show vlan user EXEC command to display the parameters for all configured VLANs or one VLAN (if the VLAN ID or name is specified) on the switch.
show vlan [brief | id vlan-id | internal usage | name vlan-name | remote-span | summary] [ | {begin | exclude | include} expression]
Note Though visible in the command-line help string, the ifindex, internal usage, and private-vlan keywords are not supported.
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show vlan command. Table 2-27 describes each field in the display.
Switch> show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Fa1/0/25, Fa1/0/26, Fa1/0/27
Fa1/0/28, Fa1/0/29, Fa1/0/30
Fa1/0/31, Fa1/0/32, Fa1/0/33
Fa1/0/34, Fa1/0/35, Fa1/0/36
Fa1/0/46, Gi1/0/1, Gi1/0/2
Gi1/0/3, Gi1/0/4, Gi2/0/1
Gi2/0/2, Gi2/0/3, Gi2/0/4
Gi2/0/5, Gi2/0/6, Gi2/0/7
<output truncated>
2 VLAN0002 active
3 VLAN0003 active
<output truncated>
1000 VLAN1000 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
<output truncated>
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------ --------- ----------------- ------------------------------------------
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------ --------- ----------------- ------------------------------------------
This is an example of output from the show vlan summary command:
Switch> show vlan summary
Number of existing VLANs : 45
Number of existing VTP VLANs : 45
Number of existing extended VLANs : 0
This is an example of output from the show vlan id command.
Switch# show vlan id 2
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 VLAN0200 active Fa1/0/47, Fa1/0/48, Gi2/0/13
Gi3/0/1
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 default active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
This is an example of output from the show vlan internal usage command. It shows that VLANs 1025 and 1026 are being used as internal VLANs for Fast Ethernet routed ports 23 and 24 on stack member 1. If you want to use one of these VLAN IDs, you must first shut down the routed port, which releases the internal VLAN, and then create the extended-range VLAN. When you start up the routed port, another internal VLAN number is assigned to it.
Switch> show vlan internal usage
VLAN Usage
---- -------------
1025 FastEthernet1/0/23
1026 FastEthernet1/0/24
Use the show vlan access-map privileged EXEC command to display information about a particular VLAN access map or all VLAN access maps.
show vlan access-map [mapname] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show vlan access-map command:
Switch# show vlan access-map
Vlan access-map "SecWiz" 10
Match clauses:
ip address: SecWiz_Fa1_Gi0_3_in_ip
Action:
forward
Use the show vlan filter privileged EXEC command to display information about all VLAN filters or about a particular VLAN or VLAN access map.
show vlan filter [access-map name | vlan vlan-id] [ | {begin | exclude | include} expression]
Privileged EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show vlan filter command:
Switch# show vlan filter
VLAN Map map_1 is filtering VLANs:
20-22
|
|
---|---|
Displays information about a particular VLAN access map or all VLAN access maps. |
|
Creates a VLAN map entry for VLAN packet filtering. |
|
Applies a VLAN map to one or more VLANs. |
Use the show vmps user EXEC command without keywords to display the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN Membership Policy Server (VMPS) IP addresses, and the current and primary servers, or use the statistics keyword to display client-side statistics.
show vmps [statistics] [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show vmps command:
Switch> show vmps
VQP Client Status:
--------------------
VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server:
Reconfirmation status
---------------------
VMPS Action: other
This is an example of output from the show vmps statistics command. Table 2-28 describes each field in the display.
Switch> show vmps statistics
VMPS Client Statistics
----------------------
VQP Queries: 0
VQP Responses: 0
VMPS Changes: 0
VQP Shutdowns: 0
VQP Denied: 0
VQP Wrong Domain: 0
VQP Wrong Version: 0
VQP Insufficient Resource: 0
Use the show vtp user EXEC command to display general information about the VLAN Trunking Protocol (VTP) management domain, status, and counters.
show vtp {counters | password | status} [ | {begin | exclude | include} expression]
User EXEC
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The password keyword was added. |
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
This is an example of output from the show vtp counters command. Table 2-29 describes each field in the display.
Switch> show vtp counters
VTP statistics:
Summary advertisements received : 0
Subset advertisements received : 0
Request advertisements received : 0
Summary advertisements transmitted : 0
Subset advertisements transmitted : 0
Request advertisements transmitted : 0
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Fa1/0/47 0 0 0
Fa1/0/48 0 0 0
Gi2/0/13 0 0 0
Gi3/0/1 0 0 0
This is an example of output from the show vtp status command. Table 2-30 describes each field in the display.
Switch> show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 45
VTP Operating Mode : Transparent
VTP Domain Name : shared_testbed1
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0x3A 0x29 0x86 0x39 0xB4 0x5D 0x58 0xD7
|
|
---|---|
Clears the VTP and pruning counters. |
|
Configures the VTP filename, interface name, domain name, and mode. |
|
Configures the VTP domain name, password, pruning, and mode. |
Use the shutdown interface configuration command on the switch stack or on a standalone switch to disable an interface. Use the no form of this command to restart a disabled interface.
shutdown
no shutdown
This command has no arguments or keywords.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The shutdown command for a port causes it to stop forwarding. You can enable the port with the no shutdown command.
The no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shut down. The port must first be a member of an active VLAN before it can be re-enabled.
The shutdown command disables all functions on the specified interface.
This command also marks the interface as unavailable. To see if an interface is disabled, use the show interfaces privileged EXEC command. An interface that has been shut down is shown as administratively down in the display.
These examples show how to disable and re-enable an interface:
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# shutdown
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# no shutdown
You can verify your settings by entering the show interfaces privileged EXEC command.
|
|
---|---|
Displays the statistical information specific to all interfaces or to a specific interface. |
Use the shutdown vlan global configuration command on the switch stack or on a standalone switch to shut down (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN.
shutdown vlan vlan-id
no shutdown vlan vlan-id
No default is defined.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The shutdown vlan command does not change the VLAN information in the VTP database. It shuts down traffic locally, but the switch still advertises VTP information.
This example shows how to shutdown traffic on VLAN 2:
Switch(config)# shutdown vlan 2
You can verify your setting by entering the show vlan privileged EXEC command.
Use the snmp-server enable traps global configuration command on the switch stack or on a standalone switch to enable the switch to send Simple Network Management Protocol (SNMP) notifications for various traps or inform requests to the network management system (NMS). Use the no form of this command to return to the default setting.
snmp-server enable traps [bgp | bridge | cluster | config | copy-config | entity | envmon [fan | shutdown | supply | temperature] | flash [insertion | removal] | fru-ctrl | hsrp | mac-notification | port-security [trap-rate value] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | stpx | syslog| vlancreate| vlandelete | vlan-membership | vtp]
no snmp-server enable traps [bgp | bridge | cluster | config | copy-config | entity | envmon [fan | shutdown | supply | temperature] | flash [insertion | removal] | fru-ctrl | hsrp | mac-notification | port-security [trap-rate] | rtr | snmp [authentication | coldstart | linkdown | linkup | warmstart] | stpx | syslog| vlancreate| vlandelete | vlan-membership | vtp]
Note Though visible in the command-line help strings, the snmp-server enable informs command is not supported. To enable the sending of SNMP inform notifications, use the snmp-server enable traps command combined with the snmp-server host host-addr informs command.
Though visible in the command-line help strings, the fru-ctrl, flash insertion and flash deletion keywords are not supported.
The sending of SNMP traps is disabled.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The bgp, copy-config, envmon, flash, port-security, stpx, syslog, vlancreate, and vlandelete keywords were added. |
Specify the host (NMS) that receives the traps by using the snmp-server host global configuration command. If no trap types are specified, all trap types are sent.
Use the snmp-server enable traps command to enable sending of traps or informs, when supported.
Note Informs are not supported in SNMPv1.
To enable more than one type of trap, you must enter a separate snmp-server enable traps command for each trap type.
This example shows how to send VTP traps to the NMS:
Switch(config)# snmp-server enable traps vtp
You can verify your setting by entering the show vtp status or the show running-config privileged EXEC command.
Use the snmp-server host global configuration command on the switch stack or on a standalone switch to specify the recipient (host) of a Simple Network Management Protocol (SNMP) notification operation. Use the no form of this command to remove the specified host.
snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 [auth | noauth| priv]}] {community-string [ [bgp ] [bridge] [cluster] [config] [copy-config] [ entity] [ envmon] [flash] [fru-ctrl] [ hsrp] [mac-notification] [ port-security] [rtr] [ snmp] [stpx] [ syslog] [tty] [udp-port] [ vlancreate] [ vlandelete] [vlan-membership] [ vtp]] }
no snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string
Note Though visible in the command-line help strings, the fru-ctrl keyword is not supported.
This command is disabled by default. No notifications are sent.
If you enter this command with no keywords, the default is to send all trap types to the host. No informs are sent to this host.
If no version keyword is present, the default is version 1.
If version 3 is selected and no authentication keyword is entered, the default is the noauth (noAuthNoPriv) security level.
Note If the community-string is not defined by using the snmp-server community global configuration command before using this command, the default form of the snmp-server community command is automatically inserted into the configuration. The password (community-string) used for this automatic configuration of the snmp-server community will be the same as that specified in the snmp-server host command.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The bgp, copy-config, flash, port-security, stpx, syslog, vlancreate, and vlandelete keywords were added. |
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Thus, informs are more likely to reach their intended destinations.
However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Traps are also sent only once, but an inform might be retried several times. The retries increase traffic and contribute to a higher overhead on the network.
If you do not enter an snmp-server host command, no notifications are sent. To configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. If you enter the command with no keywords, all trap types are enabled for the host. To enable multiple hosts, you must enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and kind of notification (trap or inform), each succeeding command overwrites the previous command. Only the last snmp-server host command is in effect. For example, if you enter an snmp-server host inform command for a host and then enter another snmp-server host inform command for the same host, the second command replaces the first.
The snmp-server host command is used with the snmp-server enable traps global configuration command. Use the snmp-server enable traps command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled. Some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Other notification types are enabled by a different command.
The no snmp-server host command with no keywords disables traps, but not informs, to the host. To disable informs, use the no snmp-server host informs command.
This example shows how to configure a unique SNMP community string named comaccess for traps and prevent SNMP polling access with this string through access-list 10:
Switch(config)# snmp-server community comaccess ro 10
Switch(config)# snmp-server host 172.20.2.160 comaccess
Switch(config)# access-list 10 deny any
This example shows how to send the SNMP traps to the host specified by the name myhost.cisco.com. The community string is defined as comaccess:
Switch(config)# snmp-server enable traps
Switch(config)# snmp-server host myhost.cisco.com comaccess snmp
This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public:
Switch(config)# snmp-server enable traps
Switch(config)# snmp-server host myhost.cisco.com public
You can verify your settings by entering the show running-config privileged EXEC command.
Use the snmp trap mac-notification interface configuration command on the switch stack or on a standalone switch to enable the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific Layer 2 interface. Use the no form of this command to return to the default setting.
snmp trap mac-notification {added | removed}
no snmp trap mac-notification {added | removed}
added |
Enable the MAC notification trap whenever a MAC address is added on this interface. |
removed |
Enable the MAC notification trap whenever a MAC address is removed from this interface. |
By default, the traps for both address addition and address removal are disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Even though you enable the notification trap for a specific interface by using the snmp trap mac-notification command, the trap is generated only when you enable the snmp-server enable traps mac-notification and the mac address-table notification global configuration commands.
This example shows how to enable the MAC notification trap when a MAC address is added to Gigabit Ethernet interface1/ 0/4 on stack member 1:
Switch(config)# interface gigabitethernet1/0/4
Switch(config-if)# snmp trap mac-notification added
You can verify your settings by entering the show mac address-table notification interface privileged EXEC command.
|
|
---|---|
clear mac address-table notification |
Clears the MAC address notification global counters. |
Enables the MAC address notification feature. |
|
Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended. |
|
Sends the SNMP MAC notification traps when the mac-notification keyword is appended. |
Use the spanning-tree backbonefast global configuration command on the switch stack or on a standalone switch to enable the BackboneFast feature. Use the no form of the command to return to the default setting.
spanning-tree backbonefast
no spanning-tree backbonefast
This command has no arguments or keywords.
BackboneFast is disabled.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The BackboneFast feature is supported only when the switch is running per-VLAN spanning-tree plus (PVST+). It is not supported when the switch is operating in the rapid-PVST+ or multiple spanning-tree (MST) mode.
BackboneFast starts when a root port or blocked port on a switch receives inferior BPDUs from its designated switch. An inferior BPDU identifies a switch that declares itself as both the root bridge and the designated switch. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root switch. If there are alternate paths to the root switch, BackboneFast causes the maximum aging time on the ports on which it received the inferior BPDU to expire and allows a blocked port to move immediately to the listening state. BackboneFast then transitions the interface to the forwarding state. For more information, refer to the software configuration guide for this release.
Enable BackboneFast on all supported switches to allow the detection of indirect link failures and to start the spanning-tree reconfiguration sooner.
This example shows how to enable BackboneFast on the switch:
Switch(config)# spanning-tree backbonefast
You can verify your setting by entering the show spanning-tree summary privileged EXEC command.
|
|
---|---|
show spanning-tree summary |
Displays a summary of the spanning-tree port states. |
Use the spanning-tree bpdufilter interface configuration command on the switch stack or on a standalone switch to prevent a port from sending or receiving bridge protocol data units (BPDUs). Use the no form of this command to return to the default setting.
spanning-tree bpdufilter {disable | enable}
no spanning-tree bpdufilter
disable |
Disable BPDU filtering on the specified interface. |
enable |
Enable BPDU filtering on the specified interface. |
BPDU filtering is disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can enable the BPDU filtering feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
You can globally enable BPDU filtering on all Port Fast-enabled ports by using the spanning-tree portfast bpdufilter default global configuration command.
You can use the spanning-tree bpdufilter interface configuration command to override the setting of the spanning-tree portfast bpdufilter default global configuration command.
This example shows how to enable the BPDU filtering feature on a port on stack member 2:
Switch(config)#
interface fastethernet2/0/1
Switch(config)#
interface gigabitethernet0/1
Switch(config-if)# spanning-tree bpdufilter enable
You can verify your setting by entering the show running-config privileged EXEC command.
Use the spanning-tree bpduguard interface configuration command on the switch stack or on a standalone switch to put a port in the error-disabled state when it receives a bridge protocol data unit (BPDU). Use the no form of this command to return to the default setting.
spanning-tree bpduguard {disable | enable}
no spanning-tree bpduguard
disable |
Disable BPDU guard on the specified interface. |
enable |
Enable BPDU guard on the specified interface. |
BPDU guard is disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The BPDU guard feature provides a secure response to invalid configurations because you must manually put the port back in service. Use the BPDU guard feature in a service-provider network to prevent a port from being included in the spanning-tree topology.
You can enable the BPDU guard feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
You can globally enable BPDU guard on all Port Fast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command.
You can use the spanning-tree bpduguard interface configuration command to override the setting of the spanning-tree portfast bpduguard default global configuration command.
This example shows how to enable the BPDU guard feature on a port on stack member 2:
Switch(config)#
interface fastethernet2/0/1
Switch(config)#
interface gigabitethernet0/1
Switch(config-if)# spanning-tree bpduguard enable
You can verify your setting by entering the show running-config privileged EXEC command.
Use the spanning-tree cost interface configuration command on the switch stack or on a standalone switch to set the path cost for spanning-tree calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to place in the forwarding state. Use the no form of this command to return to the default setting.
spanning-tree [vlan vlan-id] cost cost
no spanning-tree [vlan vlan-id] cost
The default path cost is computed from the interface bandwidth setting. These are the IEEE default path cost values:
•1000 Mbps—4
•100 Mbps—19
•10 Mbps—100
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The value for the vlan-id variable was changed. |
When you configure the cost, higher values represent higher costs.
If you configure an interface with both the spanning-tree vlan vlan-id cost cost command and the spanning-tree cost cost command, the spanning-tree vlan vlan-id cost cost command takes effect.
This example shows how to set the path cost to 250 on an interface on stack member 2:
Switch(config)# interface fastethernet2/0/4
Switch(config)#
interface gigabitethernet0/1
Switch(config-if)# spanning-tree cost 250
This example shows how to set a path cost to 300 for VLANs 10, 12 to 15, and 20:
Switch(config-if)# spanning-tree vlan 10,12-15,20 cost 300
You can verify your settings by entering the show spanning-tree interface interface-id privileged EXEC command.
|
|
---|---|
show spanning-tree interface interface-id |
Displays spanning-tree information for the specified interface. |
Configures an interface priority. |
|
spanning-tree vlan priority |
Sets the switch priority for the specified spanning-tree instance. |
Use the spanning-tree extend system-id global configuration command on the switch stack or on a standalone switch to enable the extended system ID feature.
spanning-tree extend system-id
Note Though visible in the command-line help strings, the no version of this command is not supported. You cannot disable the extended system ID feature.
This command has no arguments or keywords.
The extended system ID is enabled.
Global configuration
|
|
12.1(11)AX |
This command was first introduced. |
The Catalyst 3750Catalyst 2970 switch supports the 802.1T spanning-tree extensions. Some of the bits previously used for the switch priority are now used for the extended system ID (VLAN identifier for the per-VLAN spanning-tree plus [PVST+] and rapid PVST+ or an instance identifier for the multiple spanning tree [MST]).
The spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the bridge ID unique for each VLAN or multiple spanning-tree instance. Because the Catalyst 3750 switch stack appears as a single switch to the rest of the network, all switches in the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC address of the stack master.
Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN. For more information, see the "spanning-tree mst root" and the "spanning-tree vlan" sections.
If your network consists of switches that do not support the extended system ID and switches that do support it, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches.
|
|
---|---|
show spanning-tree summary |
Displays a summary of spanning-tree port states. |
Configures the MST root switch priority and timers based on the network diameter. |
|
spanning-tree vlan priority |
Sets the switch priority for the specified spanning-tree instance. |
Use the spanning-tree guard interface configuration command on the switch stack or on a standalone switch to enable root guard or loop guard on all the VLANs associated with the selected interface. Root guard restricts which interface is allowed to be the spanning-tree root port or the path-to-the root for the switch. Loop guard prevents alternate or root ports from becoming designated ports when a failure creates a unidirectional link. Use the no form of this command to return to the default setting.
spanning-tree guard {loop | none | root}
no spanning-tree guard
loop |
Enable loop guard. |
none |
Disable root guard or loop guard. |
root |
Enable root guard. |
Root guard is disabled.
Loop guard is configured according to the spanning-tree loopguard default global configuration command (globally disabled).
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can enable root guard or loop guard when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
When root guard is enabled, if spanning-tree calculations cause a port to be selected as the root port, the port transitions to the root-inconsistent (blocked) state to prevent the customer's switch from becoming the root switch or being in the path to the root. The root port provides the best path from the switch to the root switch.
When the no spanning-tree guard or the no spanning-tree guard none command is entered, root guard is disabled for all VLANs on the selected interface. If this interface is in the root-inconsistent (blocked) state, it automatically transitions to the listening state.
Do not enable root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state. The UplinkFast feature is not available when the switch is operating in the rapid-PVST+ or MST mode.
Loop guard is most effective when it is configured on the entire switched network. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send bridge protocol data units (BPDUs) on root or alternate ports. When the switch is operating in MST mode, BPDUs are not sent on nonboundary ports if the port is blocked by loop guard in all MST instances. On a boundary port, loop guard blocks the port in all MST instances.
To disable root guard or loop guard, use the spanning-tree guard none interface configuration command. You cannot enable both root guard and loop guard at the same time.
You can override the setting of the spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command.
This example shows how to enable root guard on all the VLANs associated with the specified interface on stack member 2:
Switch(config)# interface fastethernet2/0/3
Switch(config)# interface gigabitethernet0/3
Switch(config-if)# spanning-tree guard root
This example shows how to enable loop guard on all the VLANs associated with the specified interface on stack member 2:
Switch(config)# interface fastethernet2/0/3
Switch(config)# interface gigabitethernet0/3
Switch(config-if)# spanning-tree guard loop
You can verify your settings by entering the show running-config privileged EXEC command.
|
|
---|---|
show running-config |
Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands. |
Sets the path cost for spanning-tree calculations. |
|
Prevents alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. |
|
Configures the path cost for MST calculations. |
|
Configures an interface priority. |
|
Configures the MST root switch priority and timers based on the network diameter. |
|
Configures an interface priority. |
|
spanning-tree vlan priority |
Sets the switch priority for the specified spanning-tree instance. |
Use the spanning-tree link-type interface configuration command on the switch stack or on a standalone switch to override the default link-type setting, which is determined by the duplex mode of the port, and to enable rapid spanning-tree transitions to the forwarding state. Use the no form of this command to return to the default setting.
spanning-tree link-type {point-to-point | shared}
no spanning-tree link-type
point-to-point |
Specify that the link type of a port is point-to-point. |
shared |
Specify that the link type of a port is shared. |
The switch derives the link type of a port from the duplex mode. A full-duplex port is considered a point-to-point link, and a half-duplex port is considered a shared link.
Interface configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
You can override the default setting of the link type by using the spanning-tree link-type command; for example, a half-duplex link can be physically connected point-to-point to a single port on a remote switch running the Multiple Spanning Tree Protocol (MSTP) or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol and be enabled for rapid transitions.
This example shows how to specify the link type as shared (regardless of the duplex setting) and to prevent rapid transitions to the forwarding state:
Switch(config-if)# spanning-tree link-type shared
You can verify your setting by entering the show spanning-tree mst interface interface-id or the show spanning-tree interface interface-id privileged EXEC command.
|
|
---|---|
Restarts the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. |
|
show spanning-tree interface interface-id |
Displays spanning-tree state information for the specified interface. |
show spanning-tree mst interface interface-id |
Displays multiple spanning-tree (MST) information for the specified interface. |
Use the spanning-tree loopguard default global configuration command on the switch stack or on a standalone switch to prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. Use the no form of this command to return to the default setting.
spanning-tree loopguard default
no spanning-tree loopguard default
This command has no arguments or keywords.
Loop guard is disabled.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can enable the loop guard feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
Loop guard is most effective when it is configured on the entire switched network. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send bridge protocol data units (BPDUs) on root or alternate ports. When the switch is operating in MST mode, BPDUs are not sent on nonboundary ports if the port is blocked by loop guard in all MST instances. On a boundary port, loop guard blocks the port in all MST instances.
Loop guard operates only on ports that are considered point-to-point by the spanning tree.
You can override the setting of the spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command.
This example shows how to globally enable loop guard:
Switch(config)# spanning-tree loopguard default
You can verify your settings by entering the show running-config privileged EXEC command.
|
|
---|---|
show running-config |
Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands. |
spanning-tree guard loop |
Enables the loop guard feature on all the VLANs associated with the specified interface. |
Use the spanning-tree mode global configuration command on the switch stack or on a standalone switch to enable per-VLAN spanning-tree plus (PVST+), rapid PVST+, or multiple spanning tree (MST) on your switch. Use the no form of this command to return to the default setting.
spanning-tree mode {mst | pvst | rapid-pvst}
no spanning-tree mode
mst |
Enable MST and Rapid Spanning Tree Protocol (RSTP) (based on IEEE 802.1S and IEEE 802.1W). |
pvst |
Enable PVST+ (based on IEEE 802.1D). |
rapid-pvst |
Enable rapid PVST+ (based on IEEE 802.1W). |
The default mode is PVST+.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The mst and rapid-pvst keywords were added. |
The switch supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time: All VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP. All stack members run the same version of spanning-tree.
When you enable the MST mode, RSTP is automatically enabled.
This example shows to enable MST and RSTP on the switch:
Switch(config)# spanning-tree mode mst
This example shows to enable rapid PVST+ on the switch:
Switch(config)# spanning-tree mode rapid-pvst
You can verify your setting by entering the show running-config privileged EXEC command.
Use the spanning-tree mst configuration global configuration command on the switch stack or on a standalone switch to enter multiple spanning-tree (MST) configuration mode through which you configure the MST region. Use the no form of this command to return to the default settings.
spanning-tree mst configuration
no spanning-tree mst configuration
This command has no arguments or keywords.
The default mapping is that all VLANs are mapped to the common and internal spanning-tree (CIST) instance (instance 0).
The default name is an empty string.
The revision number is 0.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
The spanning-tree mst configuration command enables the MST configuration mode. These configuration commands are available:
•abort: exits the MST region configuration mode without applying configuration changes.
•exit: exits the MST region configuration mode and applies all configuration changes.
•instance instance-id vlan vlan-range: maps VLANs to an MST instance. The range for the instance-id is 1 to 15. The range for vlan-range is 1 to 4094. You can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma.
•name name: sets the configuration name. The name string has a maximum length of 32 characters and is case sensitive.
•no: negates the instance, name, and revision commands or sets them to their defaults.
•private-vlan: Though visible in the command-line help strings, this command is not supported.
•revision version: sets the configuration revision number. The range is 0 to 65535.
•show [current | pending]: displays the current or pending MST region configuration.
In MST mode, the switch stack supports up to 16 MST instances. The number of VLANs that can be mapped to a particular MST instance is unlimited.
When you map VLANs to an MST instance, the mapping is incremental, and VLANs specified in the command are added to or removed from the VLANs that were previously mapped. To specify a range, use a hyphen; for example, instance 1 vlan 1-63 maps VLANs 1 to 63 to MST instance 1. To specify a series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.
All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST by using the no form of the command.
For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.
This example shows how to enter MST configuration mode, map VLANs 10 to 20 to MST instance 1, name the region region1, set the configuration revision to 1, display the pending configuration, apply the changes, and return to global configuration mode:
Switch# spanning-tree mst configuration
Switch(config-mst)# instance 1 vlan 10-20
Switch(config-mst)# name region1
Switch(config-mst)# revision 1
Switch(config-mst)# show pending
Pending MST configuration
Name [region1]
Revision 1
Instance Vlans Mapped
-------- ---------------------
0 1-9,21-4094
1 10-20
-------------------------------
Switch(config-mst)# exit
Switch(config)#
This example shows how to add VLANs 1 to 100 to the ones already mapped (if any) to instance 2, to move VLANs 40 to 60 that were previously mapped to instance 2 to the CIST instance, to add VLAN 10 to instance 10, and to remove all the VLANs mapped to instance 2 and map them to the CIST instance:
Switch(config-mst)# instance 2 vlan 1-100
Switch(config-mst)# no instance 2 vlan 40-60
Switch(config-mst)# instance 10 vlan 10
Switch(config-mst)# no instance 2
You can verify your settings by entering the show pending MST configuration command.
|
|
---|---|
show spanning-tree mst configuration |
Displays the MST region configuration. |
Use the spanning-tree mst cost interface configuration command on the switch stack or on a standalone switch to set the path cost for multiple spanning-tree (MST) calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to put in the forwarding state. Use the no form of this command to return to the default setting.
spanning-tree mst instance-id cost cost
no spanning-tree mst instance-id cost
The default path cost is computed from the interface bandwidth setting. These are the IEEE default path cost values:
•1000 Mbps—20000
•100 Mbps—200000
•10 Mbps—2000000
Interface configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
When you configure the cost, higher values represent higher costs.
This example shows how to set a path cost of 250 on an interface associated with instances 2 and 4:
Switch(config)# interface gigabitethernet1/0/4
Switch(config-if)# spanning-tree mst 2,4 cost 250
You can verify your settings by entering the show spanning-tree mst interface interface-id privileged EXEC command.
|
|
---|---|
show spanning-tree mst interface interface-id |
Displays MST information for the specified interface. |
Configures an interface priority. |
|
Configures the switch priority for the specified spanning-tree instance. |
Use the spanning-tree mst forward-time global configuration command on the switch stack or on a standalone switch to set the forward-delay time for all multiple spanning-tree (MST) instances. The forwarding time determines how long each of the listening and learning states last before the interface begins forwarding. Use the no form of this command to return to the default setting.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
seconds |
Length of the listening and learning states. The range is 4 to 30 seconds. |
The default is 15 seconds.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
Changing the spanning-tree mst forward-time command affects all spanning-tree instances.
This example shows how to set the spanning-tree forwarding time to 18 seconds for all MST instances:
Switch(config)# spanning-tree mst forward-time 18
You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
Use the spanning-tree mst hello-time global configuration command on the switch stack or on a standalone switch to set the interval between hello bridge protocol data units (BPDUs) sent by root switch configuration messages. Use the no form of this command to return to the default setting.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
seconds |
Interval between hello BPDUs sent by root switch configuration messages. The range is 1 to 10 seconds. |
The default is 2 seconds.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
After you set the spanning-tree mst max-age seconds global configuration command, if a switch does not receive BPDUs from the root switch within the specified interval, the switch recomputes the spanning-tree topology. The max-age setting must be greater than the hello-time setting.
Changing the spanning-tree mst hello-time command affects all spanning-tree instances.
This example shows how to set the spanning-tree hello time to 3 seconds for all multiple spanning-tree (MST) instances:
Switch(config)# spanning-tree mst hello-time 3
You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
Use the spanning-tree mst max-age global configuration command on the switch stack or on a standalone switch to set the interval between messages that the spanning tree receives from the root switch. If a switch does not receive a bridge protocol data unit (BPDU) message from the root switch within this interval, it recomputes the spanning-tree topology. Use the no form of this command to return to the default setting.
spanning-tree mst max-age seconds
no spanning-tree mst max-age
seconds |
Interval between messages the spanning tree receives from the root switch. The range is 6 to 40 seconds. |
The default is 20 seconds.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
After you set the spanning-tree mst max-age seconds global configuration command, if a switch does not receive BPDUs from the root switch within the specified interval, the switch recomputes the spanning-tree topology. The max-age setting must be greater than the hello-time setting.
Changing the spanning-tree mst max-age command affects all spanning-tree instances.
This example shows how to set the spanning-tree max-age to 30 seconds for all multiple spanning-tree (MST) instances:
Switch(config)# spanning-tree mst max-age 30
You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
Use the spanning-tree mst max-hops global configuration command on the switch stack or on a standalone switch to set the number of hops in a region before the bridge protocol data unit (BPDU) is discarded and the information held for a port is aged. Use the no form of this command to return to the default setting.
spanning-tree mst max-hops hop-count
no spanning-tree mst max-hops
hop-count |
Number of hops in a region before the BPDU is discarded. The range is 1 to 40 hops. |
The default is 20 hops.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M-records. A switch discards the BPDU and ages the information held for the port when the count reaches 0.
Changing the spanning-tree mst max-hops command affects all spanning-tree instances.
This example shows how to set the spanning-tree max-hops to 10 for all multiple spanning-tree (MST) instances:
Switch(config)# spanning-tree mst max-hops 10
You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
Use the spanning-tree mst port-priority interface configuration command on the switch stack or on a standalone switch to configure an interface priority. If a loop occurs, the Multiple Spanning Tree Protocol (MSTP) can determine which interface to put in the forwarding state. Use the no form of this command to return to the default setting.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
The default is 128.
Interface configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
You can assign higher priority values (lower numerical values) to interfaces that you want selected first and lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value, the multiple spanning tree (MST) puts the interface with the lowest interface number in the forwarding state and blocks other interfaces.
If your switch is a member of a switch stack, you must use the spanning-tree mst [instance-id] cost cost interface configuration command instead of the spanning-tree mst [instance vlan-id] port-priority priority interface configuration command to select an interface to put in the forwarding state. Assign lower cost values to interfaces that you want selected first and higher cost values to interfaces that you want selected last.
This example shows how to increase the likelihood that the interface associated with spanning-tree instances 20 and 22 is placed into the forwarding state if a loop occurs:
Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# spanning-tree mst 20,22 port-priority 0
You can verify your settings by entering the show spanning-tree mst interface interface-id privileged EXEC command.
|
|
---|---|
show spanning-tree mst interface interface-id |
Displays MST information for the specified interface. |
Sets the path cost for MST calculations. |
|
Sets the switch priority for the specified spanning-tree instance. |
Use the spanning-tree mst priority global configuration command on the switch stack or on a standalone switch to set the switch priority for the specified spanning-tree instance. Use the no form of this command to return to the default setting.
spanning-tree mst instance-id priority priority
no spanning-tree mst instance-id priority
The default is 32768.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
This example shows how to set the spanning-tree priority to 8192 for multiple spanning-tree instances (MST) 20 to 21:
Switch(config)# spanning-tree mst 20-21 priority 8192
You can verify your settings by entering the show spanning-tree mst instance-id privileged EXEC command.
|
|
---|---|
show spanning-tree mst instance-id |
Displays MST information for the specified interface. |
Sets the path cost for MST calculations. |
|
Configures an interface priority. |
Use the spanning-tree mst root global configuration command on the switch stack or on a standalone switch to configure the multiple spanning-tree (MST) root switch priority and timers based on the network diameter. Use the no form of this command to return to the default settings.
spanning-tree mst instance-id root {primary | secondary} [diameter net-diameter
[hello-time seconds]]
no spanning-tree mst instance-id root
The primary root switch priority is 24576.
The secondary root switch priority is 28672.
The hello time is 2 seconds.
Global configuration
|
|
---|---|
12.1(14)EA1 |
This command was first introduced. |
Use the spanning-tree mst instance-id root command only on backbone switches.
When you enter the spanning-tree mst instance-id root command, the software tries to set a high enough priority to make this switch the root of the spanning-tree instance. Because of the extended system ID support, the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance. If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value.)
When you enter the spanning-tree mst instance-id root secondary command, because of support for the extended system ID, the software changes the switch priority from the default value (32768) to 28672. If the root switch fails, this switch becomes the next root switch (if the other switches in the network use the default switch priority of 32768 and are therefore unlikely to become the root switch).
This example shows how to configure the switch as the root switch for instance 10 with a network diameter of 4:
Switch(config)# spanning-tree mst 10 root primary diameter 4
This example shows how to configure the switch as the secondary root switch for instance 10 with a network diameter of 4:
S
witch(config)# spanning-tree mst 10 root secondary diameter 4
You can verify your settings by entering the show spanning-tree mst instance-id privileged EXEC command.
|
|
---|---|
show spanning-tree mst instance-id |
Displays MST information for the specified instance. |
Sets the forward-delay time for all MST instances. |
|
Sets the interval between hello BPDUs sent by root switch configuration messages. |
|
Sets the interval between messages that the spanning tree receives from the root switch. |
|
Sets the number of hops in a region before the BPDU is discarded. |
Use the spanning-tree port-priority interface configuration command on the switch stack or on a standalone switch to configure an interface priority. If a loop occurs, spanning tree can determine which interface to put in the forwarding state. Use the no form of this command to return to the default setting.
spanning-tree [vlan vlan-id] port-priority priority
no spanning-tree [vlan vlan-id] port-priority
The default is 128.
Interface configuration
|
|
---|---|
12.1(14)EA1 |
The value for the vlan-id variable was changed. The priority range values changed. |
If the variable vlan-id is omitted, the command applies to the spanning-tree instance associated with VLAN 1.
You can set the priority on a VLAN that has no interfaces assigned to it. The setting takes effect when you assign the interface to the VLAN.
If you configure an interface with both the spanning-tree vlan vlan-id port-priority priority command and the spanning-tree port-priority priority command, the spanning-tree vlan vlan-id port-priority priority command takes effect.
If your switch is a member of a switch stack, you must use the spanning-tree [vlan vlan-id] cost cost interface configuration command instead of the spanning-tree [vlan vlan-id] port-priority priority interface configuration command to select an interface to put in the forwarding state. Assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last.
This example shows how to increase the likelihood that FastGigabit Ethernet interface 0/2 on stack member 2 will be put in the forwarding state if a loop occurs:
Switch(config)# interface fastethernet2/0/2
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# spanning-tree vlan 20 port-priority 0
This example shows how to set the port-priority value on VLANs 20 to 25:
Switch(config-if)# spanning-tree vlan 20-25 port-priority 0
You can verify your settings by entering the show spanning-tree interface interface-id privileged EXEC command.
|
|
---|---|
show spanning-tree interface interface-id |
Displays spanning-tree information for the specified interface. |
Sets the path cost for spanning-tree calculations. |
|
spanning-tree vlan priority |
Sets the switch priority for the specified spanning-tree instance. |
Use the spanning-tree portfast global configuration command on the switch stack or on a standalone switch to globally enable bridge protocol data unit (BPDU) filtering on Port Fast-enabled ports, the BPDU guard feature on Port Fast-enabled ports, or the Port Fast feature on all nontrunking ports. The BPDU filtering feature prevents the switch port from sending or receiving BPDUs. The BPDU guard feature puts Port Fast-enabled ports that receive BPDUs in an error-disabled state. Use the no form of this command to return to the default settings.
spanning-tree portfast {bpdufilter default | bpduguard default | default}
no spanning-tree portfast {bpdufilter default | bpduguard default | default}
The BPDU filtering, the BPDU guard, and the Port Fast features are disabled on all ports unless they are individually configured.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can enable these features when the switch is operating in the per-VLAN spanning-tree plus (PVST+) rapid-PVST+, or the multiple spanning-tree (MST) mode.
Use the spanning-tree portfast bpdufilter default global configuration command to globally enable BPDU filtering on ports that are Port Fast-enabled (the ports are in a Port Fast-operational state). The ports still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to switch ports do not receive BPDUs. If a BPDU is received on a Port Fast-enabled port, the port loses its Port Fast-operational status and BPDU filtering is disabled.
You can override the spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bdpufilter interface configuration command.
Use the spanning-tree portfast bpduguard default global configuration command to globally enable BPDU guard on ports that are in a Port Fast-operational state. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a secure response to invalid configurations because you must manually put the port back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree.
You can override the spanning-tree portfast bpduguard default global configuration command by using the spanning-tree bdpuguard interface configuration command.
Use the spanning-tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking ports. Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operation. A Port Fast-enabled port moves directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-delay time.
You can override the spanning-tree portfast default global configuration command by using the spanning-tree portfast interface configuration command. You can use the no spanning-tree portfast default global configuration command to disable Port Fast on all ports unless they are individually configured with the spanning-tree portfast interface configuration command.
This example shows how to globally enable the BPDU filtering feature:
Switch(config)#
spanning-tree portfast bpdufilter default
This example shows how to globally enable the BPDU guard feature:
Switch(config)#
spanning-tree portfast bpduguard default
This example shows how to globally enable the Port Fast feature on all nontrunking ports:
Switch(config)#
spanning-tree portfast default
You can verify your settings by entering the show running-config privileged EXEC command.
Use the spanning-tree portfast interface configuration command on the switch stack or on a standalone switch to enable the Port Fast feature on an interface in all its associated VLANs. When the Port Fast feature is enabled, the interface changes directly from a blocking state to a forwarding state without making the intermediate spanning-tree state changes. Use the no form of this command to return to the default setting.
spanning-tree portfast [disable | trunk]
no spanning-tree portfast
disable |
(Optional) Disable the Port Fast feature on the specified interface. |
trunk |
(Optional) Enable the Port Fast feature on a trunking interface. |
The Port Fast feature is disabled on all interfaces; however, it is automatically enabled on dynamic-access ports.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Use this feature only on interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operation.
You can enable this feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
This feature affects all VLANs on the interface.
A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state without waiting the standard forward-time delay.
You can use the spanning-tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking interfaces. However, the spanning-tree portfast interface configuration command can override the global setting.
If you configure the spanning-tree portfast default global configuration command, you can enable Port Fast on a port that is not a trunk port by using the no spanning-tree portfast interface configuration command.
The no spanning-tree portfast interface configuration command is the same as the spanning-tree portfast disable interface configuration command.
This example shows how to enable the Port Fast feature on an interface on stack member 2:
Switch(config)# interface fastethernet2/0/2
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# spanning-tree portfast
You can verify your settings by entering the show running-config privileged EXEC command.
Use the spanning-tree uplinkfast global configuration command on the switch stack or on a standalone switch to accelerate the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. Use the no form of this command to return to the default setting.
spanning-tree uplinkfast [max-update-rate pkts-per-second]
no spanning-tree uplinkfast [max-update-rate]
max-update-rate pkts-per-second |
(Optional) The number of packets per second at which update packets are sent. The range is 0 to 32000. |
UplinkFast is disabled.
The update rate is 150 packets per second.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The max-update-rate keyword was added. |
Use this command only on access switches.
The UplinkFast feature is supported only when the switch is running per-VLAN spanning-tree plus (PVST+). It is not supported when the switch is operating in the rapid-PVST+ or multiple spanning-tree (MST) mode.
When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs.
When you enable or disable UplinkFast, cross-stack UplinkFast (CSUF) also is automatically enabled or disabled on all nonstack port interfaces. CSUF accelerates the choice of a new root port when a link or switch fails or when spanning tree reconfigures itself.
When UplinkFast is enabled, the switch priority of all VLANs is set to 49152. If you change the path cost to a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled, the path cost of all interfaces and VLAN trunks is increased by 3000 (if you change the path cost to 3000 or above, the path cost is not altered). The changes to the switch priority and the path cost reduces the chance that a switch will become the root switch.
When UplinkFast is disabled, the switch priorities of all VLANs and path costs of all interfaces are set to default values if you did not modify them from their defaults.
When spanning tree detects that the root port has failed, UplinkFast immediately switches over to an alternate root port, changing the new root port directly to FORWARDING state. During this time, a topology change notification is sent.
Do not enable the root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state.
If you set the max-update-rate to 0, station-learning frames are not generated, so the spanning-tree topology converges more slowly after a loss of connectivity.
This example shows how to enable UplinkFast:
Switch(config)# spanning-tree uplinkfast
You can verify your setting by entering the show spanning-tree summary privileged EXEC command.
|
|
---|---|
show spanning-tree summary |
Displays a summary of the spanning-tree port states. |
spanning-tree vlan root primary |
Forces this switch to be the root switch. |
Use the spanning-tree vlan global configuration command on the switch stack or on a standalone switch to configure spanning tree on a per-VLAN basis. Use the no form of this command to return to the default setting.
spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds |
priority priority | root {primary | secondary} [diameter net-diameter
[hello-time seconds]]]
no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | root]
Spanning tree is enabled on all VLANs.
The forward-delay time is 15 seconds.
The hello time is 2 seconds.
The max-age is 20 seconds.
The primary root switch priority is 24576.
The secondary root switch priority is 28672.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The value for the vlan-id variable was changed. |
Disabling the STP causes the VLAN to stop participating in the spanning-tree topology. Interfaces that are administratively down remain down. Received BPDUs are forwarded like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.
You can disable the STP on a VLAN that is not currently active and verify the change by using the show running-config or the show spanning-tree vlan vlan-id privileged EXEC command. The setting takes effect when the VLAN is activated.
When disabling or re-enabling the STP, you can specify a range of VLANs that you want to disable or enable.
When a VLAN is disabled and then enabled, all assigned VLANs continue to be its members. However, all spanning-tree bridge parameters are returned to their previous settings (the last setting before the VLAN was disabled).
You can enable spanning-tree options on a VLAN that has no interfaces assigned to it. The setting takes effect when you assign interfaces to it.
When setting the max-age seconds, if a switch does not receive BPDUs from the root switch within the specified interval, it recomputes the spanning-tree topology. The max-age setting must be greater than the hello-time setting.
The spanning-tree vlan vlan-id root command should be used only on backbone switches.
When you enter the spanning-tree vlan vlan-id root command, the software checks the switch priority of the current root switch for each VLAN. Because of the extended system ID support, the switch sets the switch priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. If any root switch for the specified VLAN has a switch priority lower than 24576, the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value.)
When you enter the spanning-tree vlan vlan-id root secondary command, because of support for the extended system ID, the software changes the switch priority from the default value (32768) to 28672. If the root switch should fail, this switch becomes the next root switch (if the other switches in the network use the default switch priority of 32768, and therefore, are unlikely to become the root switch).
This example shows how to disable the STP on VLAN 5:
Switch(config)# no spanning-tree vlan 5
You can verify your setting by entering the show spanning-tree privileged EXEC command. In this instance, VLAN 5 does not appear in the list.
This example shows how to set the spanning-tree forwarding time to 18 seconds for VLANs 20 and 25:
Switch(config)# spanning-tree vlan 20,25 forward-time 18
This example shows how to set the spanning-tree hello-delay time to 3 seconds for VLANs 20 to 24:
Switch(config)# spanning-tree vlan 20-24 hello-time 3
This example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:
Switch(config)# spanning-tree vlan 20 max-age 30
This example shows how to reset the max-age parameter to the default value for spanning-tree instance 100 and 105 to 108:
Switch(config)# no spanning-tree vlan 100, 105-108 max-age
This example shows how to set the spanning-tree priority to 8192 for VLAN 20:
Switch(config)# spanning-tree vlan 20 priority 8192
This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
Switch(config)# spanning-tree vlan 10 root primary diameter 4
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
Switch(config)#
spanning-tree vlan 10 root secondary diameter 4
You can verify your settings by entering the show spanning-tree vlan vlan-id privileged EXEC command.
|
|
---|---|
show spanning-tree vlan |
Displays spanning-tree information. |
Sets the path cost for spanning-tree calculations. |
|
Enables the root guard or the loop guard feature for all the VLANs associated with the selected interface. |
|
Sets an interface priority. |
|
Globally enables the BPDU filtering or the BPDU guard feature on Port Fast-enabled ports or enables the Port Fast feature on all nontrunking ports. |
|
Enables the Port Fast feature on an interface in all its associated VLANs. |
|
Enables the UplinkFast feature, which accelerates the choice of a new root port. |
Use the speed interface configuration command on the switch stack or on a standalone switch to specify the speed of a 10/100 Mbps or 10/100/1000 Mbps port. Use the no or default form of this command to return the port to its default value.
speed {10 | 100 | 1000 | auto | nonegotiate}
no speed
Note You cannot configure speed on small form-factor pluggable (SFP) module ports, but you can configure speed to not negotiate (nonegotiate) if they are connected to a device that does not support autonegotiation. See "Usage Guidelines" for exceptions when a 1000BASE-T SFP module is in the SFP module port.
The default is auto.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You can configure the Fast Ethernet port speed as either 10 or 100 Mbps. You can configure the Gigabit Ethernet port speed as 10, 100, or 1000 Mbps. You cannot configure speed on SFP module ports, but you can configure speed to not negotiate (nonegotiate) if connected to a device that does not support autonegotiation. However, when a 1000BASE-T SFP module is in the SFP module port, you can configure speed as 10, 100, or 1000 Mbps.
If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
If both ends of the line support autonegotiation, we highly recommend the default autonegotiation settings. If one interface supports autonegotiation and the other end does not, do use the auto setting on the supported side, but set the duplex and speed on both interfaces.
For 10/100/1000 Mbps ports, if both the speed and duplex are set to specific values, autonegotiation is disabled.
For 10/100 Mbps ports, if both speed and duplex are set to specific values, the link operates at the negotiated speed and duplex value.
Note For guidelines on setting the switch speed and duplex parameters, refer to the software configuration guide for this release.
This example shows how to set the specified interface to 100 Mbps:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# speed 100
You can verify your settings by entering the show interfaces privileged EXEC command.
|
|
---|---|
Specifies the duplex mode of operation for Fast Ethernet and Gigabit Ethernet ports. |
|
Displays the statistical information specific to all interfaces or to a specific interface |
Use the srr-queue bandwidth limit interface configuration command on the switch stack or on a standalone switch to limit the maximum output on a port. Use the no form of this command to return to the default setting.
srr-queue bandwidth limit weight1
no srr-queue bandwidth limit
weight1 |
Percentage of the port speed to which the port should be limited. The range is 10 to 90. |
The port is not rate limited and is set to 100 percent.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six.
Note The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution.
This example shows how to limit Gigabit Ethernet port 0/1 on stack member 2 to 800 Mbps:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# srr-queue bandwidth limit 80
You can verify your settings by entering the show mls qos interface [interface-id] queueing privileged EXEC command.
|
|
---|---|
Allocates buffers to the queue-set. |
|
Maps class of service (CoS) values to egress queue or maps CoS values to a queue and to a threshold ID. |
|
Maps Differentiated Services Code Point (DSCP) values to an egress queue or maps DSCP values to a queue and to a threshold ID. |
|
Configures the weighted tail-drop (WTD) thresholds, guarantees the availability of buffers, and configures the maximum memory allocation for the queue-set. |
|
Maps a port to a queue-set. |
|
show mls qos interface queueing |
Displays quality of service (QoS) information. |
Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port. |
|
Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port. |
Use the srr-queue bandwidth shape interface configuration command on the switch stack or on a standalone switch to assign the shaped weights and to enable bandwidth shaping on the four egress queues mapped to a port. Use the no form of this command to return to the default setting.
srr-queue bandwidth shape weight1 weight2 weight3 weight4
no srr-queue bandwidth shape
Weight1 is set to 25. Weight2, weight3, and weight4 are set to 0, and these queues are in shared mode.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
In shaped mode, the queues are guaranteed a percentage of the bandwidth, and they are rate-limited to that amount. Shaped traffic does not use more than the allocated bandwidth even if the link is idle. Use shaping to smooth bursty traffic or to provide a smoother output over time.
The shaped mode overrides the shared mode.
If you configure a shaped queue weight to 0 by using the srr-queue bandwidth shape interface configuration command, this queue participates in shared mode. The weight specified with the srr-queue bandwidth shape command is ignored, and the weights specified with the srr-queue bandwidth share interface configuration command for a queue come into effect.
When configuring queues for the same port for both shaping and sharing, make sure that you configure the lowest numbered queue for shaping.
Note The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution.
This example shows how to configure the queues for the same port for both shaping and sharing. Because the weight ratios for queues 2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent. Queue 1 is guaranteed this bandwidth and limited to it; it does not extend its slot to the other queues even if the other queues have no traffic and are idle. Queues 2, 3, and 4 are in shared mode, and the setting for queue 1 is ignored. The bandwidth ratio allocated for the queues in shared mode is 4/(4+4+4), which is 33 percent:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# srr-queue bandwidth shape 8 0 0 0
Switch(config-if)# srr-queue bandwidth share 4 4 4 4
You can verify your settings by entering the show mls qos interface [interface-id] queueing privileged EXEC command.
|
|
---|---|
Allocates buffers to a queue-set. |
|
Maps class of service (CoS) values to an egress queue or maps CoS values to a queue and to a threshold ID. |
|
Maps Differentiated Services Code Point (DSCP) values to an egress queue or maps DSCP values to a queue and to a threshold ID. |
|
Configures the weighted tail-drop (WTD) thresholds, guarantees the availability of buffers, and configures the maximum memory allocation to a queue-set. |
|
Enables the egress expedite queue on an interface. |
|
Maps a port to a queue-set. |
|
show mls qos interface queueing |
Displays quality of service (QoS) information. |
Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port. |
Use the srr-queue bandwidth share interface configuration command on the switch stack or on a standalone switch to assign the shared weights and to enable bandwidth sharing on the four egress queues mapped to a port. The ratio of the weights is the ratio of frequency in which the shaped round robin (SRR) scheduler dequeues packets from each queue. Use the no form of this command to return to the default setting.
srr-queue bandwidth share weight1 weight2 weight3 weight4
no srr-queue bandwidth share
Weight1, weight2, weight3, and weight4 are 25 (1/4 of the bandwidth is allocated to each queue).
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The absolute value of each weight is meaningless, and only the ratio of parameters is used.
In shared mode, the queues share the bandwidth among them according to the configured weights. The bandwidth is guaranteed at this level but not limited to it. For example, if a queue empties and does not require a share of the link, the remaining queues can expand into the unused bandwidth and share it among themselves.
If you configure a shaped queue weight to 0 by using the srr-queue bandwidth shape interface configuration command, this queue participates in SRR shared mode. The weight specified with the srr-queue bandwidth shape command is ignored, and the weights specified with the srr-queue bandwidth share interface configuration command for a queue take effect.
When configuring queues for the same port for both shaping and sharing, make sure that you configure the lowest numbered queue for shaping.
Note The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution.
This example shows how to configure the weight ratio of the SRR scheduler running on egress port Gigabit Ethernet 0/1 on stack member 2. Four queues are used. The bandwidth ratio allocated for each queue in shared mode is 1/(1+2+3+4), 2/(1+2+3+4), 3/(1+2+3+4), and 4/(1+2+3+4), which is 10 percent, 20 percent, 30 percent, and 40 percent for queues 1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3.
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# srr-queue bandwidth share 1 2 3 4
You can verify your settings by entering the show mls qos interface [interface-id] queueing privileged EXEC command.
|
|
---|---|
Allocates buffers to a queue-set. |
|
Maps class of service (CoS) values to an egress queue or maps CoS values to a queue and to a threshold ID. |
|
Maps Differentiated Services Code Point (DSCP) values to an egress queue or maps DSCP values to a queue and to a threshold ID. |
|
Configures the weighted tail-drop (WTD) thresholds, guarantees the availability of buffers, and configures the maximum memory allocation to a queue-set. |
|
Enables the egress expedite queue on an interface. |
|
Maps a port to a queue-set. |
|
show mls qos interface queueing |
Displays quality of service (QoS) information. |
Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port. |
Use the storm-control interface configuration command on the switch stack or on a standalone switch to enable broadcast, multicast, or unicast storm control on an interface with the specified threshold level. Use the no form of this command to disable broadcast, multicast, or unicast storm control on an interface.
storm-control {broadcast | multicast | unicast} level level [.level]
no storm-control {broadcast | multicast | unicast} level
Broadcast, multicast, and unicast storm control are disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Storm control is supported only on physical interfaces; it is not supported on EtherChannel port channels, even though it is available in the command-line interface (CLI).
Storm-control suppression level is entered as a percentage of total bandwidth. A threshold value of 100 percent means that no limit is placed on the specified traffic type. A value of 0.0 means that all broadcast, multicast, or unicast traffic on that port is blocked.
When the storm control threshold for multicast traffic is reached, all multicast traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked. However, the switch does not differentiate between routing updates, such as Open Shortest Path First (OSPF) and regular multicast data traffic, so both types of traffic are blocked.
Note For more information about storm control suppression levels, refer to the software configuration guide for this release.
This example shows how to enable multicast storm control with a 75.5 percent threshold level:
Switch(config-if)# storm-control multicast level 75.5
This example shows how to disable multicast storm control:
Switch(config-if)# no storm-control multicast level
You can verify your settings by entering the show storm-control privileged EXEC command.
|
|
---|---|
Displays broadcast, multicast, or unicast storm control settings on all interfaces or on a specified interface. |
Use the switch priority global configuration command on the stack master to change the stack member priority value.
switch stack-member-number priority new-priority-value
priority new-priority-value |
Specify the new stack member priority value. The range is 1 to 15. |
stack-member-number |
Specify the current stack member number. The range 1 to 9. |
The default priority value is 1.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If you do not specify a priority value, the default value is assigned.
The new priority value is a factor during a stack-master re-election. Therefore, changing the priority value does not change the stack master immediately.
Use the reload slot current stack member number privileged EXEC to reset the stack member and apply this configuration change into effect.
This example shows how to change the priority value of stack member 6 to 9:
Switch(config)# switch 6 priority 9
Changing the Switch Priority of Switch Number 6 to 9
Do you want to continue?[confirm]
Use the switch renumber global configuration command on the stack master to change the stack member number.
switch current-stack-member-number renumber new-stack-member-number
The default stack member number is 1.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
If another stack member is already using the member number that you just specified, the stack master assigns the lowest available number when you reset the stack member.
Note If you change the number of a stack member, and no configuration is associated with the new stack member number, that stack member loses its current configuration and resets to its default configuration. For more information about stack member numbers and configurations, see the software configuration guide.
Use the reload slot current stack member number privileged EXEC to reset the stack member and apply this configuration change into effect.
This example shows how to change the member number of stack member 6 to 7:
Switch(config)# switch 6 renumber 7
WARNING: Changing the switch number may result in lost
or changed configuration for that switch!
Do you want to continue?[confirm]
Use the switchport interface configuration command with no keywords on the switch stack or on a standalone switch to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. Use the no form of this command to put an interface in Layer 3 mode.
switchport
no switchport
Use the no switchport command (without parameters) to set the interface to the routed-interface status and to erase all Layer 2 configurations. You must use this command before assigning an IP address to a routed port.
Note If an interface is configured as a Layer 3 interface, you must first enter this switchport command with no keywords to configure the interface as a Layer 2 port. Then you can enter additional switchport commands with keywords, as shown on the pages that follow.
This command has no arguments or keywords.
By default, all interfaces are in Layer 2 mode.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
Entering the no switchport command shuts the port down and then re-enables it, which might generate messages on the device to which the port is connected.
This example shows how to cause an interface to cease operating as a Layer 2 port and become a Cisco-routed port.
Switch(config-if)#
no switchport
This example shows how to cause the port interface to cease operating as a Cisco-routed port and convert to a Layer 2-switched interface:
Switch(config-if)#
switchport
Note The switchport command without keywords is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.
You can verify the switchport status of an interface by entering the show running-config privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
show running-config |
Displays the current operating configuration. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands. |
Use the switchport access interface configuration command on the switch stack or on a standalone switch to configure a port as a static-access or dynamic-access port. If the switchport mode is set to access, the port operates as a member of the specified VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives. Use the no form of this command to reset the access mode to the default VLAN for the switch.
switchport access vlan {vlan-id | dynamic}
no switchport access vlan
The default access VLAN and trunk interface native VLAN is a default VLAN corresponding to the platform or interface hardware.
A dynamic-access port is initially a member of no VLAN and receives its assignment based on the packet it receives.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The no switchport access command resets the access mode VLAN to the appropriate default VLAN for the device.
The port must be in access mode before the switchport access vlan command can take effect.
An access port can be assigned to only one VLAN.
The VMPS server (such as a Catalyst 6000 series switch) must be configured before a port is configured as dynamic.
These restrictions apply to dynamic-access ports:
•The software implements the VLAN Query Protocol (VQP) client, which can query a VMPS such as a Catalyst 6000 series switch. The Catalyst 3750 2970 switches are not VMPS servers. The VMPS server must be configured before a port is configured as dynamic.
•Use dynamic-access ports only to connect end stations. Connecting them to switches or routers (that use bridging protocols) can cause a loss of connectivity.
•Configure the network so that STP does not put the dynamic-access port into an STP blocking state. The Port Fast feature is automatically enabled on dynamic-access ports.
•Dynamic-access ports can only be in one VLAN and do not use VLAN tagging.
•Dynamic-access ports cannot be configured as
–Members of an EtherChannel port group (dynamic-access ports cannot be grouped with any other port, including other dynamic ports).
–Source or destination ports in a static address entry.
–Monitor ports.
This example shows how to cause a port interface that has already been configured as a switched interface to operate in VLAN 2 instead of the platform's default VLAN when in access mode:
Switch(config-if)#
switchport access vlan 2
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Configures the VLAN membership mode of a port. |
Use the switchport block interface configuration command on the switch stack or on a standalone switch to prevent unknown multicast or unicast packets from being forwarded. Use the no form of this command to allow forwarding unknown multicast or unicast packets.
switchport block {multicast | unicast}
no switchport block {multicast | unicast}
multicast |
Specify that unknown multicast traffic should be blocked. |
unicast |
Specify that unknown unicast traffic should be blocked. |
Unknown multicast and unicast traffic is not blocked.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
By default, all traffic with unknown MAC addresses is sent to all ports. You can block unknown multicast or unicast traffic on protected or nonprotected ports. If unknown multicast or unicast traffic is not blocked on a protected port, there could be security issues.
Blocking unknown multicast or unicast traffic is not automatically enabled on protected ports; you must explicitly configure it.
Note For more information about blocking packets, refer to the software configuration guide for this release.
This example shows how to block unknown multicast traffic on an interface:
Switch(config-if)# switchport block multicast
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Use the switchport host interface configuration command on the switch stack or on a standalone switch to optimize a Layer 2 port for a host connection. The no form of this command has no affect on the system.
switchport host
This command has no arguments or keywords.
The default is for the port to not be optimized for a host connection.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
To optimize the port for a host connection, the switchport host command sets switch port mode to access, enables spanning tree Port Fast, and disables channel grouping. Only an end station can accept this configuration.
Because spanning tree Port Fast is enabled, you should enter the switchport host command only on ports that are connected to a single host. Connecting other switches, hubs, concentrators, or bridges to a fast-start port can cause temporary spanning-tree loops.
Enable the switchport host command to decrease the time that it takes to start up packet forwarding.
This example shows how to optimize the port configuration for a host connection:
Switch(config-if)# switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
Switch(config-if)#
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including switchport mode. |
Use the switchport mode interface configuration command on the switch stack or on a standalone switch to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.
switchport mode {access | dynamic {auto | desirable} | trunk}
no switchport mode {access| dynamic | trunk}
The default mode is dynamic auto.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
A configuration that uses the access or trunk keywords takes effect only when you configure the port in the appropriate mode by using the switchport mode command. The static-access and trunk configuration are saved, but only one configuration is active at a time.
When you enter access mode, the interface changes to permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.
When you enter trunk mode, the interface changes to permanent trunking mode and negotiates to convert the link into a trunk link even if the interface connecting to it does not agree to the change.
When you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode.
When you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
To autonegotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a point-to-point protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations. To avoid this, you should configure interfaces connected to devices that do not support DTP to not forward DTP frames, which turns off DTP.
•If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.
•To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames.
Access port and trunk ports are mutually exclusive.
The 802.1X feature interacts with switchport modes in these ways:
•If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.
•If you try to enable 802.1X on a port set to dynamic auto or dynamic desirable, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic auto or dynamic desirable, the port mode is not changed.
•If you try to enable 802.1X on a dynamic-access (VLAN Query Protocol [VQP]) port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.
This example shows how to configure a port for access mode:
Switch(config-if)# switchport mode access
This example shows how set the interface to dynamic desirable mode:
Switch(config-if)# switchport mode dynamic desirable
This example shows how to configure a port for trunk mode:
Switch(config-if)# switchport mode trunk
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Configures a port as a static-access or dynamic-access port. |
|
Configures the trunk characteristics when an interface is in trunking mode. |
Use the switchport nonegotiate interface configuration command on the switch stack or on a standalone switch to specify that Dynamic Trunking Protocol (DTP) negotiation packets are not sent on the Layer 2 interface. The switch does not engage in DTP negotiation on this interface. Use the no form of this command to return to the default setting.
switchport nonegotiate
no switchport nonegotiate
This command has no arguments or keywords.
The default is to use DTP negotiation to determine trunking status.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The no form of the switchport nonegotiate command removes nonegotiate status.
This command is valid only when the interface switchport mode is access or trunk (configured by using the switchport mode access or the switchport mode trunk interface configuration command). This command returns an error if you attempt to execute it in dynamic (auto or desirable) mode.
Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations. To avoid this, you should turn off DTP by using the switchport no negotiate command to configure the interfaces connected to devices that do not support DTP to not forward DTP frames.
When you enter the switchport nonegotiate command, DTP negotiation packets are not sent on the interface. The device does or does not trunk according to the mode parameter: access or trunk.
•If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.
•To enable trunking on a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames.
This example shows how to cause a port interface to refrain from negotiating trunking mode and to act as a trunk or access port (depending on the mode set):
Switch(config-if)#
switchport nonegotiate
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Configures the VLAN membership mode of a port. |
Use the switchport port-security interface configuration command without keywords on the switch stack or on a standalone switch to enable port security on the interface. Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode. Use the no form of this command to disable port security or to set the parameters to their default states.
switchport port-security [aging] [mac-address mac-address [vlan vlan-id] | mac-address sticky [mac-address]] [maximum value [vlan vlan-list]] [violation {protect | restrict | shutdown}]
no switchport port-security [aging] [mac-address mac-address [vlan vlan-id] | mac-address sticky [mac-address]] [maximum value [vlan vlan-list]] [violation {protect | restrict | shutdown}]
aging |
(Optional) See the switchport port-security aging command. |
mac-address mac-address |
(Optional) Specify a secure MAC address for the interface by entering a 48-bit MAC address. You can add additional secure MAC addresses up to the maximum value configured. |
vlan vlan-id |
(Optional) On a trunk port only, specify the VLAN ID and the MAC address. If no VLAN ID is specified, the native VLAN is used. |
mac-address sticky [mac-address] |
(Optional) Enable the interface for sticky learning by entering only the mac-address sticky keywords. When sticky learning is enabled, the interface adds all secure MAC addresses that are dynamically learned to the running configuration and converts these addresses to sticky secure MAC addresses. (Optional) Enter a mac-address to specify a sticky secure MAC address. |
maximum value |
(Optional) Set the maximum number of secure MAC addresses for the interface.The maximum number of secure MAC addresses that you can configure on a switch stack is determined by the maximum number of available MAC addresses allowed in the system, approximately 6K. This number is determined by the active Switch Database Management (SDM) template. See the sdm prefer command. This number represents the total of available MAC addresses, including those used for other Layer 2 functions and any other secure MAC addresses configured on interfaces. The default setting is 1. |
vlan [vlan-list] |
(Optional) For trunk ports, you can set the maximum number of secure MAC addresses on a VLAN. If the vlan keyword is not entered, the default value is used. •vlan—set a per-VLAN maximum value. •vlan vlan-list—set a per-VLAN maximum value on a range of VLANs separated by a hypen or a series of VLANs separated by commas. For nonspecified VLANs, the per-VLAN maximum value is used. |
violation |
(Optional) Set the security violation mode or the action to be taken if port security is violated. The default is shutdown. |
protect |
Set the security violation protect mode. In this mode, when the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred. Note We do not recommend configuring the protect mode on a trunk port. The protect mode disables learning when any VLAN reaches its maximum limit, even if the port has not reached its maximum limit. |
restrict |
Set the security violation restrict mode. In this mode, when the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. An SNMP trap is sent, a syslog message is logged, and the violation counter increments. |
shutdown |
Set the security violation shutdown mode. In this mode, the interface is error-disabled when a violation occurs and the port LED turns off. An SNMP trap is sent, a syslog message is logged, and the violation counter increments. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. |
The default is to disable port security.
When port security is enabled and no keywords are entered, the default maximum number of secure MAC addresses is 1.
The default violation mode is shutdown.
Sticky learning is disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
12.1(14)EA1 |
The sticky and vlan keywords were added. |
A secure port has the following limitations:
•A secure port can be an access port or a trunk port; it cannot be a dynamic access port.
•A secure port cannot be a routed port.
•A secure port cannot be a protected port.
•A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
•A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
•You cannot configure static secure or sticky secure MAC addresses in the voice VLAN.
•When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the Cisco IP phone requires up to two MAC addresses. The Cisco IP phone address is learned on the voice VLAN and might also be learned on the access VLAN. Connecting a PC to the Cisco IP phone requires additional MAC addresses.
•If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN. You cannot configure port security on a per-VLAN basis.
Note Voice VLAN is supported only on access ports and not on trunk ports.
•When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN to which the port belongs are learned as sticky secure addresses.
•You cannot configure static secure MAC addresses in the voice VLAN.
•When you enter a maximum secure address value for an interface, if the new value is greater than the previous value, the new value overrides the previously configured value. If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value, the command is rejected.
•The switch does not support port security aging of sticky secure MAC addresses.
A security violation occurs when the maximum number of secure MAC addresses are in the address table and a station whose MAC address is not in the address table attempts to access the interface, or when a station whose MAC address is configured as a secure MAC address on another secure port attempts to access the interface.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you should set the maximum allowed secure addresses on the port to more than 1.
When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands.
Setting a maximum number of addresses to one and configuring the MAC address of an attached device ensures that the device has the full bandwidth of the port.
When you enter a maximum secure address value for an interface, this occurs:
•If the new value is greater than the previous value, the new value overrides the previously configured value.
•If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value, the command is rejected.
Sticky secure MAC addresses have these characteristics:
•When you enable sticky learning on an interface by using the switchport port-security mac-address sticky interface configuration command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses and adds all sticky secure MAC addresses to the running configuration.
•If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.
•When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.
•If you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.
•If you disable sticky learning and enter the switchport port-security mac-address sticky mac-address interface configuration command, an error message appears, and the sticky secure MAC address is not added to the running configuration.
This example shows how to enable port security on Gigabit Ethernet port 12 on stack member 2 and to set the maximum number of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
Switch(config)# interface gigahitethernet 2/0/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
This example shows how to configure a secure MAC address and a VLAN ID on Gigabit Ethernet port 12 on stack member 2.
Switch(config)# interface gigabitethernet 2/0/12
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 1000.2000.3000 vlan 3
This example shows how to enable sticky learning and to enter two sticky secure MAC addresses:
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.4141
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.000f
You can verify your settings by using the show port-security privileged EXEC command.
|
|
---|---|
show port-security address |
Displays all the secure addresses configured on the switch. |
show port-security |
Displays port security configuration for the switch or for the specified interface. |
Use the switchport port-security aging interface configuration command on the switch stack or on a standalone switch to set the aging time and type for secure address entries or to change the aging behavior for secure addresses on a particular port. Use the no form of this command to disable port security aging or to set the parameters to their default states.
switchport port-security aging {static | time time | type {absolute | inactivity}}
no switchport port-security aging {static | time | type}
The port security aging feature is disabled. The default time is 0 minutes.
The default aging type is absolute.
The default static aging behavior is disabled.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
To enable secure address aging for a particular port, set the aging time to a value other than 0 for that port.
To allow limited time access to particular secure addresses, set the aging type as absolute. When the aging time lapses, the secure addresses are deleted.
To allow continuous access to a limited number of secure addresses, set the aging type as inactivity. This removes the secure address when it become inactive, and other addresses can become secure.
To allow unlimited access to a secure address, configure it as a secure address, and disable aging for the statically configured secure address by using the no switchport port-security aging static interface configuration command.
This example sets the aging time as 2 hours for absolute aging for all the secure addresses on Gigabit Ethernet interface 0/1 on stack member 1.
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport port-security aging time 120
This example sets the aging time as 2 minutes for inactivity aging type with aging enabled for configured secure addresses on Gigabit Ethernet interface 0/2 on stack member 1.
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# switchport port-security aging time 2
Switch(config-if)# switchport port-security aging type inactivity
Switch(config-if)# switchport port-security aging static
This example shows how to disable aging for configured secure addresses.
Switch(config-if)# no switchport port-security aging static
Use the switchport priority extend interface configuration command on the switch stack or on a standalone switch to set a port priority for the incoming untagged frames or the priority of frames received by the IP phone connected to the specified port. Use the no form of this command to return to the default setting.
switchport priority extend {cos value | trust}
no switchport priority extend
The default port priority is set to a CoS value of 0 for untagged frames received on the port.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
When voice VLAN is enabled, you can configure the switch to send the Cisco Discovery Protocol (CDP) packets to instruct the IP phone how to send data packets from the device attached to the access port on the Cisco IP Phone. You must enable CDP on the switch port connected to the Cisco IP Phone to send the configuration to the Cisco IP Phone. (CDP is enabled by default globally and on all switch interfaces.)
You should configure voice VLAN on switch access ports. You can only configure a voice VLAN on Layer 2 ports.
Before you enable voice VLAN, we recommend that you enable quality of service (QoS) on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.
This example shows how to configure the IP phone connected to the specified port to trust the received 802.1P priority:
Switch(config-if)# switchport priority extend trust
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
Configures the voice VLAN on the port. |
Use the switchport protected interface configuration command on the switch stack or on a standalone switch to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch. Use the no form of this command to disable protection on the port.
switchport protected
no switchport protected
This command has no arguments or keywords.
No protected port is defined. All ports are nonprotected.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
The switchport protection feature is local to the switch; communication between protected ports on the same switch is possible only through a Layer 3 device. To prevent communication between protected ports on different switches, you must configure the protected ports for unique VLANs on each switch and configure a trunk link between the switches. A protected port is different from a secure port.
A protected port does not forward any unicast, multicast, or broadcast traffic to any other protected port. A protected port continues to forward unicast, multicast, and broadcast traffic to unprotected ports and vice versa.
Because a switch stack represents a single logical switch, Layer 2 traffic is not forwarded between any protected ports in the switch stack, whether they are on the same or different switches in the stack.
Port monitoring does not work if both the monitor and monitored ports are protected ports.
This example shows how to enable a protected port on an interface:
Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# switchport protected
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Prevents unknown multicast or unicast traffic on the interface. |
Use the switchport trunk interface configuration command on the switch stack or on a standalone switch to set the trunk characteristics when the interface is in trunking mode. Use the no form of this command to reset a trunking characteristic to the default.
switchport trunk {allowed vlan vlan-list | encapsulation {dot1q | isl | negotiate} |
native vlan vlan-id | pruning vlan vlan-list}
no switchport trunk {allowed vlan | encapsulation | native vlan | {pruning vlan}
The vlan-list format is all | none | [add | remove | except] vlan-atom [,vlan-atom...] where:
•all specifies all VLANs from 1 to 4094. This keyword is not allowed on commands that do not permit all VLANs in the list to be set at the same time.
•none means an empty list. This keyword is not allowed on commands that require certain VLANs to be set or at least one VLAN to be set.
•add adds the defined list of VLANs to those currently set instead of replacing the list. Valid IDs are from 1 to 1005; extended-range VLANs (VLAN IDs greater than 1005) are valid in some cases.
Note You can add extended-range VLANs to the allowed VLAN list, but not to the pruning-eligible VLAN list.
Separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.
•remove removes the defined list of VLANs from those currently set instead of replacing the list. Valid IDs are from 1 to 1005; extended-range VLAN IDs are valid in some cases.
Note You can remove extended-range VLANs from the allowed VLAN list, but you cannot remove them from the pruning-eligible list.
Separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.
•except lists the VLANs that should be calculated by inverting the defined list of VLANs. (VLANs are added except the ones specified.) Valid IDs are from 1 to 1005. Separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.
•vlan-atom is either a single VLAN number from 1 to 4094 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen.
The default encapsulation is negotiate.
VLAN 1 is the default native VLAN ID on the port.
The default for all VLAN lists is to include all VLANs.
Interface configuration
Encapsulation:
•The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support both ISL and 802.1Q formats.
•You cannot configure one end of the trunk as an 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and a different port on the same switch as an 802.1Q trunk.
•If you enter the negotiate keywords and DTP negotiation does not resolve the encapsulation format, ISL is the selected format. The no form of the command resets the trunk encapsulation format to the default.
•The no form of the encapsulation command resets the encapsulation format to the default.
Native VLANs:
•All untagged traffic received on an 802.1Q trunk port is forwarded with the native VLAN configured for the port.
•If a packet has a VLAN ID that is the same as the sending-port native VLAN ID, the packet is sent without a tag; otherwise, the switch sends the packet with a tag.
•The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN for the device.
Allowed VLAN:
•To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port, the interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking Protocol (VTP) in VLAN 1.
•The no form of the allowed vlan command resets the list to the default list, which allows all VLANs.
Trunk pruning:
•The pruning-eligible list applies only to trunk ports.
•Each trunk port has its own eligibility list.
•If you do not want a VLAN to be pruned, remove it from the pruning-eligible list. VLANs that are pruning-ineligible receive flooded traffic.
•VLAN 1, VLANs 1002 to 1005, and extended-range VLANs (VLANs 1006 to 4094) cannot be pruned.
This example shows how to cause a port interface configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:
Switch(config-if)#
switchport trunk encapsulation dot1q
This example shows how to configure VLAN 3 as the default port to send all untagged traffic:
Switch(config-if)# switchport trunk native vlan 3
This example shows how to add VLANs 1, 2, 5, and 6 to the allowed list:
Switch(config-if)# switchport trunk allowed vlan add 1,2,5,6
This example shows how to remove VLANs 3 and 10 to 15 from the pruning-eligible list:
Switch(config-if)# switchport trunk pruning vlan remove 3,10-15
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces switchport |
Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. |
Configures the VLAN membership mode of a port. |
Use the switchport voice vlan interface configuration command on the switch stack or on a standalone switch to configure voice VLAN on the port. Use the no form of this command to return to the default setting.
switchport voice vlan {vlan-id | dot1p | none | untagged}
no switchport voice vlan
The switch default is not to automatically configure the telephone (none).
The telephone default is not to tag frames.
Interface configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
You should configure voice VLAN on Layer 2 access ports.
You must enable Cisco Discovery Protocol (CDP) on the switchport connected to the Cisco IP phone for the switch to send configuration information to the phone. CDP is enabled by default globally and on the interface.
Before you enable voice VLAN, we recommend you enable quality of service (QoS) on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.
When you enter a VLAN ID, the IP phone forwards voice traffic in 802.1Q frames, tagged with the specified VLAN ID. The switch puts 802.1Q voice traffic in the voice VLAN.
When you select dot1q, none, or untagged, the switch puts the indicated voice traffic in the access VLAN.
In all configurations, the voice traffic carries a Layer 2 IP precedence value. The default is 5 for voice traffic.
When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two. When the port is connected to a Cisco IP phone, the IP phone requires two MAC addresses: one for the access VLAN and the other for the voice VLAN. Connecting a PC to the IP phone requires additional MAC addresses.
If any type of port security is enabled on the access VALN, dynamic port security is automatically enabled on the voice VLAN.
You cannot configure static secure MAC addresses in the voice VLAN.
The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.
This example shows how to configure VLAN 2 as the voice VLAN:
Switch(config-if)# switchport voice vlan 2
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command.
|
|
---|---|
show interfaces interface-id switchport |
Displays the administrative and operational status of a switching (nonrouting) port. |
Determines how the device connected to the specified port handles priority traffic received on its incoming port. |
Use the system global configuration command on the switch stack or on a standalone switch to set the maximum packet size or maximum transmission unit (MTU) size for Gigabit Ethernet ports or for Fast Ethernet (10/100) ports. Use the no form of this command to restore the global MTU value to its default value.
system mtu {bytes | jumbo bytes}
no system mtu
The default MTU size for all ports is 1500 bytes.
Global configuration
|
|
---|---|
12.1(11)AX |
This command was first introduced. |
When you use this command to change the MTU size, you must reset the switch before the new configuration takes effect.
Gigabit Ethernet ports are not affected by the system mtu command; Fast Ethernet 10/100 Mbps ports are not affected by the system mtu jumbo command.
If you enter a value that is outside the range for the specific type of switch, the value is not accepted.
Note The switch does not support setting the MTU on a per-interface basis.
The size of frames that can be received by the switch CPU is limited to 1500 bytes, no matter what value was entered with the system mtu command. Although frames that are forwarded or routed typically are not received by the CPU, in some cases packets are sent to the CPU, such as traffic sent to control traffic, SNMP, Telnet, or routing protocols.
This example shows how to set the maximum packet size for Gigabit Ethernet ports to 1800 bytes:
Switch(config)# system mtu jumbo 1800
Switch(config)# exit
Switch# reload
You can verify your setting by entering the show system mtu privileged EXEC command.
|
|
---|---|
Displays the packet size set for 10/100 Fast Ethernet and Gigabit Ethernet ports. |
Use the test cable-diagnostics tdr privileged EXEC command on the switch stack or on a standalone switch to run the Time Domain Reflector (TDR) feature on an interface.
test cable-diagnostics tdr interface interface-id
interface-id |
Specify the interface on which to run TDR. |
There is no default.
Privileged EXEC
|
|
---|---|
12.1(19)EA1 |
This command was introduced. |
You can use the TDR feature to diagnose and resolve cabling problems. TDR is supported only on copper Ethernet 10/100/1000 ports. It is not supported on 10/100 ports or small form-factor pluggable (SFP) module ports. For more information about TDR, refer to the software configuration guide for this release.
After you run TDR by using the test cable-diagnostics tdr interface interface-id command, use the show cable-diagnostics tdr interface interface-id privileged EXEC command to display the results.
This example shows how to run TDR on an interface:
Switch# test cable-diagnostics tdr interface gigabitethernet1/0/2
TDR test started on interface Gi1/0/2
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
If you enter the test cable-diagnostics tdr interface interface-id command on an interface that has a link staus of up and a speed of 10 or 100 Mbps, these messages appear:
Switch# test cable-diagnostics tdr interface gigabitethernet1/0/9
TDR test on Gi1/0/9 will affect link state and traffic
TDR test started on interface Gi1/0/9
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
|
|
---|---|
Displays the TDR results. |