Table Of Contents

set pvlan mapping

set power budget

set qos

set qos defaultcos

set qos map

set radius deadtime

set radius key

set radius retransmit

set radius server

set radius timeout

set rcp username

set rspan

set snmp

set snmp access

set snmp community

set snmp extendedrmon netflow

set snmp group

set snmp notify

set snmp rmon

set snmp rmonmemory

set snmp targetaddr

set snmp targetparams

set snmp trap

set snmp user

set snmp view

set span

set spantree backbonefast

set spantree bpdu-filter

set spantree bpdu-guard

set spantree bpdu-skewing

set spantree channelcost

set spantree channelvlancost

set spantree defaultcostmode

set spantree disable

set spantree enable

set spantree fwddelay

set spantree global-default

set spantree guard

set spantree hello

set spantree macreduction

set spantree maxage

set spantree mode

set spantree mst

set spantree mst config

set spantree mst link-type

set spantree mst maxhops

set spantree mst redetect-protocol

set spantree mst vlan

set spantree portcost

set spantree portfast

set spantree portfast bpdu-filter

set spantree portfast bpdu-guard

set spantree portinstancecost

set spantree portinstancepri

set pvlan mapping

Use the set pvlan mapping command to map isolated or community VLANs to the primary VLAN on a promiscuous port.

set pvlan mapping primary_vlan {isolated_vlan | community_vlan} {mod/port}

Syntax Description

primary_vlan	Variable that specifies the number of the primary VLAN.
isolated_vlan	Variable that specifies the number of the isolated VLAN.
community_vlan	Variable that specifies the number of the community VLAN.
mod/port	Variable that specifies the module and port number of the promiscuous port.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Before you can associate the VLANs of any of the promiscuous ports with the set pvlan mapping command, you must set the primary VLAN, isolated VLANs, and community VLANs using the set vlan pvlan-type command bound with the set pvlan command.

You should connect a promiscuous port to an external device for the ports in the private VLAN to communicate with any other device outside the private VLAN.

You should use this command for each primary and isolated VLAN or community VLAN association in the private VLAN.

Examples

This example remaps community VLAN 903 to primary VLAN 901 on ports 3 through 5 on module 8:

Console> (enable) set pvlan mapping 901 903 8/3-5

Successfully set mapping between 901 and 903 on 8/3-5.

Console> (enable)

Related Commands

clear pvlan mapping
clear vlan
set pvlan
set vlan
show vlan
show pvlan
show pvlan capability
show pvlan mapping

set power budget

Use the set power budget command to configure the redundancy mode based on the power budget available for nonredundant operation.

set power budget [1 | 2]

Syntax Description

1	Keyword that sets the power budget to 1+1 power redundancy mode.
2	Keyword that sets the power budget to 2+1 power redundancy mode.

Defaults

By default, two power supplies are set for the power budget.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

A single power supply provides 400W or 650W. Two 400W power supplies provide 750W. Two 650W power supplies supply only 750W; this is a restriction on the power supply cooling capacity for the Catalyst 4000 family switches.

If you mix a 400W power supply and a 650W power supply, the switch acts like there are two 400W power supplies. If you have one 400W power supply and one 650W power supply in 1+1 redundancy mode, and a second 650W power supply set as the backup, the system behaves like it has 400W. If the 400W power supply fails and the backup 650W power supply comes into service, the switch now has 650W available.

When operational, the supervisor engines consume no more than 110W and the fan box consumes 25W. For power consumption of common Catalyst 4006 modules, see Table 26-1 in the Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Release 7.2.

Examples

This example shows how to set the power budget to 1+1 power redundancy mode.

Console> (enable) set power budget 1

Console> (enable)

Related Commands

show config
show environment power
show system

set qos

Use the set qos command to enable and disable Quality of Service (QoS) on a switch.

set qos {enable | disable}

Syntax Description

enable	Keyword that enables QoS on the switch.
disable	Keyword that disables QoS on the switch.

Defaults

By default, QoS is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Do not enable and disable QoS in quick succession (within 2 seconds of each other).

Examples

This example shows how to enable QoS:

Console> (enable) set qos enable

QoS is enabled.

Console> (enable) 

This example shows how to disable QoS:

Console> (enable) set qos disable

QoS is disabled.

Console> (enable)

Related Commands

show qos info
show qos status

set qos defaultcos

Use the set qos defaultcos command to define the default Class of Service (CoS) value for the entire switch.

set qos defaultcos cos_value

Syntax Description

cos_value

Variable that specifies the CoS value to use as the default CoS for the switch; valid values are from 0 to 7.

Defaults

By default, the CoS value for the entire switch is 0.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the switch default CoS to 7:

Console> (enable) set qos defaultcos 7

qos defaultcos set to 7

Console> (enable) 

set qos map

Use the set qos map command to associate CoS values to a transmit queue and drop threshold.

set qos map port_type q# threshold# cos coslist

Syntax Description

port_type	Variable that specifies the port type. The port_type is hardware dependent. Use the show port capabilities command to determine the port_type for your hardware. The port type is defined by the number of transmit queues and the number of drop thresholds supported on the port. For example, the 1q4t port type supports one transmit queue and four drop thresholds.
q#	Variable that specifies the transmit queue number.
threshold#	Variable that specifies the drop threshold number. The higher the threshold number, the lower the chance traffic will be dropped.
cos	Keyword that specifies CoS values.
coslist	Variable that specifies a list of CoS values between 0 to 7. The higher the number the higher the priority.

Defaults

The default for CoS value-to-drop threshold mapping 1is CoS 0 to 7.

The default for CoS value-to-transmit queue mapping 1 is Cos 0 to 7, and CoS value-to-transmit queue mapping 2 is none configured.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to map CoS values 4 to 7 to the second transmit queue and the first drop threshold for that queue on a 2q1t port:

Console> (enable) set qos map 2q1t 2 1 cos 4-7

Qos tx priority queue and threshold mapped to cos successfully.

Console> (enable)

Related Commands

clear qos map
show port capabilities
show qos status

set radius deadtime

Use the set radius deadtime command to set the time to skip RADIUS servers that do not reply.

set radius deadtime minutes

Syntax Description

minutes

Variable that specifies the length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes.

Defaults

By default, the radius deadtime setting is 0 minutes.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored, because no alternate servers are available. By default, the deadtime will be 0 minutes; that is, the RADIUS servers will not be marked dead if they do not respond.

Examples

This example shows how to set the RADIUS deadtime to 10 minutes:

Console> (enable) set radius deadtime 10

Radius deadtime set to 10 minutes.

Console> (enable) 

Related Commands

show radius

set radius key

Use the set radius key command to set the encryption and authentication for all communication between the RADIUS client and the server.

set radius key {key}

Syntax Description

key	Variable that specifies the user-defined password key.

Defaults

By default, the key is set to NULL.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters, and can include any printable ASCII character except tabs.

Examples

This example shows how to set the RADIUS encryption and authentication key to Make my day:

Console> (enable) set radius key Make my day

Radius key set to Make my day.

Console> (enable)

Related Commands

show radius

set radius retransmit

Use the set radius retransmit command to specify the number of times that the switch attempts to retransmit to the RADIUS servers.

set radius retransmit count

Syntax Description

count

Variable that specifies the number of times the switch attempts to retransmit; valid values are from 1 to 100.

Defaults

By default, two retransmission attempts are made (three total attempts).

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the retransmit attempts to 3:

Console> (enable) set radius retransmit 3

Radius retransmit count set to 3.

Console> (enable) 

Related Commands

show radius

set radius server

Use the set radius server command to set the RADIUS server parameters.

set radius server ip_addr [auth-port port] [acct-port port] [primary]

Syntax Description

ip_addr	Variable that specifies the number of the IP address or IP alias in dotted quad format (a.b.c.d).
auth-port	(Optional) Keyword that specifies a destination UDP port for RADIUS authorization messages.
port	Variable that specifies the number of the destination UDP port number to which RADIUS messages are sent.
acct-port	(Optional) Keyword that specifies a destination UDP port for RADIUS accounting messages.
primary	(Optional) Keyword that specifies that this server be contacted first.

Defaults

The default auth-port is 1812.

The default acct-port is 1813.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can add up to three RADIUS servers.

The RADIUS server will not be used for authentication if the port number is set to zero (0).

Examples

This example shows how to add a primary server using the IP alias tampa.users.com:

Console> (enable) set radius server tampa.users.com

tampa.users.com added to RADIUS server table as primary server.

Console> (enable) 

Related Commands

show radius

set radius timeout

Use the set radius timeout command to set the time between retransmissions to the RADIUS server.

set radius timeout seconds

Syntax Description

seconds

Variable that specifies the number of seconds to wait for a reply; valid values are from 1 to 1000 seconds.

Defaults

By default, the timeout is 5 seconds.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the time between retransmissions to 7 seconds:

Console> (enable) set radius timeout 7 

Radius timeout set to 7 seconds.

Console> (enable) 

Related Commands

show radius

set rcp username

Use the set rcp username command to specify a username for remote copy protocol (rcp) file transfers.

set rcp username username

Syntax Description

username

Variable that specifies the user name; maximum length is 14 characters.

Defaults

There are no default settings for this command.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Username must be different from "root" and not a null string. The only case in which rcp username is not used is for the VMPS database. For that database an rcp VMPS username is used.

Examples

This example shows how to set the username for rcp:

Console> (enable) set rcp username jdoe

Console> (enable) 

set rspan

Use the set rspan command set to create remote SPAN sessions.

set rspan disable source [rspan_vlan | all]

set rpsan disable destination [mod/port | all]

set rspan source {src_mod/src_ports... | vlans... | sc0} {rspan_vlan} reflector {mod/port} [rx | tx | both] [multicast {enable | disable}] [filter vlans...] [create]

set rspan destination mod/port {rspan_vlan} [inpkts {enable | disable}]
[learning {enable | disable}] [create]

Syntax Description

disable source	Keywords that disable remote SPAN source information.
rspan_vlan	(Optional) Variable that specifies the remote SPAN VLAN.
all	(Optional) Keyword that disables all remote SPAN source or destination sessions.
disable destination	Keywords that disable remote SPAN destination information.
mod/port	(Optional) Variable that specifies the module and port.
src_mod/src_ports...	Variable that specifies the monitored ports (remote SPAN source).
vlans...	Variable that specifies the monitored VLANs (remote SPAN source).
sc0	Keyword that specifies the inband port is a valid source.
reflector	Keyword that specifies a reflector port.
rx	(Optional) Keyword that specifies that information received at the source (ingress SPAN) is monitored.
tx	(Optional) Keyword that specifies that information transmitted from the source (egress SPAN) is monitored.
both	(Optional) Keyword that specifies that information both transmitted from the source (ingress SPAN) and received (egress SPAN) at the source are monitored.
multicast enable	(Optional) Keywords that enable monitoring multicast traffic (egress traffic only).
multicast disable	(Optional) Keywords that disable monitoring multicast traffic (egress traffic only).
filter vlans	(Optional) Keyword and variable that specify traffic monitoring on certain VLANs on source trunk ports.
create	(Optional) Keyword that creates a new remote SPAN session instead of overwriting the previous SPAN session.
inpkts enable	(Optional) Keywords that allow the remote SPAN destination port to receive normal ingress traffic (from the network to the bus) while forwarding the remote SPAN traffic.
inpkts disable	(Optional) Keywords that disable the receiving of normal inbound traffic on the remote SPAN destination port.
learning enable	(Optional) Keywords that enable learning for the remote SPAN destination port.
learning disable	(Optional) Keywords that disable learning for the remote SPAN destination port.

Defaults

The defaults are as follows:

•Remote SPAN is disabled.

•There is no VLAN filtering.

•Monitoring multicast traffic is enabled.

•Learning is enabled.

•inpkts is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The rspan_vlan variable is optional in the set rspan disable source command and required in the set rspan source and set rspan destination command set.

When SPAN is enabled, system defaults are used (if no parameters are set). If you set parameters, the parameters you set are stored in NVRAM, and are used.

Use a network analyzer to monitor ports.

Use the inpkts keyword with the enable option to allow the remote SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the remote SPAN source. Use the disable option to prevent the remote SPAN destination port from receiving normal incoming traffic.

You can specify an MSM port as the remote SPAN source port. However, you cannot specify an MSM port as the remote SPAN destination port.

When you enable the inpkts option, a warning message notifies you that the destination port does not join STP and may cause loops if this option is enabled.

If you do not use the keyword create and you have only one session, the session will be overwritten. If a matching rspan_vlan or destination port exists, the particular session will be overwritten (regardless of whether the keyword create is used). If you use the keyword create and there is no matching rspan_vlan or destination port, the session will be created.

Each switch can source only one remote SPAN session (ingress, egress, or both). When you configure a remote ingress or bidirectional SPAN session in a source switch, the limit for local ingress or bidirectional SPAN session is reduced to one. There are no limits on the number of remote SPAN sessions carried across the network within the remote SPAN session limits.

You can configure any VLAN as a remote SPAN VLAN as long as these conditions are met:

•The same remote SPAN VLAN is used for a remote SPAN session in the switches.

•All the participating switches have appropriate hardware and software.

•No unwanted access port is configured in the remote SPAN VLAN.

Examples

This example shows how to disable all enabled source sessions:

Console> (enable) set rspan disable source all

This command will disable all remote span source session(s).

Do you want to continue (y/n) [n]? y

Disabled monitoring of all source(s) on the switch for remote span.

Console> (enable) 

This example shows how to disable one source session to a specific VLAN:

Console> (enable) set rspan disable source 903

Disabled monitoring of all source(s) on the switch for rspan_vlan 903.

Console> (enable) 

This example shows how to disable all enabled destination sessions:

Console> (enable) set rspan disable destination all

This command will disable all remote span destination session(s).

Do you want to continue (y/n) [n]? y

Disabled monitoring of remote span traffic on ports 9/1,9/2,9/3,9/4,9/5,9/6.

Console> (enable) 

This example shows how to disable one destination session to a specific port:

Console> (enable) set rspan disable destination 4/1

Disabled monitoring of remote span traffic on port 4/1.

Console> (enable) 

Related Commands

show rspan

set snmp

Use the set snmp command to control the SNMP Access to the switch.

set snmp {enable | disable}

Syntax Description

enable	Keyword that causes the switch to respond to SNMP inquiries, provided that no conflicts exist with other SNMP configurations.
disable	Keyword that causes the switch to ignore SNMP inquiries, regardless of the other SNMP configurations.

Defaults

By default, the enable keyword is enabled.

Command Types

SNMP command.

Command Modes

Privileged.

Usage Guidelines

The disable keyword will not block SNMP traps; users can still change other SNMP configurations and the RMON related processes are unaffected.

The SNMP ifIndex persistence feature is always enabled. With the ifIndex persistence feature, the ifIndex value of the port and VLAN is always retained and used after the following occurrences:

• Switch reboot

• High-availability switchover

• Software upgrade

• Module reset

• Module removal and insertion of the same type of module

For Fast EtherChannel and Gigabit EtherChannel interfaces, the ifIndex value is only retained and used after a high-availability switchover.

Examples

This example shows how to disable SNMP access:

Console> (enable) set snmp disable

SNMP Access disabled

Console> (enable) 

Related Commands

show snmp

set snmp access

Use the set snmp access command to define the access rights of an SNMP group with a specific security model at different security levels.

set snmp access [-hex] groupname {security-model v1 | v2c} [read [-hex] readview]
[write [-hex] writeview] [notify [-hex] notifyview] [volatile | nonvolatile]

set snmp access [-hex] groupname {security-model v3} {noauthentication | authentication
| privacy} [read [-hex] readview] [write [-hex] writeview] [notify [-hex] notifyview]
[context [-hex] contextname] [exact | prefix] [volatile | nonvolatile]

Syntax Description

-hex	(Optional) Keyword that displays the groupname, readview, writeview, and notifyview in hexadecimal format.
groupname	Variable that specifies the name of the SNMP group.
security-model v1| v2c	Keywords that specify security model v1 or v2c.
read readview	(Optional) Keyword and variable that specify the name of the view that allows you to see MIB objects.
write writeview	(Optional) Keyword and variable that specify the name of the view that allows you to configure the contents of an agent.
notify notifyview	(Optional) Keyword and variable that specify the name of the view that allows you to send a trap for MIB objects.
v3	Keyword that specifies security model v3.
context contextname	(Optional) Keyword and variable that specify the name of the context string and the way to match the context string; maximum of 32 characters.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and the content remains after the device is power cycled.
noauthentication	Keyword that specifies that the security model is not set to use the authentication protocol.
authentication	Keyword that specifies the type of authentication protocol.
privacy	Keyword that specifies the messages sent on behalf of the user are protected from disclosure.

Defaults

The defaults are as follows:

•storage type is nonvolatile.

•read readview is Internet OID space.

•write writeview is NULL OID.

•notify notifyview is NULL OID.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for groupname, readview, writeview, and notifyview, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

readview is assumed to be every object belonging to the Internet (1.3.6.1) OID space; you can use the read option to override this state.

For writeview, you must also configure write access.

For notifyview, if a view is specified, any notifications in that view are sent to all users associated with the group (an SNMP server host configuration must exist for the user).

For contextname, the string is treated as either a full context name or the prefix of a context name, depending on whether you use the exact or prefix keyword. If you use the prefix keyword, a simple form of wildcarding is used. For example, if you enter a contextname of vlan, vlan-1 and vlan-100 are selected. If you do not specify a contextname, a NULL context string is used.

Examples

This example shows how to set the SNMP access rights for a group:

Console> (enable) set snmp access cisco-group security-model v3 authentication

SNMP access group was set to cisco-group version v3 level authentication, readview 
internet, nonvolatile.

Console> (enable) 

Related Commands

clear snmp access
show snmp access
show snmp context

set snmp community

Use the set snmp community command to set SNMP communities and associated access types.

set snmp community {read-only | read-write | read-write-all} [community_string]

Syntax Description

read-only	Keyword that assigns read-only access to the specified SNMP community.
read-write	Keyword that assigns read-write access to the specified SNMP community.
read-write-all	Keyword that assigns read-write-all access to the specified SNMP community.
community_string	(Optional) Variable that specifies the name of the SNMP community.

Defaults

The default configuration has the following communities and access types defined:

•public—read-only

•private—read-write

•secret—read-write-all

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared.

Examples

This example shows how to set read-write access to the SNMP community called yappledapple:

Console> (enable) set snmp community read-write yappledapple

SNMP read-write community string set.

Console> (enable)

This example shows how to clear the community string defined for read-only access:

Console> (enable) set snmp community read-only

SNMP read-only community string cleared.

Console> (enable)

Related Commands

show snmp

set snmp extendedrmon netflow

Use the set snmp extendedrmon netflow command to enable or disable the SNMP extended Remote Monitoring (RMON) NetFlow support for the Network Analysis Module (NAM).

set snmp extendedrmon netflow {enable | disable} {mod}

Syntax Description

enable	Keyword that enables the extended RMON support.
disable	Keyword that disables the extended RMON support.
mod	Variable that specifies the module number of the extended RMON NAM.

Defaults

By default, SNMP extended RMON NetFlow support is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to enable SNMP-extended RMON NetFlow support:

Console> (enable) set snmp extendedrmon netflow enable 2

Snmp extended RMON netflow enabled

Console> (enable) 

This example shows how to disable SNMP-extended RMON NetFlow support:

Console> (enable) set snmp extendedrmon netflow disable 2

Snmp extended RMON netflow disabled

Console> (enable) 

This example shows the response when the SNMP-extended RMON NetFlow feature is not supported:

Console> (enable) set snmp extendedrmon enable 4 

NAM card is not installed. 
Console> (enable) 

Related Commands

set snmp rmon
show snmp

set snmp group

Use the set snmp group command to establish a relationship between an SNMP group and a user with a specific security model.

set snmp group [-hex] {groupname} user [-hex] {username} {security-model {v1 | v2c |
v3}} [volatile | nonvolatile]

Syntax Description

-hex	Keyword that displays the groupname and username in hexadecimal format.
groupname	Variable that specifies the name of the SNMP group that defines an access control. The maximum length is 32 bytes.
user	Keyword that specifies the SNMP group username.
username	Variable that specifies the name of the SNMP user that belongs to the SNMP group. The maximum length is 32 bytes.
security-model v1 | v2c | v3	Keywords that specify security model v1, v2c, or v3.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and that the content is deleted if the device is powered off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and that the content remains after the device is powered off and on again.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for groupname or username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to establish a security model v3 relationship between the SNMP group named cisco-group and a user named joe:

Console> (enable) set snmp group cisco-group user joe security-model v3

SNMP group was set to cisco-group user joe and version v3,nonvolatile.

Console> (enable)

Related Commands

clear snmp group
show snmp group

set snmp notify

Use the set snmp notify command to set the notifyname in the snmpNotifyTable and set the notifytag in the snmpTargetAddrTable.

set snmp notify [-hex] {notifyname} tag [-hex] {notifytag} [trap | inform] [volatile |
nonvolatile]

Syntax Description

-hex	(Optional) Keyword that displays notifyname and notifytag in hexadecimal format.
notifyname	Variable that specifies a unique identifier to index the snmpNotifyTable.
tag	Keyword that specifies the tag name in the taglist.
notifytag	Variable that specifies selected entries in the snmpTargetAddrTable.
trap	(Optional) Keyword that specifies all messages that contain snmpv2-Trap PDUs.
inform	(Optional) Keyword that specifies all messages that contain InfoRequest PDUs.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and that the content remains after the device is power cycled.

Defaults

The defaults are as follows:

•Storage type is volatile.

•Notify type is trap.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for the notifyname and notifytag, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set the SNMP notify for the notifyname hello and the notifytag world:

Console> (enable) set snmp notify hello tag world inform

SNMP notify name was set to hello with tag world notifyType inform, and storageType 
nonvolatile.

Console> (enable)

Related Commands

clear snmp notify
show snmp notify

set snmp rmon

Use the set snmp rmon command to enable or disable SNMP RMON support.

set snmp rmon {enable | disable}

Syntax Description

enable	Keyword that specifies to activate SNMP RMON support.
disable	Keyword that specifies to deactivate SNMP RMON support.

Defaults

By default, RMON support is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

RMON statistics are collected on a segment basis instead of a repeater-port basis for the Catalyst 4000 family group Ethernet modules.

The RMON feature uninstalls the domains for all of the interfaces on an Ethernet module that has been deleted from the system.

RMON is supported on Ethernet, Fast Ethernet, Gigabit Ethernet, and Token Ring switch ports.

When RMON is enabled, the supported RMON groups for Ethernet ports are Statistics, History, Alarms, and Events, as specified in RFC 1757.

When RMON is enabled, the supported RMON groups for Token Ring ports are Mac-Layer Statistics, Promiscuous Statistics, Mac-Layer History, Promiscuous History, Ring Station Order Table, Alarms, and Events, as specified in RFC 1513 and RFC 1757.

Use of this command requires a separate software license.

Examples

This example shows how to enable RMON support:

Console> (enable) set snmp rmon enable

SNMP RMON support enabled.

Console> (enable)

This example shows how to disable RMON support:

Console> (enable) set snmp rmon disable

SNMP RMON support disabled.

Console> (enable)

Related Commands

show snmp

set snmp rmonmemory

Use the set snmp rmonmemory command to set the memory usage limit as a percentage.

set snmp rmonmemory percentage

Syntax Description

percentage

Variable that specifies the memory usage limit; see "Usage Guidelines" for more information.

Defaults

By default, the memory usage limit is 85 percent.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you use this command, setting the percentage value to 85 does not mean that RMON can use 85 percent of memory. Rather it means that you cannot create new RMON entries or restore entries from the NVRAM if memory usage exceeds 85 percent.

If you expect the device to run other sessions such as Telnet, set the memory limit at a lower value, otherwise the new Telnet sessions may fail because the amount of available memory is insufficient.

Examples

This example shows how to set the memory usage limit to 90%:

Console> (enable) set snmp rmonmemory 90

Console> (enable) 

Related Commands

clear snmp notify set snmp notify

set snmp targetaddr

Use the set snmp targetaddr command to configure SNMP target address entries in the snmpTargetAddressTable.

set snmp targetaddr [-hex] {addrname} param [-hex] {paramsname}{ip_addr} [udpport
{port}] [timeout {value}] [retries {value}] [volatile | nonvolatile] [taglist {[-hex] tag}]
[[-hex] tag]

Syntax Description

-hex	(Optional) Keyword that displays addrname, paramsname, and tag in hexadecimal format.
addrname	Variable that specifies an arbitrary but unique name of the target agent; the maximum length is 32 bytes.
param	Keyword that specifies an entry in the snmpTargetParamsTable, which provides parameters to be used when generating a message to the target; the maximum length is 32 bytes.
paramsname	Variable that specifies the entry in the snmpTargetParamsTable; the maximum length is 32 bytes.
ip_addr	Variable that specifies the IP address of the target.
udpport port	(Optional) Keyword and variable that specify which UDP port of the target host to use.
timeout value	(Optional) Keyword and variable that specify the number of timeouts.
retries value	(Optional) Keyword and variable that specify the number of retries.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and that the content remains after the device is power cycled.
taglist tag	(Optional) Keyword and variables that specify a tag names in the taglist. The maximum length for tag is 255 bytes.
tag	(Optional) Keyword that specifies the tag name.

Defaults

The defaults are as follows:

•Storage type is nonvolatile.

•udpport is 162.

•timeout is 1500.

•retries is 3.

•taglist is NULL.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for the addrname, paramsname, tag, and tagvalue, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set the target address in the snmpTargetAddressTable:

Console> (enable) set snmp targetaddr foo param bar 10.1.2.4 udpport 160 timeout 10 
retries 3 taglist tag1 tag2 tag3

SNMP targetaddr name was set to foo with param bar ipAddr 10.1.2.4, udpport 160, timeout 
10, retries 3, storageType nonvolatile with taglist tag1 tag2 tag3.

Console> (enable)

Related Commands

clear snmp targetaddr
set snmp notify
clear snmp notify

set snmp targetparams

Use the set snmp targetparams command to configure the SNMP parameters used in the snmpTargetParamsTable when generating a message to a target.

set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model
{v1 | v2c}} {message-processing {v1 | v2c | v3}} [volatile | nonvolatile]

set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model v3}
{message-processing v3 {noauthentication | authentication | privacy}} [volatile |
nonvolatile]

Syntax Description

-hex	Keyword that displays the paramsname and username in hexadecimal format.
paramsname	Variable that specifies a unique identifier used to index the snmpTargetParamsTable; the maximum length is 32 bytes.
user	Keyword that specifies the SNMP group user name.
username	Variable that specifies the name of the SNMP user that belongs to the SNMP group; the maximum length is 32 bytes.
security-model v1 | v2c	Keywords that specify security model v1 or v2c.
message-processing v1 | v2c | v3	Keywords that specify the version number used by the message processing model.
security-model v3	Keywords that specify security model v3.
message-processing v3	Keywords that specify version 3 is used by the message- processing model.
noauthentication	Keyword that specifies security model is not set to use authentication protocol.
authentication	Keyword that specifies the type of authentication protocol.
privacy	Keyword that specifies the messages sent on behalf of the user are protected from disclosure.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and that the content remains after the device is power cycled.

Defaults

By default, the storage type is set to volatile.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for the paramsname and username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set target parameters in the snmpTargetParamsTable:

Console> (enable) set snmp targetparams bar user joe security-model v3 message-processing 
v3 authentication

SNMP target params was set to bar v3 authentication, message-processing v3, user joe 
nonvolatile.

Console> (enable)

Related Commands

clear snmp targetparams
show snmp targetparams

set snmp trap

Use the set snmp trap command to enable or disable the different SNMP traps on the system or to add an entry into the SNMP authentication trap receiver table.

set snmp trap {enable | disable} [all | module | chassis | bridge | auth | vtp |
ippermit | vmps | config | entity | stpx | syslog | system | envfan |
envpower |macnotification | entityfru]

set snmp trap rcvr_addr rcvr_community [port rcvr_port] [owner rcvr_owner] [index rcvr_index]

Syntax Description

enable	Keyword that specifies to activate SNMP traps.
disable	Keyword that specifies to deactivate SNMP traps.
all	(Optional) Keyword that specifies all trap types.
module	(Optional) Keyword that specifies the moduleUp and moduleDown traps from the CISCO-STACK-MIB.
chassis	(Optional) Keyword that specifies the ciscoSyslogMIB trap from the CISCO-SYSLOG-MIB.
bridge	(Optional) Keyword that specifies the newRoot and topologyChange traps from RFC 1493 (the BRIDGE-MIB).
auth	(Optional) Keyword that specifies the authenticationFailure trap from RFC 1157.
vtp	(Optional) Keyword that specifies the VTP from the CISCO-VTP-MIB.
ippermit	(Optional) Keyword that specifies the IP Permit Denied access from the CISCO-STACK-MIB.
vmps	(Optional) Keyword that specifies the vmVmpsChange trap from the CISCO-VLAN-MEMBERSHIP-MIB.
config	(Optional) Keyword that specifies the sysConfigChange trap from the CISCO-STACK-MIB.
entity	(Optional) Keyword that specifies the entityMIB trap from the ENTITY-MIB.
stpx	(Optional) Keyword that specifies the STPX trap.
syslog	(Optional) Keyword that specifies the system log.
system	(Optional) Keyword that specifies the system.
envfan	(Optional) Keyword that specifies the environmental fan.
envpower	(Optional) Keyword that specifies environmental power.
macnotification	(Optional) Keyword that specifies mac address notification.
entityfru	(Optional) Keyword that specifies the entity field replaceable unit (FRU)
rcvr_addr	Variable that specifies the IP address or IP alias of the system to receive SNMP traps.
rcvr_community	Variable that specifies the community string to use when sending authentication traps.
port rcvr_port	(Optional) Keyword and variable that specify the UDP port and port number. The value for rcvr_port can be from 0 to 65,535.
owner rcvr_owner	(Optional) Keyword and variable that identify the user who configured the settings for snmp trap. The rcvr_owner can be from 1 to 21 characters in length.
index rcvr_index	(Optional) Keyword and variable that identify this entry. The rcvr_index is a value from 1 to 65,535.

Defaults

By default, SNMP traps are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

An IP permit trap is sent when unauthorized access based on the IP permit list is attempted.

Use the show snmp command to verify that the appropriate traps were configured.

Examples

This example shows how to enable SNMP chassis traps:

Console> (enable) set snmp trap enable chassis

SNMP chassis alarm traps enabled.

Console> (enable) 

This example shows how to enable all traps:

Console> (enable) set snmp trap enable

All SNMP traps enabled.

Console> (enable) 

This example shows how to disable SNMP chassis traps:

Console> (enable) set snmp trap disable chassis

SNMP chassis alarm traps disabled.

Console> (enable) 

This example shows how to add an entry in the SNMP trap receiver table:

Console> (enable) set snmp trap 192.122.173.42 public

SNMP trap receiver added.

Console> (enable) 

This example shows how to enable SNMP system traps:

Console> (enable) set snmp trap enable system

SNMP SYSTEM traps enabled.

Console> (enable)

This example shows how to enable SNMP environmental shutdown traps:

Console> (enable) set snmp trap enable envshutdown

SNMP EnvMon shutdown trap enabled.

SNMP EnvMon fan trap enabled.

Console> (enable)

This example shows how to enable SNMP environmental fan traps:

Console> (enable) set snmp trap enable envfan

SNMP EnvMon fan trap enabled.

Console> (enable)

This example shows how to enable SNMP environmental power traps:

Console> (enable) set snmp trap enable envpower

SNMP EnvMon power supply trap enabled.

Console> (enable)

This example shows how to enable SNMP MAC address notification traps:

Console> (enable) set snmp trap enable macnotification

SNMP MAC notification trap enabled.

Console> (enable)

This example shows how to enable SNMP entity FRU traps:

Console> (enable) set snmp trap enable entityfru

SNMP Entity FRU Control trap enabled.

Console> (enable)

Related Commands

clear ip permit
set ip permit
show ip permit
show port counters
show snmp

set snmp user

Use the set snmp user command to configure a new SNMP user.

set snmp user [-hex] {username} {remote {engineid}} [authentication {md5 | sha |
authpassword}] [privacy {privpassword}] [volatile | nonvolatile]

Syntax Description

-hex	(Optional) Keyword that displays username in hexadecimal format.
username	Variable that specifies the name of the SNMP user.
remote engineid	Keyword and variable that specify the remote SNMP engine ID.
authentication	(Optional) Keyword that specifies the authentication protocol.
md5	Keyword that specifies HMAC-MD5-96 authentication protocol.
sha	Keyword that specifies HMAC-SHA-96 authentication protocol.
authpassword	Keyword that specifies a password for authentication.
privacy privpassword	(Optional) Keyword and variable that enable the host to encrypt the contents of the message sent to or from the agent; the maximum length is 32 bytes, password for privacy.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and the content is deleted if the device is powered off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and the content remains after the device is power cycled.

Defaults

By default, the storage type is set to volatile.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

authpassword and privpassword must be hexadecimal characters without delimiters in between.

If authentication is not specified, the security level default will be noauthentication. If privacy is not specified, the default will be no privacy.

Examples

This example shows how to set a specific user name:

Console> (enable) set snmp user joe

Snmp user was set to joe authProt no-auth  privProt no-priv with engineid 00:00.

Console> (enable)

This example shows how to set a specific user name, authentication, and authpassword:

Console> (enable) set snmp user John authentication md5 arizona2

Snmp user was set to John authProt md5 authPasswd arizona2. privProt no-priv wi.

Console> (enable)

Related Commands

clear snmp user
show snmp user

set snmp view

Use the set snmp view command to configure the SNMP MIB view.

set snmp view [-hex] {viewname} {subtree} [mask] [included | excluded] [volatile |
nonvolatile]

Syntax Description

-hex	(Optional) Keyword that displays the viewname in hexadecimal format.
viewname	Variable that specifies the name of a MIB view.
subtree	Variable that specifies the MIB subtree.
mask	(Optional) Keyword that specifies that the bit mask is used with the subtree. A bit mask can be all one's, all zero's or any combination; the maximum length is 3 bytes.
included | excluded	(Optional) Keywords that specify that the MIB subtree is included or excluded.
volatile	(Optional) Keyword that specifies that the storage type is defined as temporary memory and the content is deleted if the device is turned off.
nonvolatile	(Optional) Keyword that specifies that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.

Defaults

The defaults are as follows:

•Storage type is volatile.

•Bit mask is NULL.

•MIB subtree is included.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for viewname, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

A MOB subtree with a mask defines a view subtree. The MIB subtree can be in OID format or a text name mapped to a valid OID.

Examples

This example shows how to assign a subtree to the view public:

Console> (enable) set snmp view public 1.3.6.1 included

Snmp view name was set to public with subtree 1.3.6.1 included, nonvolatile.

Control> (enable)

This example shows the response when the subtree is incorrect:

Console> (enable) set snmp view stats statistics excluded

Statistics is not a valid subtree OID

Control> (enable)

Related Commands

clear snmp view
show snmp view

set span

Use the set span command to enable or disable SPAN and to set up the switch port and VLAN analyzer for multiple SPAN sessions.

set span disable [dest_mod/dest_port | all]

set span {src_mod/src_ports... | src_vlan...} {dest_mod/dest_port} [rx | tx | both]
[filter {vlan}][inpkts {enable | disable}] [learning {enable | disable}] [create]

Syntax Description

disable	Keyword that disables SPAN.
dest_mod	(Optional) Variable that specifies the monitoring module (SPAN destination).
dest_port	(Optional) Variable that specifies the monitoring port (SPAN destination).
all	(Optional) Keyword that disables the spanning for all VLANs.
src_mod	Variable that specifies the monitored module (SPAN source).
src_ports...	Variable that specifies the monitored ports (SPAN source).
src_vlan...	Variable that specifies the monitored VLAN (SPAN source).
rx	(Optional) Keyword that specifies that information received at the source is monitored.
tx	(Optional) Keyword that specifies that information transmitted from the source is monitored.
both	(Optional) Keyword that specifies that information both transmitted from the source and received at the source is monitored.
filter	(Optional) Keyword that specifies that VLANs are filtered.
vlan	Variable that specifies the number of the VLAN.
inpkts enable	(Optional) Keywords that specify to enable the receiving of normal inbound traffic on the SPAN destination port.
inpkts disable	(Optional) Keywords that disable the receiving of normal inbound traffic on the SPAN destination port.
learning enable	(Optional) Keywords that specify to learn the packet's source address.
learning disable	(Optional) Keywords that specify to not learn the packet's source address.
create	(Optional) Keyword that creates a new SPAN session.

Defaults

By default, SPAN is disabled and learning is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

After you install an Access Gateway module on your switch, you cannot configure the internal
Gigabit Ethernet port as a SPAN destination port.

You can configure multiple SPAN sessions to run at the same time. One ingress SPAN session (RX or Both direction) and four egress SPAN sessions (TX direction only) can be configured.

A trunk port can be configured as a source or destination port. If the destination port is a trunk port, the outgoing packets through the SPAN port will carry ISL or 802.1Q VLAN headers.

If SPAN is enabled, and you change the VLAN configuration of the SPAN port (destination), you must disable SPAN before the new configuration will be in effect. If SPAN is enabled, and you disable a source or destination port, the SPAN function will not work until you enable SPAN on both ports.

You can configure a disabled port to be a source or destination port, but SPAN will not work until you enable SPAN on both ports. If SPAN is enabled for monitoring a particular VLAN, the number of ports being monitored changes when you move a switched port into or out of the specified monitored VLAN.

FDDI port can also be a source port.

Source and destination ports cannot be the same port.

After SPAN is enabled, if no parameters were ever set, the first configured SPAN is used as a reference.

You can configure additional SPAN ports which monitor VLANs only. These ports support a source of one or more VLANs and require the destination port to be a trunk-capable port. This port will filter all traffic except traffic from the configured VLAN for that port.

For monitoring inbound traffic, only one ingress session (or both directions) SPAN is allowed regardless of the port-based SPAN. An egress SPAN can coexist with other SPAN sessions.

Use either a dedicated RMON probe or a network analyzer to monitor ports.

Use the inpkts keyword with the enable option to allow the SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the SPAN source. Use the disable option to prevent the SPAN destination port from receiving normal incoming traffic.

The keyword learning is dependent on the inpkts option. If the inpkts option is disabled, learning will not take effect. The inpkts option must be set to enable to use learning.

When learning is enabled, the dont_learn control bit is disabled, allowing the system to learn a packet's source address. With learning disabled, the packet is forwarded to its destination as usual.

If you are configuring the Gigabit EtherChannel switching module VLAN, only the both argument is allowed, you cannot specify tx or rx.

You cannot disable multicast on SPAN ports.

If you are running a supervisor engine software release prior to release 4.5(1), we recommend that you configure only a single source port to be monitored. With the supervisor engine software release 4.5(1) and later, a single source port will be the standard Token Ring SPAN configuration.

You cannot monitor a VLAN to which none of the ports belong.

If you specify a set of VLANs with the filter option, the traffic spanned by the session is limited to the VLANs specified. Use this option to select a subset of the VLANs carried by a trunk in PSPAN sessions. VLAN filtering is not available for VSPAN sessions.

Examples

This example shows how to configure SPAN so that both the transmit traffic and receive traffic on the source port (1/1) is mirrored to the destination port (2/1), and how to verify SPAN configuration:

Console> (enable) set span 1/1 2/1

Enabled monitoring of Port 1/1 transmit/receive traffic by Port 2/1

Console> (enable) show span

Status          : enabled

Admin Source    : Port 1/1

Oper Source     : Port 1/1

Destination     : Port 2/1

Direction       : transmit/receive

Incoming Packets: disabled

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/1 as the SPAN destination:

Console> (enable) set span 522 2/1

Enabled monitoring of VLAN 522 transmit/receive traffic by Port 2/1

Console> (enable) show span

Status          : enabled

Admin Source    : VLAN 522

Oper Source     : Port 3/1-2

Destination     : Port 2/1

Direction       : transmit/receive

Incoming Packets: disabled

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/12 as the SPAN destination:

Console> (enable) set span 522 2/12 tx inpkts enable

SPAN destination port incoming packets enabled.

Enabled monitoring of VLAN 522 transmit traffic by Port 2/12

Console> (enable) show span

Status          : enabled

Admin Source    : VLAN 522

Oper Source     : Port 2/1-2

Destination     : Port 2/12

Direction       : transmit

Incoming Packets: enabled

Console> (enable)

This example shows how to enable learning on the SPAN source and port 1/1:

Console> (enable) set span 522 1/1 learning enable 

Overwrote Port 1/1 to monitor transmit/receive traffic of VLAN 522

Incoming Packets disabled. Learning enabled. Multicast enabled.

Console> (enable)

This example shows how to disable learning on the SPAN source and port 1/1:

Console> (enable) set span 522 1/1 learning disable

Overwrote Port 1/1 to monitor transmit/receive traffic of VLAN 522

Incoming Packets disabled. Learning disabled. Multicast enabled.

Console> (enable) 

Related Commands

clear config—switch
show span

set spantree backbonefast

Use the set spantree backbonefast command to enable or disable the spanning tree Backbone Fast Convergence feature.

set spantree backbonefast {enable | disable}

Syntax Description

enable	Keyword that enables Backbone Fast Convergence.
disable	Keyword that disables Backbone Fast Convergence.

Defaults

By default, Backbone Fast Convergence is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is not available in MST mode.

For BackboneFast Convergence to work, you must enable it on all switches in the network.

When you try to enable BackboneFast and the switch is in MISTP or MISTP-PVST+ mode, this message is displayed:

Cannot enable backbonefast when the spantree mode is MISTP-PVST+.

Examples

This example shows how to enable Backbone Fast Convergence:

Console> (enable) set spantree backbonefast enable

Backbonefast enabled for all VLANs.

Console> (enable) 

Related Commands

show spantree

set spantree bpdu-filter

Use the set spantree bpdu-filter command to enable or disable BPDU packet filtering on a port.

set spantree bpdu-filter mod/port {enable | disable | default}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
enable	Keyword that enables BPDU packet filtering.
disable	Keyword that disables BPDU packet filtering.
default	Keyword that sets BPDU packet filtering to the global BPDU packet filtering state. See the "Usage Guidelines" section for more information.

Defaults

By default, the keyword default is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

BPDU packet filtering disables BPDU transmission on the specified ports.

If you use the default keyword, the spanning tree port is set to the global BPDU filtering state.

To enable or disable BPDU filtering for all ports on the switch, enter the set spantree global-default bpdu-filter command.

Examples

This example shows how to enable BPDU filtering on module 3, port 4:

Console> (enable) set spantree bpdu-filter 3/4 enable

Warning: Ports enabled with bpdu filter will not send BPDUs and drop all

received BPDUs. You may cause loops in the bridged network if you misuse

this feature.

Spantree port 3/4 bpdu filter enabled.

Console> (enable)

Related Commands

set spantree global-default
show spantree portfast

set spantree bpdu-guard

Use the set spantree bpdu-guard command to enable or disable spanning tree BPDU guard on a port.

set spantree bpdu-guard mod/port {enable | disable | default}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
enable	Keyword that enables the spanning tree BPDU guard.
disable	Keyword that disables the spanning tree BPDU guard.
default	Keyword that sets spanning tree BPDU guard to the global BPDU guard state. See "Usage Guidelines" for more information.

Defaults

By default, the default keyword is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Before you enable BPDU guard, you must enable PortFast mode to ensure that BPDU guard works correctly.

When you enable BPDU guard, a port is moved into an errdisable state when it receives a BPDU. When you disable a BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives BPDUs, which may cause spanning tree loops.

If you enter the default keyword, the spanning tree port is set to the BPDU guard state globally.

To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default bpdu-guard command.

Examples

This example shows how to enable BPDU guard on module 3, port 1:

Console> (enable) set spantree bpdu-guard 3/1 enable

Spantree port 3/1 bpdu guard enabled.

Console> (enable)

Related Commands

set spantree global-default
show spantree portfast

set spantree bpdu-skewing

Use the set spantree bpdu-skewing command to enable or disable collection of the spanning tree BPDU skewing detection statistics.

set spantree bpdu-skewing {enable | disable}

Syntax Description

enable	Keyword that enables the collection of BPDU skewing detection statistics.
disable	Keyword that disables the collection of BPDU skewing detection statistics.

Defaults

By default, spanning tree BPDU skewing detection is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When network convergence is slow due to skewing, you can use this command to help troubleshoot. Skewing occurs when spanning tree timers lapse, and expected BPDUs are not received and spanning tree detects topology changes. The difference between the expected result and those actually received is a "skew." The skew causes BPDUs to be reflooded onto the network to keep the spanning tree topology database up to date.

Examples

This example shows how to enable the BPDU skew detection feature:

Console> (enable) set spantree bpdu-skewing enable

Spantree bpdu-skewing enabled on this switch. 

Console> (enable) 

This example shows how to disable the BPDU skew detection feature:

Console> (enable) set spantree bpdu-skew disable

Spantree bpdu-skewing disabled on this switch. 

Console> (enable) 

Related Commands

show spantree bpdu-skewing

set spantree channelcost

Use the set spantree channelcost command to set the channel path cost and adjust the port costs of the ports in the channel automatically.

set spantree channelcost {channel_id | all} [cost]

Syntax Description

channel_id	Variable that specifies the channel identification number.
all	Keyword that configures all channels.
cost	(Optional) Variable that specifies the port costs of the ports in the channel.

Defaults

The port cost is updated automatically based on the current port costs of the channeling ports.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can use this command when your system is in LACP channel mode or PAgP channel mode.

Examples

This example shows how to set the channel 768 path cost to 12.

Console> (enable) set spantree channelcost 768 12

Port(s) 1/1-2 port path cost are updated to 19.

Channel 768 cost is set to 12.

Warning: channel cost may not be applicable if channel is broken.

Console> (enable)

This example shows how to set all channel path costs to 15:

Console> (enable) set spantree channelcost all 15

Port(s) 1/1-2 port path cost are updated to 24.

Channel 768 cost is set to 15.

Port(s) 4/3-4 cost is set to 15.

channel 769 cost is set to 15.

Port(s) 4/7-8 cost is set to 15.

channel 770 cost is set to 15.

Warning: channel cost may not be applicable if channel is broken.

Console> (enable)

Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel

set spantree channelvlancost

Use the set spantree channelvlancost command to set the channel VLAN path cost and adjust the port VLAN costs of the ports that belong to the channel.

set spantree channelvlancost channel_id cost

Syntax Description

channel_id	Variable that specifies the channel identification number.
cost	Variable that specifies the port costs of the ports in the channel.

Defaults

The command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must set the channel VLAN cost one channel at a time.

You can use this command when your system is in LACP channel mode or PAgP channel mode.

Examples

This example shows how to set the VLAN cost to 10 for channel 768:

Console> (enable) set spantree channelvlancost 768 10

Port(s) 1/1-2 vlan cost are updated to 24.

Channel 768 vlancost is set to 10.

Console> (enable)

Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
show lacp-channel
show port lacp-channel

set spantree defaultcostmode

Use the set spantree defaultcostmode command to specify the spanning tree default port cost mode.

set spantree defaultcostmode {short | long}

Syntax Description

short	Keyword that sets the default port cost for port speeds slower than 10 gigabits.
long	Keyword that sets the default port cost mode port speeds of 10 gigabits and faster.

Defaults

By default, the spanning tree default port cost mode is short.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The set spantree defaultcostmode long command is available in PVST+ mode only. If you enter this command in MISTP or MISTP-PVST+ mode, this message is displayed:

In MISTP or MISTP-PVST+ mode, default portcost and portinstancecost always

use long format default values.

All switches in a network must have the same default. If any switch in the network supports port speeds of 10 gigabits and greater, the default cost mode must be set to long on all the switches in the network.

For port speeds of 1 gigabit and greater, the default port cost should be set to long. For port speeds of less than 10 gigabits, the default port cost can be set to short.

The default path cost is based on port speed; see Table 2-9 and Table 2-10 for default settings.

Table 2-9 Default Port Cost—Short Mode 

Port Speed	Default Port Cost
4 MB	250
01 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

Table 2-10 Default Port Cost—Long Mode

Port Speed	Default Port Cost
100 Kb	200,000,000
1 Mb	20,000,000
10 Mb	2,000,000
100 Mb	200,000
1 Gb	20,000
10 Gb	2,000
100 Gb	200
1 Tb	20
10 Tb	2

Examples

This example shows how to set the spanning tree default port cost mode to long:

Console> (enable) set spantree defaultcostmode long

Portcost and portvlancost set to use long format default values.

Console> (enable) 

Related Commands

show spantree defaultcostmode

set spantree disable

Use the set spantree disable command set to disable the spanning tree algorithm for all VLANs or a specific VLAN or disable spanning tree instances.

set spantree disable vlan

set spantree disable all

set spantree disable mistp-instance instance

set spantree disable mistp-instance all

Syntax Description

vlan	Variable that specifies the number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
all	Keyword that specifies all VLANs.
mistp-instance instance	Keyword and variable that specify the instance number; valid values are from 1 to 16.
mistp-instance all	Keywords that delete all instances.

Defaults

By default, the spanning tree is enabled and all instances are enabled (flooding is disabled).

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

When an instance is enabled, the Spanning Tree Protocol starts running on that instance.

When an instance is disabled, the switch stops sending out config TLVs for that instance and starts flooding incoming TLVs for the same instance (but checks the VLAN mapping on the incoming side). All the traffic running on the VLANs mapped to the instance is flooded as well.

This command is not available in MST mode.

Examples

This example shows how to disable the spanning tree for VLAN 1:

Console> (enable) set spantree disable 1

VLAN 1 bridge spanning tree disabled.

Console> (enable) 

This example shows how to disable spanning tree for a specific instance:

Console> (enable) set spantree disable mistp-instance 2

MI-STP instance 2 disabled.

Console> (enable) 

Related Commands

set spantree enable
show spantree

set spantree enable

Use the set spantree enable command set to enable the spanning tree algorithm for all VLANs, a specific VLAN, a specific instance, or all instances.

set spantree enable vlans

set spantree enable all

set spantree enable mistp-instance instance

set spantree enable mistp-instance all

Syntax Description

vlans	Variable that specifies the number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
all	Keyword that specifies all VLANs.
mistp-instance instance	Keyword and variable that specify the instance number; valid values are from 1 to 16.
mistp-instance all	Keywords that enable all instances.

Defaults

By default, all instances are enabled (flooding is disabled).

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

MISTP and VTP pruning cannot be enabled at the same time.

If you do not specify a VLAN number or an instance number, 1 is assumed.

This command is not available in MST mode.

Examples

This example shows how to activate spanning tree for VLAN 1:

Console> (enable) set spantree enable 1

VLAN 1 bridge spanning tree enabled.

Console> (enable) 

This example shows how to activate spanning tree for an instance:

Console> (enable) set spantree enable mistp-instance 1

-STP instance 1 enabled.

Console> (enable) 

Related Commands

set spantree disable
show spantree

set spantree fwddelay

Use the set spantree fwddelay command to set the bridge forward delay for a VLAN or an instance.

set spantree fwddelay delay [vlans]

set spantree fwddelay delay mistp-instance [instances]

set spantree fwddelay delay mst

Syntax Description

delay	Variable that specifies the number of seconds for the bridge forward delay; valid values are from 4 to 30 seconds.
vlans	(Optional) Variable that specifies the number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
mistp-instance [instances]	Keyword and optional variable that specify the instance number; valid values are from 1 to 16.
mst	Keyword that sets the forward delay time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

By default, the bridge forward delay is set to 15 seconds for all VLANs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN bridge forward delay.

If you enable PVST+, you cannot set the instance bridge forward delay.

If you enter the set spantree fwddelay delay mst command, you set the forward delay time for the IST instance and all MST instances. You do not need to set the forward delay time for each MST instance.

Examples

This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:

Console> (enable) set spantree fwddelay 16 100

Spantree 100 forward delay set to 16 seconds.

Console> (enable)

This example shows how to set the bridge forward delay for an instance to 16 seconds:

Console> (enable) set spantree fwddelay 16 mistp-instance 1

Instance 1 forward delay set to 16 seconds.

Console> (enable)

Related Commands

show spantree

set spantree global-default

Use the set spantree global-default command to set the global states on the switch.

set spantree global-default portfast {enable | disable}

set spantree global-default loop-guard {enable | disable}

set spantree global-default bpdu-guard {enable | disable}

set spantree global-default bpdu-filter {enable | disable}

Syntax Description

portfast	Keyword that sets the global PortFast state.
enable	Keyword that enables the global state.
disable	Keyword that disables the global state.
loop-guard	Keyword that sets the global loop guard state.
bpdu-guard	Keyword that sets the global BPDU guard state.
bpdu-filter	Keyword that sets the global BPDU filter state.

Defaults

By default, all ports are in the nonedge state.

By default, loop guard is disabled on all ports.

By default, BPDU guard is disabled on all ports.

By default, BPDU filter is disabled on all ports.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to disable the global PortFast state on the switch:

Console> (enable) set spantree global-default portfast disable

Spantree global portfast state disabled on this switch.

Console> (enable)

This example shows how to enable the global loop guard state on the switch:

Console> (enable) set spantree global-default loop-guard enable

Spantree global loop-guard state enabled on the switch.

Console> (enable)

This example shows how to disable the global BPDU guard state on the switch:

Console> (enable) set spantree global-default bpdu-guard disable

Spantree global-default bpdu-guard disabled on this switch.

Console> (enable)

This example shows how to disable the global BPDU filter state on the switch:

Console> (enable) set spantree global-default bpdu-filter disable

Spantree global-default bpdu-filter disabled on this switch.

Console> (enable)

Related Commands

clear spantree mst
set spantree mst
set spantree mst config
show spantree mst config
set spantree guard

set spantree guard

Use the set spantree guard command to enable or disable spantree root guard or loop guard on a per-port basic.

set spantree guard {none | root | loop} {mod/port}

Syntax Description

none	Keyword that disables the spantree guard feature.
root	Keyword that enables root guard.
loop	Keyword that enables loop guard.
mod/port	Variable that specifies the number of the module and port(s) on the module.

Defaults

By default, root guard and loop guard are disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You can use the root guard feature to prevent switches from becoming the root switch. The root guard feature forces a port to become a designated port so that no switch on the other end of the link can become a root switch.

When you enable root guard on a per-port basis, it is automatically applied to all of the active VLANs to which that port belongs. When you disable root guard, it is disabled for the specified port(s). If a port goes into the root-inconsistent state, it will automatically enters the listening state.

If you enable loop guard on a channel and the first link becomes unidirectional, loop guard will block the entire channel until the affected port is deleted from the channel.

Use care when enabling loop guard. Loop guard is useful only in those topologies where there are blocked ports. Topologies where there are no blocked ports are loop free by definition and do not need this feature to be enabled.

Loop guard should be enabled only on root and alternate root ports.

Loop guard should be used mainly on access switches.

When you enable loop guard, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable loop guard, it is disabled for the specified port(s). Disabling loop guard moves all loop-inconsistent ports to the listening state.

You cannot enable loop guard on PortFast-enabled or dynamic VLAN ports.

You cannot enable PortFast on loop guard-enabled ports.

You cannot enable loop guard if root guard is enabled.

Examples

This example shows how to enable root guard on port 5/1:

Console> (enable) set spantree guard root 5/1

Rootguard on port 5/1 is enabled.

Warning!! Enabling rootguard may result in a topolopy change.

Console> (enable)

This example shows how to enable the loop guard feature on port 5/1:

Console> (enable) set spantree guard loop 5/1

Rootguard is enabled on port 5/1, enabling loopguard will disable rootguard on

 this port.

Do you want to continue (y/n) [n]? y

Loopguard on port 5/1 is enabled.

Console> (enable)

Related Commands

show spantree guard

set spantree hello

Use the set spantree hello command to set the bridge hello time for a VLAN or an instance.

set spantree hello interval [vlans]

set spantree hello interval mistp-instance instances

set spantree hello interval mst

Syntax Description

interval	Variable that specifies the number of seconds the system waits before sending a bridge hello message (a multicast message indicating that the system is active); valid values are from 1 to 10 seconds.
vlans	(Optional) Variable that specifies the number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
mistp-instance instances	Keyword and variable that specify the instance number; valid values are from 1 to 16.
mst	Keyword that sets the hello time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

By default, the bridge hello time is set to 2 seconds for all VLANs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN hello time.

If you enable PVST+, you cannot set the instance hello time.

If you enter the set spantree hello interval mst command, you set the hello time for the IST instance and all MST instances. You do not need to set the hello time for each MST instance.

Examples

This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:

Console> (enable) set spantree hello 3 100

Spantree 100 hello time set to 3 seconds.

Console> (enable)

This example shows how to set the spantree hello time for an instance to 3 seconds:

Console> (enable) set spantree hello 3 mistp-instance 1

Spantree 1 hello time set to 3 seconds.

Console> (enable)

Related Commands

show spantree

set spantree macreduction

Use the set spantree macreduction command to enable or disable the spanning tree MAC address reduction feature.

set spantree macreduction {enable | disable}

Syntax Description

enable	Keyword that enables MAC address reduction.
disable	Keyword that disables MAC address reduction.

Defaults

By default, MAC address reduction is enabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The MAC address reduction feature allows the switch to support a large number of spanning tree instances with a very limited number of MAC addresses, and still maintain the IEEE 802.1D bridge-ID requirement for each STP instance.

You cannot disable this feature if extended range VLANs exist.

Examples

This example shows how to disable the MAC address reduction feature:

Console> (enable) set spantree macreduction disable

MAC address reduction disabled

Console> (enable)

set spantree maxage

Use the set spantree maxage command to set the bridge maximum aging time for a VLAN or an instance.

set spantree maxage agingtime [vlans]

set spantree maxage agingtime mistp-instance instances

set spantree maxage agingtime mst

Syntax Description

agingtime	Variable that specifies the maximum number of seconds that the system retains the information received from other bridges through Spanning Tree Protocol; valid values are from 6 to 40 seconds.
vlan	(Optional) Variable that specifies the number of the VLAN; valid values are from 1 to 1005.
mistp-instance instances	Keyword and variable that specify the instance number; valid values are from 1 to 16.
mst	Keyword that sets the maximum aging time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

By default, the bridge maximum aging time is 20 seconds for all VLANs.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN maximum aging time.

If you enable PVST+, you cannot set the instance maximum aging time.

If you enter the set spantree maxage agingtime mst command, you set the maximum aging time for the IST instance and all MST instances. You do not need to set the maximum aging time for each MST instance.

Examples

This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:

Console> (enable) set spantree maxage 25 1000

Spantree 1000 max aging time set to 25 seconds.

Console> (enable)

This example shows how to set the maximum aging time for an instance to 25 seconds:

Console> (enable) set spantree maxage 25 mistp-instance 1

Instance 1 max aging time set to 25 seconds.

Console> (enable)

Related Commands

show spantree

set spantree mode

Use the set spantree mode command to configure the type of Spanning Tree Protocol mode to run.

set spantree mode {mistp | pvst+ | mistp-pvst+ | mst}

Syntax Description

mistp	Keyword that specifies MISTP mode.
pvst+	Keyword that specifies PVST+ mode.
mistp-pvst+	Keywords that allows the switch running MISTP to tunnel BPDUs with remote switches running PVST+.
mst	Keyword that specifies MST mode.

Defaults

By default, the Spanning Tree Protocol mode is PVST+.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When you connect to a switch using Telnet and try to change the spanning-tree mode from PVST+ to MISTP or MISTP-PVST+, and no VLANs are mapped to any instance on that switch, a warning message is displayed:

Console> (enable) set spantree mode mistp

Warning!! Changing the STP mode from a telnet session will disconnect the

session because there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]?

When you connect to a switch using Telnet and try to change the spanning-tree mode from MISTP or MISTP-PVST+ to PVST+, or when you connect to a switch by Telnet and try to change the spanning-tree mode from PVST+ to MISTP or MISTP-PVST+, and additional VLAN-instances are mapped on that switch, a warning message is displayed:

Console> (enable) set spantree mode pvst+

Warning!! Changing the STP mode from a telnet session might disconnect the

session.

Do you want to continue [n]?

When you change from MISTP to PVST+ and there more than 8,000 VLAN ports currently configured on the switch, a warning message is displayed:

Console> (enable) set spantree mode pvst+

Warning!! This switch has 12345 VLAN-ports currently configured for STP.

Going out of MISTP mode could impact system performance.

Do you want to continue [n]?

If you change the spanning-tree mode from PVST+ to MISTP or MISTP to PVST+, the STP mode previously running stops, all the information collected at run time is used to build the port database for the new mode, and the new STP mode restarts the computation of the active topology from zero. All the parameters of the previous STP per VLAN or per instance are kept in NVRAM.

If you change the spanning-tree mode from PVST+ to MISTP or MISTP to PVST+ and BackboneFast is enabled, this message is displayed:

Console> (enable) set spantree mode mistp

Cannot change the spantree mode to MISTP when backbonefast is enabled.

Examples

This example shows how to set the spanning tree mode to PVST+:

Console> (enable) set spantree mode pvst+

Warning!! Changing the STP mode from a telnet session might disconnect the session.

Do you want to continue [n]? y

Spantree mode set to PVST+.

Console> (enable)

This example shows what happens if you change the spanning tree mode from PVST+ to MISTP:

Console> (enable) set spantree mode mistp

Warning!! Changing the STP mode from a telnet session will disconnect the session because 
there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]? y

Console> (enable)

This example shows how to set the spanning tree mode to MST:

Console> (enable) set spantree mode mst

Warning!! Changing the STP mode from a telnet session will disconnect the session

n because there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]? y

Console> (enable)

Related Commands

set vlan
show spantree

set spantree mst

Use the set spantree mst command to configure the mapping of VLANs to an MST instance or to detect legacy bridges and the boundary ports of the MST region.

set spantree mst instance vlan vlan

set spantree mst mod/port redetect-protocol

Syntax Description

instance	Variable that specifies the number of the instance; valid values are from 0 to 15.
vlan vlan	Keyword and variable that specify the VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.
mod/port	Variable that specifies the number of the module and the port on the module. See "Usage Guidelines" for more information.
redetect-protocol	Keyword that detects legacy bridges and boundary ports of the MST region.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

All changes made to the region configuration (region information and VLAN mapping) are buffered. Only one user can hold the buffer at a time. This buffer is locked when you first use the set spantree mst instance or set spantree mst config commands.

If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and mapped to the new instance.

Each time you map a new VLAN or VLANs, they are added to the existing mapping.

All unmapped VLANs are automatically mapped to MST instance 0 (IST).

The set spantree mst redetect-protocol command is available in MST mode only and is not saved in NVRAM. If you do not specify a mod/port number when you enter the set spantree mst redetect-protocol command, protocol detection occurs on all connected ports.

Examples

This example shows how to map VLAN 1 to an MST instance 2:

Console> (enable) set spantree mst 2 vlan 1

Console> (enable)

This example shows how to set protocol detection of legacy bridges and boundary ports on port 2 or module 3:

Console> (enable) set spantree mst 3/2 redetect-protocol

Spanning tree protocol detection forced on port 3/2

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config

set spantree mst config

Use the set spantree mst config command to change the MST region information.

set spantree mst config {[name name] | [revision number]}

set spantree mst config commit

set spantree mst config rollback [force]

Syntax Description

name name	(Optional) Keyword and variable that specify the MST region name. See "Usage Guidelines" for more information.
revision number	(Optional) Keyword and variable that specify the MST region version number; valid values for number are from 1 to 65535. See "Usage Guidelines" for more information.
commit	Keyword that puts the new MST VLAN mapping into effect.
rollback	Keyword that discards changes made to the MST region configuration that are not yet applied.
force	(Optional) Keyword that unlocks the MST edit buffer when it is held by another user.

Defaults

Unless you specify a region name, no region name will be given.

The default value for number is 1.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The name can be up to 32 characters long.

The name and number are copied from NVRAM MST region information. If you change MST mapping information without changing the name and number, the number is automatically incremented by 1.

Changes that you make to MST VLAN mapping are buffered; by entering the set spantree mst config commit command, you put the new MST VLAN mapping into effect. After you enter the set spantree mst config commit command, the lock for the MST edit buffer is released.

If you enter the set spantree mst config rollback command, you discard the changes made to the MST region configuration that are not applied yet (only if you have locked the edit buffer). You can forcefully release the lock set by another user by entering the command set spantree mst config rollback force.

The set spantree mst config commit and set spantree mst config rollback commands are stored in NVRAM.

Examples

This example shows how to configure an MST region and to give that region a name and version number:

Console> (enable) set spantree mst config name cisco revision 1

Console> (enable)

This example shows how to put the new MST VLAN mapping into effect:

Console> (enable) set spantree mst mst config commit

Console> (enable)

This example shows how to discard MST region configuration when you hold the MST edit buffer:

Console> (enable) set spantree mst config rollback

Console> (enable)

This example shows how to unlock the MST edit buffer when it is held by another user:

Console> (enable) set spantree mst config rollback force

Console> (enable)

Related Commands

clear spantree mst
show spantree mst
show spantree mst config

set spantree mst link-type

Use the set spantree mst link-type command to configure the link type of a port.

set spantree mst link-type mod/port {auto | point-to-point | shared}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
auto	Keyword that derives the link from either a half-duplex or full-duplex link type. See "Usage Guidelines" for more information.
point-to-point	Keyword that connects the port to a point-to-point link.
shared	Keyword that connects the port to a shared medium.

Defaults

By default, the link type is auto.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

MST rapid connectivity works only on point-to-point links between two bridges.

If the link type is set to auto and the link is a half-duplex link, then the link is a shared link. If the link type is set to auto and the link is a full-duplex link, then the link is a point-to-point link.

Examples

This example shows how to connect port 1 on module 3 to a point-to-point link:

Console> (enable) set spantree mst link-type 3/1 point-to-point

Link type set to point-to-point on port 3/1

Console> (enable)

Related Commands

clear spantree mst
set spantree global-default
set spantree mst config
show spantree mst config

set spantree mst maxhops

Use the set spantree mst maxhops command to set the maximum number of hops in the MST region.

set spantree mst maxhops hop-count

Syntax Description

hop-count

Variable that specifies the maximum number of hops; valid values are from 1 to 40.

Defaults

By default, the bridge forward delay is 20 seconds for all instances.

Command Types

Switch command.

Command Modes

Privileged.

Examples

This example shows how to set the maximum number of hops:

Console> (enable) set spantree mst maxhops 20

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config
set spantree mst link-type
set spantree mst redetect-protocol
set spantree mst vlan
show spantree mst
show spantree mst config

set spantree mst redetect-protocol

Use the set spantree mst redetect protocol command to detect legacy bridges and the boundary ports of the MST region.

set spantree mst mod/port redetect-protocol

Syntax Description

mod/port

Variable that specifies the number of the module and the port or range of ports on the module.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

This command is available in MST mode only and is not saved in NVRAM.

Examples

This example shows how to set protocol detection of legacy bridges and boundary ports on port 2 or module 3:

Console> (enable) set spantree mst 3/2 redetect-protocol

Spanning tree protocol detection forced on port 3/2

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config
show spantree mst
show spantree mst config

set spantree mst vlan

Use the set spantree mst command set to configure the mapping of VLANs to an MST instance.

set spantree mst instance vlan vlan

Syntax Description

instance	Variable that specifies the number of the instance; valid values are from 0 to 15.
vlan vlan	Keyword and variable that specify the VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

All changes made to the region configuration (region information and VLAN mapping) are buffered. Only one user can hold the buffer at a time. This buffer is locked upon first entering the set spantree mst instance or set spantree mst config commands.

If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and mapped to the new instance.

Each time you map a new VLAN or VLANs, they are added to the existing mapping.

All unmapped VLANs are mapped to MST instance 0 (IST).

Examples

This example shows how to map VLAN 1 to an MST instance 2:

Console> (enable) set spantree mst 2 vlan 1

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config
show spantree mst
show spantree mst config

set spantree portcost

Use the set spantree portcost command to set the path cost for a port.

set spantree portcost mod/port cost [mst]

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
cost	Variable that specifies the number of the path cost; see "Usage Guidelines" for more information.
mst	(Optional) Keyword that sets the path cost for an MST port.

Defaults

The default path cost is based on port speed; see Table 2-11 and Table 2-12 for default settings.

Table 2-11 Default Port Cost—Short Mode

Port Speed	Default Port Cost
4 Mb	250
10 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

Table 2-12 Default Port Cost—Long Mode

Port Speed	Default Port Cost
100 Kb	200,000,000
1 Mb	20,000,000
10 Mb	2,000,000
10 Mb	200,000
1 Gb	20,000
10 Gb	2,000
100 Gb	200
1 Tb	20
10 Tb	2

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The Spanning Tree Protocol uses port path costs to determine which port to select as a forwarding port. You should assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.

Examples

This example shows how to set the port cost for port 12 on module 2 to 19:

Console> (enable) set spantree portcost 2/12 19

Spantree port 2/12 path cost set to 19.

Console> (enable) 

Related Commands

set spantree defaultcostmode
show spantree

set spantree portfast

Use the set spantree portfast command to allow a port that is connected to a single workstation or PC to start faster when it is connected.

set spantree portfast mod/port {enable [trunk] | disable | default}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
enable	Keyword that enables the spanning tree PortFast-start feature on the port.
trunk	(Optional) Keyword that enables the spanning tree PortFast start feature on the port.
disable	Keyword that disables the spanning tree PortFast-start feature on the port.
default	Keyword that sets the spanning tree start feature back to its default setting.

Defaults

By default, the port fast-start feature is disabled.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

When a port configured with the spantree portfast enable command is connected, the port immediately enters the spanning tree forwarding state instead of going through the normal spanning tree states such as listening and learning.

If the trunk keyword is used, the spanning tree PortFast-start feature is enabled on the specified trunk.

Examples

This example shows how to enable the spanning tree PortFast-start feature on port 2 on module 1:

Console> (enable) set spantree portfast 1/2 enable

Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning tree 
loops. Use with caution.

Spantree port 1/2 fast start enabled.

Console> (enable)

This example shows how to enable the spanning tree PortFast-start feature on the trunk port:

Console> (enable) set spantree portfast 3/2 enable trunk 

 Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning 
tree loops. Use with caution.

Spantree port 1/2 fast start enabled.	

Console> (enable)

Related Commands

show spantree portfast

set spantree portfast bpdu-filter

Use the set spantree portfast bpdu-filter command to enable or disable BPDU packet filtering on a port.

set spantree portfast bpdu-filter mod/port {enable | disable | default}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
enable	Keyword that enables BPDU packet filtering.
disable	Keyword that disables BPDU packet filtering.
default	Keyword that sets BPDU packet filtering to the global BPDU packet filtering state. See "Usage Guidelines" for more information.

Defaults

By default, BPDU packet filtering is set to default.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

BPDU packet filtering turns off BPDU transmission on PortFast-enabled ports and nontrunking ports.

If you enter the default keyword, the spanning tree port is set to the global BPDU filtering state.

To enable or disable BPDU filtering for all ports on the switch, enter the set spantree global-default bpdu-filter command.

Examples

This example shows how to enable BPDU filtering on module 3, port 4:

Console> (enable) set spantree portfast bpdu-filter 3/4 enable

Warning: Ports enabled with bpdu filter will not send BPDUs and drop all

received BPDUs. You may cause loops in the bridged network if you misuse

this feature.

Spantree port 3/4 bpdu filter enabled.

Console> (enable)

Related Commands

show spantree portfast

set spantree portfast bpdu-guard

Use the set spantree portfast bpdu-guard command to enable or disable spanning tree PortFast BPDU guard on a port.

set spantree portfast bpdu-guard mod/port {enable | disable | default}

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
enable	Keyword that enables the spanning tree PortFast BPDU guard.
disable	Keyword that disables the spanning tree PortFast BPDU guard.
default	Keyword that sets spanning tree PortFast BPDU guard to the global BPDU guard state. See "Usage Guidelines" for more information.

Defaults

By default, PortFast BPDU guard is set to default.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

You must enable PortFast mode before you can enable PortFast BPDU guard for BPDU guard to work correctly.

When you enable PortFast BPDU guard, a nontrunking PortFast-enabled port is moved into an errdisable state when a BPDU is received on that port. When you disable a PortFast BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives BPDUs, which may cause spanning tree loops.

If you enter the default keyword, the spanning tree port is set to the global BPDU guard state.

To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default bpdu-guard command.

Examples

This example shows how to enable BPDU guard on module 3, port 1:

Console> (enable) set spantree portfast bpdu-guard 3/1 enable

Spantree port 3/1 bpdu guard enabled.

Console> (enable)

Related Commands

show spantree portfast

set spantree portinstancecost

Use the set spantree portinstancecost command to assign the path cost of the port for the specified instances.

set spantree portinstancecost mod/port [cost cost] [instances]

set spantree portinstancecost mod/port [cost cost] mst [instances]

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
cost cost	(Optional) Keyword and variable that specify the path cost. See "Usage Guidelines" for more information.
mst	Keyword that sets the path cost for an MST instance.
instances	(Optional) Variable that specifies the instance number; valid values are from 0 to 15.

Defaults

The default path cost is based on port speed; see Table 2-13 for default settings.

Table 2-13 Default Port Cost—Short Mode

Port Speed	Default Port Cost
4 Mb	250
10 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The portinstancecost command applies to trunk ports only.

The value specified is used as the path cost of the port for the specified instances. The remaining instances have a path cost equal to the port path cost set via the set spantree instancecost command (if a value is not set, the value will be the default path cost of the port).

Examples

These examples show how to use the set spantree portinstancecost command to explicitly specify the path cost of a port:

Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10

Port 2/10 instances 11-16 have path cost 2000000.

Port 2/10 instances 1-10 have path cost 6.

This parameter applies to trunking ports only.

Console> (enable)

These examples show how to use the set spantree portinstancecost command without explicitly specifying the path cost of a port:

Console> (enable) set spantree portinstancecost 1/2

Port 1/2 Instances 1-1005 have path cost 3100.

Console> (enable)

Console> (enable) set spantree portinstancecost 1/2 16

Port 1/2 Instances 16,22-1005 have path cost 3100.

Console> (enable) 

This example shows the output you will see if you enter the command when PVST+ is enabled:

Console> (enable) set spantree portinstancecost 3/1

This command is only valid when STP is in MISTP or MISTP-PVST+ mode.

Console> (enable)

This example shows how to set the port cost for a specific MST instance:

Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10 mst

Port 2/10 mst instances 1-10 have path cost 6.

This parameter applies to trunking ports only.

Console> (enable)

Related Commands

clear spantree portinstancecost
show spantree mistp-instance

set spantree portinstancepri

Use the set spantree portinstancepri command to set the port priority for instances in the trunk port.

set spantree portinstancepri mod/port priority [instances]

set spantree portinstancepri mod/port priority mst [instances]

Syntax Description

mod/port	Variable that specifies the number of the module and the port on the module.
priority	Variable that specifies the number that represents the cost of a link in a spanning tree bridge; valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0 indicating high priority and 240, low priority. See "Usage Guidelines" for more information.
mst	Keyword that specifies the port priority for MST instances.
instances	(Optional) Variable that specifies the instance number; valid values are from 0 to 15.

Defaults

By default, the port priority is set to 0, with no instances specified.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

Priority values that are not a multiple of 16 (between the values of 0 to 63) are converted to the nearest multiple of 16. Use this command to add instances to a specified port priority level. Subsequent calls to this command do not replace instances that are already set at a specified port priority level. This feature is not supported for the MSM. The set spantree portinstancepri command applies to trunk ports only. If you enter this command, this message is displayed:

Port xx is not a trunk-capable port

Examples

This example shows how to set the port priority for module 1, port 2, on specific instances:

Console> (enable) set spantree portinstancepri 1/2 16 1-11

Port 1/2 instances 1-11 using portpri 16.

This parameter applies to trunking ports only.

Console> (enable)

This example shows how to set the port priority for module 8, port 1, on MST instance 2:

Console> (enable) set spantree portinstancepri 8/1 31 mst 2 

Port 8/1 instances 2 using portpri 31.

Port 8/1 instances 0-1, 3-15 using portpri 32.

Console> (enable)

Related Commands

clear spantree portinstancecost
show spantree mistp-instance

2