Table Of Contents

set pvlan mapping

set power budget

set qos

set qos defaultcos

set qos map

set radius attribute

set radius deadtime

set radius key

set radius retransmit

set radius server

set radius timeout

set rcp username

set rspan

set snmp

set snmp access

set snmp access-list

set snmp chassis-alias

set snmp community

set snmp community-ext

set snmp extendedrmon netflow

set snmp group

set snmp ifalias

set snmp notify

set snmp rmon

set snmp rmonmemory

set snmp targetaddr

set snmp targetparams

set snmp trap

set snmp user

set snmp view

set span

set spantree backbonefast

set spantree bpdu-filter

set spantree bpdu-guard

set spantree bpdu-skewing

set spantree channelcost

set spantree channelvlancost

set spantree defaultcostmode

set spantree disable

set spantree enable

set spantree fwddelay

set spantree global-default

set spantree guard

set spantree hello

set spantree link-type

set spantree macreduction

set spantree maxage

set spantree mode

set spantree mst

set spantree mst config

set spantree mst link-type

set spantree mst maxhops

set spantree mst vlan

set spantree portcost

set spantree portfast

set spantree portfast bpdu-filter

set spantree portfast bpdu-guard

set spantree portinstancecost

set spantree portinstancepri

set spantree portpri

set pvlan mapping

To map isolated or community VLANs to the primary VLAN on a promiscuous port, use the set pvlan mapping command.

set pvlan mapping primary_vlan {isolated_vlan | community_vlan} {mod/port}

Syntax Description

primary_vlan	Number of the primary VLAN.
isolated_vlan	Number of the isolated VLAN.
community_vlan	Number of the community VLAN.
mod/port	Module and port number of the promiscuous port.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

Before you can associate the VLANs of any of the promiscuous ports with the set pvlan mapping command, you must first set the primary VLAN, isolated VLANs, and community VLANs using the set vlan pvlan-type command bound with the set pvlan command.

You should connect a promiscuous port to an external device for the ports in the private VLAN to communicate with any other device outside the private VLAN.

You should use this command for each primary and isolated VLAN or community VLAN association in the private VLAN.

Examples

This example remaps community VLAN 903 to primary VLAN 901 on ports 3 through 5 on module 8:

Console> (enable) set pvlan mapping 901 903 8/3-5

Successfully set mapping between 901 and 903 on 8/3-5.

Console> (enable)

Related Commands

clear pvlan mapping
clear vlan
set pvlan
set vlan
show vlan
show pvlan
show pvlan capability
show pvlan mapping

set power budget

To configure the redundancy mode based on the power budget available for nonredundant operation, use the set power budget command.

set power budget [1 | 2]

Syntax Description

1	Sets the power budget to 1+1 power redundancy mode.
2	Sets the power budget to 2+1 power redundancy mode.

Defaults

Two power supplies are set for the power budget.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

A single power supply provides 400W or 650W. Two 400W power supplies provide 750W. Two 650W power supplies supply only 750W; this is a restriction on the power supply cooling capacity for the Catalyst 4000 family switches.

If you mix a 400W power supply and a 650W power supply, the switch acts like there are two 400W power supplies. If you have one 400W power supply and one 650W power supply in 1+1 redundancy mode, and a second 650W power supply set as the backup, the system behaves like it has 400W. If the 400W power supply fails and the backup 650W power supply comes into service, the switch now has 650W available.

When operational, the supervisor engines consume no more than 110W and the fan box consumes 25W. For power consumption of common Catalyst 4006 modules, see Table 26-1 in the Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Release 7.2.

Examples

This example shows how to set the power budget to 1+1 power redundancy mode.

Console> (enable) set power budget 1

Console> (enable)

Related Commands

show config
show environment
show system

set qos

To enable or disable Quality of Service (QoS) on a switch, use the set qos command.

set qos {enable | disable}

Syntax Description

enable	Enables QoS on the switch.
disable	Disables QoS on the switch.

Defaults

QoS is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

Do not enable and disable QoS in quick succession (within 2 seconds of each other).

Examples

This example shows how to enable QoS:

Console> (enable) set qos enable

QoS is enabled.

Console> (enable) 

This example shows how to disable QoS:

Console> (enable) set qos disable

QoS is disabled.

Console> (enable)

Related Commands

show qos info
show qos status

set qos defaultcos

To define the default Class of Service (CoS) value for the entire switch, use the set qos defaultcos command.

set qos defaultcos cos_value

Syntax Description

cos_value

CoS value to use as the default CoS for the switch; valid values are from 0 to 7.

Defaults

The CoS value for the entire switch is 0.

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to set the switch default CoS to 7:

Console> (enable) set qos defaultcos 7

qos defaultcos set to 7

Console> (enable) 

set qos map

To associate CoS values to a transmit queue and drop threshold, use the set qos map command.

set qos map port_type q# threshold# cos coslist

Syntax Description

port_type	Port type. The port_type is hardware dependent. Use the show port capabilities command to determine the port_type for your hardware. The port type is defined by the number of transmit queues and the number of drop thresholds supported on the port. For example, the 1q4t port type supports one transmit queue and four drop thresholds.
q#	Transmit queue number.
threshold#	Drop threshold number. The higher the threshold number, the lower the chance traffic will be dropped.
cos	CoS values.
coslist	List of CoS values between 0 to 7. The higher the number the higher the priority.

Defaults

The default settings are as follows:

•CoS value-to-drop threshold mapping 1 is CoS 0 to 7.

•CoS value-to-transmit queue mapping 1 is Cos 0 to 7.

•CoS value-to-transmit queue mapping 2 is not configured.

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to map CoS values 4 to 7 to the second transmit queue and the first drop threshold for that queue on a 2q1t port:

Console> (enable) set qos map 2q1t 2 1 cos 4-7

Qos tx priority queue and threshold mapped to cos successfully.

Console> (enable)

Related Commands

clear qos map
show port capabilities
show qos status

set radius attribute

To set attributes for the RADIUS ACCESS_REQUEST packet, use the set radius attribute command.

set radius attribute {number | name} include-in-access-req {enable | disable}

Syntax Description

number	Attribute number; valid value is 8.
name	Attribute name; valid value is framed-ip-address.
include-in-access-req	Sets attributes to the ACCESS_REQUEST packet.
enable | disable	Enables or disables the attribute.

Defaults

All RADIUS attributes are disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The set radius attribute command allows you to specify the transmission of certain optional attributes such as Framed-IP address, NAS-Port, Called-Station-Id, Calling-Station-Id and so on. You can set attribute transmission using either the attribute number or the attribute name.

Examples

This example shows how to specify and enable the Framed-IP address attribute by number:

Console> (enable) set radius attribute 8 include-in-access-req enable

Transmission of Framed-ip address in access-request packet is enabled.

Console> (enable) 

This example shows how to specify and disable the Framed-IP address attribute by name:

Console> (enable) set radius attribute framed-ip-address include-in-access-req disable

Transmission of Framed-ip address in access-request packet is disabled.

Console> (enable)

Related Commands

show radius

set radius deadtime

To set the time to skip RADIUS servers that do not reply to an authentication request, use the set radius deadtime command.

set radius deadtime minutes

Syntax Description

minutes

Length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes.

Defaults

.0 minutes

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored, because no alternate servers are available. By default, the deadtime will be 0 minutes; that is, the RADIUS servers will not be marked dead if they do not respond.

Examples

This example shows how to set the RADIUS deadtime to 10 minutes:

Console> (enable) set radius deadtime 10

Radius deadtime set to 10 minutes.

Console> (enable) 

Related Commands

show radius

set radius key

To set the encryption and authentication for all communication between the RADIUS client and the server, use the set radius key command.

set radius key key

Syntax Description

key	User-defined password key.

Defaults

key is NULL

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters, and can include any printable ASCII character except tabs.

Examples

This example shows how to set the RADIUS encryption and authentication key to Make my day:

Console> (enable) set radius key Make my day

Radius key set to Make my day.

Console> (enable)

Related Commands

show radius

set radius retransmit

To specify the number of times that the switch attempts to retransmit to the RADIUS servers, use the set radius retransmit command.

set radius retransmit count

Syntax Description

count

Number of times the switch attempts to retransmit; valid values are from 1 to 100.

Defaults

Two retransmission attempts are made (three total attempts).

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to set the retransmit attempts to 3:

Console> (enable) set radius retransmit 3

Radius retransmit count set to 3.

Console> (enable) 

Related Commands

show radius

set radius server

To set parameters for the RADIUS server, use the set radius server command.

set radius server ip_addr [auth-port port] [acct-port port] [primary]

Syntax Description

ip_addr	Number of the IP address or IP alias in dotted quad format (a.b.c.d).
auth-port	(Optional) Destination UDP port for RADIUS authorization messages.
port	Number of the destination UDP port number to which RADIUS messages are sent.
acct-port	(Optional) Destination UDP port for RADIUS accounting messages.
primary	(Optional) Server be contacted first.

Defaults

The default settings are as follows:

•Auth-port is 1812

•Acct-port is 1813

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You can add up to three RADIUS servers.

The RADIUS server will not be used for authentication if the port number is set to zero (0).

Examples

This example shows how to add a primary server using the IP alias tampa.users.com:

Console> (enable) set radius server tampa.users.com

tampa.users.com added to RADIUS server table as primary server.

Console> (enable) 

Related Commands

show radius

set radius timeout

To set the time between retransmissions to the RADIUS server, use the set radius timeout command.

set radius timeout seconds

Syntax Description

seconds

Number of seconds to wait for a reply; valid values are from 1 to 1000 seconds.

Defaults

5 seconds

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to set the time between retransmissions to 7 seconds:

Console> (enable) set radius timeout 7 

Radius timeout set to 7 seconds.

Console> (enable) 

Related Commands

show radius

set rcp username

To specify a username for remote copy protocol (rcp) file transfers, use the set rcp username command.

set rcp username username

Syntax Description

username

User name; maximum length is 14 characters.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

Username must be different from "root" and not a null string. The only case in which rcp username is not used is for the VMPS database. For that database an rcp VMPS username is used.

Examples

This example shows how to set the username for rcp:

Console> (enable) set rcp username jdoe

Console> (enable) 

set rspan

To create remote SPAN sessions, use the set rspan command set.

set rspan disable source [rspan_vlan | all]

set rpsan disable destination [mod/port | all]

set rspan source {src_mod/src_ports... | vlans... | sc0} {rspan_vlan} reflector {mod/port} [rx | tx | both] [multicast {enable | disable}] [filter vlans...] [create]

set rspan destination mod/port {rspan_vlan} [inpkts {enable | disable}]
[learning {enable | disable}] [create]

Syntax Description

disable source	Disables remote SPAN source information.
rspan_vlan	(Optional) Remote SPAN VLAN.
all	(Optional) Disables all remote SPAN source or destination sessions.
disable destination	Disables remote SPAN destination information.
mod/port	(Optional) Module and port.
src_mod/src_ports...	Monitored ports (remote SPAN source).
vlans...	Monitored VLANs (remote SPAN source).
sc0	Inband port is a valid source.
reflector	Reflector port.
rx	(Optional) Information received at the source (ingress SPAN) is monitored.
tx	(Optional) Specifies that information transmitted from the source (egress SPAN) is monitored.
both	(Optional) Information both transmitted from the source (ingress SPAN) and received (egress SPAN) at the source are monitored.
multicast enable	(Optional) Enables monitoring multicast traffic (egress traffic only).
multicast disable	(Optional) Disables monitoring multicast traffic (egress traffic only).
filter vlans	(Optional) Traffic monitoring on certain VLANs on source trunk ports.
create	(Optional) Creates a new remote SPAN session instead of overwriting the previous SPAN session.
inpkts enable	(Optional) Allows the remote SPAN destination port to receive Normal ingress traffic (from the network to the bus) while forwarding the remote SPAN traffic.
inpkts disable	(Optional) Disables the receiving of Normal inbound traffic on the remote SPAN destination port.
learning enable	(Optional) Enables learning for the remote SPAN destination port.
learning disable	(Optional) Disables learning for the remote SPAN destination port.

Defaults

The default settings are as follows:

•Remote SPAN is disabled.

•There is no VLAN filtering.

•Monitoring multicast traffic is enabled.

•Learning is enabled.

•inpkts is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The rspan_vlan variable is optional in the set rspan disable source command and required in the set rspan source and set rspan destination command set.

When SPAN is enabled, system defaults are used (if no parameters are set). If you set parameters, the parameters you set are stored in NVRAM, and are used.

Use a network analyzer to monitor ports.

Use the inpkts keyword with the enable option to allow the remote SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the remote SPAN source. Use the disable option to prevent the remote SPAN destination port from receiving normal incoming traffic.

You can specify an MSM port as the remote SPAN source port. However, you cannot specify an MSM port as the remote SPAN destination port.

When you enable the inpkts option, a warning message notifies you that the destination port does not join STP and may cause loops if this option is enabled.

If you do not use the keyword create and you have only one session, the session will be overwritten. If a matching rspan_vlan or destination port exists, the particular session will be overwritten (regardless of whether the keyword create is used). If you use the keyword create and there is no matching rspan_vlan or destination port, the session will be created.

Each switch can source only one remote SPAN session (ingress, egress, or both). When you configure a remote ingress or bidirectional SPAN session in a source switch, the limit for local ingress or bidirectional SPAN session is reduced to one. There are no limits on the number of remote SPAN sessions carried across the network within the remote SPAN session limits.

You can configure any VLAN as a remote SPAN VLAN as long as these conditions are met:

•The same remote SPAN VLAN is used for a remote SPAN session in the switches.

•All the participating switches have appropriate hardware and software.

•No unwanted access port is configured in the remote SPAN VLAN.

Examples

This example shows how to disable all enabled source sessions:

Console> (enable) set rspan disable source all

This command will disable all remote span source session(s).

Do you want to continue (y/n) [n]? y

Disabled monitoring of all source(s) on the switch for remote span.

Console> (enable) 

This example shows how to disable one source session to a specific VLAN:

Console> (enable) set rspan disable source 903

Disabled monitoring of all source(s) on the switch for rspan_vlan 903.

Console> (enable) 

This example shows how to disable all enabled destination sessions:

Console> (enable) set rspan disable destination all

This command will disable all remote span destination session(s).

Do you want to continue (y/n) [n]? y

Disabled monitoring of remote span traffic on ports 9/1,9/2,9/3,9/4,9/5,9/6.

Console> (enable) 

This example shows how to disable one destination session to a specific port:

Console> (enable) set rspan disable destination 4/1

Disabled monitoring of remote span traffic on port 4/1.

Console> (enable) 

Related Commands

show rspan

set snmp

To control the SNMP Access to the switch, use the set snmp command.

set snmp {enable | disable}

Syntax Description

enable	Causes the switch to respond to SNMP inquiries, provided that no conflicts exist with other SNMP configurations.
disable	Causes the switch to ignore SNMP inquiries, regardless of the other SNMP configurations.

Defaults

SNMP Access is enabled.

Command Types

SNMP command.

Command Modes

Privileged

Usage Guidelines

The disable keyword will not block SNMP traps; you can still change other SNMP configurations without affecting the RMON related procedures.

The SNMP ifIndex persistence feature is always enabled. With the ifIndex persistence feature, the ifIndex value of the port and VLAN is always retained and used after the following occurrences:

• Switch reboot

• High-availability switchover

• Software upgrade

• Module reset

• Module removal and insertion of the same type of module

For Fast EtherChannel and Gigabit EtherChannel interfaces, the ifIndex value is only retained and used after a high-availability switchover.

Examples

This example shows how to disable SNMP access:

Console> (enable) set snmp disable

SNMP Access disabled

Console> (enable) 

Related Commands

show snmp

set snmp access

To define the access rights of an SNMP group with a specific security model at different security levels, use the set snmp access command.

set snmp access [-hex] groupname {security-model v1 | v2c} [read [-hex] readview]
[write [-hex] writeview] [notify [-hex] notifyview] [volatile | nonvolatile]

set snmp access [-hex] groupname {security-model v3} {noauthentication | authentication
| privacy} [read [-hex] readview] [write [-hex] writeview] [notify [-hex] notifyview]
[context [-hex] contextname] [exact | prefix] [volatile | nonvolatile]

Syntax Description

-hex	(Optional) Displays the groupname, readview, writeview, and notifyview in hexadecimal format.
groupname	Name of the SNMP group.
security-model v1| v2c	Security model v1 or v2c.
read readview	(Optional) Name of the view that allows you to see MIB objects.
write writeview	(Optional) Name of the view that allows you to configure the contents of an agent.
notify notifyview	(Optional) Name of the view that allows you to send a trap for MIB objects.
v3	Security model v3.
context contextname	(Optional) Name of the context string and the way to match the context string; maximum of 32 characters.
volatile	(Optional) Storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and the content remains after the device is power cycled.
noauthentication	Security model is not set to use the authentication protocol.
authentication	Type of authentication protocol.
privacy	Messages sent on behalf of the user are protected from disclosure.

Defaults

The default settings are as follows:

•storage type is nonvolatile

•read readview is Internet OID space

•write writeview is NULL OID

•notify notifyview is NULL OID

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for groupname, readview, writeview, and notifyview, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

readview is assumed to be every object belonging to the Internet (1.3.6.1) OID space; you can use the read option to override this state.

For writeview, you must also configure write access.

For notifyview, if a view is specified, any notifications in that view are sent to all users associated with the group (an SNMP server host configuration must exist for the user).

For contextname, the string is treated as either a full context name or the prefix of a context name, depending on whether you use the exact or prefix keyword. If you use the prefix keyword, a simple form of wildcarding is used. For example, if you enter a contextname of vlan, vlan-1 and vlan-100 are selected. If you do not specify a contextname, a NULL context string is used.

Examples

This example shows how to set the SNMP access rights for a group:

Console> (enable) set snmp access cisco-group security-model v3 authentication

SNMP access group was set to cisco-group version v3 level authentication, readview 
internet, nonvolatile.

Console> (enable) 

Related Commands

clear snmp access
show snmp access
show snmp context

set snmp access-list

To specify an access list number for a host or group of hosts, use the set snmp access-list command.

set snmp access-list access_number IP_address [ipmask maskaddr]

Syntax Description

access_number	Number that specifies a list of hosts that are permitted to use a specific community string; valid values are from 1 to 65535.
IP_address	IP address that is associated with the access list. See "Usage Guidelines" for more information.
ipmask maskaddr	(Optional) Sets a mask for the IP address. See "Usage Guidelines" for more in information.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you specify more than one IP address, separate each IP address with a space.

If you use an access list number that is already in use, the new IP addresses are appended to the access list. You can clear one or more IP addresses associated with an access list by entering the clear snmp access-list command.

The maskaddr variable is in the format xxx.xxx.xxx.xxx.

Examples

This example shows how to associate the IP address of a host to access list number 1:

Console> (enable) set snmp access-list 1 172.20.60.100

Host 172.20.60.100 is associated with access number 1.

Console> (enable)

This example shows how to associate the IP addresses of two hosts to access list number 101:

Console> (enable) set snmp access-list 101 172.20.60.10 172.20.60.90

Hosts 172.20.60.10, 172.20.60.90 are associated with access number 101.

Console> (enable)

This example shows how to associate the IP address and subnet mask of a host to access list number 2:

Console> (enable) set snmp access-list 2 172.20.60.100 ipmask 255.0.0.0

Access nmber 2 has been created with new IP Address 172.20.60.100 mask 255.0.0.0

Console> (enable)

Related Commands

clear snmp access-list
show snmp access-list

set snmp chassis-alias

To set the chassis alias and save it in NVRAM and in the configuration file, use the set snmp chassis-alias command.

set snmp chassis-alias [chassisAlias]

Syntax Description

chassisAlias

(Optional) Chassis entPhysicalAlias. See the "Usage Guidelines" section for more information about setting the chassis alias.

Defaults

This command has no default settings.

Command Types

Switch command.

Command Modes

Privileged.

Usage Guidelines

The chassisAlias value must be from 0 to 32 characters.

To clear the chassisAlias value, enter the set snmp chassis-alias command without entering a chassisAlias value.

Examples

This example shows how to set the chassis alias:

Console> (enable) set snmp chassis-alias my chassis

SNMP chassis entPhysicalAlias set to 'my chassis'.

Console> (enable)

This example shows how to clear the chassis alias:

Console> (enable) set snmp chassis-alias

SNMP chassis entPhysicalAlias cleared.

Console> (enable)

This example shows the message that appears when you attempt to set a chassis alias that exceeds 32 characters:

Console> (enable) set snmp chassis-alias 123456789123456789123456789123456789

Chassis entPhysicalAlias must be less than 33 characters.

Console> (enable)

Related Commands

show snmp

set snmp community

To set SNMP communities and associated access types, use the set snmp community command set.

set snmp community {read-only | read-write | read-write-all} [community_string]

set snmp community index [-hex] index-name name community_string security [-hex] security-name [context [-hex] context-name] [volatile | nonvolatile]
[transporttag [-hex] tag-value]

Syntax Description

read-only	Assigns read-only access to the specified SNMP community.
read-write	Assigns read-write access to the specified SNMP community.
read-write-all	Assigns read-write-all access to the specified SNMP community.
community_string	(Optional) Name of the SNMP community.
index	Sets the SNMP community index
-hex	(Optional) SNMP community index in hexadecimal format.
index-name	SNMP community index name.
name	Sets the SNMP community name.
security	Sets the SNMP community security name.
security-name	SNMP community security name.
context	(Optional) Sets the SNMP context name.
context-name	(Optional) SNMP community context name.
volatile	(Optional) Storage type is defined as temporary memory and the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and the content remains after the device is turned off and on again.
transporttag	(Optional) SNMP transport endpoints.
tag-value	(Optional) Transport tag value.

Defaults

The default communities and access type settings are as follows:

•public—read-only

•private—read-write

•secret—read-write-all

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared.

There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared.

The community_string variable cannot contain the @ symbol.

To support the access types, you also need to configure four MIB tables: vacmContextTable, vacmSecurityToGroupTable, vacmAccessTable, and vacmViewTreeFamilyTable. Use the clear config snmp command to reset these tables to the default values.

Examples

This example shows how to set read-write access to the SNMP community called campus:

Console> (enable) set snmp community read-write campus

SNMP read-write community string set.

Console> (enable)

This example shows how to clear the community string defined for read-only access:

Console> (enable) set snmp community read-only

SNMP read-only community string cleared.

Console> (enable)

Related Commands

clear config—switch
clear snmp community
show snmp
show snmp community

set snmp community-ext

To set additional community strings, use the set snmp community-ext command.

set snmp community-ext community_string {read-only | read-write | read-write-all}
[view view_oid] [access access_number]

Syntax Description

community_string	Name of the SNMP community.
read-only	Assigns read-only access to the specified SNMP community.
read-write	Assigns read-write access to the specified SNMP community.
read-write-all	Assigns read-write access to the specified SNMP community.
view view_oid	(Optional) Restricts the community string to a view. See the "Usage Guidelines" section for more information.
access access_number	(Optional) Restricts the community string to an access number; valid values are from 1 to 65335.

Defaults

This command has no default settings.

Command Types

Switch command

Command Types

Privileged

Usage Guidelines

Adding a new community string using the set snmp community-ext command creates appropriate entries in the vacmAccessTable (if a view is specified), snmpCommunityTable, and vacmSecurityToGroup tables.

An example of the view_oid variable is 1.3.6.1.2.1.

Examples

This example shows how to set an additional SNMP community string:

Console> (enable) set snmp community-ext public1 read-only 

Community string public1 is created with access type as read-only 

Console> (enable)

This example shows how to restrict the community string to an access number:

Console> (enable) set snmp community-ext private1 read-write access 2 

Community string private1 is created with access type as read-write access 

number 2 

Console> (enable)

This example shows how to change the access number to the community string:

Console> (enable) set snmp community-ext private1 read-write access 3 

Community string private1 is updated with access type as read-write access 

number 3 

Console> (enable)

Related Commands

clear snmp community-ext

set snmp extendedrmon netflow

To enable or disable the SNMP extended Remote Monitoring (RMON) NetFlow support for the Network Analysis Module (NAM), use the set snmp extendedrmon netflow command.

set snmp extendedrmon netflow {enable | disable} {mod}

Syntax Description

enable	Enables the extended RMON support.
disable	Disables the extended RMON support.
mod	Module number of the extended RMON NAM.

Defaults

Disabled

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to enable SNMP-extended RMON NetFlow support:

Console> (enable) set snmp extendedrmon netflow enable 2

Snmp extended RMON netflow enabled

Console> (enable) 

This example shows how to disable SNMP-extended RMON NetFlow support:

Console> (enable) set snmp extendedrmon netflow disable 2

Snmp extended RMON netflow disabled

Console> (enable) 

This example shows the response when the SNMP-extended RMON NetFlow feature is not supported:

Console> (enable) set snmp extendedrmon enable 4 

NAM card is not installed. 
Console> (enable) 

Related Commands

set snmp rmon
show snmp

set snmp group

To establish a relationship between an SNMP group and a user with a specific security model, use the set snmp group command.

set snmp group [-hex] {groupname} user [-hex] {username} {security-model {v1 | v2c |
v3}} [volatile | nonvolatile]

Syntax Description

-hex	Displays the groupname and username in hexadecimal format.
groupname	Name of the SNMP group that defines an access control. The maximum length is 32 bytes.
user	SNMP group username.
username	Name of the SNMP user that belongs to the SNMP group. The maximum length is 32 bytes.
security-model v1 | v2c | v3	Security model v1, v2c, or v3.
volatile	(Optional) Storage type is defined as temporary memory and that the content is deleted if the device is powered off.
nonvolatile	(Optional) Storage type is defined as persistent memory and that the content remains after the device is powered off and on again.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for groupname or username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to establish a security model v3 relationship between the SNMP group named cisco-group and a user named joe:

Console> (enable) set snmp group cisco-group user joe security-model v3

SNMP group was set to cisco-group user joe and version v3,nonvolatile.

Console> (enable)

Related Commands

clear snmp group
show snmp group

set snmp ifalias

To set the SNMP interface alias, use the set snmp ifalias command.

set snmp ifalias {ifIndex} [ifAlias]

Syntax Description

ifIndex	Interface index number.
ifAlias	(Optional) Name of the interface alias. See the "Usage Guidelines" section for more information.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The ifAlias string can contain 0 to 64 characters.

Examples

This example shows how to set the SNMP interface alias:

Console> (enable) set snmp ifalias 1 Inband port

ifIndex 1 alias set

Console> (enable)

Related Commands

show snmp ifalias

set snmp notify

To set the notifyname in the snmpNotifyTable and set the notifytag in the snmpTargetAddrTable, use the set snmp notify command.

set snmp notify [-hex] {notifyname} tag [-hex] {notifytag} [trap | inform] [volatile |
nonvolatile]

Syntax Description

-hex	(Optional) Displays notifyname and notifytag in hexadecimal format.
notifyname	Unique identifier to index the snmpNotifyTable.
tag	Tag name in the taglist.
notifytag	Selected entries in the snmpTargetAddrTable.
trap	(Optional) All messages that contain snmpv2-Trap PDUs.
inform	(Optional) All messages that contain InfoRequest PDUs.
volatile	(Optional) Storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and that the content remains after the device is power cycled.

Defaults

The default settings are as follows:

•Storage type is volatile

•Notify type is trap

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for the parameters) for the notifyname and notifytag, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set the SNMP notify for the notifyname hello and the notifytag world:

Console> (enable) set snmp notify hello tag world inform

SNMP notify name was set to hello with tag world notifyType inform, and storageType 
nonvolatile.

Console> (enable)

Related Commands

clear snmp notify
show snmp notify

set snmp rmon

To enable or disable SNMP RMON support, use the set snmp rmon command.

set snmp rmon {enable | disable}

Syntax Description

enable	Activates SNMP RMON support.
disable	Deactivates SNMP RMON support.

Defaults

Disabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

RMON statistics are collected on a segment basis instead of a repeater-port basis for the Catalyst 4000 family group Ethernet modules.

The RMON feature uninstalls the domains for all of the interfaces on an Ethernet module that has been deleted from the system.

RMON is supported on Ethernet, Fast Ethernet, Gigabit Ethernet, and Token Ring switch ports.

When RMON is enabled, the supported RMON groups for Ethernet ports are Statistics, History, Alarms, and Events, as specified in RFC 1757.

When RMON is enabled, the supported RMON groups for Token Ring ports are Mac-Layer Statistics, Promiscuous Statistics, Mac-Layer History, Promiscuous History, Ring Station Order Table, Alarms, and Events, as specified in RFC 1513 and RFC 1757.

Use of this command requires a separate software license.

Examples

This example shows how to enable RMON support:

Console> (enable) set snmp rmon enable

SNMP RMON support enabled.

Console> (enable)

This example shows how to disable RMON support:

Console> (enable) set snmp rmon disable

SNMP RMON support disabled.

Console> (enable)

Related Commands

show snmp

set snmp rmonmemory

To set the memory usage limit as a percentage, use the set snmp rmonmemory command.

set snmp rmonmemory percentage

Syntax Description

percentage

Memory usage limit; see "Usage Guidelines" for more information.

Defaults

85 percent

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

When you use this command, setting the percentage value to 85 does not mean that RMON can use 85 percent of memory. Rather it means that you cannot create new RMON entries or restore entries from the NVRAM if memory usage exceeds 85 percent.

If you expect the device to run other sessions such as Telnet, set the memory limit at a lower value, otherwise the new Telnet sessions may fail because the amount of available memory is insufficient.

Examples

This example shows how to set the memory usage limit to 90%:

Console> (enable) set snmp rmonmemory 90

Console> (enable) 

Related Commands

clear snmp notify
set snmp notify

set snmp targetaddr

To configure SNMP target address entries in the snmpTargetAddressTable, use the set snmp targetaddr command.

set snmp targetaddr [-hex] {addrname} param [-hex] {paramsname}{ip_addr} [udpport
{port}] [timeout {value}] [retries {value}] [volatile | nonvolatile] [taglist {[-hex] tag}]
[[-hex] tag]

Syntax Description

-hex	(Optional) Displays addrname, paramsname, and tag in hexadecimal format.
addrname	Arbitrary but unique name of the target agent; the maximum length is 32 bytes.
param	Entry in the snmpTargetParamsTable, which provides parameters to be used when generating a message to the target; the maximum length is 32 bytes.
paramsname	Entry in the snmpTargetParamsTable; the maximum length is 32 bytes.
ip_addr	IP address of the target.
udpport port	(Optional) UDP port of the target host to use.
timeout value	(Optional) Number of timeouts.
retries value	(Optional) Number of retries.
volatile	(Optional) Storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and that the content remains after the device is power cycled.
taglist tag	(Optional) Tag names in the taglist. The maximum length for tag is 255 bytes.
tag	(Optional) Tag name.

Defaults

The default settings are as follows:

•Storage type is nonvolatile

•udpport is 162

•timeout is 1500

•retries is 3

•taglist is NULL

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for the addrname, paramsname, tag, and tagvalue, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set the target address in the snmpTargetAddressTable:

Console> (enable) set snmp targetaddr foo param bar 10.1.2.4 udpport 160 timeout 10 
retries 3 taglist tag1 tag2 tag3

SNMP targetaddr name was set to foo with param bar ipAddr 10.1.2.4, udpport 160, timeout 
10, retries 3, storageType nonvolatile with taglist tag1 tag2 tag3.

Console> (enable)

Related Commands

clear snmp targetaddr
set snmp notify
clear snmp notify

set snmp targetparams

To configure the SNMP parameters used in the snmpTargetParamsTable when generating a message to a target, use the set snmp targetparams command.

set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model
{v1 | v2c}} {message-processing {v1 | v2c | v3}} [volatile | nonvolatile]

set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model v3}
{message-processing v3 {noauthentication | authentication | privacy}} [volatile |
nonvolatile]

Syntax Description

-hex	Displays the paramsname and username in hexadecimal format.
paramsname	Unique identifier used to index the snmpTargetParamsTable; the maximum length is 32 bytes.
user	SNMP group user name.
username	Name of the SNMP user that belongs to the SNMP group; the maximum length is 32 bytes.
security-model v1 | v2c	Security model v1 or v2c.
message-processing v1 | v2c | v3	Version number used by the message processing model.
security-model v3	Security model v3.
message-processing v3	Version 3 is used by the message- processing model.
noauthentication	Security model is not set to use authentication protocol.
authentication	Type of authentication protocol.
privacy	Messages sent on behalf of the user are protected from disclosure.
volatile	(Optional) Storage type is defined as temporary memory and that the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and that the content remains after the device is power cycled.

Defaults

The storage type is volatile.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for the paramsname and username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

Examples

This example shows how to set target parameters in the snmpTargetParamsTable:

Console> (enable) set snmp targetparams bar user joe security-model v3 message-processing 
v3 authentication

SNMP target params was set to bar v3 authentication, message-processing v3, user joe 
nonvolatile.

Console> (enable)

Related Commands

clear snmp targetparams
show snmp targetparams

set snmp trap

To enable or disable the different SNMP traps on the system or to add an entry into the SNMP authentication trap receiver table, use the set snmp trap command.

set snmp trap {enable | disable} [all | module | chassis | bridge | auth | vtp |
ippermit | vmps | config | entity | stpx | syslog | system | envfan |
envpower |macnotification | entityfru]

set snmp trap rcvr_addr rcvr_community [port rcvr_port] [owner rcvr_owner] [index rcvr_index]

Syntax Description

enable	Activates SNMP traps.
disable	Deactivates SNMP traps.
all	(Optional) All trap types.
module	(Optional) ModuleUp and moduleDown traps from the CISCO-STACK-MIB.
chassis	(Optional) Designates the ciscoSyslogMIB trap from the CISCO-SYSLOG-MIB.
bridge	(Optional) NewRoot and topologyChange traps from RFC 1493 (the BRIDGE-MIB).
auth	(Optional) AuthenticationFailure trap from RFC 1157.
vtp	(Optional) VTP from the CISCO-VTP-MIB.
ippermit	(Optional) IP Permit Denied access from the CISCO-STACK-MIB.
vmps	(Optional) Designates the vmVmpsChange trap from the CISCO-VLAN-MEMBERSHIP-MIB.
config	(Optional) SysConfigChange trap from the CISCO-STACK-MIB.
entity	(Optional) Designates the entityMIB trap from the ENTITY-MIB.
stpx	(Optional) STPX trap.
syslog	(Optional) System log.
system	(Optional) System.
envfan	(Optional) Environmental fan.
envpower	(Optional) Environmental power.
macnotification	(Optional) MAC address notification.
entityfru	(Optional) Entity field replaceable unit (FRU)
rcvr_addr	IP address or IP alias of the system to receive SNMP traps.
rcvr_community	Community string to use when sending authentication traps.
port rcvr_port	(Optional) UDP port and port number. The value for rcvr_port can be from 0 to 65,535.
owner rcvr_owner	(Optional) Identifies the user who configured the settings for snmp trap. The rcvr_owner can be from 1 to 21 characters in length.
index rcvr_index	(Optional) Identifies this entry. The rcvr_index is a value from 1 to 65,535.

Defaults

SNMP traps are disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

An IP permit trap is sent when unauthorized access based on the IP permit list is attempted.

Use the show snmp command to verify that the appropriate traps were configured.

Examples

This example shows how to enable SNMP chassis traps:

Console> (enable) set snmp trap enable chassis

SNMP chassis alarm traps enabled.

Console> (enable) 

This example shows how to enable all traps:

Console> (enable) set snmp trap enable

All SNMP traps enabled.

Console> (enable) 

This example shows how to disable SNMP chassis traps:

Console> (enable) set snmp trap disable chassis

SNMP chassis alarm traps disabled.

Console> (enable) 

This example shows how to add an entry in the SNMP trap receiver table:

Console> (enable) set snmp trap 192.122.173.42 public

SNMP trap receiver added.

Console> (enable) 

This example shows how to enable SNMP system traps:

Console> (enable) set snmp trap enable system

SNMP SYSTEM traps enabled.

Console> (enable)

This example shows how to enable SNMP environmental shutdown traps:

Console> (enable) set snmp trap enable envshutdown

SNMP EnvMon shutdown trap enabled.

SNMP EnvMon fan trap enabled.

Console> (enable)

This example shows how to enable SNMP environmental fan traps:

Console> (enable) set snmp trap enable envfan

SNMP EnvMon fan trap enabled.

Console> (enable)

This example shows how to enable SNMP environmental power traps:

Console> (enable) set snmp trap enable envpower

SNMP EnvMon power supply trap enabled.

Console> (enable)

This example shows how to enable SNMP MAC address notification traps:

Console> (enable) set snmp trap enable macnotification

SNMP MAC notification trap enabled.

Console> (enable)

This example shows how to enable SNMP entity FRU traps:

Console> (enable) set snmp trap enable entityfru

SNMP Entity FRU Control trap enabled.

Console> (enable)

Related Commands

clear ip permit
set ip permit
show ip permit
show port counters
show snmp

set snmp user

To configure a new SNMP user, use the set snmp user command.

set snmp user [-hex] {username} {remote {engineid}} [authentication {md5 | sha |
authpassword}] [privacy {privpassword}] [volatile | nonvolatile]

Syntax Description

-hex	(Optional) Displays username in hexadecimal format.
username	Name of the SNMP user.
remote engineid	Remote SNMP engine ID.
authentication	(Optional) Authentication protocol.
md5	HMAC-MD5-96 authentication protocol.
sha	HMAC-SHA-96 authentication protocol.
authpassword	Password for authentication.
privacy privpassword	(Optional) Enables the host to encrypt the contents of the message sent to or from the agent; the maximum length is 32 bytes, password for privacy.
volatile	(Optional) Storage type is defined as temporary memory and the content is deleted if the device is powered off.
nonvolatile	(Optional) Storage type is defined as persistent memory and the content remains after the device is power cycled.

Defaults

Storage type is set to volatile.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for username, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

authpassword and privpassword must be hexadecimal characters without delimiters in between.

If authentication is not specified, the security level default will be noauthentication. If privacy is not specified, the default will be no privacy.

Examples

This example shows how to set a specific user name:

Console> (enable) set snmp user joe

Snmp user was set to joe authProt no-auth  privProt no-priv with engineid 00:00.

Console> (enable)

This example shows how to set a specific user name, authentication, and authpassword:

Console> (enable) set snmp user John authentication md5 arizona2

Snmp user was set to John authProt md5 authPasswd arizona2. privProt no-priv wi.

Console> (enable)

Related Commands

clear snmp user
show snmp user

set snmp view

To configure the SNMP MIB view, use the set snmp view command.

set snmp view [-hex] {viewname} {subtree} [mask] [included | excluded] [volatile |
nonvolatile]

Syntax Description

-hex	(Optional) Displays the viewname in hexadecimal format.
viewname	Name of a MIB view.
subtree	MIB subtree.
mask	(Optional) Bit mask is used with the subtree. A bit mask can be all one's, all zero's or any combination; the maximum length is 3 bytes.
included | excluded	(Optional) MIB subtree is included or excluded.
volatile	(Optional) Storage type is defined as temporary memory and the content is deleted if the device is turned off.
nonvolatile	(Optional) Storage type is defined as persistent memory and the content remains after the device is turned off and on again.

Defaults

The default settings are as follows:

•Storage type is volatile

•Bit mask is NULL

•MIB subtree is included

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you use special characters (nonprintable delimiters for these parameters) for viewname, you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.

A MOB subtree with a mask defines a view subtree. The MIB subtree can be in OID format or a text name mapped to a valid OID.

Examples

This example shows how to assign a subtree to the view public:

Console> (enable) set snmp view public 1.3.6.1 included

Snmp view name was set to public with subtree 1.3.6.1 included, nonvolatile.

Control> (enable)

This example shows the response when the subtree is incorrect:

Console> (enable) set snmp view stats statistics excluded

Statistics is not a valid subtree OID

Control> (enable)

Related Commands

clear snmp view
show snmp view

set span

To enable or disable Switched Port Analyzer (SPAN) and to set up the switch port and VLAN analyzer for multiple SPAN sessions, use the set span command set.

set span disable [dest_mod/dest_port | all]

set span {src_mod/src_ports... | src_vlan...} {dest_mod/dest_port} [rx | tx | both]
[filter {vlan}][inpkts {enable | disable}] [learning {enable | disable}] [create]

Syntax Description

disable	Disables SPAN.
dest_mod	(Optional) Monitoring module (SPAN destination).
dest_port	(Optional) Monitoring port (SPAN destination).
all	(Optional) Disables the spanning for all VLANs.
src_mod	Monitored module (SPAN source).
src_ports...	Monitored ports (SPAN source).
src_vlan...	Monitored VLAN (SPAN source).
rx	(Optional) Information received at the source is monitored.
tx	(Optional) Information transmitted from the source is monitored.
both	(Optional) Information both transmitted from the source and received at the source is monitored.
filter	(Optional) VLANs are filtered.
vlan	Number of the VLAN.
inpkts enable	(Optional) Enables the receiving of Normal inbound traffic on the SPAN destination port.
inpkts disable	(Optional) Disables the receiving of Normal inbound traffic on the SPAN destination port.
learning enable	(Optional) Learns the packet's source address.
learning disable	(Optional) Does not learn the packet's source address.
create	(Optional) Creates a new SPAN session.

Defaults

The default settings are as follows:

•SPAN is disabled.

•Learning is enabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

After you install an Access Gateway module on your switch, you cannot configure the internal
Gigabit Ethernet port as a SPAN destination port.

You can configure multiple SPAN sessions to run at the same time. One ingress SPAN session (RX or Both direction) and four egress SPAN sessions (TX direction only) can be configured.

A trunk port can be configured as a source or destination port. If the destination port is a trunk port, the outgoing packets through the SPAN port will carry ISL or 802.1Q VLAN headers.

If SPAN is enabled, and you change the VLAN configuration of the SPAN port (destination), you must disable SPAN before the new configuration will be in effect. If SPAN is enabled, and you disable a source or destination port, the SPAN function will not work until you enable SPAN on both ports.

You can configure a disabled port to be a source or destination port, but SPAN will not work until you enable SPAN on both ports. If SPAN is enabled for monitoring a particular VLAN, the number of ports being monitored changes when you move a switched port into or out of the specified monitored VLAN.

FDDI port can also be a source port.

Source and destination ports cannot be the same port.

After SPAN is enabled, if no parameters were ever set, the first configured SPAN is used as a reference.

You can configure additional SPAN ports which monitor VLANs only. These ports support a source of one or more VLANs and require the destination port to be a trunk-capable port. This port will filter all traffic except traffic from the configured VLAN for that port.

For monitoring inbound traffic, only one ingress session (or both directions) SPAN is allowed regardless of the port-based SPAN. An egress SPAN can coexist with other SPAN sessions.

Use either a dedicated RMON probe or a network analyzer to monitor ports.

Use the inpkts keyword with the enable option to allow the SPAN destination port to receive Normal incoming traffic in addition to the traffic mirrored from the SPAN source. Use the disable option to prevent the SPAN destination port from receiving Normal incoming traffic.

The keyword learning is dependent on the inpkts option. If the inpkts option is disabled, learning will not take effect. The inpkts option must be set to enable to use learning.

When learning is enabled, the dont_learn control bit is disabled, allowing the system to learn a packet's source address. With learning disabled, the packet is forwarded to its destination as usual.

If you are configuring the Gigabit EtherChannel switching module VLAN, only the both argument is allowed, you cannot specify tx or rx.

You cannot disable multicast on SPAN ports.

If you are running a supervisor engine software release prior to release 4.5(1), we recommend that you configure only a single source port to be monitored. With the supervisor engine software release 4.5(1) and later, a single source port will be the standard Token Ring SPAN configuration.

You cannot monitor a VLAN to which none of the ports belong.

If you specify a set of VLANs with the filter option, the traffic spanned by the session is limited to the VLANs specified. Use this option to select a subset of the VLANs carried by a trunk in PSPAN sessions. VLAN filtering is not available for VSPAN sessions.

Examples

This example shows how to configure SPAN so that both the transmit traffic and receive traffic on the source port (1/1) is mirrored to the destination port (2/1), and how to verify SPAN configuration:

Console> (enable) set span 1/1 2/1

Enabled monitoring of Port 1/1 transmit/receive traffic by Port 2/1

Console> (enable) show span

Status          : enabled

Admin Source    : Port 1/1

Oper Source     : Port 1/1

Destination     : Port 2/1

Direction       : transmit/receive

Incoming Packets: disabled

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/1 as the SPAN destination:

Console> (enable) set span 522 2/1

Enabled monitoring of VLAN 522 transmit/receive traffic by Port 2/1

Console> (enable) show span

Status          : enabled

Admin Source    : VLAN 522

Oper Source     : Port 3/1-2

Destination     : Port 2/1

Direction       : transmit/receive

Incoming Packets: disabled

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/12 as the SPAN destination:

Console> (enable) set span 522 2/12 tx inpkts enable

SPAN destination port incoming packets enabled.

Enabled monitoring of VLAN 522 transmit traffic by Port 2/12

Console> (enable) show span

Status          : enabled

Admin Source    : VLAN 522

Oper Source     : Port 2/1-2

Destination     : Port 2/12

Direction       : transmit

Incoming Packets: enabled

Console> (enable)

This example shows how to enable learning on the SPAN source and port 1/1:

Console> (enable) set span 522 1/1 learning enable 

Overwrote Port 1/1 to monitor transmit/receive traffic of VLAN 522

Incoming Packets disabled. Learning enabled. Multicast enabled.

Console> (enable)

This example shows how to disable learning on the SPAN source and port 1/1:

Console> (enable) set span 522 1/1 learning disable

Overwrote Port 1/1 to monitor transmit/receive traffic of VLAN 522

Incoming Packets disabled. Learning disabled. Multicast enabled.

Console> (enable) 

Related Commands

clear config—switch
show span

set spantree backbonefast

To enable or disable the spanning tree Backbone Fast Convergence feature, use the set spantree backbonefast command.

set spantree backbonefast {enable | disable}

Syntax Description

enable	Enables Backbone Fast Convergence.
disable	Disables Backbone Fast Convergence.

Defaults

Disabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

This command is not available in MST mode.

For BackboneFast Convergence to work, you must enable it on all switches in the network.

When you try to enable BackboneFast and the switch is in MISTP or MISTP-PVST+ mode, this message is displayed:

Cannot enable backbonefast when the spantree mode is MISTP-PVST+.

When you try to enable BackboneFast and the switch is in RAPID-PVST+ mode, this message is displayed:

Cannot enable backbonefast when the spantree mode is RAPID-PVST+.

Examples

This example shows how to enable Backbone Fast Convergence:

Console> (enable) set spantree backbonefast enable

Backbonefast enabled for all VLANs.

Console> (enable) 

This example shows the message that is displayed when you try to enable BackboneFast in Rapid PVST+ mode:

Console> (enable) set spantree backbonefast enable

Cannot enable backbonefast when the spantree mode is RAPID-PVST+.

Console> (enable)

Related Commands

show spantree

set spantree bpdu-filter

To enable or disable BPDU packet filtering on a port, use the set spantree bpdu-filter command.

set spantree bpdu-filter mod/port {enable | disable | default}

Syntax Description

mod/port	Number of the module and the port on the module.
enable	Enables BPDU packet filtering.
disable	Disables BPDU packet filtering.
default	Sets BPDU packet filtering to the global BPDU packet filtering state. See "Usage Guidelines" for more information.

Defaults

Enabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

BPDU packet filtering disables BPDU transmission on the specified ports.

If you use the default keyword, the spanning tree port is set to the global BPDU filtering state.

To enable or disable BPDU filtering for all ports on the switch, enter the set spantree global-default bpdu-filter command.

Examples

This example shows how to enable BPDU filtering on module 3, port 4:

Console> (enable) set spantree bpdu-filter 3/4 enable

Warning: Ports enabled with bpdu filter will not send BPDUs and drop all

received BPDUs. You may cause loops in the bridged network if you misuse

this feature.

Spantree port 3/4 bpdu filter enabled.

Console> (enable)

Related Commands

set spantree global-default
show spantree portfast

set spantree bpdu-guard

To enable or disable spanning tree BPDU guard on a port, use the set spantree bpdu-guard command.

set spantree bpdu-guard mod/port {enable | disable | default}

Syntax Description

mod/port	Number of the module and the port on the module.
enable	Enables the spanning tree BPDU guard.
disable	Disables the spanning tree BPDU guard.
default	Sets spanning tree BPDU guard to the global BPDU guard state. See "Usage Guidelines" for more information.

Defaults

Enabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

Before you enable BPDU guard, you must enable PortFast mode to ensure that BPDU guard works correctly.

When you enable BPDU guard, a port is moved into an errdisable state when it receives a BPDU. When you disable a BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives BPDUs, which may cause spanning tree loops.

If you enter the default keyword, the spanning tree port is set to the BPDU guard state globally.

To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default bpdu-guard command.

Examples

This example shows how to enable BPDU guard on module 3, port 1:

Console> (enable) set spantree bpdu-guard 3/1 enable

Spantree port 3/1 bpdu guard enabled.

Console> (enable)

Related Commands

set spantree global-default
show spantree portfast

set spantree bpdu-skewing

To enable or disable collection of the spanning tree BPDU skewing detection statistics, use the set spantree bpdu-skewing command.

set spantree bpdu-skewing {enable | disable}

Syntax Description

enable	Enables the collection of BPDU skewing detection statistics.
disable	Disables the collection of BPDU skewing detection statistics.

Defaults

Enabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

When network convergence is slow due to skewing, you can use this command to help troubleshoot. Skewing occurs when spanning tree timers lapse, and expected BPDUs are not received and spanning tree detects topology changes. The difference between the expected result and those actually received is a "skew." The skew causes BPDUs to be reflooded onto the network to keep the spanning tree topology database up to date.

Examples

This example shows how to enable the BPDU skew detection feature:

Console> (enable) set spantree bpdu-skewing enable

Spantree bpdu-skewing enabled on this switch. 

Console> (enable) 

This example shows how to disable the BPDU skew detection feature:

Console> (enable) set spantree bpdu-skew disable

Spantree bpdu-skewing disabled on this switch. 

Console> (enable) 

Related Commands

show spantree bpdu-skewing

set spantree channelcost

To set the channel path cost and automatically adjust the port costs of the ports in the channel, use the set spantree channelcost command.

set spantree channelcost {channel_id | all} [cost]

Syntax Description

channel_id	Channel identification number.
all	Configures all channels.
cost	(Optional) Port costs of the ports in the channel.

Defaults

Port cost is updated automatically (based on the current port costs of the channeling ports).

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You can use this command when your system is in LACP channel mode or PAgP channel mode.

Examples

This example shows how to set the channel 768 path cost to 12.

Console> (enable) set spantree channelcost 768 12

Port(s) 1/1-2 port path cost are updated to 19.

Channel 768 cost is set to 12.

Warning: channel cost may not be applicable if channel is broken.

Console> (enable)

This example shows how to set all channel path costs to 15:

Console> (enable) set spantree channelcost all 15

Port(s) 1/1-2 port path cost are updated to 24.

Channel 768 cost is set to 15.

Port(s) 4/3-4 cost is set to 15.

channel 769 cost is set to 15.

Port(s) 4/7-8 cost is set to 15.

channel 770 cost is set to 15.

Warning: channel cost may not be applicable if channel is broken.

Console> (enable)

Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel

set spantree channelvlancost

To set the channel VLAN path cost and adjust the port VLAN costs of the ports that belong to the channel, use the set spantree channelvlancost command.

set spantree channelvlancost channel_id cost

Syntax Description

channel_id	Channel identification number.
cost	Port costs of the ports in the channel.

Defaults

The command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must set the channel VLAN cost one channel at a time.

You can use this command when your system is in LACP channel mode or PAgP channel mode.

Examples

This example shows how to set the VLAN cost to 10 for channel 768:

Console> (enable) set spantree channelvlancost 768 10

Port(s) 1/1-2 vlan cost are updated to 24.

Channel 768 vlancost is set to 10.

Console> (enable)

Related Commands

clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
show lacp-channel
show port lacp-channel

set spantree defaultcostmode

To specify the spanning tree default port cost mode, use the set spantree defaultcostmode command.

set spantree defaultcostmode {short | long}

Syntax Description

short	Sets the default port cost for port speeds slower than 10 gigabits.
long	Sets the default port cost mode port speeds of 10 gigabits and faster.

Defaults

The spanning tree default port cost mode is short.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The set spantree defaultcostmode long command is available in PVST+ mode only. If you enter this command in MISTP or MISTP-PVST+ mode, this message is displayed:

In MISTP or MISTP-PVST+ mode, default portcost and portinstancecost always

use long format default values.

All switches in a network must have the same default. If any switch in the network supports port speeds of 10 gigabits and greater, the default cost mode must be set to long on all the switches in the network.

For port speeds of 1 gigabit and greater, the default port cost should be set to long. For port speeds of less than 10 gigabits, the default port cost can be set to short.

The default path cost is based on port speed; see Table 2-7 and Table 2-8 for default settings.

Table 2-7 Default Port Cost—Short Mode 

Port Speed	Default Port Cost
4 MB	250
01 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

Table 2-8 Default Port Cost—Long Mode

Port Speed	Default Port Cost
100 Kb	200,000,000
1 Mb	20,000,000
10 Mb	2,000,000
100 Mb	200,000
1 Gb	20,000
10 Gb	2,000
100 Gb	200
1 Tb	20
10 Tb	2

Examples

This example shows how to set the spanning tree default port cost mode to long:

Console> (enable) set spantree defaultcostmode long

Portcost and portvlancost set to use long format default values.

Console> (enable) 

Related Commands

show spantree defaultcostmode

set spantree disable

To disable the spanning tree algorithm for all VLANs or for a specific VLAN, or to disable spanning tree instances, use the set spantree disable command set.

set spantree disable vlan

set spantree disable all

set spantree disable mistp-instance instance

set spantree disable mistp-instance all

Syntax Description

vlan	Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
all	All VLANs.
mistp-instance instance	Instance number; valid values are from 1 to 16.
mistp-instance all	Deletes all instances.

Defaults

The default settings are as follows:

•Spanning tree is enabled.

•All instances are enabled (flooding is disabled).

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

When an instance is enabled, the Spanning Tree Protocol starts running on that instance.

When an instance is disabled, the switch stops sending out config TLVs for that instance and starts flooding incoming TLVs for the same instance (but checks the VLAN mapping on the incoming side). All the traffic running on the VLANs mapped to the instance is flooded as well.

This command is not available in MST mode.

Examples

This example shows how to disable the spanning tree for VLAN 1:

Console> (enable) set spantree disable 1

VLAN 1 bridge spanning tree disabled.

Console> (enable) 

This example shows how to disable spanning tree for a specific instance:

Console> (enable) set spantree disable mistp-instance 2

MI-STP instance 2 disabled.

Console> (enable) 

Related Commands

set spantree enable
show spantree

set spantree enable

To enable the spanning tree algorithm for all VLANs, a specific VLAN, a specific instance, or all instances, use the set spantree enable command set.

set spantree enable vlans

set spantree enable all

set spantree enable mistp-instance instance

set spantree enable mistp-instance all

Syntax Description

vlans	Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
all	All VLANs.
mistp-instance instance	Instance number; valid values are from 1 to 16.
mistp-instance all	Enables all instances.

Defaults

All instances are enabled (flooding is disabled).

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

MISTP and VTP pruning cannot be enabled at the same time.

If you do not specify a VLAN number or an instance number, 1 is assumed.

This command is not available in MST mode.

Examples

This example shows how to activate spanning tree for VLAN 1:

Console> (enable) set spantree enable 1

VLAN 1 bridge spanning tree enabled.

Console> (enable) 

This example shows how to activate spanning tree for an instance:

Console> (enable) set spantree enable mistp-instance 1

-STP instance 1 enabled.

Console> (enable) 

Related Commands

set spantree disable
show spantree

set spantree fwddelay

To set the bridge forward delay for a VLAN or an instance, use the set spantree fwddelay command.

set spantree fwddelay delay [vlans]

set spantree fwddelay delay mistp-instance [instances]

set spantree fwddelay delay mst

Syntax Description

delay	Number of seconds for the bridge forward delay; valid values are from 4 to 30 seconds.
vlans	(Optional) Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
mistp-instance instances	Instance number; valid values are from 1 to 16.
mst	Sets the forward delay time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

Bridge forward delay is set to 15 seconds for all VLANs.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN bridge forward delay.

If you enable PVST+, you cannot set the instance bridge forward delay.

If you enter the set spantree fwddelay delay mst command, you set the forward delay time for the IST instance and all MST instances. You do not need to set the forward delay time for each MST instance.

Examples

This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:

Console> (enable) set spantree fwddelay 16 100

Spantree 100 forward delay set to 16 seconds.

Console> (enable)

This example shows how to set the bridge forward delay for an instance to 16 seconds:

Console> (enable) set spantree fwddelay 16 mistp-instance 1

Instance 1 forward delay set to 16 seconds.

Console> (enable)

Related Commands

show spantree

set spantree global-default

To set the global states on the switch, use the set spantree global-default command set.

set spantree global-default portfast {enable | disable}

set spantree global-default loop-guard {enable | disable}

set spantree global-default bpdu-guard {enable | disable}

set spantree global-default bpdu-filter {enable | disable}

Syntax Description

portfast	Sets the global PortFast state.
enable	Enables the global state.
disable	Disables the global state.
loop-guard	Sets the global loop guard state.
bpdu-guard	Sets the global BPDU guard state.
bpdu-filter	Sets the global BPDU filter state.

Defaults

The default settings are as follows:

•All ports are in the nonedge state.

•Loop guard is disabled on all ports.

•BPDU guard is disabled on all ports.

•BPDU filter is disabled on all ports.

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to disable the global PortFast state on the switch:

Console> (enable) set spantree global-default portfast disable

Spantree global portfast state disabled on this switch.

Console> (enable)

This example shows how to enable the global loop guard state on the switch:

Console> (enable) set spantree global-default loop-guard enable

Spantree global loop-guard state enabled on the switch.

Console> (enable)

This example shows how to disable the global BPDU guard state on the switch:

Console> (enable) set spantree global-default bpdu-guard disable

Spantree global-default bpdu-guard disabled on this switch.

Console> (enable)

This example shows how to disable the global BPDU filter state on the switch:

Console> (enable) set spantree global-default bpdu-filter disable

Spantree global-default bpdu-filter disabled on this switch.

Console> (enable)

Related Commands

clear spantree mst
set spantree mst
set spantree mst config
show spantree mst config
set spantree guard

set spantree guard

To enable or disable spantree root guard or loop guard on a per-port basic, use the set spantree guard command.

set spantree guard {none | root | loop} {mod/port}

Syntax Description

none	Disables the spantree guard feature.
root	Enables root guard.
loop	Enables loop guard.
mod/port	Number of the module and port(s) on the module.

Defaults

The default settings are as follows:

•Root guard is disabled.

•Loop guard is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You can use the root guard feature to prevent switches from becoming the root switch. The root guard feature forces a port to become a designated port so that no switch on the other end of the link can become a root switch.

When you enable root guard on a per-port basis, it is automatically applied to all of the active VLANs to which that port belongs. When you disable root guard, it is disabled for the specified port(s). If a port goes into the root-inconsistent state, it will automatically enters the listening state.

If you enable loop guard on a channel and the first link becomes unidirectional, loop guard will block the entire channel until the affected port is deleted from the channel.

Use care when enabling loop guard. Loop guard is useful only in those topologies where there are blocked ports. Topologies where there are no blocked ports are loop free by definition and do not need this feature to be enabled.

Loop guard should be enabled only on root and alternate root ports.

Loop guard should be used mainly on access switches.

When you enable loop guard, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable loop guard, it is disabled for the specified port(s). Disabling loop guard moves all loop-inconsistent ports to the listening state.

You cannot enable loop guard on PortFast-enabled or dynamic VLAN ports.

You cannot enable PortFast on loop guard-enabled ports.

You cannot enable loop guard if root guard is enabled.

Examples

This example shows how to enable root guard on port 5/1:

Console> (enable) set spantree guard root 5/1

Rootguard on port 5/1 is enabled.

Warning!! Enabling rootguard may result in a topolopy change.

Console> (enable)

This example shows how to enable the loop guard feature on port 5/1:

Console> (enable) set spantree guard loop 5/1

Rootguard is enabled on port 5/1, enabling loopguard will disable rootguard on

 this port.

Do you want to continue (y/n) [n]? y

Loopguard on port 5/1 is enabled.

Console> (enable)

Related Commands

show spantree guard

set spantree hello

To set the bridge hello time for a VLAN or an instance, use the set spantree hello command.

set spantree hello interval [vlans]

set spantree hello interval mistp-instance instances

set spantree hello interval mst

Syntax Description

interval	Number of seconds the system waits before sending a bridge hello message (a multicast message indicating that the system is active); valid values are from 1 to 10 seconds.
vlans	(Optional) Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
mistp-instance instances	Instance number; valid values are from 1 to 16.
mst	Sets the hello time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

Bridge hello time is set to 2 seconds for all VLANs.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN hello time.

If you enable PVST+, you cannot set the instance hello time.

If you enter the set spantree hello interval mst command, you set the hello time for the IST instance and all MST instances. You do not need to set the hello time for each MST instance.

Examples

This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:

Console> (enable) set spantree hello 3 100

Spantree 100 hello time set to 3 seconds.

Console> (enable)

This example shows how to set the spantree hello time for an instance to 3 seconds:

Console> (enable) set spantree hello 3 mistp-instance 1

Spantree 1 hello time set to 3 seconds.

Console> (enable)

Related Commands

show spantree

set spantree link-type

To configure the link type for a port, use the set spantree link-type command.

set spantree link-type mod/port {auto | point-to-point | shared}

Syntax Description

mod/port	Number of the module and the port on the module.
auto	Derives the link from either a half-duplex or full-duplex link type. See "Usage Guidelines" for more information.
point-to-point	Connects the port to a point-to-point link.
shared	Connects the port to a shared medium.

Defaults

The link type is auto.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If the link type is set to auto and the link is a half-duplex link, then the link is a shared link. If the link type is set to auto and the link is a full-duplex link, then the link is a point-to-point link.

The set spantree link-type command is the same as the set spantree mst link-type command.

Examples

This example shows how to connect port 1 on module 3 to a point-to-point link:

Console> (enable) set spantree link-type 3/1 point-to-point

Link type set to point-to-point on port 3/1

Console> (enable)

Related Commands

clear spantree mst
set spantree global-default

set spantree macreduction

To enable or disable the spanning tree MAC address reduction feature, use the set spantree macreduction command.

set spantree macreduction {enable | disable}

Syntax Description

enable	Enables MAC address reduction.
disable	Disables MAC address reduction.

Defaults

Enabled

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The MAC address reduction feature allows the switch to support a large number of spanning tree instances with a very limited number of MAC addresses, and still maintain the IEEE 802.1D bridge-ID requirement for each STP instance.

You cannot disable this feature if extended range VLANs exist.

Examples

This example shows how to disable the MAC address reduction feature:

Console> (enable) set spantree macreduction disable

MAC address reduction disabled

Console> (enable)

set spantree maxage

To set the bridge maximum aging time for a VLAN or an instance, use the set spantree maxage command.

set spantree maxage agingtime [vlans]

set spantree maxage agingtime mistp-instance instances

set spantree maxage agingtime mst

Syntax Description

agingtime	Maximum number of seconds that the system retains the information received from other bridges through Spanning Tree Protocol; valid values are from 6 to 40 seconds.
vlan	(Optional) Number of the VLAN; valid values are from 1 to 1005.
mistp-instance instances	Instance number; valid values are from 1 to 16.
mst	Sets the maximum aging time for the IST instance and all MST instances. See "Usage Guidelines" for more information.

Defaults

Bridge maximum aging time is 20 seconds for all VLANs.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

If you do not specify a VLAN number or an instance number, 1 is assumed.

If you enable MISTP, you cannot set the VLAN maximum aging time.

If you enable PVST+, you cannot set the instance maximum aging time.

If you enter the set spantree maxage agingtime mst command, you set the maximum aging time for the IST instance and all MST instances. You do not need to set the maximum aging time for each MST instance.

Examples

This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:

Console> (enable) set spantree maxage 25 1000

Spantree 1000 max aging time set to 25 seconds.

Console> (enable)

This example shows how to set the maximum aging time for an instance to 25 seconds:

Console> (enable) set spantree maxage 25 mistp-instance 1

Instance 1 max aging time set to 25 seconds.

Console> (enable)

Related Commands

show spantree

set spantree mode

To configure the type of Spanning Tree Protocol mode to run, use the set spantree mode command.

set spantree mode {mistp | pvst+ | mistp-pvst+ | mst | rapid-pvst+}

Syntax Description

mistp	MISTP mode.
pvst+	PVST+ mode.
mistp-pvst+	Allows the switch running MISTP to tunnel BPDUs with remote switches running PVST+.
mst	MST mode.
rapid-pvst+	Per VLAN rapid spantree (IEEE 802.1w).

Defaults

PVST+ mode

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

When you connect to a switch using Telnet and try to change the spanning-tree mode from PVST+ to MISTP or MISTP-PVST+, and no VLANs are mapped to any instance on that switch, a warning message is displayed:

Console> (enable) set spantree mode mistp

Warning!! Changing the STP mode from a telnet session will disconnect the

session because there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]?

When you connect to a switch using Telnet and try to change the spanning-tree mode from MISTP or MISTP-PVST+ to PVST+, or when you connect to a switch by Telnet and try to change the spanning-tree mode from PVST+ to MISTP or MISTP-PVST+, and additional VLAN-instances are mapped on that switch, a warning message is displayed:

Console> (enable) set spantree mode pvst+

Warning!! Changing the STP mode from a telnet session might disconnect the

session.

Do you want to continue [n]?

When you change from MISTP to PVST+ and there more than 8,000 VLAN ports currently configured on the switch, a warning message is displayed:

Console> (enable) set spantree mode pvst+

Warning!! This switch has 12345 VLAN-ports currently configured for STP.

Going out of MISTP mode could impact system performance.

Do you want to continue [n]?

When you change from MISTP to RAPID-PVST+ and there more than 8,000 VLAN ports currently configured on the switch, a warning message is displayed:

Console> (enable) set spantree mode rapid-pvst+

Warning!! This switch has 12345 VLAN-ports currently configured for STP.

Going out of MISTP mode could impact system performance.

Do you want to continue [n]?

If you change the spanning-tree mode from PVST+ to MISTP or MISTP to PVST+, the STP mode previously running stops, all the information collected at run time is used to build the port database for the new mode, and the new STP mode restarts the computation of the active topology from zero. All the parameters of the previous STP per VLAN or per instance are kept in NVRAM.

If you change the spanning-tree mode from PVST+ to MISTP or MISTP to PVST+ and BackboneFast is enabled, this message is displayed:

Console> (enable) set spantree mode mistp

Cannot change the spantree mode to MISTP when backbonefast is enabled.

Examples

This example shows how to set the spanning tree mode to PVST+:

Console> (enable) set spantree mode pvst+

Warning!! Changing the STP mode from a telnet session might disconnect the session.

Do you want to continue [n]? y

Spantree mode set to PVST+.

Console> (enable)

This example shows what happens if you change the spanning tree mode from PVST+ to MISTP:

Console> (enable) set spantree mode mistp

Warning!! Changing the STP mode from a telnet session will disconnect the session because 
there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]? y

Console> (enable)

This example shows how to set the spanning tree mode to MST:

Console> (enable) set spantree mode mst

Warning!! Changing the STP mode from a telnet session will disconnect the session

n because there are no VLANs mapped to any MISTP instance.

Do you want to continue [n]? y

Console> (enable)

This example shows how to set the spanning tree mode to RAPID-PVST+:

Console> (enable) set spantree mode rapid-pvst+

Warning!! Changing the STP mode from a telnet session might disconnect the session.

Do you want to continue [n]? y

Console> (enable)

Related Commands

set vlan
show spantree

set spantree mst

To configure the mapping of VLANs to an MST instance, use the set spantree mst command.

set spantree mst instance vlan vlan

Syntax Description

instance	Number of the instance; valid values are from 0 to 15.
vlan vlan	VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

All changes made to the region configuration (region information and VLAN mapping) are buffered. Only one user can hold the buffer at a time. This buffer is locked when you first use the set spantree mst instance or set spantree mst config commands.

If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and is mapped to the new instance.

Each time you map a new VLAN or VLANs, they are added to the existing mapping.

All unmapped VLANs are automatically mapped to MST instance 0 (IST).

Examples

This example shows how to map VLAN 1 to an MST instance 2:

Console> (enable) set spantree mst 2 vlan 1

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config

set spantree mst config

To change the MST region information, use the set spantree mst config command.

set spantree mst config [name name] [revision number]

set spantree mst config commit

set spantree mst config rollback [force]

Syntax Description

name name	(Optional) MST region name. See "Usage Guidelines" for more information.
revision number	(Optional) MST region version number; valid values for number are from 1 to 65535. See "Usage Guidelines" for more information.
commit	Starts the new MST VLAN mapping.
rollback	Discards changes made to the MST region configuration that are not yet applied.
force	(Optional) Unlocks the MST edit buffer when it is held by another user.

Defaults

The default settings are as follows:

•No region name will be given (unless you specify a region name).

•Revision number is 1.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The name can be up to 32 characters long.

The name and number are copied from NVRAM MST region information. If you change MST mapping information without changing the name and number, the number is automatically incremented by 1.

Changes that you make to MST VLAN mapping are buffered; by entering the set spantree mst config commit command, you put the new MST VLAN mapping into effect. After you enter the set spantree mst config commit command, the lock for the MST edit buffer is released.

If you enter the set spantree mst config rollback command, you discard the changes made to the MST region configuration that are not applied yet (only if you have locked the edit buffer). You can forcefully release the lock set by another user by entering the command set spantree mst config rollback force.

The set spantree mst config commit and set spantree mst config rollback commands are stored in NVRAM.

Examples

This example shows how to configure an MST region and to give that region a name and version number:

Console> (enable) set spantree mst config name cisco revision 1

Console> (enable)

This example shows how to put the new MST VLAN mapping into effect:

Console> (enable) set spantree mst mst config commit

Console> (enable)

This example shows how to discard MST region configuration when you hold the MST edit buffer:

Console> (enable) set spantree mst config rollback

Console> (enable)

This example shows how to unlock the MST edit buffer when it is held by another user:

Console> (enable) set spantree mst config rollback force

Console> (enable)

Related Commands

clear spantree mst
show spantree mst
show spantree mst config

set spantree mst link-type

To configure the link type of a port, use the set spantree mst link-type command.

set spantree mst link-type mod/port {auto | point-to-point | shared}

Syntax Description

mod/port	Number of the module and the port on the module.
auto	Derives the link from either a half-duplex or full-duplex link type. See "Usage Guidelines" for more information.
point-to-point	Connects the port to a point-to-point link.
shared	Connects the port to a shared medium.

Defaults

The link type is auto.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

MST rapid connectivity works only on point-to-point links between two bridges.

If the link type is set to auto and the link is a half-duplex link, then the link is a shared link. If the link type is set to auto and the link is a full-duplex link, then the link is a point-to-point link.

Examples

This example shows how to connect port 1 on module 3 to a point-to-point link:

Console> (enable) set spantree mst link-type 3/1 point-to-point

Link type set to point-to-point on port 3/1

Console> (enable)

Related Commands

clear spantree mst
set spantree global-default
set spantree mst config
show spantree mst config

set spantree mst maxhops

To set the maximum number of hops in the MST region, use the set spantree mst maxhops command.

set spantree mst maxhops hop-count

Syntax Description

hop-count

Maximum number of hops; valid values are from 1 to 40.

Defaults

Bridge forward delay is 20 seconds for all instances.

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to set the maximum number of hops:

Console> (enable) set spantree mst maxhops 20

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config
set spantree mst link-type
set spantree mst vlan
show spantree mst
show spantree mst config

set spantree mst vlan

To configure the mapping of VLANs to an MST instance, use the set spantree mst command.

set spantree mst instance vlan vlan

Syntax Description

instance	Number of the instance; valid values are from 0 to 15.
vlan vlan	VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.

Defaults

This command has no default settings.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

All changes made to the region configuration (region information and VLAN mapping) are buffered. Only one user can hold the buffer at a time. This buffer is locked upon first entering the set spantree mst instance or set spantree mst config commands.

If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and mapped to the new instance.

Each time you map a new VLAN or VLANs, they are added to the existing mapping.

All unmapped VLANs are mapped to MST instance 0 (IST).

Examples

This example shows how to map VLAN 1 to an MST instance 2:

Console> (enable) set spantree mst 2 vlan 1

Console> (enable)

Related Commands

clear spantree mst
set spantree mst config
show spantree mst
show spantree mst config

set spantree portcost

To set the path cost for a port, use the set spantree portcost command.

set spantree portcost mod/port cost [mst]

Syntax Description

mod/port	Number of the module and the port on the module.
cost	Number of the path cost; see "Usage Guidelines" for more information.
mst	(Optional) Sets the path cost for an MST port.

Defaults

The short mode default settings are shown in the following table:

Port Speed	Default Port Cost
4 Mb	250
10 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

The long mode default settings are shown in the following table:

Port Speed	Default Port Cost
100 Kb	200,000,000
1 Mb	20,000,000
10 Mb	2,000,000
10 Mb	200,000
1 Gb	20,000
10 Gb	2,000
100 Gb	200
1 Tb	20
10 Tb	2

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The Spanning Tree Protocol uses port path costs to determine which port to select as a forwarding port. You should assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.

Examples

This example shows how to set the port cost for port 12 on module 2 to 19:

Console> (enable) set spantree portcost 2/12 19

Spantree port 2/12 path cost set to 19.

Console> (enable) 

Related Commands

set spantree defaultcostmode
show spantree

set spantree portfast

To allow a port that is connected to a single workstation or PC to start faster when it is connected, use the set spantree portfast command.

set spantree portfast mod/port {enable [trunk] | disable | default}

Syntax Description

mod/port	Number of the module and the port on the module.
enable	Enables the spanning tree PortFast-start feature on the port.
trunk	(Optional) Enables the spanning tree PortFast start feature on the port.
disable	Disables the spanning tree PortFast-start feature on the port.
default	Sets the spanning tree start feature back to its default setting.

Defaults

The port fast-start feature is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

When a port configured with the spantree portfast enable command is connected, the port immediately enters the spanning tree forwarding state instead of going through the Normal spanning tree states such as listening and learning.

If the trunk keyword is used, the spanning tree PortFast-start feature is enabled on the specified trunk.

Examples

This example shows how to enable the spanning tree PortFast-start feature on port 2 on module 1:

Console> (enable) set spantree portfast 1/2 enable

Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning tree 
loops. Use with caution.

Spantree port 1/2 fast start enabled.

Console> (enable)

This example shows how to enable the spanning tree PortFast-start feature on the trunk port:

Console> (enable) set spantree portfast 3/2 enable trunk 

 Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning 
tree loops. Use with caution.

Spantree port 1/2 fast start enabled.	

Console> (enable)

Related Commands

show spantree portfast

set spantree portfast bpdu-filter

To enable or disable BPDU packet filtering on a port, use the set spantree portfast bpdu-filter command.

set spantree portfast bpdu-filter mod/port {enable | disable | default}

Syntax Description

mod/port	Number of the module and the port on the module.
enable	Enables BPDU packet filtering.
disable	Disables BPDU packet filtering.
default	Sets BPDU packet filtering to the global BPDU packet filtering state. See "Usage Guidelines" for more information.

Defaults

BPDU packet filtering is set to default.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

BPDU packet filtering turns off BPDU transmission on PortFast-enabled ports and nontrunking ports.

If you enter the default keyword, the spanning tree port is set to the global BPDU filtering state.

To enable or disable BPDU filtering for all ports on the switch, enter the set spantree global-default bpdu-filter command.

Examples

This example shows how to enable BPDU filtering on module 3, port 4:

Console> (enable) set spantree portfast bpdu-filter 3/4 enable

Warning: Ports enabled with bpdu filter will not send BPDUs and drop all

received BPDUs. You may cause loops in the bridged network if you misuse

this feature.

Spantree port 3/4 bpdu filter enabled.

Console> (enable)

Related Commands

show spantree portfast

set spantree portfast bpdu-guard

To enable or disable spanning tree PortFast BPDU guard on a port, use the set spantree portfast bpdu-guard command.

set spantree portfast bpdu-guard mod/port {enable | disable | default}

Syntax Description

mod/port	Number of the module and the port on the module.
enable	Enables the spanning tree PortFast BPDU guard.
disable	Disables the spanning tree PortFast BPDU guard.
default	Sets spanning tree PortFast BPDU guard to the global BPDU guard state. See "Usage Guidelines" for more information.

Defaults

PortFast BPDU guard is set to default.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must enable PortFast mode before you can enable PortFast BPDU guard for BPDU guard to work correctly.

When you enable PortFast BPDU guard, a nontrunking PortFast-enabled port is moved into an errdisable state when a BPDU is received on that port. When you disable a PortFast BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives BPDUs, which may cause spanning tree loops.

If you enter the default keyword, the spanning tree port is set to the global BPDU guard state.

To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default bpdu-guard command.

Examples

This example shows how to enable BPDU guard on module 3, port 1:

Console> (enable) set spantree portfast bpdu-guard 3/1 enable

Spantree port 3/1 bpdu guard enabled.

Console> (enable)

Related Commands

show spantree portfast

set spantree portinstancecost

To assign the path cost of the port for the specified instances, use the set spantree portinstancecost command.

set spantree portinstancecost mod/port [cost cost] [instances]

set spantree portinstancecost mod/port [cost cost] mst [instances]

Syntax Description

mod/port	Number of the module and the port on the module.
cost cost	(Optional) Path cost. See "Usage Guidelines" for more information.
mst	Sets the path cost for an MST instance.
instances	(Optional) Specifies the instance number; valid values are from 0 to 15.

Defaults

The short mode defaults settings are shown in the following table:

Port Speed	Default Port Cost
4 Mb	250
10 Mb	100
16 Mb	62
100 Mb	19
155 Mb	14
1 Gb	4
10 Gb	2

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The portinstancecost command applies to trunk ports only.

The value specified is used as the path cost of the port for the specified instances. The remaining instances have a path cost equal to the port path cost set via the set spantree instancecost command (if a value is not set, the value will be the default path cost of the port).

Examples

These examples show how to use the set spantree portinstancecost command to explicitly specify the path cost of a port:

Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10

Port 2/10 instances 11-16 have path cost 2000000.

Port 2/10 instances 1-10 have path cost 6.

This parameter applies to trunking ports only.

Console> (enable)

These examples show how to use the set spantree portinstancecost command without explicitly specifying the path cost of a port:

Console> (enable) set spantree portinstancecost 1/2

Port 1/2 Instances 1-1005 have path cost 3100.

Console> (enable)

Console> (enable) set spantree portinstancecost 1/2 16

Port 1/2 Instances 16,22-1005 have path cost 3100.

Console> (enable) 

This example shows the output you will see if you enter the command when PVST+ is enabled:

Console> (enable) set spantree portinstancecost 3/1

This command is only valid when STP is in MISTP or MISTP-PVST+ mode.

Console> (enable)

This example shows how to set the port cost for a specific MST instance:

Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10 mst

Port 2/10 mst instances 1-10 have path cost 6.

This parameter applies to trunking ports only.

Console> (enable)

Related Commands

clear spantree portinstancecost
show spantree mistp-instance

set spantree portinstancepri

To set the port priority for instances in the trunk port, use the set spantree portinstancepri command.

set spantree portinstancepri mod/port priority [instances]

set spantree portinstancepri mod/port priority mst [instances]

Syntax Description

mod/port	Number of the module and the port on the module.
priority	Number that represents the cost of a link in a spanning tree bridge; valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0 indicating high priority and 240, low priority. See "Usage Guidelines" for more information.
mst	Port priority for MST instances.
instances	(Optional) Instance number; valid values are from 0 to 15.

Defaults

The default settings are as follows:

•Port priority is set to 0.

•No instances are specified.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

Priority values that are not a multiple of 16 (between the values of 0 to 63) are converted to the nearest multiple of 16. Use this command to add instances to a specified port priority level. Subsequent calls to this command do not replace instances that are already set at a specified port priority level. This feature is not supported for the MSM. The set spantree portinstancepri command applies to trunk ports only. If you enter this command, this message is displayed:

Port xx is not a trunk-capable port

If portvlanpri is modified for a set of vlans, then that value will also apply to the already configured set of portvlanpri VLANs and old portvlanpri is lost.

Examples

This example shows how to set the port priority for module 1, port 2, on specific instances:

Console> (enable) set spantree portinstancepri 1/2 16 1-11

Port 1/2 instances 1-11 using portpri 16.

This parameter applies to trunking ports only.

Console> (enable)

This example shows how to set the port priority for module 8, port 1, on MST instance 2:

Console> (enable) set spantree portinstancepri 8/1 31 mst 2 

Port 8/1 instances 2 using portpri 31.

Port 8/1 instances 0-1, 3-15 using portpri 32.

Console> (enable)

Related Commands

clear spantree portinstancecost
show spantree mistp-instance

set spantree portpri

To set the bridge priority for a spanning tree port, use the set spantree portpri command.

set spantree portpri mod/port priority [mst]

Syntax Description

mod/port	Number of the module and the port on the module.
priority	Number that represents the cost of a link in a spanning tree bridge; valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0 indicating high priority and 240, low priority. See "Usage Guidelines" for more information.
mst	(Optional) Sets the bridge priority for an MST port.

Defaults

All ports with bridge priority are set to 32.

Command Types

Switch command

Command Modes

Privileged

ExamplesPriority values that are not a multiple of 16 (between the values of 0 to 63) are converted to the nearest multiple of 16.

This example shows how to set the priority of port 1 on module 4 to 63:

Console> (enable) set spantree portpri 2/3 48

Bridge port  2/3 port priority set to 48.

Console> (enable)

This example shows the output when you have specified a priority value that is not a multiple of 16:

Console> (enable) set spantree portpri 2/3 2

Vlan port priority must be one of these numbers:0, 16, 32, 48, 64, 80,

96, 112, 128, 144,

160, 176, 192, 208, 224, 240

converting 2 to 0 nearest multiple of 16

Bridge port  2/3 port priority set to 0.

Console> (enable)

Related Commands

show spantree

2