Table of Contents

Cisco IOS Commands

Cisco IOS Commands

This chapter describes the Cisco IOS commands that have been created or changed for the Catalyst  2900 series switches. Table 2-1 lists and describes the commands in this chapter sorted by command modes from which they are entered.

Replaced and Obsoleted Commands

Table 2-2 lists the commands that have been replaced by new commands. These replaced commands continue to perform their normal function in the current release but are no longer documented. Support for these commands will cease in a future release.

abort

Use the abort VLAN database command to abandon the proposed new VLAN database, exit VLAN database mode, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.

abort

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

If you have added, deleted, or modified VLAN parameters in the VLAN database mode but you do not want to keep the changes, the abort command causes all the changes to be abandoned. The VLAN configuration that was running before you entered VLAN database mode continues to be used.

Example

The following example shows how to abandon the proposed new VLAN database and exit to the privileged EXEC mode:

Switch(vlan)# abort
Switch#

You can verify that no VLAN database changes occurred by entering the show vlan brief command in privileged EXEC mode.

Related Commands

apply
exit
reset
show vlan
shutdown vlan
vlan database

apply

Use the apply VLAN database command to implement the proposed new VLAN database, increment the database configuration revision number, propagate it throughout the administrative domain, and remain in VLAN database mode. This command is available only in the Enterprise Edition Software.

apply

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

The apply command implements the configuration changes you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.

You cannot use this command when the switch is in the VLAN Trunk Protocol (VTP) client mode.

Example

The following example shows how to implement the proposed new VLAN database and recognize it as the current database:

Switch(vlan)# apply

You can verify that VLAN database changes occurred by entering the show vlan command in privileged EXEC mode.

Related Commands

abort
exit
reset
show vlan
shutdown vlan
vlan database

cgmp

Use the cgmp global configuration command to enable Cisco Group Management Protocol (CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging time. Use the no form of this command to disable CGMP.

cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime]

Syntax Description

Defaults

CGMP is enabled.

Fast Leave is disabled.

The hold time is 300 seconds.

Command Mode

Global configuration

Usage Guideline

CGMP must be enabled before the Fast Leave option can be enabled.

Examples

The following example shows how to disable CGMP:

Switch(config)# no cgmp
 

The following example shows how to disable the Fast Leave option:

Switch(config)# no cgmp leave-processing
 

The following example shows how to set the amount of time the switch waits before ceasing to exchange messages with a router:

Switch(config)# cgmp holdtime 400
 

The following example shows how to remove the amount of time the switch waits before ceasing to exchange messages with a router:

Switch(config)# no cgmp holdtime
 

You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.

Related Commands

clear cgmp
show cgmp

clear cgmp

Use the clear cgmp privileged EXEC command to delete information that was learned by the switch using the Cisco Group Management Protocol (CGMP).

clear cgmp [vlan vlan-id] | [group [address] | router [address]]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

Using clear cgmp with no arguments deletes all groups and routers in all VLANs.

Examples

The following example shows how to delete all groups and routers on VLAN 2:

Switch# clear cgmp vlan 2
 

The following example shows how to delete all groups on all VLANs:

Switch# clear cgmp group
 

The following example shows how to delete a router address on VLAN 2:

Switch# clear cgmp vlan 2 router 0012.1234.1234
 

You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.

Related Commands

cgmp
show cgmp

clear mac-address-table

Use the clear mac-address-table privileged EXEC command to delete entries from the MAC address table.

clear mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface] [vlan vlan-id]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.

Examples

The following example shows how to delete static addresses with the in-port value equal to fa0/7:

Switch# clear mac-address-table static interface fa0/7
 

The following example shows how to delete all secure addresses in VLAN 3:

Switch# clear mac-address-table secure vlan 3
 

The following example shows how to delete a specific address from all ports in all VLANs. If the address exists in multiple VLANs or multiple ports, all the instances are deleted.

Switch# clear mac-address-table address 0099.7766.5544
 

The following example shows how to delete a specific address only in VLAN 2:

Switch# clear mac-address-table address 0099.7766.5544 vlan 2
 

You can verify the previous commands by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

show mac-address-table

clear vmps statistics

Use the clear vmps statistics privileged EXEC command to clear the statistics maintained by the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.

clear vmps statistics

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to clear VLAN Membership Policy Server (VMPS) statistics:

Switch# clear vmps statistics

You can verify the previous command by entering the show vmps statistics command in privileged EXEC mode.

Related Commands

show vmps statistics

clear vtp counters

Use the clear vtp counters privileged EXEC command to clear the VLAN Trunk Protocol (VTP) and pruning counters. This command is available only in the Enterprise Edition Software.

clear vtp counters

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to clear the VTP counters:

Switch# clear vtp counters

You can verify the previous command by entering the show vtp counters command in privileged EXEC mode.

Related Commands

show vtp counters

duplex

Use the duplex interface configuration command to specify the duplex mode of operation for a Fast Ethernet port. Use the no form of this command to return the port to its default value.

duplex {full | half | auto}
no duplex

Syntax Description

Default

The default is auto.

Command Mode

Interface configuration

Usage Guidelines

Certain ports can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All ports can be configured for either full or half duplex.

For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.

For Gigabit Ethernet ports, setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter.

Examples

The following example shows how to set port 1 on a Fast Ethernet module installed in slot 2 to full duplex:

Switch(config)# interface fastethernet2/1
Switch(config-if)# duplex full
 

The following example shows how to set port 1 on a Gigabit Ethernet module installed in slot 2 to full duplex:

Switch(config)# interface gigabitethernet2/1
Switch(config-if)# duplex full

You can verify the previous commands by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config
speed

exit

Use the exit VLAN database command to implement the proposed new VLAN database, increment the database configuration number, propagate it throughout the administrative domain, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.

exit

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

The exit command implements all the configuration changes you made since you entered VLAN database mode and uses them for the running configuration. This command returns you to privileged EXEC mode.

Example

The following example shows how to implement the proposed new VLAN database and exit to privileged EXEC mode:

Switch(vlan)# exit
Switch#

You can verify the previous command by entering the show vlan brief command in privileged EXEC mode.

Related Commands

abort
apply
reset
show vlan
shutdown vlan
vlan database

ip address

Use the ip address interface configuration command to set an IP address for a port. Use the no form of this command to remove an IP address or disable IP processing.

ip address ip-address mask
no ip address ip-address mask

Syntax Description

Default

No IP address is defined for the port.

Command Mode

Interface configuration

Usage Guidelines

A port can have one IP address.

The IP address of the switch can only be accessed by nodes connected to ports that belong to VLAN  1.

Example

The following example shows how to configure the IP address for the switch on a subnetted network:

Switch(config)# interface vlan 1
Switch(config-if)# ip address 172.20.128.2 255.255.255.0

You can verify the previous commands by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config

mac-address-table aging-time

Use the mac-address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. Use the no form of this command to use the default aging-time interval. The aging time applies to all VLANs.

mac-address-table aging-time age
no mac-address-table aging-time

Syntax Description

Default

The default is 300 seconds.

Command Mode

Global configuration

Usage Guidelines

If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time. This can reduce the possibility of flooding when the hosts transmit again.

Example

The following example shows how to set the aging time to 200 seconds:

Switch(config)# mac-address-table aging-time 200
 

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table dynamic
mac-address-table secure
port block
show cgmp
show mac-address-table

mac-address-table dynamic

Use the mac-address-table dynamic global configuration command to add dynamic addresses to the MAC address table. Dynamic addresses are automatically added to the address table and dropped from it when they are not in use. Use the no form of this command to remove dynamic entries from the MAC address table.

mac-address-table dynamic hw-addr interface [vlan vlan-id]
no mac-address-table dynamic hw-addr [vlan vlan-id]

Syntax Description

Command Mode

Global configuration

Usage Guidelines

If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.

Example

The following example shows how to add a MAC address on port fa1/1 to VLAN 4:

Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa1/1 vlan 4
 

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table static
show mac-address-table

mac-address-table secure

Use the mac-address-table secure global configuration command to add secure addresses to the MAC address table. Use the no form of this command to remove secure entries from the MAC address table.

mac-address-table secure hw-addr interface [vlan vlan-id]
no mac-address-table secure hw-addr [vlan vlan-id]

Syntax Description

Command Mode

Global configuration

Usage Guidelines

Secure addresses can be assigned only to one port at a time. Therefore, if a secure address table entry for the specified MAC address and VLAN already exists on another port, it is removed from that port and assigned to the specified one.

In Enterprise Edition Software, dynamic-access ports do not support secure addresses.

Example

The following example shows how to add a secure MAC address to VLAN 6 of port fa1/1:

Switch(config)# mac-address-table secure 00c0.00a0.03fa fa1/1 vlan 6
 

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table static
show mac-address-table

mac-address-table static

Use the mac-address-table static global configuration command to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.

mac-address-table static hw-addr in-port out-port-list [vlan vlan-id]
no mac-address-table static hw-addr [in-port in-port] [out-port-list out-port-list] [vlan vlan-id]

Syntax Description

Command Mode

Global configuration

Usage Guidelines

When a packet is received on the input port, it is forwarded to the VLAN of each port you specify for the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address already defined as one modifies the port map (vlan and out-port-list) for the input port specified.

If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.

Traffic from a static address is only accepted from a port defined in the in-port variable.

In Enterprise Edition Software, dynamic-access ports cannot be configured as the source or destination port in a static address entry.

Example

The following example adds a static address with port 1 as an input port and ports 2 and 8 of VLAN 4 as output ports:

Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8 vlan 4
 

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table secure
show mac-address-table

port block

Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.

port block {unicast | multicast}
no port block {unicast | multicast}

Syntax Description

Default

Flood unknown unicast and multicast packets to all ports.

Command Mode

Interface configuration

Usage Guidelines

The port block command cannot be entered for a network port.

In Enterprise Edition Software, if a trunk port is not a network port, the unicast keyword applies. The multicast keyword is supported on trunk ports. Both port block features affect all the VLANs associated with the trunk port.

Example

The following example shows how to block the forwarding of multicast and unicast packets to a port:

Switch(config-if)# port block unicast
Switch(config-if)# port block multicast
 

You can verify the previous commands by entering the show port block command in privileged EXEC mode.

Related Commands

show port block

port group

Use the port group interface configuration command to assign a port to a Fast EtherChannel or Gigabit EtherChannel port group. Up to 12 port groups can be created on a switch. Any number of ports can belong to a destination-based port group. Up to eight ports can belong to a source-based port group. Use the no form of this command to remove a port from a port group.

port group group-number [distribution {source | destination}]
no port group

Syntax Description

Defaults

Port does not belong to a port group.

The default forwarding method is source.

Command Mode

Interface configuration

Usage Guidelines

Any port can belong to a port group, but the following restrictions apply:

• No port group member can be configured for Switched Port Analyzer (SPAN) port monitoring.
  
  
• No port group member can be enabled for port security.
  
  
• You can create up to 12 port groups of all source-based, all destination-based, or a combination of source-based and destination-based port groups. A source-based port group can have up to eight ports in its group. A destination-based port group can contain an unlimited number of ports in its group. You cannot mix source-based and destination-based ports in the same group.
  
  
• Port group members must belong to the same set of VLANs and must be all static-access, all multi-VLAN, or all trunk ports (Enterprise Edition Software only).
  
  
• In Enterprise Edition Software, dynamic-access ports cannot be grouped with any other port, not even with other dynamic-access ports.
  
  

When a group is first formed, the switch automatically sets the following parameters to be the same on all ports:

• VLAN membership of ports in the group
  
  
• VLAN mode (static, multi, trunk) of ports in the group
  
  
• Encapsulation method of the trunk
  
  
• Native VLAN configuration if the trunk uses IEEE 802.1Q
  
  
• Allowed VLAN list configuration of the trunk port (Enterprise Edition Software only)
  
  
• Spanning-Tree Protocol (STP) Port Fast
  
  
• STP port priority
  
  
• STP path cost
  
  
• Network port configuration for source-based port group
  
  

Configuration of the first port added to the group is used when setting the above parameters for other ports in the group. After a group is formed, changing any parameter in the above list changes the parameter on all other ports.

Use the distribution parameter to customize the port group to your particular environment. The forwarding method you choose depends on how your network is configured. However, source-based forwarding works best for most network configurations. See the "Setting Port Features" section for more information.

Examples

The following example shows how to add a port to a port group using the default source-based forwarding:

Switch(config-if)# port group 1
 

The following example shows how to add a port to a group using destination-based forwarding:

Switch(config-if)# port group 2 distribution destination
 

You can verify the previous commands by entering the show port group command in privileged EXEC mode.

Related Commands

show port group

port monitor

Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the port to its default value.

port monitor [interface]
no port monitor [interface]

Syntax Description

Default

Port does not monitor any other ports.

Command Mode

Interface configuration

Usage Guidelines

Enabling port monitoring without specifying a port causes all other ports in the same VLAN to be monitored.

All ports can be monitor ports, but the following restrictions apply:

• A monitor port cannot be in a Fast EtherChannel or Gigabit EtherChannel port group.
  
  
• A monitor port cannot be enabled for port security.
  
  
• A monitor port cannot be a multi-VLAN port.
  
  
• A monitor port must be a member of the same VLAN as the port monitored. VLAN membership changes are disallowed on monitor ports and ports being monitored.
  
  
• In Enterprise Edition Software, a monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk port, a multi-VLAN port, or a dynamic-access port. The VLAN monitored is the one associated with the static-access port.
  
  

Example

The following example shows how to enable port monitoring on port fa0/2:

Switch(config-if)# port monitor fa0/2
 

You can verify the previous command by entering the show port monitor command in privileged EXEC mode.

Related Commands

show port monitor

port network

Use the port network interface configuration command to define a port as the switch network port. All traffic with unknown unicast addresses is forwarded to the network port on the same VLAN. Use the no form of this command to return the port to the default value.

port network
no port network

Syntax Description

This command has no arguments or keywords.

Default

No network port is defined.

Command Mode

Interface configuration

Usage Guidelines

The following restrictions apply to network ports:

• A network port can be a static-access port, a multi-VLAN port, a port group, and/or a trunk port (Enterprise Edition Software only). Both the multi-VLAN port and the trunk port become the network port for all the VLANs associated with that port.
  
  
• A network port cannot be a secure port, a monitor port, or a dynamic-access port (Enterprise Edition Software only). You can assign a dynamic-access port to a VLAN in which another port is the network port.
  
  
• Each VLAN can have one network port.
  
  
• A network port cannot be in a destination-based port group.
  
  

Example

The following example shows how to set a port as a network port.

Switch(config-if)# port network
 

You can verify the previous command by entering the show port network command in privileged EXEC mode.

Related Commands

show port network

port security

Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the port to its default value.

port security [action {shutdown | trap}]
port security [max-mac-count addresses]
no port security

Syntax Description

Defaults

Port security is disabled.

When enabled, the default action is to generate an SNMP trap.

Command Mode

Interface configuration

Usage Guidelines

If you specify trap, use the snmp-server host command to configure the SNMP trap host to receive traps.

The following restrictions apply to secure ports:

• A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
  
  
• A secure port cannot have Switched Port Analyzer (SPAN) port monitoring enabled on it.
  
  
• A secure port cannot be a multi-VLAN port.
  
  
• A secure port cannot be a network port.
  
  
• In Enterprise Edition Software, a secure port cannot be a dynamic-access port or a trunk port.
  
  

Examples

The following example shows how to enable port security and what action the port takes in case of an address violation (shutdown).

Switch(config-if)# port security action shutdown
 

The following example shows how to set the maximum number of addresses that the port can learn to 8.

Switch(config-if)# port security max-mac-count 8
 

You can verify the previous commands by entering the show port security command in privileged EXEC mode.

Related Commands

show port security

port storm-control

Use the port storm-control interface configuration command to enable broadcast-storm control on a port. Use the no form of this command to disable storm control or one of the storm-control parameters on the port.

port storm-control {filter | trap | threshold {rising rising-number falling falling-number}}
no port storm-control {filter | trap | threshold}

Syntax Description

Default

Broadcast storm control is not enabled.

Command Mode

Interface configuration

Example

The following example shows how to enable broadcast storm control on a port. In this example, flooding is inhibited when the number of broadcast packets arriving on the port reaches 1000 and is restarted when the number returns to 200.

Switch(config-if)# port storm-control threshold rising 1000 falling 200
 

You can verify the previous command by entering the show port storm-control command in privileged EXEC mode.

Related Commands

show port storm-control

reset

Use the reset VLAN database command to abandon the proposed VLAN database and remain in VLAN database mode. This command resets the proposed database to the currently implemented VLAN database on the switch. This command is available only in the Enterprise Edition Software.

reset

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Example

The following example shows how to abandon the proposed VLAN database and reset to the current VLAN database:

Switch(vlan)# reset
Switch(vlan)#

You can verify the previous command by entering the show changes and show proposed commands in VLAN database mode.

Related Commands

abort
apply
exit
show changes
show proposed
shutdown vlan
vlan database

show cgmp

Use the show cgmp privileged EXEC command to display the current state of the CGMP-learned multicast groups and routers.

show cgmp [state | holdtime | [vlan vlan-id] | [group [address] | router [address]]]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

This command displays CGMP information about known routers and groups, as well as whether CGMP is enabled, whether Fast Leave is enabled, and the current value of the router timeout. If show cgmp is entered with no arguments, all information is displayed.

Sample Display

The following is sample output from the show cgmp command.

Switch# show cgmp
 
CGMP is running.
CGMP Fast Leave is not running.
Default router timeout is 300 sec.
 
 
vLAN     IGMP MAC Address   Interfaces
------  -----------------   -----------
    1    0100.5e01.0203      Fa0/8
    1    0100.5e00.0128      Fa0/8
 
 
vLAN     IGMP Router        Expire   Interface
------  -----------------  --------  ----------
    1    0060.5cf3.d1b3     197 sec   Fa0/8 

Related Commands

cgmp
clear cgmp

show changes

Use the show changes VLAN database command to display the differences between the VLAN database currently on the switch and the proposed VLAN database. You can also display the differences between the two for a selected VLAN. This command is available only in the Enterprise Edition Software.

show changes [vlan-id]

Syntax Description

Command Mode

VLAN database

Sample Displays

The following is sample output from the show changes command. It displays the differences between the current and proposed databases.

Switch(vlan)# show changes
 
DELETED:
  VLAN ISL Id: 4
    Name: VLAN0004
    Media Type: Ethernet
    VLAN 802.10 Id: 100004
    State: Operational
    MTU: 1500
 
DELETED:
  VLAN ISL Id: 6
    Name: VLAN0006
    Media Type: Ethernet
    VLAN 802.10 Id: 100006
    State: Operational
    MTU: 1500
 
MODIFIED:
  VLAN ISL Id: 7
    Current State: Operational
    Modified State: Suspended 
 

The following is sample output from the show changes 7 command. It displays the differences between VLAN 7 in the current database and the proposed database.

Switch(vlan)# show changes 7
 
MODIFIED:
  VLAN ISL Id: 7
    Current State: Operational
    Modified State: Suspended 
 

Related Commands

show current
show proposed

show current

Use the show current VLAN database command to display the current VLAN database on the switch or a selected VLAN from it. This command is available only in the Enterprise Edition Software.

show current [vlan-id]

Syntax Description

Command Mode

VLAN database

Sample Displays

The following is sample output from the show current command. It displays the current VLAN database.

Switch(vlan)# show current
 
VLAN ISL Id: 1
    Name: default
    Media Type: Ethernet
    VLAN 802.10 Id: 100001
    State: Operational
    MTU: 1500
    Translational Bridged VLAN: 1002
    Translational Bridged VLAN: 1003
 
  VLAN ISL Id: 2
    Name: VLAN0002
    Media Type: Ethernet
    VLAN 802.10 Id: 100002
    State: Operational
    MTU: 1500
 
  VLAN ISL Id: 3
    Name: VLAN0003
    Media Type: Ethernet
    VLAN 802.10 Id: 100003
    State: Operational
    MTU: 4000 
 
VLAN ISL Id: 4
    Name: VLAN0004
    Media Type: Ethernet
    VLAN 802.10 Id: 100004
    State: Operational
    MTU: 1500
 
  VLAN ISL Id: 5
    Name: VLAN0005
    Media Type: Ethernet
    VLAN 802.10 Id: 100005
    State: Operational
    MTU: 1500
 
  VLAN ISL Id: 6
    Name: VLAN0006
    Media Type: Ethernet
    VLAN 802.10 Id: 100006
    State: Operational
    MTU: 1500 
 

The following is sample output from the show current 2 command. It displays only VLAN 2 of the current database.

Switch(vlan)# show current 2
 
VLAN ISL Id: 2
    Name: VLAN0002
    Media Type: Ethernet
    VLAN 802.10 Id: 100002
    State: Operational
    MTU: 1500
 

Related Commands

show changes
show proposed

show interface

Use the show interface privileged EXEC mode command to display the administrative and operational status of a switching (nonrouting) port.

show interface interface-id [switchport [allowed-vlan | prune-elig]]

Syntax Description

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show interface fa0/2 switchport command. Table 2-3 describes each field in the display.

Switch# show interface fa0/2 switchport
Name: fa0/2
Switchport: Enabled
Administrative Mode: Static Access
Operational Mode: Static Access
Administrative Trunking Encapsulation: ISL
Operational Trunking Encapsulation: ISL
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-30, 50, 100-1005
Pruning VLANs Enabled: NONE

Related Commands

switchport access
switchport mode
switchport multi
switchport trunk

show mac-address-table

Use the show mac-address-table privileged EXEC command to display the MAC address table.

show mac-address-table [static | dynamic | secure | self | aging-time | count]
[address hw-addr] [interface interface] [vlan vlan-id]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.

Sample Display

The following is sample output from the show mac-address-table command:

Switch# show mac-address-table
 
Dynamic Addresses Count:               9
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count:           41
Total MAC addresses:                   50
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
0010.0de0.e289       Dynamic          1  FastEthernet0/1
0010.7b00.1540       Dynamic          2  FastEthernet0/5
0010.7b00.1545       Dynamic          2  FastEthernet0/5
0060.5cf4.0076       Dynamic          1  FastEthernet0/1
0060.5cf4.0077       Dynamic          1  FastEthernet0/1
0060.5cf4.1315       Dynamic          1  FastEthernet0/1
0060.70cb.f301       Dynamic          1  FastEthernet0/1
00e0.1e42.9978       Dynamic          1  FastEthernet0/1
00e0.1e9f.3900       Dynamic          1  FastEthernet0/1 

Related Commands

clear mac-address-table

show port block

Use the show port block privileged EXEC command to display the blocking of unicast or multicast flooding to a port.

show port block {unicast | multicast} [interface]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port block unicast and show port block multicast commands display packet blocking information on all ports.

Sample Display

The following is sample output from the show port block command:

Switch# show port block unicast fa0/8
 
FastEthernet0/8 is blocked from unknown unicast addresses

Related Commands

port block

show port group

Use the show port group privileged EXEC command to list the ports that belong to a port group.

show port group [group-number]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable group-number is omitted, the show port group command displays all port groups on the switch.

Sample Display

The following is sample output from the show port group command:

Switch# show port group 1
 
Group  Interface
-----  ---------------
    1  FastEthernet0/1
    1  FastEthernet0/4

Related Commands

port group

show port monitor

Use the show port monitor privileged EXEC command to display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled.

show port monitor [interface]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port monitor command displays all monitor ports on the switch.

Sample Display

The following is sample output from the show port monitor command:

Switch# show port monitor fa0/8
 
Monitor Port        Port Being Monitored
------------------  --------------------
FastEthernet0/8     FastEthernet0/1
FastEthernet0/8     FastEthernet0/2
FastEthernet0/8     FastEthernet0/3
FastEthernet0/8     FastEthernet0/4 

Related Commands

port monitor

show port network

Use the show port network privileged EXEC command to display the network port defined for the switch or VLAN.

show port network [interface]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port network command displays all network ports on the switch.

Sample Display

The following is sample output from the show port network command:

Switch# show port network

Network Port      VLAN ID
------------      -------
FastEthernet0/11  1 

Related Commands

port network

show port security

Use the show port security privileged EXEC command to show the port security parameters defined for the port.

show port security [interface]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port security command displays all secure ports on the switch.

Sample Display

The following is sample output from the show port security command for fixed port 07:

Related Commands

port security

show port storm-control

Use the show port storm-control privileged EXEC command to display the rising and falling thresholds for broadcast storm control. This command also displays the action that the switch takes when the thresholds are reached.

show port storm-control [interface]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port storm-control command displays broadcast storm control settings on all ports on the switch.

Sample Display

The following is sample output from the show port storm-control command:

Related Commands

port storm-control

show proposed

Use the show proposed VLAN database command to display the proposed VLAN database or a selected VLAN from it. This command is available only in the Enterprise Edition Software.

show proposed [vlan-id]

Syntax Description

Command Mode

VLAN database

Usage Guidelines

If the variable vlan-id is omitted, the show proposed command displays the entire proposed VLAN database.

The proposed VLAN database is not the running configuration until you use the exit or apply command.

Sample Display

The following is sample output from the show proposed command:

Switch(vlan)# show proposed
 
VLAN ISL Id: 1
    Name: default
    Media Type: Ethernet
    VLAN 802.10 Id: 100001
    State: Operational
    MTU: 1500
    Translational Bridged VLAN: 1002
    Translational Bridged VLAN: 1003
 
  VLAN ISL Id: 2
    Name: VLAN0002
    Media Type: FDDI Net
    VLAN 802.10 Id: 100002
    State: Operational
    MTU: 1500
    STP Type: IBM
 
VLAN ISL Id: 1002
    Name: fddi-default
    Media Type: FDDI
    VLAN 802.10 Id: 101002
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Translational Bridged VLAN: 1
    Translational Bridged VLAN: 1003
 
VLAN ISL Id: 1003
    Name: trcrf-default
    Media Type: TRCRF
    VLAN 802.10 Id: 101003
    State: Operational
    MTU: 4472
    Bridge Type: SRB
    Ring Number: 3276
    Bridge Number: 1
    Parent VLAN: 1005
    Maximum ARE Hop Count: 7
    Maximum STE Hop Count: 7
    Backup CRF Mode: Disabled
    Translational Bridged VLAN: 1
    Translational Bridged VLAN: 1002
 
  VLAN ISL Id: 1004
    Name: fddinet-default
    Media Type: FDDI Net
    VLAN 802.10 Id: 101004
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Bridge Number: 1
    STP Type: IBM
 
VLAN ISL Id: 1005
    Name: trbrf-default
    Media Type: TRBRF
    VLAN 802.10 Id: 101005
    State: Operational
    MTU: 4472
    Bridge Type: SRB
    Bridge Number: 15
    STP Type: IBM 

Related Commands

show changes
show proposed

show spanning-tree

Use the show spanning-tree privileged EXEC command to show spanning-tree information for the specified spanning-tree instances.

show spanning-tree [vlan stp-list] [interface interface-list]

Syntax Description

Command Mode

Privileged EXEC

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

Sample Display

The following is sample output from the show spanning-tree command for VLAN 1:

Switch# show spanning-tree vlan 1
 
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 32768, address 0010.0b3f.ac80
  Root port is 5, cost of root path is 10
  Topology change flag not set, detected flag not set, changes 1
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
 
Interface Fa0/1  in Spanning tree 1 is down
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 0010.0b3f.ac80
   Designated bridge has priority 32768, address 00e0.1eb2.ddc0
   Designated port is 1, path cost 10
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0 
...

The following is sample output from the show spanning-tree interface command for port 3:

Switch# show spanning-tree interface fa0/3
 
Interface Fa0/3 (port 3) in Spanning tree 1 is down
   Port path cost 100, Port priority 128
   Designated root has priority 6000, address 0090.2bba.7a40
   Designated bridge has priority 32768, address 00e0.1e9f.4abf
   Designated port is 3, path cost 410
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0 

Related Commands

spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

show vlan

Use the show vlan privileged EXEC command to display the parameters for all configured VLANs or one VLAN (if the VLAN ID or name is specified) in the administrative domain.

Standard Edition Software:

show vlan {brief | id vlan-id}

Enterprise Edition Software:

show vlan [brief | id vlan-id | name vlan-name]

Syntax Description

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show vlan command (Enterprise Edition Software only):

Switch# show vlan

The following is sample output from the show vlan brief command (Enterprise Edition Software only):

Switch# show vlan brief
 

The following is sample output from the show vlan id 6or show vlan name VLAN006 command (Enterprise Edition Software only):

Related Commands

switchport
vlan

show vmps

Use the show vmps privileged EXEC command to display the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN Membership Policy Server (VMPS) IP addresses, and the current and primary servers. This command is available only in the Enterprise Edition Software.

show vmps

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show vmps command:

Switch# show vmps
 
VQP Client Status:
--------------------
VMPS VQP Version:   1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server: 172.20.128.86 (primary, current)
                    172.20.128.87 
 
Reconfirmation status
---------------------
VMPS Action:         No Dynamic Port
 

Related Commands

vmps reconfirm
vmps retry
vmps server

show vmps statistics

Use the show vmps statistics privileged EXEC command to display the VLAN Query Protocol (VQP) client-side statistics and counters. This command is available only in the Enterprise Edition Software.

show vmps statistics

Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

This following is sample output from the show vmps statistics command. Table 2-4 describes each field in the display.

Switch# show vmps statistics
 
VMPS Client Statistics
----------------------
VQP  Queries:               0
VQP  Responses:             0
VMPS Changes:               0
VQP  Shutdowns:             0
VQP  Denied:                0
VQP  Wrong Domain:          0
VQP  Wrong Version:         0
VQP  Insufficient Resource: 0

Related Commands

clear vmps statistics

show vtp

Use the show vtp privileged EXEC mode command to display general information about the VLAN Trunk Protocol (VTP) management domain, status, and counters. This command is available only in the Enterprise Edition Software.

show vtp {counters | status}

Syntax Description

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show vtp counters command. Table 2-5 describes each field in the display.

Switch# show vtp counters
 
VTP statistics:
summary advts received        : 0
subset advts received         : 0
request advts received        : 0
summary advts transmitted     : 0
subset advts transmitted      : 0
request advts transmitted     : 0
No. of config revision errors : 0
No. of config digest errors   : 0
No. of V1 summary errors      : 0
 

The following is sample output from the show vtp status command. Table 2-6 describes each field in the display.

Switch# show vtp status
 
VTP Version                     : 2
Configuration Revision          : 1
Maximum VLANs supported locally : 68
Number of existing VLANs        : 7
VTP Operating Mode              : Server
VTP Domain Name                 : test1
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x3D 0x02 0xD4 0x3A 0xC4 0x46 0xA1 0x03
Configuration last modified by 172.20.130.52 at 3-4-93 22:25:

Related Commands

clear vtp counters
vtp

shutdown

Use the shutdown interface configuration command to disable a port. Use the no form of this command to restart a disabled port.

shutdown
no shutdown

Syntax Description

This command has no arguments or keywords.

Command Mode

Interface configuration

Usage Guidelines

The shutdown command for a port causes it to stop forwarding. You can enable the port with the no shutdown command.

In the Enterprise Edition Software, the no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shutdown. The port must first be a member of an active VLAN before it can be reenabled.

Examples

The following examples show how to disable fixed port fa0/8 and how to reenable it:

Switch(config)# interface fa0/8
Switch(config-if)# shutdown
 
Switch(config-if)# no shutdown
 

You can verify the previous commands by entering the show interface command in privileged EXEC mode.

shutdown vlan

Use the shutdown vlan global configuration command to shutdown (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN. This command is available only in the Enterprise Edition Software.

shutdown vlan vlan-id
no shutdown vlan vlan-id

Syntax Description

Default

No default is defined.

Command Mode

Global configuration

Usage Guidelines

The shutdown vlan command does not change the VLAN information in VTP database. It shuts down traffic locally, but the switch still advertises VTP information.

Example

The following example shows how to shutdown traffic on VLAN 2:

Switch(config)# shutdown vlan 2
 

You can verify the previous command by entering the show vlan command in privileged EXEC mode.

Related Commands

abort
apply
exit
reset
vlan database

snmp-server enable traps vlan-membership

Use the snmp-server enable traps vlan-membership global configuration command to enable SNMP notification for VLAN Membership Policy Server (VMPS) changes. Use the no form of this command to disable the VMPS trap notification. This command is available only in the Enterprise Edition Software.

snmp-server enable traps vlan-membership
no snmp-server enable traps vlan-membership

Syntax Description

This command has no arguments or keywords.

Default

SNMP traps for VMPS are disabled.

Command Mode

Global configuration

Usage Guidelines

Specify the host that receives the traps by using the snmp-server host command.

Example

The following example shows how to enable VMPS to send trap notifications:

Switch(config)# snmp-server enable trap vlan-membership

You can verify the previous command by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config
snmp-server host

snmp-server enable traps vtp

Use the snmp-server enable traps vtp global configuration command to enable SNMP notification for VLAN Trunk Protocol (VTP) changes. Use the no form of this command to disable VTP trap notification. This command is available only in the Enterprise Edition Software.

snmp-server enable traps vtp
no snmp-server enable traps vtp

Syntax Description

This command has no arguments or keywords.

Default

SNMP traps for VTP are disabled.

Command Mode

Global configuration

Usage Guidelines

Specify the host that receives the traps by using the snmp-server host command.

Example

The following example shows how to enable VTP to send trap notifications:

Switch(config)# snmp-server enable trap vtp

You can verify the previous command by entering the show vtp status or show running-config command in privileged EXEC mode.

Related Commands

show running-config
show vtp status
snmp-server host

snmp-server host

Use the snmp-server host global configuration command to specify the host that receives SNMP traps. Use the no form of this command to remove the specified host.

snmp-server host host-address community-string [c2900 | config | snmp | tty | udp-port port-number | vlan-membership | vtp]
no snmp-server host host-address

Syntax Description

Command Mode

Global configuration

Defaults

The SNMP trap host address and community string are not defined.

Traps are disabled.

Example

The following example shows how to configure an SNMP host to receive VTP traps:

Switch(config)# snmp-server host 172.20.128.178 traps vtp

Related Commands

snmp-server enable traps vlan-membership
snmp-server enable traps vtp

spanning-tree

Use the spanning-tree global configuration command to enable Spanning-Tree Protocol (STP) on a VLAN. Use the no form of the command to disable STP on a VLAN.

spanning-tree [vlan stp-list]
no spanning-tree [vlan stp-list]

Syntax Description

Default

STP is enabled.

Command Mode

Global configuration

Usage Guidelines

Disabling STP causes the VLAN or list of VLANs to stop participating in STP. Ports that are administratively down remain down. Received Bridge Protocol Data Units (BPDUs) are forwarded like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.

STP can be disabled on a VLAN that is not currently active. The setting takes effect when the VLAN is activated.

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can enable STP on a VLAN that has no ports assigned to it.

Example

The following example shows how to disable STP on VLAN 5:

Switch(config)# no spanning-tree vlan 5
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode. In this instance, VLAN 5 does not appear in the list.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

spanning-tree cost

Use the spanning-tree cost interface configuration command to set the path cost for Spanning-Tree Protocol (STP) calculations. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] cost cost
no spanning-tree [vlan stp-list] cost

Syntax Description

Defaults

The default path cost is computed from the interface bandwidth setting. The following are IEEE default path cost values:

• 10 Mbps - 100
  
  
• 100 Mbps - 19
  
  
• 1 Gbps - 4
  
  
• 10 Gbps - 2
  
  
• Speeds greater than 10 Gbps - 1
  
  

Command Mode

Interface configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set a cost for a port or on a VLAN that does not exist. The setting takes effect when the VLAN exists.

Example

The following example shows how to set a path cost value of 250 for VLAN 1:

Switch(config-if)# spanning-tree vlan 1 cost 250
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree portfast
spanning-tree priority

spanning-tree forward-time

Use the spanning-tree forward-time global configuration command to set the forwarding-time for the specified spanning-tree instances. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] forward-time seconds
no spanning-tree [vlan stp-list] forward-time

Syntax Description

Defaults

The default configuration IEEE Spanning-Tree Protocol (STP) is 15 seconds. The default for IBM STP is 4 seconds, and the default for DEC STP is 30 seconds.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the forwarding-time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree forwarding time to 18 seconds for VLAN 20:

Switch(config)# spanning-tree vlan 20 forward-time 18
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

spanning-tree hello-time

Use the spanning-tree hello-time global configuration command to specify the interval between hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the default interval.

spanning-tree [vlan stp-list] hello-time seconds
no spanning-tree [vlan stp-list] hello-time

Syntax Description

Defaults

The default configuration IEEE Spanning-Tree Protocol (STP) is 2 seconds. The default for IBM STP is 2 seconds, and the default for DEC STP is 1 second.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the hello time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree hello-delay time to 3 seconds for VLAN 20:

Switch (config) # spanning-tree vlan 20 hello-time 3
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree
spanning-tree port-priority
spanning-tree protocol

spanning-tree max-age

Use the spanning-tree max-age global configuration command to change the interval between messages the spanning tree receives from the root switch. If a switch does not receive a Bridge Protocol Data Unit (BPDU) message from the root switch within this interval, it recomputes the STP topology. Use the no form of this command to return to the default interval.

spanning-tree [vlan stp-list] max-age seconds
no spanning-tree [vlan stp-list] max-age

Syntax Description

Defaults

The default configuration (IEEE STP) is 20 seconds. The default for DEC STP is 15 seconds, and the default for IBM STP is 10 seconds.

Command Mode

Global configuration

Usage Guidelines

The max-age setting must be greater than the hello-time setting.

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the max-age on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Examples

The following example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:

Switch (config)# spanning-tree vlan 20 max-age 30
 

The following example shows how to reset the max-age parameter to the default value for spanning-tree instances 100 through 102:

Switch (config)# no spanning-tree vlan 100 101 102 max-age
 

You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree priority
spanning-tree protocol

spanning-tree portfast

Use the spanning-tree portfast interface configuration command to enable the Port Fast feature on a port in all its associated VLANs. When the Port Fast feature is enabled, the port changes directly from a blocking state to a forwarding state without making the intermediate Spanning-Tree Protocol (STP) status changes. Use the no form of this command to return the port to default operation.

spanning-tree portfast interface
no spanning-tree portfast

Syntax

Default

The Port Fast feature is disabled.

Command Mode

Interface configuration

Usage Guidelines

This feature should only be used on ports that connect to end stations.

This feature affects all VLANs on the port.

A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state.

In Enterprise Edition Software, the Port Fast feature is automatically enabled on dynamic-access ports.

Example

The following example shows how to enable the Port Fast feature on fixed port 2.

Switch(config-if)# spanning-tree portfast fa0/2

Related Commands

spanning-tree portfast
spanning-tree port-priority

spanning-tree port-priority

Use the spanning-tree port-priority interface configuration command to set a port priority that is used when two switches tie for position as the root switch. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] port-priority port-priority
no spanning-tree [vlan stp-list] port-priority

Syntax Description

Defaults

The default configuration (IEEE STP) is 128. The default for IBM STP and DEC STP is also 128.

Command Mode

Interface configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the port priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to increase the likelihood that the spanning-tree instance 20 is chosen as the root switch on port fa0/2:

Switch(config)# interface fa0/2
Switch(config-if)# spanning-tree vlan 20 port-priority 0
 

You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree port-priority
spanning-tree protocol

spanning-tree priority

Use the spanning-tree priority global configuration command to configure the switch priority for the specified spanning-tree instance. This will change the likelihood that the switch is selected as the root switch. Use the no form of this command to revert to the default value.

spanning-tree [vlan stp-list] priority bridge-priority
no spanning-tree [vlan stp-list] priority

Syntax Description

Defaults

The default configuration (IEEE STP) is 32768. The default value for IBM STP and DEC STP is also 32768.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can configure the switch priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree priority to 125 for a list of VLANs:

Switch (config)# spanning-tree vlan 20 100 101 102 priority 125
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree max-age
spanning-tree protocol

spanning-tree protocol

Use the spanning-tree protocol global configuration command to specify the Spanning-Tree Protocol (STP) to be used for specified spanning-tree instances. Use the no form to use the default protocol.

spanning-tree [vlan stp-list] protocol {ieee | dec | ibm}
no spanning-tree [vlan stp-list] protocol

Syntax Description

Default

The default protocol is ieee.

Command Mode

Global configuration

Usage Guidelines

Changing the spanning-tree protocol causes STP parameters to change to default values of the new protocol.

If the variable stp-list is omitted, this command applies to the STP instance associated with VLAN 1.

You can change the protocol on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to change the STP protocol for VLAN 20 to the DEC version of STP:

Switch(config)# spanning-tree vlan 20 protocol dec
 

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority

speed

Use the speed interface configuration command to specify the speed of a Fast Ethernet port. Use the no form of this command to return the port to its default value.

speed {10 | 100 | auto}
no speed

Syntax Description

Defaults

The default is auto.

For Gigabit Ethernet ports, the speed is 1000 Mbps and not configurable.

Command Mode

Interface configuration

Usage Guidelines

Certain ports can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent.

Example

The following example shows how to set port 1 on module 2 to 100 Mbps:

Switch(config)# interface fastethernet2/1
Switch(config-if)# speed 100

Related Commands

duplex

switchport access

Use the switchport access interface configuration command to configure a port as a static-access or dynamic-access port. If the mode is set to access, the port operates as a member of the configured VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives. Use the no form of this command to reset the access mode to the default VLAN for the switch.

switchport access vlan {vlan-id | dynamic}
no switchport access vlan {vlan-id | dynamic}

Syntax

Defaults

All ports are in static-access mode in VLAN 1.

A dynamic-access port is initially a member of no VLAN and receives its assignment based on the packets it receives.

Command Mode

Interface configuration

Usage Guidelines

The port must be in access mode before the switchport access vlan vlan-id or switchport access vlan dynamic command can take effect. For more information, see the "switchport mode" section.

An access port can be assigned to only one VLAN.

When the no switchport access vlan form is used, the access mode is reset to static access on VLAN  1.

The following restrictions apply to dynamic-access ports:

• Enterprise Edition Software implements the VLAN Query Protocol (VQP) client, which can query a VMPS such as the Catalyst 5000. Catalyst 2900 series switches are not VMPS servers. The VMPS server must be configured before a port is configured as dynamic.
  
  
• Use dynamic-access ports to connect end stations only. Connecting them to switches or routers (that are bridging protocols) can cause a loss of connectivity.
  
  
• Configure the network so that STP does not put the dynamic-access port into an STP blocking state. The Port Fast feature is automatically enabled on dynamic-access ports.
  
  
• Dynamic-access ports can only be in one VLAN and do not use VLAN tagging.
  
  
• Dynamic-access ports cannot be configured as:
  
  
  • The source or destination port in a static address entry.
    
    
  • A network port (dynamic-access ports can be assigned to a VLAN in which one of the other ports is a network port).
    
    
  • A port group (dynamic-access ports cannot be grouped with any other port including other dynamic ports).
    
    
  • A secure port.
    
    
  • A port with a secure address.
    
    
  • A monitor port.
    
    

Examples

The following example shows how to assign a port already in access mode to VLAN 2 (instead of the default VLAN 1):

Switch(config-if)# switchport access vlan 2

The following example shows how to assign a port already in access mode to dynamic:

Switch(config-if)# switchport access vlan dynamic

The following example shows how to reconfigure a dynamic-access port to a static-access port:

Switch(config-if)# no switchport access vlan dynamic

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport mode
switchport multi
switchport trunk

switchport mode

Use the switchport mode interface configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.

switchport mode {access | multi | trunk}
no switchport mode {access | multi | trunk}

Syntax

Default

All ports are static-access ports in VLAN 1.

Command Mode

Interface configuration

Usage Guidelines

Configuration using the access, multi, or trunk keywords takes effect only when the port is changed to the corresponding mode by using the switchport mode command. The static-access, multi-VLAN, and trunk (Enterprise Edition Software only) configurations are saved, but only one configuration is active at a time.

The no switchport mode form resets the mode to static access.

Only these combinations of port modes can appear on a single switch:

• Multi-VLAN and access ports
  
  
• Trunk and access ports
  
  

Trunk and multi-VLAN ports cannot coexist on the same switch. If you want to change a multi-VLAN or trunk port into another mode, you must first change it to an access port and then reassign it to the new mode.

Examples

The following example shows how to configure a port for access mode:

Switch(config-if)# switchport mode access

The following example shows how to configure a port for multi-VLAN mode:

Switch(config-if)# switchport mode multi

The following example shows how to configure a port for trunk mode:

Switch(config-if)# switchport mode trunk

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport access
switchport multi
switchport trunk

switchport multi

Use the switchport multi interface configuration command to configure a list of VLANs to which the port is associated. If the mode is set to multi, the port operates as a member of all VLANs in the list. Use the no form of this command to reconfigure the port as an access port.

switchport multi vlan {add vlan-list | remove vlan-list}
no switchport multi vlan

Syntax

Default

The default for VLAN membership of a multi-VLAN port is VLAN 1.

Command Mode

Interface configuration

Usage Guidelines

The switchport mode multi command must be entered before the switchport multi vlan vlan-list command can take effect.

In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.

A multi-VLAN port cannot be a secure port or a monitor port.

A multi-VLAN port cannot coexist with a trunk port on the same switch.

Caution To avoid loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers.

Examples

The following example shows how to assign a multi-VLAN port already in multi mode to two VLANs:

Switch(config-if)# switchport multi vlan 2,4

The following example shows how to assign a multi-VLAN port already in multi mode to a range of VLANs:

Switch(config-if)# switchport multi vlan 5-10

The following example shows how to reset the VLAN list of a multi-VLAN port to the default (VLAN 1 only):

Switch(config-if)# no switchport multi vlan

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport access
switchport mode
switchport trunk

switchport trunk allowed vlan

Use the switchport trunk allowed vlan interface configuration command to control which VLANs can receive and transmit traffic on the trunk. Use the no form of this command to reset the allowed list to the default value. This command is available only in the Enterprise Edition Software.

switchport trunk allowed vlan {add vlan-list | all | except vlan-list | remove vlan-list}
no switchport trunk allowed vlan

Syntax

Default

All VLANs are included in the allowed list.

Command Mode

Interface configuration

Usage Guidelines

When the no switchport trunk allowed vlan form is used, the allowed list is reset to the default list, which allows all VLANs.

In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs. You cannot remove VLAN 1 or 1002 to 1005 from the list.

A trunk port cannot be a secure port or a monitor port. However, a static-access port can monitor a VLAN on a trunk port. The VLAN monitored is the one associated with the static-access port.

If a trunk port is identified as a network port, the trunk port becomes the network port for all the VLANs associated with the port.

Example

The following example shows how to add VLANs 1, 2, 5, and 6 to the allowed list:

Switch(config-if)# switchport trunk allowed vlan add 1,2,5,6

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk encapsulation
switchport trunk native

switchport trunk encapsulation

Use the switchport trunk encapsulation interface configuration command to set the encapsulation format on the trunk port. Use the no form of this command to reset the format to the default. This command is available only in the Enterprise Edition Software.

switchport trunk encapsulation {isl | dot1q}
no switchport trunk encapsulation

Syntax

Default

The default encapsulation format is ISL.

Command Mode

Interface configuration

Usage Guidelines

You cannot configure one end of the trunk as an 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and another port on the same switch as a 802.1Q trunk.

This command is only applicable on switch platforms and port hardware that support both formats.

Example

The following example shows how to configure the encapsulation format to 802.1Q:

Switch(config-if)# switchport trunk encapsulation dot1q
 

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk allowed vlan
switchport trunk native

switchport trunk native

Use the switchport trunk native interface configuration command to set the native VLAN for untagged traffic when in 802.1Q trunking mode. Use the no form of this command to reset the native VLAN to the default. This command is available only in the Enterprise Edition Software.

switchport trunk native vlan vlan-id
no switchport trunk native

Syntax

Default

VLAN 1 is the default native VLAN ID on the port.

Command Mode

Interface configuration

Usage Guidelines

All untagged traffic received on the 802.1Q trunk port is forwarded with the native VLAN configured for the port.

If a packet has a VLAN ID equal to the outgoing port's native VLAN ID, the packet is transmitted untagged; otherwise, the switch transmits the packet with a tag.

Example

The following example shows how to configure VLAN 3 as the default port to send all untagged traffic:

Switch(config-if)# switchport trunk native vlan 3

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk allowed vlan
switchport trunk encapsulation

vlan

Use the vlan VLAN database command to configure VLAN characteristics. Use the no form of this command to delete a VLAN and its configured characteristics. This command is available only in the Enterprise Edition Software.

vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

no vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

Table 2-7 lists the valid syntax for each media type.

VLAN Configuration Rules

Table 2-8 describes the rules for configuring VLANs.

Syntax Description

Defaults

The vlan-name variable is VLANxxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.

The media type is ethernet.

The state is active.

The SAID value is 100000 plus the VLAN ID.

The MTU size for Ethernet, FDDI, and FDDI-NET VLANs is 1500 bytes. The MTU size for Token Ring and Token Ring-NET VLANs is 1500 bytes. The MTU size for TRBRF and TRCRF VLANs is 4472 bytes.

The ring number for Token Ring VLANs is zero. For FDDI VLANs, there is no default. For TRCRF VLANs, you must specify a ring number.

The bridge number is zero (no source-routing bridge) for FDDI-NET and Token Ring-NET VLANs. For TRBRF VLANs, you must specify a bridge number.

The parent VLAN ID is zero (no parent VLAN) for FDDI and Token Ring VLANs. For TRCRF VLANs, you must specify a parent VLAN ID. For both Token Ring and TRCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TRBRF VLAN.

The STP type is ieee for FDDI-NET VLANs. For Token Ring-NET and TRBRF VLANs, the default is ibm.

The ARE value is 7.

The STE value is 7.

Backup CRF is disabled.

The tb-vlan1-id and tb-vlan2-id variables are zero (no translational bridging).

Command Mode

VLAN database

Usage Guidelines

When the no vlan vlan-id form is used, the VLAN is deleted. Deleting VLANs automatically resets to zero any other parent VLANs and translational bridging parameters that refer to the deleted VLAN.

When the no vlan vlan-id name vlan-name form is used, the VLAN name returns to the default name (VLANxxxx, where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number).

When the no vlan vlan-id media form is used, the media type returns to the default (ethernet). Changing the VLAN media type (including the no form) resets the VLAN MTU to the default MTU for the type (unless the mtu keyword is also present in the command). It also resets the VLAN parent and translational bridging VLAN to the default (unless the parent, tb-vlan1, and/or tb-vlan2 are also present in the command).

When the no vlan vlan-id state form is used, the VLAN state returns to the default (active).

When the no vlan vlan-id said form is used, the VLAN SAID returns to the default (100,000 plus the VLAN ID).

When the no vlan vlan-id mtu form is used, the VLAN MTU returns to the default for the applicable VLAN media type. You can also modify the MTU using the media keyword.

When the no vlan vlan-id ring form is used, the VLAN logical ring number returns to the default (0).

When the no vlan vlan-id bridge form is used, the VLAN source-routing bridge number returns to the default (0). The vlan vlan-id bridge command is only used for FDDI-NET and Token Ring-NET VLANs and is ignored in other VLAN types.

When the no vlan vlan-id parent form is used, the parent VLAN returns to the default (0). The parent VLAN resets to the default if the parent VLAN is deleted or if the media keyword changes the VLAN type or the VLAN type of the parent VLAN.

When the no vlan vlan-id stp type form is used, the VLAN spanning-tree type returns to the default (ieee).

When the no vlan vlan-id tb-vlan1 or no vlan vlan-id tb-vlan2 form is used, the VLAN translational bridge VLAN (or VLANs, if applicable) returns to the default (0). Translational bridge VLANs must be a different VLAN type than the affected VLAN, and if two are specified, the two must be different VLAN types from each other. A translational bridge VLAN resets to the default if the translational bridge VLAN is deleted, if the media keyword changes the VLAN type, or if the media keyword changes the VLAN type of the corresponding translation bridge VLAN.

Examples

The following example shows how to add an Ethernet VLAN with default media characteristics. The default includes a vlan-name of VLANxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee. The VLAN is added if it did not already exist; otherwise, this command does nothing.

Switch(vlan)# vlan 2

The following example shows how to modify an existing VLAN by changing its name and MTU size:

Switch(vlan)# no vlan name engineering mtu 1200

You can verify the previous commands by entering the show vlan command in privileged EXEC mode.

Related Commands

show vlan

vlan database

The vlan database privileged EXEC command causes the command-line interface (CLI) to enter VLAN database mode so that you can add, delete, and modify VLAN configurations and globally propagate these changes using the VLAN Trunk Protocol (VTP). This command is available only in the Enterprise Edition Software.

vlan database

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Usage Guidelines

To return to the privileged EXEC mode from the VLAN database mode, enter the exit command.

Example

The following example shows how to enter the VLAN database mode from the privileged EXEC mode:

Switch# vlan database
Switch(vlan)#

Related Commands

abort
apply
exit
reset
shutdown vlan

vmps reconfirm (Privileged EXEC)

Use the vmps reconfirm privileged EXEC command to immediately send VLAN Query Protocol (VQP) queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS). This command is available only in the Enterprise Edition Software.

vmps reconfirm

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to immediately send VQP queries to the VMPS:

Switch# vmps reconfirm

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time the assignments were reconfirmed either as a result of reconfirmation timer expiring or because the vmps reconfirm command was issued.

Related Commands

show vmps
vmps reconfirm

vmps reconfirm (Global Configuration)

Use the vmps reconfirm global configuration command to change the reconfirmation interval for the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.

vmps reconfirm interval

Syntax Description

Default

The default reconfirmation interval is 60 minutes.

Command Mode

Global configuration

Example

The following example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:

Switch(config)# vmps reconfirm 20

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Reconfirm Interval row.

Related Commands

show vmps
vmps reconfirm

vmps retry

Use the vmps retry global configuration command to configure the per-server retry count for the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.

vmps retry count

Syntax Description

Default

The default retry count is 3.

Command Mode

Global configuration

Example

The following example shows how to set the retry count to 7:

Switch(config)# vmps retry 7

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Server Retry Count row.

Related Commands

show vmps

vmps server

Use the vmps server global configuration command to configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers. Use the no form of this command to remove a VMPS server. This command is available only in the Enterprise Edition Software.

vmps server ipaddress [primary]
no vmps server [ipaddress]

Syntax Description

Default

No primary or secondary VMPS servers are defined.

Command Mode

Global configuration

Usage Guidelines

The first server entered is automatically selected as the primary server whether or not primary is entered. The first server address can be overridden by using primary in a subsequent command.

When using the no form without specifying the ipaddress, all configured servers are deleted. If you delete all servers when dynamic-access ports are present, the switch cannot forward packets from new sources on these ports because it cannot query the VMPS.

Examples

The following example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS server, and the servers with IP addresses 191.10.49.21 and 191.10.49.22 as secondary servers:

Switch(config)# vmps server 191.10.49.20 primary
Switch(config)# vmps server 191.10.49.21
Switch(config)# vmps server 191.10.49.22

The following example shows how to delete the server with IP address 191.10.49.21:

Switch(config)# no vmps server 191.10.49.21

You can verify the previous commands by entering the show vmps command in privileged EXEC mode and examining information in the VMPS Domain Server row.

Related Commands

show vmps

vtp

Use the vtp VLAN database command to configure the VLAN Trunk Protocol (VTP) mode. Use the no form of this command to return to the default setting. This command is available only in the Enterprise Edition Software.

vtp {server | client | transparent}
no vtp {server | client | transparent}

Syntax Description

Default

Server mode is the default mode.

Command Mode

VLAN database

Usage Guidelines

The no vtp client and no vtp transparent forms of the command return the switch to VTP server mode.

The vtp server command is the same as no vtp client or no vtp transparent except that it does not return an error if the switch is not in client or transparent mode.

Example

The following example shows how to place the switch in VTP transparent mode:

Switch(vlan)# vtp transparent

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands

show vtp status

vtp domain

Use the vtp domain VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain. This command is available only in the Enterprise Edition Software.

vtp domain domain-name

Syntax Description

Default

No domain name is defined.

Command Mode

VLAN database

Usage Guidelines

The switch is in the no-management-domain state until you configure a domain name. While in the no-management-domain state, the switch does not transmit any VTP advertisements even if changes occur to the local VLAN configuration. The switch leaves the no-management-domain state after receiving the first VTP summary packet on any port that is currently trunking or after configuring a domain name using the vtp domain command. If the switch receives its domain from a summary packet, it resets its configuration revision number to zero. After the switch leaves the no-management-domain state, it can never be configured to reenter it until you clear the NVRAM and reload the software.

Domain names are case sensitive.

Once you configure a domain name, it cannot be removed. You can only reassign it to a different domain.

Example

The following example shows how to set the administrative domain for the switch:

Switch(vlan)# vtp domain OurDomainName

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands

show vtp status
vtp password

vtp file

Use the vtp file global configuration command to modify the VLAN Trunk Protocol (VTP) configuration storage filename. Use the no form of this command to return the filename to its default name. This command is available only in the Enterprise Edition Software.

vtp file ifsfilename
no vtp file

Syntax Description

Default

The default filename is flash:vlan.dat.

Command Mode

Global configuration

Usage Guidelines

This command cannot be used to load a new database; it only renames the file in which the existing database is stored.

Example

The following example shows how to rename the filename for VTP configuration storage to vtpfilename:

Switch(config)# vtp file vtpfilename

Related Commands

vtp

vtp password

Use the vtp password VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain password. Use the no form of this command to remove the password. This command is available only in the Enterprise Edition Software.

vtp password password-value
no vtp password password-value

Syntax Description

Default

No password is defined.

Command Mode

VLAN database

Usage Guidelines

Passwords are case sensitive. Passwords should match on all switches in the same domain.

When the no vtp password form of the command is used, the switch returns to the no password state.

Example

The following example shows how to configure the VTP domain password:

Switch(vlan)# vtp password ThisIsOurDomain'sPassword

Related Commands

vtp domain

vtp pruning

Use the vtp pruning VLAN database command to enable pruning in the VLAN Trunk Protocol (VTP) administrative domain. Use the no form of this command to disable pruning. This command is available only in the Enterprise Edition Software.

vtp pruning
no vtp pruning

Syntax Description

Default

Pruning is disabled.

Command Mode

VLAN database

Example

The following example shows how to enable pruning in the proposed new VLAN database:

Switch(vlan)# vtp pruning

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands

show vtp status
vtp
vtp v2-mode

vtp v2-mode

Use the vtp v2-mode VLAN database command to enable VLAN Trunk Protocol (VTP) version 2 in the administrative domains. Use the no form of this command to disable V2 mode. This command is available only in the Enterprise Edition Software.

vtp v2-mode
no vtp v2-mode

Syntax Description

Default

VTP version 2 is disabled.

Command Mode

VLAN database

Usage Guidelines

Toggling the V2 mode state modifies certain parameters of certain default VLANs.

Example

The following example shows how to enable V2 mode in the proposed new VLAN database:

Switch(vlan)# vtp v2-mode

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands

show vtp status
vtp
vtp pruning