The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS Layer 2 commands available on Cisco Nexus 3000 Series switches.
To enable the Cisco Discovery Protocol (CDP) and configure CDP attributes, use the cdp command. To disable CDP or reset CDP attributes, use the no form of this command.
cdp { advertise { v1 | v2 } | enable | format device-id { mac-address | serial-number | system-name } | holdtime seconds | timer seconds }
no cdp { advertise | enable | format device-id { mac-address | serial-number | system-name } | holdtime seconds | timer seconds }
Switch profile configuration mode
|
|
This example shows how to configure CDP advertisements on a switch profile:
This example shows how to configure the MAC address as the CDP device ID in a switch profile:
This example shows how to enable CDP on all Ethernet interfaces:
This example shows how to configure the MAC address as the CDP device ID:
This example shows how to disable CDP on all Ethernet interfaces:
|
|
---|---|
Displays information about the switch profile and the configuration revision. |
|
To clear the dynamic address entries from the MAC address table, use the clear mac address-table dynamic command.
clear mac address-table dynamic [[ address mac-addr ] | [ interface { ethernet slot / port | port-channel number }]] [ vlan vlan-id ]
EXEC mode
Global configuration mode
Switch profile configuration mode
|
|
Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries from the table.
To clear static MAC addresses from the table, use the no mac address-table static command.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, the switch removes all addresses on the specified interfaces.
This example shows how to clear all the dynamic entries from the MAC address table:
mac address-table dynamic
This example shows how to clear all the dynamic entries from the MAC address table for VLAN 2:
mac address-table dynamic vlan 2
This example shows how to clear all the dynamic entries from the MAC address table in a switch profile:
|
|
---|---|
Displays information about the switch profile and the configuration revision. |
|
To clear the counters for the Spanning Tree Protocol (STP), use the clear spanning-tree counters command.
clear spanning-tree counters [ interface { ethernet interface | port-channel channel }] [ vlan vlan-id ]
|
|
You can clear all the STP counters on the entire switch, per VLAN, or per interface.
This example shows how to clear the STP counters for VLAN 5:
switch#
clear
spanning-tree counters vlan 5
|
|
---|---|
To restart the protocol migration, use the clear spanning-tree detected-protocol command. With no arguments, the command is applied to every port of the switch.
clear spanning-tree detected-protocol [ interface { ethernet interface | port-channel channel }]
|
|
Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) have built-in compatibility mechanisms that allow them to interact properly with other versions of IEEE spanning tree or other regions. For example, a switch running Rapid PVST+ can send 802.1D bridge protocol data units (BPDUs) on one of its ports when it is connected to a legacy device. An MST switch can detect that a port is at the boundary of a region when it receives a legacy BPDU or an MST BPDU that is associated with a different region.
These mechanisms are not always able to revert to the most efficient mode. For example, a Rapid PVST+ switch that is designated for a legacy 802.1D bridge stays in 802.1D mode even after the legacy bridge has been removed from the link. Similarly, an MST port assumes that it is a boundary port when the bridges to which it is connected have joined the same region.
To force a port to renegotiate with its neighbors, enter the clear spanning-tree detected-protocol command.
This example shows how to restart the protocol migration on a specific interface:
switch#
clear
spanning-tree detected-protocol interface ethernet 1/4
|
|
---|---|
To clear VLAN Trunking Protocol (VTP) counters, use the clear vtp counters command.
|
|
---|---|
Use this command to clear the VTP statistics, such as the VTP requests, VTP advertisements, and configuration revisions.
This example shows how to clear the VTP counters:
|
|
---|---|
To enable error-disable (err-disabled) detection in an application, use the errdisable detect cause command. To disable error disable detection, use the no form of this command.
errdisable detect cause { all | link-flap | loopback }
no errdisable detect cause { all | link-flap | loopback }
|
|
---|---|
When error disable detection is enabled and a cause is detected on an interface, the interface is placed in an err-disabled state, which is an operational state that is similar to the link-down state.
This example shows how to enable the err-disabled detection on linkstate-flapping:
|
|
---|---|
To configure the application to bring the interface out of the error-disabled (err-disabled) state and retry coming up, use the errdisable recovery cause command. To revert to the defaults, use the no form of this command.
errdisable recovery cause { all | bpduguard | failed-port-state | link-flap-recovery | pause-rate-limit | storm-control | udld }
no errdisable recovery cause { all | bpduguard | failed-port-state | link-flap-recovery | pause-rate-limit | storm-control | udld }
|
|
---|---|
When an error-disables recovery is enabled, the interface automatically recovers from the error-disabled state, and the device retries bringing the interface up.
This example shows how to enable an error-disabled recovery from linkstate flapping:
This example shows how to enable an error-disabled recovery from storm control error disabled state:
|
|
---|---|
To configure the recovery time interval to bring the interface out of the error-disabled (err-disabled) state, use the errdisable recovery interval command. To revert to the defaults, use the no form of this command.
errdisable recovery interval time
no errdisable recovery interval
Error disable recovery time interval. The range is from 30 to 65535 seconds. |
|
|
---|---|
When error disable recovery is enabled, the interface automatically recovers from the err-disabled state, and the device retries bringing the interface up.
This example shows how to enable error disable recovery time interval to 100 seconds:
|
|
---|---|
To enable private VLANs, use the feature private-vlan command. To return to the default settings, use the no form of this command.
|
|
The private VLAN commands are not available until you enable the private VLAN feature.
You cannot disable the private VLANs if there are operational ports on the switch that are in private VLAN mode.
Note A private VLAN-isolated port on a Cisco Nexus 3000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to enable private VLAN functionality on the switch:
switch(config)#
feature private-vlan
To enable VLAN Trunking Protocol (VTP), use the feature vtp command. To disable VTP, use the no form of this command.
|
|
---|---|
This example shows how to enable VTP on the switch:
|
|
---|---|
To map a VLAN or a set of VLANs to a Multiple Spanning Tree instance (MSTI), use the instance vlan command. To delete the instance and return the VLANs to the default instance (Common and Internal Spanning Tree [CIST]), use the no form of this command.
instance instance-id vlan vlan-id
no instance instance-id [ vlan vlan-id ]
Instances to which the specified VLANs are mapped. The range is from 0 to 4094. |
|
Specifies the number of the VLANs that you are mapping to the specified MSTI. The VLAN ID range is from 1 to 4094. |
No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).
|
|
The VLAN identifier is entered as a single value or a range.
The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added to or removed from the existing instances.
Any unmapped VLAN is mapped to the CIST instance.
This example shows how to map a range of VLANs to MSTI 4:
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
instance 4 vlan 100-200
|
|
---|---|
To enable Internet Group Management Protocol (IGMP), use the ip igmp snooping command. To disable IGMP snooping, use the no form of this command.
Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not.
|
|
---|---|
This example shows how to enable IGMP snooping:
|
|
---|---|
To configure Internet Group Management Protocol (IGMP) on a VLAN, use the ip igmp snooping command. To negate the command or return to the default settings, use the no form of this command
Parameter to configure. See the “Usage Guidelines” section for additional information. |
VLAN configuration mode
Switch profile VLAN configuration mode
|
|
---|---|
Support was added for the following IGMP parameters in a switch profile: |
Table 1 lists the valid values for parameter.
This example shows how to configure IGMP snooping parameters for VLAN 5:
|
|
---|---|
To enable the debounce timer on an interface, use the link debounce command. To disable the timer, use the no form of this command.
link debounce [ time milliseconds ]
(Optional) Specifies the extended debounce timer. The range is from 0 to 5000 milliseconds. A value of 0 milliseconds disables the debounce time. |
|
|
---|---|
The port debounce time is the amount of time that an interface waits to notify the supervisor of a link going down. During this time, the interface waits to see if the link comes back up. The wait period is a time when traffic is stopped.
This example shows how to enable the debounce timer and set the debounce time to 1000 milliseconds for an Ethernet interface:
This example shows how to disable the debounce timer for an Ethernet interface:
|
|
---|---|
To configure the Link Layer Discovery Protocol (LLDP) global options, use the lldp command. To remove the LLDP settings, use the no form of this command.
lldp { holdtime seconds | reinit seconds | timer seconds | tlv-select { dcbxp | management-address [v4 | v6] | port-description | port-vlan | system-capabilities | system-description | system-name }}
no lldp { holdtime | reinit | timer | tlv-select { dcbxp | management-address | port-description | port-vlan | system-capabilities | system-description | system-name }}
Holdtime (before discarding): 120 seconds.
Reinitialization delay: 2 seconds.
Global configuration mode
Switch profile configuration mode
|
|
---|---|
the v4 and v6 command options were introduced for the management-address keyword. |
|
Support was added to configure LLDP options in switch profiles. |
|
Note LLDP, which is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network, is enabled on the switch by default.
The LLDP settings include the length of time before discarding LLDP information received from peers, the length of time to wait before performing LLDP initialization on any interface, and the rate at which LLDP packets are sent.
LLDP supports a set of attributes that it uses to discover neighbor devices. These attributes contain type, length, and value descriptions and are referred to as TLVs. LLDP supported devices can use TLVs to receive and send information to their neighbors. Details such as configuration information, device capabilities, and device identity can be advertised using this protocol.
The switch supports these basic management TLVs. These are mandatory LLDP TLVs.
The Data Center Bridging Exchange Protocol (DCBXP) is an extension of LLDP. It is used to announce, exchange, and negotiate node parameters between peers. DCBXP parameters are packaged into a specific DCBXP TLV. This TLV is designed to provide an acknowledgement to the received LLDP packet.
DCBXP is enabled by default, provided LLDP is enabled. When LLDP is enabled, DCBXP can be enabled or disabled using the [ no ] lldp tlv-select dcbxp command. DCBXP is disabled on ports where LLDP transmit or receive is disabled.
This example shows how to configure the global LLDP holdtime to 200 seconds:
This example shows how to enable LLDP to send or receive the management address TLVs:
This example shows how to enable LLDP to send or receive IPv4 management address TLVs:
This example shows how to enable LLDP to send or receive IPv6 management address TLVs:
This example shows how to disable LLDP to send or receive the DCBXP TLVs:
This example shows how to configure the LLDP packet rate to 60 seconds in a switch profile:
|
|
---|---|
Displays information about the switch profile and the configuration revision. |
|
To specify the management IP address to be sent in the LLDP management TLV, use the lldp tlv-set command. To remove the specified management IP address from the LLDP management TLV, use the no form of this command.
lldp tlv-set { management-address ip-address [ipv6] | vlan [ vlan-id ]}
no lldp tlv-set { management-address ip-address [ipv6] | vlan [ vlan-id ]}
|
|
---|---|
Before configuring the LLDP management TLV IP address, ensure that the LLDP management TLV option is configured.
This example shows how to specify the management IPv4 address in the management TLV:
This example shows how to specify the management IPv6 address in the management TLV:
This example shows how to specify the VLAN ID in the management TLV:
|
|
---|---|
To configure the aging time for entries in the MAC address table, use the mac address-table aging-time command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [ vlan vlan-id ]
no mac address-table aging-time [ vlan vlan-id ]
Global configuration mode
Switch profile configuration mode
|
|
Support to configure MAC address table aging time was added to switch profiles. |
Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to a different value from that specified by the user (from the rounding process), the system returns an informational message.
When you use this command, the age values of all VLANs for which a configuration has not been specified are modified and those VLANs with specifically modified aging times are not modified. When you use the no form of this command without the VLAN parameter, only those VLANs that have not been specifically configured for the aging time reset to the default value. Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only the specified VLAN is modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN is returned to the current global configuration for the aging time, which may or may not be the default value of 300 seconds depending if the global configuration of the switch for the aging time has been changed.
Note In Cisco NX-OS Release 5.0(3)U1(1), you can configure the MAC aging timer on a global basis but not on a per VLAN basis.
The aging time is counted from the last time that the switch detected the MAC address.
This example shows how to change the length of time an entry remains in the MAC address table to 500 seconds for the entire switch:
switch#
configure terminal
switch(config)#
mac address-table aging-time 500
This example shows how to change the length of time an entry remains in the MAC address table to 300 seconds for a switch profile:
|
|
---|---|
Displays information about the switch profile and the configuration revision. |
|
To configure the action of bringing down the port with the lower interface index when a MAC address move loop is detected between two ports, use the mac address-table loop-detect port-down command. To revert to the default action of disabling MAC learning, use the no form of this command.
mac address-table loop-detect port-down
no mac address-table loop-detect port-down
|
|
---|---|
When the number of MAC address moves between two ports exceeds a threshold, it forms a loop. Until Cisco NX-OS Release 6.0(2)U3(1), when a loop was detected between two ports, MAC learning was disabled for 180 seconds. You can now configure the action of bringing down the port with the lower interface index when such a loop is detected by using the mac address-table loop-detect port-down command.
This example shows how to configure port-down as the action for MAC move loop detection:
|
|
---|---|
Displays the currently configured action for loop detection in the MAC address table. |
To configure a log message notification of MAC address table events, use the mac address-table notification command. To disable log message notifications, use the no form of this command.
mac address-table notification { mac-move | threshold [ limit percentage interval seconds ]}
no mac address-table notification { mac-move | threshold }
|
|
---|---|
This example shows how to configure a log message notification when the threshold exceeds 45 percent, restricting the update interval to once every 1024 seconds:
|
|
---|---|
To configure a static entry for the MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id { drop | interface { ethernet slot/port | port-channel number } [ auto-learn ]
no mac address-table static mac-address { vlan vlan-id }
Global configuration mode
Switch profile configuration mode
|
|
Support was added to configure static MAC address table entries in switch profiles. |
You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast MAC address.
When you install a static MAC address, it is associated with a port. If the same MAC address is seen on a different port, the entry is updated with the new port if you enter the auto-learn keyword.
This example shows how to add a static entry to the MAC address table:
This example shows how to add a static entry to the MAC address table in a switch profile:
|
|
---|---|
Displays information about the switch profile and the configuration revision. |
|
To control the learning of MAC addresses per interface, use the mac-learn command. To delete the list, use the no form of this command.
Global configuration mode
Switch profile configuration mode
|
|
---|---|
By default, each interface automatically learns the MAC addresses of entering traffic.
After you disable MAC learning, enter the clear mac address-table dynamic command to clear the dynamic address entries from the MAC address table.
This example shows how to disable MAC address learning on the switch and then clear the the dynamic address entries from the MAC address table:
This example shows how to disable MAC address learning on a switch profile, and then clear the the dynamic address entries from the MAC address table:
|
|
---|---|
Clears the dynamic address entries from the MAC address table. |
|
Displays information about the switch profile and the configuration revision. |
|
To set the name for a VLAN, use the name command. To remove the user-configured name from a VLAN, use the no form of this command.
VLAN configuration mode
Switch profile VLAN configuration mode
|
|
---|---|
You cannot change the name for the default VLAN, VLAN 1, or for the internally allocated VLANs.
This example shows how to name VLAN 2:
switch#
configure terminal
switch(config)#
vlan 2
switch(
config-vlan)#
name accounting
This example shows how to name VLAN 3 in a switch profile:
|
|
---|---|
To set the name of a Multiple Spanning Tree (MST) region, use the name command. To return to the default name, use the no form of this command.
Name to assign to the MST region. It can be any string with a maximum length of 32 alphanumeric characters. |
|
|
Two or more switches with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.
This example shows how to name a region:
switch#
configure terminal
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
name accounting
|
|
---|---|
To enable autonegotiation on a specified 1-Gigabit Ethernet port, use the negotiate auto command. To disable autonegotiation, use the no form of this command.
|
|
You can use this command only on Ethernet and EtherChannel interfaces.
Use the negotiate auto command with the speed command.
Use the no negotiate auto command to disable autonegotiation on 1-Gigabit ports when the connected peer does not support autonegotiation. By default, autonegotiation is enabled on 1-Gigabit ports and disabled on 10-Gigabit ports.
Note Beginning in 7.0(3)I2(1), no negotiate auto cannot be configured when the speed is set as speed auto. To configure no negotiate auto, change the speed to a fixed speed.
This example shows how to enable link negotiation on a specified Ethernet interface:
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(
config-if)#
negotiate auto
switch(
config-if)#
This example shows how to enable link negotiation on a specified Ethernet interface and advertise that the interface is capable of only 1000 megabyte speed.
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(
config-if)#
negotiate auto
switch(
config-if)#
This example shows how to enable link negotiation on a specified Ethernet interface and configure the interface to negotiate to all capable speeds. On an RJ45 jack, the interface can autonegotiate to 10, 100, or 1000 megabytes. (Autonegotiation is not possible on 10 or 40 Gigabyte interfaces.)
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(
config-if)#
negotiate auto
switch(
config-if)#
|
|
---|---|
Displays the running configuration information for configured interfaces. |
To configure private VLANs, use the private-vlan command. To return the specified VLANs to normal VLAN mode, use the no form of this command.
private-vlan { isolated | community | primary }
no private-vlan { isolated | community | primary }
|
|
---|---|
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. When you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. If you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and are reenabled when you recreate the specified VLAN and configure it as the previous secondary VLAN.
You cannot configure VLAN1 or the internally allocated VLANs as private VLANs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
An isolated VLAN is a VLAN that is used by isolated ports to communicate with promiscuous ports. An isolated VLAN’s traffic is blocked on all other private ports in the same VLAN. Its traffic can only be received by standard trunking ports and promiscuous ports that are assigned to the corresponding primary VLAN.
A promiscuous port is defined as a private port that is assigned to a primary VLAN.
A community VLAN is defined as the VLAN that carries the traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN.
A primary VLAN is defined as the VLAN that is used to convey the traffic from the routers to customer end stations on private ports.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Note A private VLAN-isolated port on a Cisco Nexus 3000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
If VLAN Trunking Protocol (VTP) is enabled on a switch, you can configure private VLANs only on a device configured in Transparent mode.
This example shows how to assign VLAN 5 to a private VLAN as the primary VLAN:
This example shows how to assign VLAN 100 to a private VLAN as a community VLAN:
This example shows how to assign VLAN 109 to a private VLAN as an isolated VLAN:
|
|
---|---|
To configure the association between a primary VLAN and a secondary VLAN on a private VLAN, use the private-vlan association command. To remove the association, use the no form of this command.
private-vlan association {[ add ] secondary-vlan-list | remove secondary-vlan-list }
Clears the association between a secondary VLAN and a primary VLAN. |
|
|
---|---|
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple secondary VLAN IDs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Isolated and community VLANs can only be associated with one primary VLAN. You cannot configure a VLAN that is already associated to a primary VLAN as a primary VLAN.
Note A private VLAN-isolated port on a Cisco Nexus 3000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to create a private VLAN relationship between the primary VLAN 14, the isolated VLAN 19, and the community VLANs 20 and 21:
This example shows how to remove isolated VLAN 18 and community VLAN 20 from the private VLAN association:
|
|
---|---|
To map the secondary VLANs to the same Multiple Spanning Tree (MST) instance as the primary VLAN, use the private-vlan synchronize command.
|
|
---|---|
If you do not map secondary VLANs to the same MST instance as the associated primary VLAN when you exit the MST configuration mode, the device displays a warning message that lists the secondary VLANs that are not mapped to the same instance as the associated VLAN. The private-vlan synchronize command automatically maps all secondary VLANs to the same instance as the associated primary VLANs.
This example shows how to initialize private VLAN synchronization:
|
|
---|---|
To set the revision number for the Multiple Spanning Tree (MST) region configuration, use the revision command. To return to the default settings, use the no form of this command.
Revision number for the MST region configuration. The range is from 0 to 65535. |
|
|
Two or more switches with the same VLAN mapping and name are considered to be in different MST regions if the configuration revision numbers are different.
This example shows how to set the revision number of the MST region configuration:
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
revision 5
|
|
---|---|
To trigger the Layer 2 Interface consistency checker for MAC addresses and display the results, use the show consistency-checker l2 command.
|
|
---|---|
This example shows how to trigger the Layer 2 consistency checker for a module and display the results:
To trigger the VLAN membership consistency checker for members of a VLAN and display the results, use the show consistency-checker membership vlan command.
show consistency-checker membership vlan vlan id
|
|
---|---|
This example shows how to trigger the VLAN membership consistency checker and display the results:
To trigger the consistency checker for the spanning tree state of all interfaces in a VLAN and display the results, use the show consistency-checker stp-state vlan command.
show consistency-checker stp-state vlan vlan id
|
|
---|---|
This example shows how to trigger the Layer 3 Interface consistency checker for a module and display the results:
|
|
---|---|
Triggers the consistency checker on MAC addresses and displays the results. |
|
Triggers the consistency checker on all members of a vlan and displays the results. |
To display the Internet Group Management Protocol (IGMP) snooping configuration of the switch, use the show ip igmp snooping command.
show ip igmp snooping [ explicit-tracking vlan vlan-id | groups [ detail | vlan vlan-id ] | mrouter [ vlan vlan-id ] | querier [ vlan vlan-id ] | vlan vlan-id ]
|
|
---|---|
This example shows how to display the IGMP snooping configuration of the switch:
This example shows how to display the IGMP snooping configuration for VLAN 1:
|
|
---|---|
Globally enables IGMP snooping. IGMP snooping must be globally enabled in order to be enabled on a VLAN. |
|
To display information about the Link Layer Discovery Protocol (LLDP) configuration on the switch, use the show lldp command.
show lldp { interface { ethernet slot / port | mgmt intf-no } | neighbors [ detail | interface ] | timers | tlv-select | traffic [ interface { ethernet slot / port | mgmt intf-no }]}
|
|
---|---|
Note LLDP, which is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network, is enabled on the switch by default.
This example shows how to display LLDP interface information:
This example shows how to display LLDP management interface information:
This example shows how to display LLDP timers configured on the switch:
This example shows how to display LLDP neighbor information:
This example shows how to display LLDP information for a specified interface:
This example shows how to display the TLV information:
This example shows how to display LLDP traffic information:
|
|
---|---|
To display the contents of the MAC address table, use the show mac-address-table command.
show mac-address-table [address mac-address ] [ aging-time] [loop-detect][dynamic | multicast | static] [interface {ethernet slot / port | port-channel number}] [vlan vlan-id]
|
|
This example shows how to display the MAC addresses table:
This example shows how to display the current aging time:
This example shows how to display information about the dynamic entries for the MAC address table:
Note On platforms where aging is not supported, the aging value will always be displayed as 0
This example shows how to display the currently configured action:
|
|
---|---|
Configures the action of bringing down the port with the lower interface index when a MAC address move loop is detected between two ports. |
To display information about the time-out values for the MAC address table, use the show mac address-table aging-time command.
show mac address-table aging-time
|
|
---|---|
This example shows how to display MAC address aging times:
|
|
---|---|
Configures the aging time for entries in the MAC address table. |
|
To display the number of entries currently in the MAC address table, use the show mac address-table count command.
show mac address-table count [ address EEEE . EEEE . EEEE ] [ dynamic | static ] [ interface { ethernet slot / port | port-channel number }] [ vlan vlan-id ]
|
|
---|---|
This example shows how to display the number of dynamic entries currently in the MAC address table:
|
|
---|---|
To display notifications about the MAC address table, use the show mac address-table notification command.
show mac address-table notification { mac-move | threshold }
Displays notification messages about MAC addresses that were moved. |
|
Displays notification messages sent when the MAC address table threshold was exceeded. |
|
|
---|---|
This example shows how to display MAC address move notifications:
|
|
---|---|
Configures a log message notification when the MAC address is moved. |
|
To display the information about the MAC address table, use the show mac address-table command.
show mac address-table [ address mac-address ] [ dynamic | multicast | static ] [ interface { ethernet slot / port | port-channel number }] [ vlan vlan-id ]
|
|
---|---|
The switch maintains static MAC address entries that are saved in its startup configuration across reboots and flushes the dynamic entries.
This example shows how to display information about the entries for the MAC address table:
This example shows how to display information about the entries for the MAC address table for a specific MAC address:
This example shows how to display information about the dynamic entries for the MAC address table:
This example shows how to display information about the MAC address table for a specific interface:
This example shows how to display static entries in the MAC address table:
This example shows how to display entries in the MAC address table for a specific VLAN:
To display the running configuration for the Spanning Tree Protocol (STP), use the show running-config spanning-tree command.
show running-config spanning-tree [ all | interface { ethernet slot / port | port-channel channel-num }]
|
|
---|---|
This example shows how to display information on the running STP configuration:
This example shows how to display detailed information on the running STP configuration:
Note Display output differs slightly depending on whether you are running Rapid Per VLAN Spanning Tree Plus (Rapid PVST+) or Multiple Spanning Tree (MST).
|
|
---|---|
To display the running configuration for a specified VLAN, use the show running-config vlan command.
show running-config vlan vlan-id
Number of VLAN or range of VLANs. Valid numbers are from 1 to 4096. |
|
|
---|---|
This command provides information on the specified VLAN, including private VLANs.
The display varies with your configuration. If you have configured the VLAN name, shutdown status, or suspended status, these are also displayed.
This example shows how to display the running configuration for VLAN 5:
|
|
---|---|
To display the VLAN Trunking Protocol (VTP) running configuration, use the show running-config vtp command.
|
|
---|---|
This example shows how to display the VTP running configuration on the switch:
|
|
---|---|
Copies the running configuration to the startup configuration file. |
|
To display information about the Spanning Tree Protocol (STP), use the show spanning-tree command.
show spanning-tree [ blockedports | inconsistentports | pathcost method ]
|
|
---|---|
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
Table 2 describes the fields that are displayed in the output of show spanning-tree commands.
Note Display output differs slightly depending on whether you are running Rapid Per VLAN Spanning Tree Plus (Rapid PVST+) or Multiple Spanning Tree (MST).
This example shows how to display spanning tree information:
This example shows how to display the blocked ports in spanning tree:
This example shows how to determine if any ports are in any STP-inconsistent state:
This example shows how to display the path cost method:
To display Spanning Tree Protocol (STP) information on STP-active interfaces only, use the show spanning-tree active command.
show spanning-tree active [ brief | detail ]
(Optional) Displays a brief summary of STP interface information. |
|
(Optional) Displays a detailed summary of STP interface information. |
|
|
---|---|
This example shows how to display STP information on the STP-active interfaces:
To display the status and configuration of the local Spanning Tree Protocol (STP) Bridge Assurance, use the show spanning-tree bridge command.
show spanning-tree bridge [ address | brief | detail | forward-time | hello-time | id | max-age | priority [ system-id ] | protocol ]
|
|
---|---|
This example shows how to display the STP information for the bridge:
Table 3 describes the fields shown in the display.
This example shows how to display the STP address information for the bridge:
This example shows how to display the detailed STP information for the bridge:
This example shows how to display the STP forward delay interval for the bridge:
This example shows how to display the STP hello time for the bridge:
This example shows how to display the STP bridge ID for the bridge:
This example shows how to display the STP maximum-aging time for the bridge:
This example shows how to display the bridge priority with the system ID extension for the bridge:
This example shows how to display the STP protocol information for the bridge:
Table 3 describes the fields shown in the display.
|
|
---|---|
Displays the running configuration information about the Bridge Assurance. |
|
To display a brief summary of the Spanning Tree Protocol (STP) status and configuration on the switch, use the show spanning-tree brief command.
|
|
---|---|
This example shows how to display a brief summary of STP information:
|
|
---|---|
To display detailed information on the Spanning Tree Protocol (STP) status and configuration on the switch, use the show spanning-tree detail command.
show spanning-tree detail [ active ]
(Optional) Displays information about STP active interfaces only. |
|
|
---|---|
This example shows how to display detailed information on the STP configuration:
|
|
---|---|
To display information on the Spanning Tree Protocol (STP) interface status and configuration of specified interfaces, use the show spanning-tree interface command.
show spanning-tree interface { ethernet slot / port | port-channel number } [ active [ brief | detail ] | brief [ active ] | cost | detail [ active ] | edge | inconsistency | priority | rootcost | state ]
|
|
---|---|
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
If you specify an interface that is not running STP, the switch returns an error message.
When you are running Multiple Spanning Tree (MST), this command displays the Per VLAN Spanning Tree (PVST) simulation setting.
Note If you are running Multiple Spanning Tree (MST), use the show spanning-tree mst command to show more detail on the specified interfaces.
This example shows how to display STP information on a specified interface:
This example shows how to display detailed STP information on a specified interface:
This example shows how to display STP port inconsistency state information for a specified interface:
This example shows how to display STP port priority information for a specified interface:
|
|
---|---|
To display information on Multiple Spanning Tree (MST) status and configuration, use the show spanning-tree mst command.
show spanning-tree mst [ instance-id [ detail | interface { ethernet slot / port | port-channel number } [ detail ]]
show spanning-tree mst [ configuration [ digest ]]
show spanning-tree mst [ detail | interface { ethernet slot / port | port-channel number } [ detail ]]
|
|
---|---|
If the switch is not running in STP Multiple Spanning Tree (MST) mode when you enter this command, it returns the following message:
This example shows how to display STP information about Multiple Spanning Tree (MST) instance information for the VLAN ports that are currently active:
This example shows how to display STP information about a specific Multiple Spanning Tree (MST) instance:
This example shows how to display detailed STP information about the Multiple Spanning Tree (MST) protocol:
This example shows how to display STP information about specified Multiple Spanning Tree (MST) interfaces:
This example shows how to display information about the Multiple Spanning Tree (MST) configuration:
This example shows how to display the MD5 digest included in the current Multiple Spanning Tree (MST) configuration:
|
|
---|---|
To display the status and configuration of the Spanning Tree Protocol (STP) root bridge, use the show spanning-tree root command.
show spanning-tree root [ address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [ system-id ]]
|
|
---|---|
This example shows how to display the detailed information for the root bridge:
|
|
---|---|
To display summary Spanning Tree Protocol (STP) information on the switch, use the show spanning-tree summary command.
show spanning-tree summary [ totals ]
|
|
---|---|
The display output for this command differs when you are running Rapid Per VLAN Spanning Tree Plus (Rapid PVST+) or Multiple Spanning Tree (MST).
This example shows how to display a summary of STP information on the switch:
|
|
---|---|
To display Spanning Tree Protocol (STP) information for specified VLANs, use the show spanning-tree vlan command.
show spanning-tree vlan { vlan-id } [ active [ brief | detail ]]
show spanning-tree vlan { vlan-id } [ blockedports ]
show spanning-tree vlan { vlan-id } [ bridge [ address ] | brief | detail | forward-time | hello-time | id | max-age | priority [ system-id ] | protocol ]
show spanning-tree vlan { vlan-id } [ brief [ active ]]
show spanning-tree vlan { vlan-id } [ detail [ active ]]
show spanning-tree vlan { vlan-id } [ inconsistentports ]
show spanning-tree vlan { vlan-id } [ interface { ethernet slot / port | port-channel number } [ active [ brief | detail ]] | brief [ active ] | cost | detail [ active ] | edge | inconsistency | priority | rootcost | state ]]
show spanning-tree vlan { vlan-id } [ root [ address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [ system-id ]]
show spanning-tree vlan { vlan-id } [ summary ]
|
|
---|---|
This example shows how to display STP information on VLAN 1:
|
|
---|---|
To display the Unidirectional Link Detection (UDLD) information for a switch, use the show udld command.
show udld [ ethernet slot / port | global | neighbors ]
|
|
---|---|
This example shows how to display UDLD information for all interfaces:
This example shows how to display the UDLD information for a specified interface:
This example shows how to display the UDLD global status and configuration on all interfaces:
This example shows how to display the UDLD neighbor interfaces:
|
|
---|---|
To display VLAN information, use the show vlan command.
show vlan [ brief | name { name } | summary ]
|
|
---|---|
This command displays information for all VLANs, including private VLANs, on the switch.
Each access port can belong to only one VLAN. Trunk ports can be on multiple VLANs.
Note Although a port can be associated with a VLAN as an access VLAN, a native VLAN, or one of the trunk allowed ports, only access VLANs are shown under Ports in the display.
If you shut down a VLAN using the state suspend or the state active command, these values appear in the Status field:
If you shut down a VLAN using the shutdown command, these values appear in the Status field:
If a VLAN is shut down internally, these values appear in the Status field:
If a VLAN is shut down locally and internally, the value that is displayed in the Status field is act/ishut or sus/ishut. If a VLAN is shut down locally only, the value that is displayed in the Status field is act/lshut or sus/lshut.
This example shows how to display information for all VLANs on the switch:
This example shows how to display the VLAN name, status, and associated ports only:
This example shows how to display the VLAN information for a specific VLAN by name:
This example shows how to display information about the number of VLANs configured on the switch:
|
|
---|---|
Displays information about the ports, including those in private VLANs. |
|
To display the status of tagging on the native VLANs, use the show vlan dot1Q tag native command.
|
|
---|---|
This example shows how to display the status of 802.1Q tagging on the native VLANs:
|
|
---|---|
Enables dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch. |
To display information and statistics for an individual VLAN or a range of VLANs, use the show vlan id command.
|
|
---|---|
Use this command to display information and statistics on an individual VLAN or a range of VLANs, including private VLANs.
Note You can also display information about individual VLANs using the show vlan name command.
This example shows how to display information for the individual VLAN 5:
|
|
---|---|
To display private VLAN information, use the show vlan private-vlan command.
show vlan [ id { vlan-id }] private-vlan [ type ]
(Optional) Displays private VLAN information for the specified VLAN. |
|
(Optional) Displays the private VLAN type (primary, isolated, or community). |
|
|
---|---|
This example shows how to display information on all private VLANs on the switch:
This example shows how to display information for a specific private VLAN:
This example shows how to display information on the types of all private VLANs on the switch:
This example shows how to display information on the type for the specified private VLAN:
To display the VLAN Trunking Protocol (VTP) statistics, use the show vtp counters command.
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
Note VTP pruning is not supported in Cisco NX-OS Release 5.0(3)U1(1).
This example shows how to display the VTP counters:
|
|
---|---|
To display the VLAN Trunking Protocol (VTP) interface status and configuration information, use the show vtp interface command.
show vtp interface [ ethernet slot / port | port-channel channel-no ]
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
This example shows how to display the VTP configuration information on all interfaces:
This example shows how to display the VTP configuration information for an Ethernet interface:
This example shows how to display the VTP configuration information for an EtherChannel interface:
|
|
---|---|
To display the VLAN Trunking Protocol (VTP) administrative password, use the show vtp password command.
show vtp password [ domain domain-id ]
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
This example shows how to display the VTP password configured for administrative domain 1:
|
|
---|---|
To display the VLAN Trunking Protocol (VTP) domain status information, use the show vtp status command.
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
This example shows how to display the VTP domain status:
|
|
---|---|
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
VLAN configuration mode
Switch profile VLAN configuration mode
|
|
---|---|
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
After you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
Note If the VLAN is suspended and shut down, you use both the no shutdown and state active commands to return the VLAN to the active state.
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config)#
vlan 2
switch(
config-vlan)#
no shutdown
This example shows how to shut down local traffic on VLAN 3 in a switch profile:
|
|
---|---|
To enable bridge protocol data unit (BPDU) Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter { enable | disable }
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
|
|
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4:
|
|
---|---|
To enable bridge protocol data unit (BPDU) Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard { enable | disable }
The setting that is already configured when you enter the spanning-tree port type edge bpduguard default command.
|
|
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See the spanning-tree port type edge bpduguard default command for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
This example shows how to enable BPDU Guard on this interface:
|
|
---|---|
To enable Bridge Assurance on the switch, use the spanning-tree bridge command. To disable Bridge Assurance, use the no form of this command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
Global configuration mode
Switch profile configuration mode
|
|
You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network. Bridge Assurance is enabled only on spanning tree network ports that are point-to-point links.
This example shows how to enable Bridge Assurance on all network ports on the switch:
This example shows how to enable Bridge Assurance in a switch profile:
|
|
---|---|
Displays the running configuration information about spanning trees. |
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] cost { value | auto }
no spanning-tree [ vlan vlan-id ] cost
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094. |
|
Value of the port cost. The available cost range depends on the path-cost calculation method as follows: |
|
Sets the value of the port cost by the media speed of the interface (see Table 4 for the values). |
|
|
The STP port path cost default value is determined from the media speed and path cost calculation method of a LAN interface (see Table 4 ). See the spanning-tree pathcost method command for information on setting the path cost calculation method for Rapid per VLAN Spanning Tree Plus (Rapid PVST+).
|
|
|
---|---|---|
When you configure the value, higher values will indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note Use this command to set the port cost for Rapid PVST+. Use the spanning-tree mst cost command to set the port cost for MST.
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
(config)#
interface ethernet 1/4
(config-if)#
spanning-tree cost 250
|
|
---|---|
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard { loop | none | root }
|
|
You cannot enable Loop Guard if Root Guard is enabled, although the switch accepts the command to enable Loop Guard on spanning tree edge ports.
This example shows how to enable Root Guard:
|
|
---|---|
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type { auto | point-to-point | shared }
Sets the link type based on the duplex setting of the interface. |
|
|
|
Fast transition (specified in IEEE 802.1w) functions only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
Note On a Cisco Nexus 3000 Series switch, port duplex is not configurable.
This example shows how to configure the port as a shared link:
|
|
---|---|
To enable Loop Guard as a default on all spanning tree normal and network ports, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
|
|
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
Entering the spanning-tree guard loop command for the specified interface overrides this global Loop Guard command.
This example shows how to enable Loop Guard:
|
|
---|---|
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode { rapid-pvst | mst }
|
|
You cannot simultaneously run MST and Rapid PVST+ on the switch.
This example shows how to switch to MST mode:
switch(config)#
spanning-tree mode mst
switch(config-mst)#
|
|
---|---|
Displays the information about the spanning tree configuration. |
To enter the Multiple Spanning Tree (MST) configuration mode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
The default value for the MST configuration is the default value for all its parameters:
|
|
The MST configuration consists of three main parameters:
The abort and exit commands allow you to exit MST configuration mode. The difference between the two commands depends on whether you want to save your changes or not:
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration mode, the following warning message is displayed:
See the switchport mode private-vlan host command to fix this problem.
Changing an MST configuration mode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST configuration mode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword.
In the unlikely event that two administrators commit a new configuration at exactly the same time, this warning message is displayed:
This example shows how to enter MST-configuration mode:
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
(config)#
no
spanning-tree mst configuration
|
|
---|---|
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost { cost | auto }
no spanning-tree mst instance-id cost
Port cost for an instance. The range is from 1 to 200,000,000. |
|
Sets the value of the port cost by the media speed of the interface. |
|
|
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
This example shows how to set the interface path cost:
(config-if)#
spanning-tree mst 0 cost 17031970
|
|
---|---|
To set the forward-delay timer for all the instances on the switch, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Number of seconds to set the forward-delay timer for all the instances on the switch. The range is from 4 to 30 seconds. |
|
|
This example shows how to set the forward-delay timer:
|
|
---|---|
To set the hello-time delay timer for all the instances on the switch, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Number of seconds to set the hello-time delay timer for all the instances on the switch. The range is from 1 to 10 seconds. |
|
|
If you do not specify the hello-time value, the value is calculated from the network diameter.
This example shows how to set the hello-time delay timer:
|
|
---|---|
To set the max-age timer for all the instances on the switch, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
Number of seconds to set the max-age timer for all the instances on the switch. The range is from 6 to 40 seconds. |
|
|
This example shows how to set the max-age timer:
|
|
---|---|
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
Number of possible hops in the region before a BPDU is discarded. The range is from 1 to 255 hops. |
|
|
This example shows how to set the number of possible hops:
|
|
---|---|
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance, including the Common and Internal Spanning Tree (CIST) with instance ID 0, use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
Port priority for an instance. The range is from 0 to 224 in increments of 32. |
|
|
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
This example shows how to set the interface priority:
(config-if)#
spanning-tree mst 0 port-priority 64
|
|
---|---|
Configures the port priority for the default STP, which is Rapid PVST+. |
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst instance-id priority priority-value
no spanning-tree mst instance-id priority
Instance identification number. The range is from 0 to 4094. |
|
Bridge priority. See the “Usage Guidelines” section for valid values and additional information. |
|
|
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority-value argument to 0 to make the switch root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This example shows how to set the bridge priority:
|
|
---|---|
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id root { primary | secondary } [ diameter dia [ hello-time hello-time ]]
no spanning-tree mst instance-id root
|
|
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
If you do not specify the hello-time argument, the argument is calculated from the network diameter. You must first specify the diameter dia keyword and argument before you can specify the hello-time hello-time keyword and argument.
This example shows how to designate the primary root:
This example shows how to set the priority and timer values for the bridge:
|
|
---|---|
To reenable specific interfaces to automatically interoperate between Multiple Spanning Tree (MST) and Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst command. To prevent specific MST interfaces from automatically interoperating with a connecting device running Rapid PVST+, use the spanning-tree mst simulate pvst disable command. To return specific interfaces to the default settings that are set globally for the switch, use the no form of this command.
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst disable
no spanning-tree mst simulate pvst
Enabled. By default, all interfaces on the switch interoperate seamlessly between MST and Rapid PVST+. See the spanning-tree mst simulate pvst global command to change this setting globally.
|
|
MST interoperates with Rapid PVST+ with no need for user configuration. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
Note To block automatic MST and Rapid PVST+ interoperability for the entire switch, use no spanning-tree mst simulate pvst global command.
This command is useful when you want to prevent accidental connection with a device running Rapid PVST+.
To reenable seamless operation between MST and Rapid PVST+ on specific interfaces, use the spanning-tree mst simulate pvst command.
This example shows how to prevent specified ports from automatically interoperating with a connected device running Rapid PVST+:
switch(config-if)#
spanning-tree mst simulate pvst disable
|
|
---|---|
Enables global seamless interoperation between MST and Rapid PVST+. |
To prevent the Multiple Spanning Tree (MST) switch from automatically interoperating with a connecting device running Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst global command. To return to the default settings, which is a seamless operation between MST and Rapid PVST+ on the switch, use the no spanning-tree mst simulate pvst global command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
Enabled. By default, the switch interoperates seamlessly between MST and Rapid PVST+.
|
|
MST does not require user configuration to interoperate with Rapid PVST+. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the no spanning-tree mst simulate pvst global command, the switch running in MST mode moves all interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) into the Spanning Tree Protocol (STP) blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
You can also use this command from the interface mode, and the configuration applies to the entire switch.
Note To block automatic MST and Rapid PVST+ interoperability for specific interfaces, see the spanning-tree mst simulate pvst command.
This command is useful when you want to prevent accidental connection with a device not running MST.
To return the switch to seamless operation between MST and Rapid PVST+, use the spanning-tree mst simulate pvst global command.
This example shows how to prevent all ports on the switch from automatically interoperating with a connected device running Rapid PVST+:
switch(config)#
no
spanning-tree mst simulate pvst global
|
|
---|---|
Enables seamless interoperation between MST and Rapid PVST+ by the interface. |
To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.
spanning-tree pathcost method { long | short }
no spanning-tree pathcost method
|
|
The long path-cost calculation method uses all 32 bits for path-cost calculations and yields valued in the range of 2 through 2,00,000,000.
The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.
Note This command applies only to the Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default mode. When you are using Multiple Spanning Tree (MST) spanning tree mode, the switch uses only the long method for calculating path cost; this is not user-configurable for MST.
This example shows how to set the default pathcost method to long:
switch(config)#
spanning-tree pathcost method long
|
|
---|---|
To configure an interface connected to a host as an edge port, which automatically transitions the port to the spanning tree forwarding state without passing through the blocking or learning states, use the spanning-tree port type edge command. To return the port to a normal spanning tree port, use the no spanning-tree port type command.
spanning-tree port type edge [ trunk ]
(Optional) Configures the trunk port as a spanning tree edge port. |
The default is the global setting for the default port type edge that is configured when you entered the spanning-tree port type edge default command. If you did not configure a global setting, the default spanning tree port type is normal.
|
|
You can also use this command to configure a port in trunk mode as a spanning tree edge port.
When a linkup occurs, spanning tree edge ports are moved directly to the spanning tree forwarding state without waiting for the standard forward-time delay.
Note This is the same functionality that was previously provided by the Cisco-proprietary PortFast feature.
When you use this command, the system returns a message similar to the following:
When you use this command without the trunk keyword, the system returns an additional message similar to the following:
To configure trunk interfaces as spanning tree edge ports, use the spanning-tree port type trunk command. To remove the spanning tree edge port type setting, use the no spanning-tree port type command.
This example shows how to configure an interface connected to a host as an edge port, which automatically transitions that interface to the forwarding state on a linkup:
(config-if)#
spanning-tree port type edge
|
|
---|---|
To enable bridge protocol data unit (BPDU) Filtering by default on all spanning tree edge ports, use the spanning-tree port type edge bpdufilter default command. To disable BPDU Filtering by default on all edge ports, use the no form of this command.
spanning-tree port type edge bpdufilter default
no spanning-tree port type edge bpdufilter default
|
|
To enable BPDU Filtering by default, you must do the following:
Use this command to enable BPDU Filtering globally on all spanning tree edge ports. BPDU Filtering prevents a port from sending or receiving any BPDUs.
You can override the global effects of this spanning-tree port type edge bpdufilter default command by configuring BPDU Filtering at the interface level. See the spanning-tree bpdufilter command for complete information on using this feature at the interface level.
Note The BPDU Filtering feature’s functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU Filtering is applied only on ports that are operational spanning tree edge ports. Ports send a few BPDUs at a linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, that port immediately becomes a normal spanning tree port with all the normal transitions and BPDU Filtering is disabled. When enabled locally on a port, BPDU Filtering prevents the switch from receiving or sending BPDUs on this port.
This example shows how to enable BPDU Filtering globally on all spanning tree edge operational ports by default:
switch(config)#
spanning-tree port type edge bpdufilter default
|
|
---|---|
Displays the information about the spanning tree configuration. |
|
To enable bridge protocol data unit (BPDU) Guard by default on all spanning tree edge ports, use the spanning-tree port type edge bpduguard default command. To disable BPDU Guard on all edge ports by default, use the no form of this command.
spanning-tree port type edge bpduguard default
no spanning-tree port type edge bpduguard default
|
|
To enable BPDU Guard by default, you must do the following:
Use this command to enable BPDU Guard globally on all spanning tree edge ports. BPDU Guard disables a port if it receives a BPDU.
Global BPDU Guard is applied only on spanning tree edge ports.
You can also enable BPDU Guard per interface; see the spanning-tree bpduguard command for more information.
Note We recommend that you enable BPDU Guard on all spanning tree edge ports.
This example shows how to enable BPDU Guard by default on all spanning tree edge ports:
(config)#
spanning-tree port type edge bpduguard default
|
|
---|---|
Displays the information about the spanning tree configuration. |
|
To configure all access ports that are connected to hosts as edge ports by default, use the spanning-tree port type edge default command. To restore all ports connected to hosts as normal spanning tree ports by default, use the no form of this command.
spanning-tree port type edge default
no spanning-tree port type edge default
|
|
Use this command to automatically configure all interfaces as spanning tree edge ports by default. This command will not work on trunk ports.
When a linkup occurs, an interface configured as an edge port automatically moves the interface directly to the spanning tree forwarding state without waiting for the standard forward-time delay. (This transition was previously configured as the Cisco-proprietary PortFast feature.)
When you use this command, the system returns a message similar to the following:
You can configure individual interfaces as edge ports using the spanning-tree port type edge command.
This example shows how to globally configure all ports connected to hosts as spanning tree edge ports:
(config)#
spanning-tree port type edge default
|
|
---|---|
To configure the interface that connects to a switch as a network spanning tree port, regardless of the global configuration, use the spanning-tree port type network command. To return the port to a normal spanning tree port, use the use the no form of this command.
spanning-tree port type network
The default is the global setting for the default port type network that is configured when you entered the spanning-tree port type network default command. If you did not configure a global setting, the default spanning tree port type is normal.
|
|
Use this command to configure an interface that connects to a switch as a spanning tree network port. Bridge Assurance runs only on Spanning Tree Protocol (STP) network ports.
Note If you mistakenly configure ports connected to hosts as STP network ports and enable Bridge Assurance, those ports will automatically move into the blocking state.
Note Bridge Assurance is enabled by default, and all interfaces configured as spanning tree network ports have Bridge Assurance enabled.
To configure a port as a spanning tree network port, use the spanning-tree port type network command. To remove this configuration, use the no spanning-tree port type command. When you use the no spanning-tree port type command, the software returns the port to the global default setting for network port types.
You can configure all ports that are connected to switches as spanning tree network ports by default by entering the spanning-tree port type network default command.
This example shows how to configure an interface connected to a switch or bridge as a spanning tree network port:
(config-if)#
spanning-tree port type network
switch(
config-if)#
|
|
---|---|
Displays information about the spanning tree configuration per specified interface. |
To configure all ports as spanning tree network ports by default, use the spanning-tree port type network default command. To restore all ports to normal spanning tree ports by default, use the no form of this command.
spanning-tree port type network default
no spanning-tree port type network default
|
|
Use this command to automatically configure all interfaces that are connected to switches as spanning tree network ports by default. You can then use the spanning-tree port type edge command to configure specified ports that are connected to hosts as spanning-tree edge ports.
Note If you mistakenly configure ports connected to hosts as Spanning Tree Protocol (STP) network ports and Bridge Assurance is enabled, those ports will automatically move into the blocking state.
Configure only the ports that connect to other switches as network ports because the Bridge Assurance feature causes network ports that are connected to hosts to move into the spanning tree blocking state.
You can identify individual interfaces as network ports by using the spanning-tree port type network command.
This example shows how to globally configure all ports connected to switches as spanning tree network ports:
(config)#
spanning-tree port type network default
switch(
config)#
|
|
---|---|
To set an interface priority when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] port-priority value
no spanning-tree [ vlan vlan-id ] port-priority
(Optional) Specifies the VLAN identification number. The range is from 0 to 4094. |
|
Port priority. The range is from 1 to 224, in increments of 32. |
|
|
Do not use the vlan vlan-id parameter on access ports. The software uses the port priority value for access ports and the VLAN port priority values for trunk ports.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Note Use this command to configure the port priority for Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default STP mode. To configure the port priority for Multiple Spanning Tree (MST) spanning tree mode, use the spacing-tree mst port-priority command.
This example shows how to increase the probability that the spanning tree instance on access port interface 2/0 is chosen as the root bridge by changing the port priority to 32:
(config-if)#
spanning-tree port-priority 32
switch(
config-if)#
|
|
---|---|
Displays information on the spanning tree port priority for the interface. |
To configure Spanning Tree Protocol (STP) parameters on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [ forward-time value | hello-time value | max-age value | priority value | [ root { primary | secondary } [ diameter dia [ hello-time value ]]]]
no spanning-tree vlan vlan-id [ forward-time | hello-time | max-age | priority | root ]
|
|
When setting the max-age seconds, if a bridge does not see BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary alters this switch’s bridge priority to 24576. If you enter the spanning-tree root primary command and the switch does not become the root, then the bridge priority is changed to 4096 less than the bridge priority of the current bridge. The command fails if the value required to be the root bridge is less than 1. If the switch does not become the root, an error results.
If the network devices are set for the default bridge priority of 32768 and you enter the spanning-tree root secondary command, the software alters this switch’s bridge priority to 28762. If the root switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on the backbone switches only.
This example shows how to enable spanning tree on VLAN 200:
switch(config)#
spanning-tree vlan 200
switch(
config)#
This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root primary diameter 4
switch(
config)#
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root secondary diameter 4
switch(
config)#
|
|
---|---|
To set the operational state for a VLAN, use the state command. To return a VLAN to its default operational state, use the no form of this command.
VLAN configuration mode
Switch profile VLAN configuration mode
|
|
---|---|
Support for this command was introduced in a switch profile. |
You cannot suspend the state for VLAN 1 or VLANs 1006 to 4094.
This example shows how to suspend VLAN 2:
switch(config)#
vlan 2
switch(
config-vlan)#
state suspend
switch(
config-vlan)#
This example shows how to suspend VLAN 5 in a switch profile:
|
|
---|---|
To configure traffic storm control for traffic on an interface, use the storm-control command. To disable traffic storm control on an interface, use the no form of this command.
storm-control [broadcast | multicast | unicast] level percentage[.fraction] | [action {[no] shutdown | trap }]
no storm-control [broadcast | multicast | unicast] level percentage[.fraction] | [action { [no] shutdown | trap }]
|
|
---|---|
This example shows how to configure traffic storm control for port channels 122 and 123:
This example shows how to configure the port to shut down during a traffic storm:
This example shows how to configure the port to generate an SNMP trap during a traffic storm:
|
|
---|---|
Displays the running configuration information for configured interfaces. |
To enable the creation of VLAN interfaces, use the svi enable command. To disable the VLAN interface feature, use the no form of this command.
|
|
---|---|
You must use the feature interface-vlan command before you can create VLAN interfaces.
This example shows how to enable the interface VLAN feature on the switch:
switch(config)#
|
|
---|---|
To set the access VLAN when the interface is in access mode, use the switchport access vlan command. To reset the access-mode VLAN to the appropriate default VLAN for the switch, use the no form of this command.
switchport access vlan vlan-id
VLAN to set when the interface is in access mode. The range is from 1 to 4094, except for the VLANs reserved for internal use. |
|
|
Use the no form of the switchport access vlan command to reset the access-mode VLAN to the appropriate default VLAN for the switch. This action may generate messages on the device to which the port is connected.
This example shows how to configure an Ethernet interface to join VLAN 2:
switch(config)#
interface ethernet 1/7
switch(config-if)#
switchport access vlan 2
switch(config-if)#
|
|
---|---|
Displays the administrative and operational status of a port. |
To set the interface type to be a host port for a private VLAN, use the switchport mode private-vlan host command.
switchport mode private-vlan host
|
|
When you configure a port as a host private VLAN port and one of the following applies, the port becomes inactive:
If you delete a private VLAN port association, or if you configure a private port as a SPAN destination, the deleted private VLAN port association or the private port that is configured as a SPAN destination becomes inactive.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
This example shows how to set a port to host mode for private VLANs:
switch(config-if)#
switchport mode private-vlan host
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To set the interface type to be a promiscuous port for a private VLAN, use the switchport mode private-vlan promiscuous command.
switchport mode private-vlan promiscuous
|
|
When you configure a port as a promiscuous private VLAN port and one of the following applies, the port becomes inactive:
If you delete a private VLAN port mapping or if you configure a private port as a SPAN destination, the deleted private VLAN port mapping or the private port that is configured as a SPAN destination becomes inactive.
See the private-vlan command for more information on promiscuous ports.
This example shows how to set a port to promiscuous mode for private VLANs:
switch(config-if)#
switchport mode private-vlan promiscuous
switch(config-if)#
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To configure a rate limit to monitor traffic on an interface, use the switchport monitor rate-limit command. To remove a rate limit, use the no form of this command.
switchport monitor rate-limit 1G
no switchport monitor rate-limit [ 1G ]
|
|
---|---|
This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association { primary-vlan-id } { secondary-vlan-id }
no switchport private-vlan host-association
Number of the primary VLAN of the private VLAN relationship. |
|
Number of the secondary VLAN of the private VLAN relationship. |
|
|
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on primary VLANs, secondary VLANs, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 3000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to configure a Layer 2 host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
switch(config-if)#
switchport private-vlan host-association 18 20
switch(config-if)#
This example shows how to remove the private VLAN association from the port:
switch(config-if)#
no switchport private-vlan host-association
|
|
---|---|
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping { primary-vlan-id } {[ add ] secondary-vlan-id | remove secondary-vlan-id }
no switchport private-vlan mapping
|
|
There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on primary VLANs, secondary VLANs, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 3000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to configure the associated primary VLAN 18 to secondary isolated VLAN 20 on a private VLAN promiscuous port:
switch(config-if)#
switchport private-vlan mapping 18 20
This example shows how to add a VLAN to the association on the promiscuous port:
switch(config-if)#
switchport private-vlan mapping 18 add 21
This example shows how to remove all private VLAN associations from the port:
switch(config-if)#
no switchport private-vlan mapping
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Displays the information about the private VLAN mapping for VLAN interfaces or switch virtual interfaces (SVIs). |
To add a VLAN or to enter the VLAN configuration mode, use the vlan command. To delete the VLAN and exit the VLAN configuration mode, use the no form of this command.
no vlan { vlan-id | vlan-range }
Global configuration mode
Switch profile configuration mode
Note You can also create and delete VLANs in the VLAN configuration mode using these same commands.
|
|
---|---|
When you enter the vlan vlan-id command, a new VLAN is created with all default parameters and causes the CLI to enter VLAN configuration mode. If the vlan-id argument that you entered matches an existing VLAN, nothing happens except that you enter VLAN configuration mode.
You can enter the vlan-range using a comma (,), a dash (-), and the number.
VLAN 1 parameters are factory configured and cannot be changed; you cannot create or delete this VLAN. Additionally, you cannot create or delete VLAN 4095 or any of the internally allocated VLANs.
When you delete a VLAN, all the access ports in that VLAN are shut down and no traffic flows. On trunk ports, the traffic continues to flow for the other VLANs allowed on that port, but the packets for the deleted VLAN are dropped. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
In Cisco NX-OS 5.0(3)U1(1), you can configure VLANs on a device configured as a VLAN Trunking Protocol (VTP) server or transparent device. If the VTP device is configured as a client, you cannot add a VLAN or enter the VLAN configuration mode.
This example shows how to add a new VLAN and enter VLAN configuration mode:
switch(config)#
vlan 2
switch(config-vlan)#
This example shows how to add a range of new VLANs and enter VLAN configuration mode:
switch(config)#
vlan 2,5,10-12,20,25,4000
switch(config-vlan)#
This example shows how to add a new VLAN and enter VLAN configuration mode in a switch profile:
This example shows how to delete a VLAN:
switch(config)#
no vlan 2
switch(config)#
|
|
---|---|
Configures the Internet Group Management Protocol (IGMP) on a VLAN. |
|
To enable dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch, use the vlan dot1Q tag native command. To disable dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch, use the no form of this command.
Global configuration mode
Switch profile configuration mode
|
|
---|---|
Typically, you configure 802.1Q trunks with a native VLAN ID, which strips tagging from all packets on that VLAN.
To maintain the tagging on the native VLAN and drop untagged traffic, use the vlan dot1q tag native command. The switch will tag the traffic received on the native VLAN and admit only 802.1Q-tagged frames, dropping any untagged traffic, including untagged traffic in the native VLAN.
Control traffic continues to be accepted as untagged on the native VLAN on a trunked port, even when the vlan dot1q tag native command is enabled.
Note The vlan dot1q tag native command is enabled on global basis.
This example shows how to enable 802.1Q tagging on the switch:
This example shows how to disable 802.1Q tagging on the switch:
This example shows how to enable 802.1Q tagging in a switch profile:
|
|
---|---|
To enable VLAN Trunking Protocol (VTP) on an interface, use the vtp command. To disable VTP on an interface, use the no form of this command.
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
VLAN Trunking Protocol (VTP) is a Cisco Proprietary Layer 2 messaging protocol used to distribute the VLAN configuration information across multiple devices within a VTP domain.
This example shows how to enable VTP on an interface:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
Enables Simple Network Management Protocol (SNMP) notifications. |
To configure the name of the VLAN Trunking Protocol (VTP) administrative domain, use the vtp domain command. To remove the domain name, use the no form of this command.
VTP domain name. The name can be a maximum of 32 ASCII characters. |
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
VLAN Trunking Protocol (VTP) is a Cisco Proprietary Layer 2 messaging protocol used to distribute the VLAN configuration information across multiple devices within a VTP domain. Without VTP, you must configure VLANs in each device in the network. Using VTP, you configure VLANs on a VTP server and then distribute the configuration to other VTP devices in the VTP domain.
This example shows how to create a VTP domain named accounting:
|
|
---|---|
To store the VLAN Trunking Protocol (VTP) configuration information in a file, use the vtp file command. To stop storing the configuration in a file, use the no form of this command.
vtp file bootflash: server [ directory/ ] filename
Note There can be no spaces in the bootflash://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
The default configuration file is stored in the VTP database, vlan.dat, in NVRAM. VTP configuration information is also stored in the startup configuration file.
Note Do not delete the vlan.dat file.
When a switch in a VTP domain reloads, the switch updates the VTP domain and VLAN configuration information from the information contained in the VTP database file (vlan.dat) or the startup configuration file.
If both the VTP database and the startup configuration file show the VTP mode as transparent and the VTP domain names match, the VTP database is ignored. The VTP and VLAN configurations in the startup configuration file are used to restore the configuration in this VTP device.
If the VTP domain information in the startup configuration file does not match with that in the VTP database file, then the configuration in the VTP database file is used to restore the configuration in the transparent VTP device.
This example shows how to store the VTP configuration to a file named myvtp.txt in the local writable storage file system, bootflash:
|
|
---|---|
To configure the VLAN Trunking Protocol (VTP) device mode, use the vtp mode command. To revert to the default server mode, use the no form of this command.
|
|
---|---|
VLAN Trunking Protocol (VTP) is a Cisco Proprietary Layer 2 messaging protocol used to distribute the VLAN configuration information across multiple devices within a VTP domain. Without VTP, you must configure VLANs in each device in the network. Using VTP, you configure VLANs on a VTP server and then distribute the configuration to other VTP devices in the VTP domain.
In VTP transparent mode, you can configure VLANs (add, delete, or modify) and private VLANs. VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. The VTP configuration revision number is always set to zero (0). Transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2.
This example shows how to configure a VTP device in transparent mode and add VLANs 2, 3, and 4:
|
|
---|---|
To set the password for the VTP administrative domain, use the vtp password command. To remove the administrative password, use the no form of this command.
VTP domain password. The password is in ASCII text and can be a maximum of 64 characters. |
|
|
---|---|
If you configure a password for VTP, you must configure the password on all switches in the VTP domain. The password must be the same password on all those switches. The VTP password that you configure is translated by an algorithm into a 16-byte word (MD5 value) that is carried in all summary-advertisement VTP packets.
This example shows how to configure a password for the VTP administrative domain named accounting:
|
|
---|---|
To configure the administrative domain to a VLAN Trunking Protocol (VTP) version, use the vtp version command. To revert to the default version, use the no form of this command.
|
|
---|---|
Before you use this command, you must enable VTP on the switch by using the feature vtp command.
If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.
This example shows how to enable VTP version 2 for Token Ring VLANs:
|
|
---|---|