Layer 2 Commands

channel-group

To assign an Ethernet port to an EtherChannel group, or to enable an EtherChannel mode, or both, use the channel-group command in interface configuration mode. To remove an Ethernet port from an EtherChannel group, use the no form of this command.

channel-group { auto | channel-group-number mode {active | auto [non-silent] | desirable [non-silent] | on | passive}}

no channel-group

Syntax Description

auto

Enables auto-LAG feature on individual port interface.

By default, the auto-LAG feature is enabled on the port.

channel-group-number

Channel group number. The range is 1 to 24.

mode

Specifies the EtherChannel mode.

active

Unconditionally enables Link Aggregation Control Protocol (LACP).

auto

Enables the Port Aggregation Protocol (PAgP) only if a PAgP device is detected.

non-silent

(Optional) Configures the interface for nonsilent operation when connected to a partner that is PAgP-capable. Use in PAgP mode with the auto or desirable keyword when traffic is expected from the other device.

desirable

Unconditionally enables PAgP.

on

Enables the on mode.

passive

Enables LACP only if a LACP device is detected.

Command Default

No channel groups are assigned.

No mode is configured.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The LAN Lite feature set supports up to six EtherChannels.

The LAN Base feature set supports up to 24 EtherChannels; however, in mixed stack configurations, only six EtherChannels are supported.

For Layer 2 EtherChannels, the channel-group command automatically creates the port-channel interface when the channel group gets its first physical port. You do not have to use the interface port-channel command in global configuration mode to manually create a port-channel interface. If you create the port-channel interface first, the channel-group-number can be the same as the port-channel-number , or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.

Although it is not necessary to disable the IP address that is assigned to a physical port that is part of a channel group, we strongly recommend that you do so.

You create Layer 3 port channels by using the interface port-channel command followed by the no switchport interface configuration command. Manually configure the port-channel logical interface before putting the interface into the channel group.

After you configure an EtherChannel, configuration changes that you make on the port-channel interface apply to all the physical ports assigned to the port-channel interface. Configuration changes applied to the physical port affect only the port where you apply the configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk.

Active mode places a port into a negotiating state in which the port initiates negotiations with other ports by sending LACP packets. A channel is formed with another port group in either the active or passive mode.

Auto mode places a port into a passive negotiating state in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. A channel is formed only with another port group in desirable mode. When auto is enabled, silent operation is the default.

Desirable mode places a port into an active negotiating state in which the port starts negotiations with other ports by sending PAgP packets. An EtherChannel is formed with another port group that is in the desirable or auto mode. When desirable is enabled, silent operation is the default.

If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent mode is used when the device is connected to a device that is not PAgP-capable and rarely, if ever, sends packets. An example of a silent partner is a file server or a packet analyzer that is not generating traffic. In this case, running PAgP on a physical port prevents that port from ever becoming operational. However, it allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. Both ends of the link cannot be set to silent.

In on mode, a usable EtherChannel exists only when both connected port groups are in the on mode.


Caution

Use care when using the on mode. This is a manual configuration, and ports on both ends of the EtherChannel must have the same configuration. If the group is misconfigured, packet loss or spanning-tree loops can occur.


Passive mode places a port into a negotiating state in which the port responds to received LACP packets but does not initiate LACP packet negotiation. A channel is formed only with another port group in active mode.

Do not configure an EtherChannel in both the PAgP and LACP modes. EtherChannel groups running PAgP and LACP can coexist on the same device or on different devices in the stack (but not in a cross-stack configuration). Individual EtherChannel groups can run either PAgP or LACP, but they cannot interoperate.

If you set the protocol by using the channel-protocol interface configuration command, the setting is not overridden by the channel-group interface configuration command.

Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x authentication on an EtherChannel port, an error message appears, and IEEE 802.1x authentication is not enabled.

Do not configure a secure port as part of an EtherChannel or configure an EtherChannel port as a secure port.

For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.


Caution

Do not enable Layer 3 addresses on the physical EtherChannel ports. Do not assign bridge groups on the physical EtherChannel ports because it creates loops.


Examples

This example shows how to configure an EtherChannel on a single device in the stack. It assigns two static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/1 - 2
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode desirable
Device(config-if-range)# end

This example shows how to configure an EtherChannel on a single device in the stack. It assigns two static-access ports in VLAN 10 to channel 5 with the LACP mode active:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/1 - 2
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode active
Device(config-if-range)# end

This example shows how to configure a cross-stack EtherChannel in a device stack. It uses LACP passive mode and assigns two ports on stack member 2 and one port on stack member 3 as static-access ports in VLAN 10 to channel 5:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/4 - 5
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode passive
Device(config-if-range)# exit
Device(config)# interface GigabitEthernet 3/0/3
Device(config-if)# switchport mode access
Device(config-if)# switchport access vlan 10
Device(config-if)# channel-group 5 mode passive
Device(config-if)# exit

You can verify your settings by entering the show running-config privileged EXEC command.

channel-protocol

To restrict the protocol used on a port to manage channeling, use the channel-protocol command in interface configuration mode. To return to the default setting, use the no form of this command.

channel-protocol {lacp | pagp}

no channel-protocol

Syntax Description

lacp

Configures an EtherChannel with the Link Aggregation Control Protocol (LACP).

pagp

Configures an EtherChannel with the Port Aggregation Protocol (PAgP).

Command Default

No protocol is assigned to the EtherChannel.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Use the channel-protocol command only to restrict a channel to LACP or PAgP. If you set the protocol by using the channel-protocol command, the setting is not overridden by the channel-group interface configuration command.

You must use the channel-group interface configuration command to configure the EtherChannel parameters. The channel-group command also can set the mode for the EtherChannel.

You cannot enable both the PAgP and LACP modes on an EtherChannel group.

PAgP and LACP are not compatible; both ends of a channel must use the same protocol.

You cannot configure PAgP on cross-stack configurations.

Examples

This example shows how to specify LACP as the protocol that manages the EtherChannel:

Device(config-if)# channel-protocol lacp

You can verify your settings by entering the show etherchannel [channel-group-number] protocol privileged EXEC command.

clear lacp

To clear Link Aggregation Control Protocol (LACP) channel-group counters, use the clear lacp command in privileged EXEC mode.

clear lacp [channel-group-number] counters

Syntax Description

channel-group-number

(Optional) Channel group number. The range is 1 to 24.

counters

Clears traffic counters.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command.

Examples

This example shows how to clear all channel-group information:

Device# clear lacp counters

This example shows how to clear LACP traffic counters for group 4:

Device# clear lacp 4 counters

You can verify that the information was deleted by entering the show lacp counters or the show lacp channel-group-number counters privileged EXEC command.

clear pagp

To clear the Port Aggregation Protocol (PAgP) channel-group information, use the clear pagp command in privileged EXEC mode.

clear pagp [channel-group-number] counters

Syntax Description

channel-group-number

(Optional) Channel group number. The range is 1 to 24.

counters

Clears traffic counters.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command.

Examples

This example shows how to clear all channel-group information:

Device# clear pagp counters

This example shows how to clear PAgP traffic counters for group 10:

Device# clear pagp 10 counters

You can verify that the information was deleted by entering the show pagp privileged EXEC command.

clear spanning-tree counters

To clear the spanning-tree counters, use the clear spanning-tree counters command in privileged EXEC mode.

clear spanning-tree counters [ interface interface-id]

Syntax Description

interface interface-id

(Optional) Clears all spanning-tree counters on the specified interface. Valid interfaces include physical ports, VLANs, and port channels.

The VLAN range is 1 to 4094.

The port-channel range is 1 to 24.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If the interface-id value is not specified, spanning-tree counters are cleared for all interfaces.

Examples

This example shows how to clear spanning-tree counters for all interfaces:


Device# clear spanning-tree counters

clear spanning-tree detected-protocols

To restart the protocol migration process and force renegotiation with neighboring devices on the interface, use the clear spanning-tree detected-protocols command in privileged EXEC mode.

clear spanning-tree detected-protocols [interface interface-id]

Syntax Description

interface interface-id

(Optional) Restarts the protocol migration process on the specified interface. Valid interfaces include physical ports, VLANs, and port channels.

The VLAN range is 1 to 4094.

The port-channel range is 1 to 24.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

A device running the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol or the Multiple Spanning Tree Protocol (MSTP) supports a built-in protocol migration method that enables it to interoperate with legacy IEEE 802.1D devices. If a rapid-PVST+ or an MSTP device receives a legacy IEEE 802.1D configuration bridge protocol data unit (BPDU) with the protocol version set to 0, the device sends only IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) device can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).

The device does not automatically revert to the rapid-PVST+ or the MSTP mode if it no longer receives IEEE 802.1D BPDUs because it cannot learn whether the legacy switch has been removed from the link unless the legacy switch is the designated switch. Use the clear spanning-tree detected-protocols command in this situation.

Examples

This example shows how to restart the protocol migration process on a port:


Device# clear spanning-tree detected-protocols interface gigabitethernet2/0/1

debug etherchannel

To enable debugging of EtherChannels, use the debug etherchannel command in privileged EXEC mode. To disable debugging, use the no form of the command.

debug etherchannel [all | detail | error | event | idb ]

no debug etherchannel [all | detail | error | event | idb ]

Syntax Description

all

(Optional) Displays all EtherChannel debug messages.

detail

(Optional) Displays detailed EtherChannel debug messages.

error

(Optional) Displays EtherChannel error debug messages.

event

(Optional) Displays EtherChannel event messages.

idb

(Optional) Displays PAgP interface descriptor block debug messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The undebug etherchannel command is the same as the no debug etherchannel command.


Note

Although the linecard keyword is displayed in the command-line help, it is not supported.


When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display all EtherChannel debug messages:

Device# debug etherchannel all 

This example shows how to display debug messages related to EtherChannel events:

Device# debug etherchannel event

debug lacp

To enable debugging of Link Aggregation Control Protocol (LACP) activity, use the debug lacp command in privileged EXEC mode. To disable LACP debugging, use the no form of this command.

debug lacp [all | event | fsm | misc | packet]

no debug lacp [all | event | fsm | misc | packet]

Syntax Description

all

(Optional) Displays all LACP debug messages.

event

(Optional) Displays LACP event debug messages.

fsm

(Optional) Displays messages about changes within the LACP finite state machine.

misc

(Optional) Displays miscellaneous LACP debug messages.

packet

(Optional) Displays the receiving and transmitting LACP control packets.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The undebug etherchannel command is the same as the no debug etherchannel command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display all LACP debug messages:

Device# debug LACP all 

This example shows how to display debug messages related to LACP events:

Device# debug LACP event

debug pagp

To enable debugging of Port Aggregation Protocol (PAgP) activity, use the debug pagp command in privileged EXEC mode. To disable PAgP debugging, use the no form of this command.

debug pagp [all | dual-active | event | fsm | misc | packet]

no debug pagp [all | dual-active | event | fsm | misc | packet]

Syntax Description

all

(Optional) Displays all PAgP debug messages.

dual-active

(Optional) Displays dual-active detection messages.

event

(Optional) Displays PAgP event debug messages.

fsm

(Optional) Displays messages about changes within the PAgP finite state machine.

misc

(Optional) Displays miscellaneous PAgP debug messages.

packet

(Optional) Displays the receiving and transmitting PAgP control packets.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The undebug pagp command is the same as the no debug pagp command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display all PAgP debug messages:

Device# debug pagp all 

This example shows how to display debug messages related to PAgP events:

Device# debug pagp event

debug platform etherchannel

To enable debugging of platform-dependent EtherChannel events, use the debug platform etherchannel command in EXEC mode. To disable debugging, use the no form of this command.

debug platform etherchannel {init | link-up | rpc | warnings}

no debug platform etherchannel {init | link-up | rpc | warnings}

Syntax Description

init

Displays EtherChannel module initialization debug messages.

link-up

Displays EtherChannel link-up and link-down related debug messages.

rpc

Displays EtherChannel remote procedure call (RPC) debug messages.

warnings

Displays EtherChannel warning debug messages.

Command Default

Debugging is disabled.

Command Modes

User EXEC

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

The undebug platform etherchannel command is the same as the no debug platform etherchannel command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display debug messages related to Etherchannel initialization:

Device# debug platform etherchannel init 

debug platform pm

To enable debugging of the platform-dependent port manager software module, use the debug platform pm command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug platform pm {all | atom | counters | errdisable | etherchnl | exceptions | gvi | hpm-events | idb-events | if-numbers | ios-events | link-status | platform | pm-events | pm-span | pm-vectors [detail] | rpc [general | oper-info | state | vectors | vp-events] | soutput-vectors | stack-manager | sync | vlans}

no debug platform pm {all | counters | errdisable | etherchnl | exceptions | hpm-events | idb-events | if-numbers | ios-events | link-status | platform | pm-events | pm-span | pm-vectors [detail] | rpc [general | oper-info | state | vectors | vp-events] | soutput-vectors | stack-manager | sync | vlans}

Syntax Description

all

Displays all port manager debug messages.

atom

Displays AToM related events.

counters

Displays counters for remote procedure call (RPC) debug messages.

errdisable

Displays error-disabled-related events debug messages.

etherchnl

Displays EtherChannel-related events debug messages.

exceptions

Displays system exception debug messages.

gvi

Displays IPe GVI-related messages.

hpm-events

Displays platform port manager event debug messages.

idb-events

Displays interface descriptor block (IDB)-related events debug messages.

if-numbers

Displays interface-number translation event debug messages.

ios-events

Displays Cisco IOS software events.

link-status

Displays interface link-detection event debug messages.

platform

Displays port manager function event debug messages.

pm-events

Displays port manager event debug messages.

pm-span

Displays port manager Switched Port Analyzer (SPAN) event debug messages.

pm-vectors

Displays port manager vector-related event debug messages.

detail

(Optional) Displays vector-function details.

rpc

Displays RPC-related messages.

general

(Optional) Displays general RPC-related messages.

oper-info

(Optional) Displays operational- and informational-related RPC messages.

state

(Optional) Displays administrative- and operational-related RPC messages.

vectors

(Optional) Displays vector-related RPC messages.

vp-events

(Optional) Displays virtual ports-related RPC messages.

soutput-vectors

Displays IDB output vector event debug messages.

stack-manager

Displays stack manager-related events debug messages.

This keyword is supported only on stacking-capable switches.

sync

Displays operational synchronization and VLAN line-state event debug messages.

vlans

Displays VLAN creation and deletion event debug messages.

Command Default

Debugging is disabled

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

The undebug platform pm command is the same as the no debug platform pm command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display debug messages related to the creation and deletion of VLANs:

Device# debug platform pm vlans 

debug spanning-tree

To enable debugging of spanning-tree activities, use the debug spanning-tree command in EXEC mode. To disable debugging, use the no form of this command.

debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | csuf/ csrt | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | synchronization | switch | uplinkfast}

no debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | csuf/ csrt | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | synchronization | switch | uplinkfast}

Syntax Description

all

Displays all spanning-tree debug messages.

backbonefast

Displays BackboneFast-event debug messages.

bpdu

Displays spanning-tree bridge protocol data unit (BPDU) debug messages.

bpdu-opt

Displays optimized BPDU handling debug messages.

config

Displays spanning-tree configuration change debug messages.

csuf/csrt

Displays cross-stack UplinkFast and cross-stack rapid transition activity debug messages.

etherchannel

Displays EtherChannel-support debug messages.

events

Displays spanning-tree topology event debug messages.

exceptions

Displays spanning-tree exception debug messages.

general

Displays general spanning-tree activity debug messages.

mstp

Debugs Multiple Spanning Tree Protocol (MSTP) events.

pvst+

Displays per-VLAN spanning-tree plus (PVST+) event debug messages.

root

Displays spanning-tree root-event debug messages.

snmp

Displays spanning-tree Simple Network Management Protocol (SNMP) handling debug messages.

switch

Displays device shim command debug messages. This shim is the software module that is the interface between the generic Spanning Tree Protocol (STP) code and the platform-specific code of various device platforms.

synchronization

Displays the spanning-tree synchronization event debug messages.

uplinkfast

Displays UplinkFast-event debug messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

The undebug spanning-tree command is the same as the no debug spanning-tree command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display all spanning-tree debug messages:

Device# debug spanning-tree all 

debug platform udld

To enable debugging of the platform-dependent UniDirectional Link Detection (UDLD) software, use the debug platform udld command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug platform udld [all | error | switch | rpc {events | | messages}]

no platform udld [all | | error | rpc {events | | messages}]

Syntax Description

all

(Optional) Displays all UDLD debug messages.

error

(Optional) Displays error condition debug messages.

rpc {events | messages }

(Optional) Displays UDLD remote procedure call (RPC) debug messages. The keywords have these meanings:

  • events —Displays UDLD RPC events.
  • messages —Displays UDLD RPC messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

The undebug platform udld command is the same as the no debug platform udld command.

When you enable debugging on a stack, it is enabled only on the stack's active switch. To enable debugging on a stack member , start a session from the stack's active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the stack member.

To enable debugging on a stack member without first starting a session on the stack's active switch, use the remote command switch-number LINE command in privileged EXEC mode.

interface port-channel

To access or create a port channel, use the interface port-channel command in global configuration mode. Use the no form of this command to remove the port channel.

interface port-channel port-channel-number

no interface port-channel

Syntax Description

port-channel-number

(Optional) Channel group number. The range is 1 to 24.

Command Default

No port channel logical interfaces are defined.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

For Layer 2 EtherChannels, you do not have to create a port-channel interface before assigning physical ports to a channel group. Instead, you can use the channel-group interface configuration command, which automatically creates the port-channel interface when the channel group obtains its first physical port. If you create the port-channel interface first, the channel-group-number can be the same as the port-channel-number , or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.

You create Layer 3 port channels by using the interface port-channel command followed by the no switchport interface configuration command. You should manually configure the port-channel logical interface before putting the interface into the channel group.

Only one port channel in a channel group is allowed.


Caution

When using a port-channel interface as a routed port, do not assign Layer 3 addresses on the physical ports that are assigned to the channel group.



Caution

Do not assign bridge groups on the physical ports in a channel group used as a Layer 3 port channel interface because it creates loops. You must also disable spanning tree.


Follow these guidelines when you use the interface port-channel command:

  • If you want to use the Cisco Discovery Protocol (CDP), you must configure it on the physical port and not on the port channel interface.

  • Do not configure a port that is an active member of an EtherChannel as an IEEE 802.1x port. If IEEE 802.1x is enabled on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.

For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.

Examples

This example shows how to create a port channel interface with a port channel number of 5:

Device(config)# interface port-channel 5

You can verify your setting by entering the show running-config privileged EXEC or show etherchannel channel-group-number detail privileged EXEC command.

lacp port-priority

To configure the port priority for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command in interface configuration mode. To return to the default setting, use the no form of this command.

lacp port-priority priority

no lacp port-priority

Syntax Description

priority

Port priority for LACP. The range is 1 to 65535.

Command Default

The default is 32768.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The lacp port-priority interface configuration command determines which ports are bundled and which ports are put in hot-standby mode when there are more than eight ports in an LACP channel group.

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode.

In port-priority comparisons, a numerically lower value has a higher priority: When there are more than eight ports in an LACP channel group, the eight ports with the numerically lowest values (highest priority values) for LACP port priority are bundled into the channel group, and the lower-priority ports are put in hot-standby mode. If two or more ports have the same LACP port priority (for example, they are configured with the default setting of 65535), then an internal value for the port number determines the priority.


Note

The LACP port priorities are only effective if the ports are on the device that controls the LACP link. See the lacp system-priority global configuration command for determining which device controls the link.


Use the show lacp internal privileged EXEC command to display LACP port priorities and internal port number values.

For information about configuring LACP on physical ports, see the configuration guide for this release.

Examples

This example shows how to configure the LACP port priority on a port:

Device# interface gigabitethernet2/0/1
Device(config-if)# lacp port-priority 1000

You can verify your settings by entering the show lacp [channel-group-number] internal privileged EXEC command.

lacp system-priority

To configure the system priority for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command in global configuration mode on the device. To return to the default setting, use the no form of this command.

lacp system-priority priority

no lacp system-priority

Syntax Description

priority

System priority for LACP. The range is 1 to 65535.

Command Default

The default is 32768.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The lacp system-priority command determines which device in an LACP link controls port priorities.

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel group, the device on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode. Port priorities on the other device (the noncontrolling end of the link) are ignored.

In priority comparisons, numerically lower values have a higher priority. Therefore, the system with the numerically lower value (higher priority value) for LACP system priority becomes the controlling system. If both devices have the same LACP system priority (for example, they are both configured with the default setting of 32768), the LACP system ID (the device MAC address) determines which device is in control.

The lacp system-priority command applies to all LACP EtherChannels on the device.

Use the show etherchannel summary privileged EXEC command to see which ports are in the hot-standby mode (denoted with an H port-state flag in the output display).

Examples

This example shows how to set the LACP system priority:

Device(config)# lacp system-priority 20000

You can verify your settings by entering the show lacp sys-id privileged EXEC command.

link state group

To configure an interface as a member of a link-state group, use the link state group command in interface configuration mode. Use the no form of this command to remove an interface from a link-state group.

link state group [number] {downstream | upstream}

no link state group [number] {downstream | upstream}

Syntax Description

number

(Optional) Specifies the number of the link-state group. The range is 1 to 2. The default group number is 1.

downstream

Configures the interface as a downstream interface in the group.

upstream

Configures the interface as an upstream interface in the group.

Command Default

No link-state group is configured.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

This command is supported only on the LAN Base image.

Add upstream interfaces to the link-state group before adding downstream interfaces, otherwise, the downstream interfaces move into error-disable mode. These are the limitations:

  • An interface can be an upstream interface or a downstream interface.
  • An interface can belong to only one link-state group.
  • Only two link-state groups can be configured on a switch.

Examples

This example shows how to configure the interfaces as upstream in group 2:

Device# configure terminal
Device(config)# interface range gigabitethernet2/0/1 -2
Device(config-if-range)# link state group 2 upstream
Device(config-if-range)# end

link state track

To enable a link-state group, use the link state track command in global configuration mode. Use the no form of this command to disable a link-state group.

link state track [number]

no link state track [number]

Syntax Description

number

(Optional) Specifies the number of the link-state group. The range is 1 to 2. The default is 1.

Command Default

Link-state tracking is disabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

This command is supported only on the LAN Base image.

Use the link state group command to create and configure the link-state group. You then can use this command to enable the link-state group.

Examples

This example shows how to enable link-state group 2:

Device# configure terminal
Device(config)# link state track 2
Device(config)# end

pagp learn-method

To learn the source address of incoming packets received from an EtherChannel port, use the pagp learn-method command in interface configuration mode. To return to the default setting, use the no form of this command.

pagp learn-method {aggregation-port | physical-port}

no pagp learn-method

Syntax Description

aggregation-port

Specifies address learning on the logical port channel. The device sends packets to the source using any port in the EtherChannel. This setting is the default. With aggregation-port learning, it is not important on which physical port the packet arrives.

physical-port

Specifies address learning on the physical port within the EtherChannel. The device sends packets to the source using the same port in the EtherChannel from which it learned the source address. The other end of the channel uses the same port in the channel for a particular destination MAC or IP address.

Command Default

The default is aggregation-port (logical port channel).

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The learn method must be configured the same at both ends of the link.

The device supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority interface configuration commands have no effect on the device hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports.

When the link partner to the device is a physical learner, we recommend that you configure the device as a physical-port learner by using the pagp learn-method physical-port interface configuration command. We also recommend that you set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command. Use the pagp learn-method interface configuration command only in this situation.

Examples

This example shows how to set the learning method to learn the address on the physical port within the EtherChannel:

Device(config-if)# pagp learn-method physical-port

This example shows how to set the learning method to learn the address on the port channel within the EtherChannel:

Device(config-if)# pagp learn-method aggregation-port

You can verify your settings by entering the show running-config privileged EXEC command or the show pagp channel-group-number internal privileged EXEC command.

pagp port-priority

To select a port over which all Port Aggregation Protocol (PAgP) traffic through the EtherChannel is sent, use the pagp port-priority command in interface configuration mode. If all unused ports in the EtherChannel are in hot-standby mode, they can be placed into operation if the currently selected port and link fails. To return to the default setting, use the no form of this command.

pagp port-priority priority

no pagp port-priority

Syntax Description

priority

Priority number. The range is from 0 to 255.

Command Default

The default is 128.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The physical port with the highest priority that is operational and has membership in the same EtherChannel is the one selected for PAgP transmission.

The device supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority interface configuration commands have no effect on the device hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports, such as the Catalyst 1900 switch.

When the link partner to the device is a physical learner, we recommend that you configure the device as a physical-port learner by using the pagp learn-method physical-port interface configuration command. We also recommend that you set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command. Use the pagp learn-method interface configuration command only in this situation.

Examples

This example shows how to set the port priority to 200:

Device(config-if)# pagp port-priority 200

You can verify your setting by entering the show running-config privileged EXEC command or the show pagp channel-group-number internal privileged EXEC command.

pagp timer

To set the PAgP timer expiration, use the pagp timer command in interface configuration mode. To return to the default setting, use the no form of this command.

pagp timer time

no pagp timer

Syntax Description

time

Specifies the number of seconds after which PAgP informational packets are timed-out. The range is 45 to 90.

Command Default

None

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

This command is available for all interfaces configured as part of a PAgP port channel.

Examples

This example shows how to set the PAgP timer expiration to 50 seconds:

Switch(config-if)# pagp timer 50

port-channel load-balance

To set the load-distribution method among the ports in the EtherChannel, use the port-channel load-balance command in global configuration mode. To reset the load-balancing function to the default setting, use the no form of this command.

port-channel load-balance {dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac}

no port-channel load-balance

Syntax Description

dst-ip

Specifies load distribution based on the destination host IP address.

dst-mac

Specifies load distribution based on the destination host MAC address. Packets to the same destination are sent on the same port, but packets to different destinations are sent on different ports in the channel.

src-dst-ip

Specifies load distribution based on the source and destination host IP address.

src-dst-mac

Specifies load distribution based on the source and destination host MAC address.

src-ip

Specifies load distribution based on the source host IP address.

src-mac

Specifies load distribution based on the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port.

Command Default

The default is src-mac.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

You can verify your setting by entering the show running-config privileged EXEC command or the show etherchannel load-balance privileged EXEC command.

Examples

This example shows how to set the load-distribution method to dst-mac:

Device(config)# port-channel load-balance dst-mac

rep admin vlan

To configure a Resilient Ethernet Protocol (REP) administrative VLAN for REP to transmit hardware flood layer (HFL) messages, use the rep admin vlan command in global configuration mode. To return to the default configuration with VLAN 1 as the administrative VLAN, use the no form of this command.

rep admin vlan vlan-id [segment segment-id]

no rep admin vlan vlan-id [segment segment-id]

Syntax Description

vlan-id

The REP administrative VLAN. This is a 48-bit static MAC address.

segment segment-id

Configures the administrative VLAN for the specified segment. The segment ID range is from 1 to 1024.

Command Default

The default value of the administrative VLAN is VLAN 1.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

The range of the REP administrative VLAN is from 2 to 4094.

If you do not configure an administrative VLAN, the default VLAN is VLAN 1. There can be only one administrative VLAN on a device and on a segment.

You can verify your settings by entering the show interfaces rep detail privileged EXEC command.

Examples

The following example shows how to configure VLAN 100 as the REP administrative VLAN:

Device(config)# rep admin vlan 100

This example shows how to create an administrative VLAN per segment. Here VLAN 2 is configured as the administrative VLAN only for REP segment 2. All remaining segments that are not configured otherwise will, by default, have VLAN 1 as the administrative VLAN.

Device(config)# rep admin vlan 2 segment 2

rep block port

To configure a Resilient Ethernet Protocol (REP) VLAN load balancing on the REP primary edge port, use the rep block port command in interface configuration mode. To return to the default configuration with VLAN 1 as the administrative VLAN, use the no form of this command.

rep block port {id port-id | neighbor-offset | preferred} vlan {vlan-list | all}

no rep block port {id port-id | neighbor-offset | preferred}

Syntax Description

id port-id

Specifies the VLAN blocking alternate port by entering the unique port ID, which is automatically generated when REP is enabled. The REP port ID is a 16-character hexadecimal value.

neighbor-offset

Identifies the VLAN blocking alternate port by entering the offset number of a neighbor. The range is from -256 to +256; a value of 0 is invalid.

preferred

Selects the regular segment port previously identified as the preferred alternate port for VLAN load balancing.

vlan

Identifies the VLANs to be blocked.

vlan-list

VLAN ID or range of VLAN IDs to be displayed. Enter a VLAN ID from 1 to 4094 or a range or sequence of VLANs (such as 1-3, 22, 41-44) to be blocked.

all

Blocks all VLANs.

Command Default

The default behavior after you enter the rep preempt segment command in privileged EXEC (for manual preemption) is to block all VLANs at the primary edge port. This behavior remains until you configure the rep block port command.

If the primary edge port cannot determine which port is to be the alternate port, the default action is no preemption and no VLAN load balancing.

Command Modes

  Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

You must enter this command on the REP primary edge port.

When you select an alternate port by entering an offset number, this number identifies the downstream neighbor port of an edge port. The primary edge port has an offset number of 1; positive numbers above 1 identify downstream neighbors of the primary edge port. Negative numbers identify the secondary edge port (offset number -1) and its downstream neighbors. Do not enter an offset value of 1 because that is the offset number of the primary edge port itself.

If you have configured a preempt delay time by entering the rep preempt delay seconds command in interface configuration mode and a link failure and recovery occurs, VLAN load balancing begins after the configured preemption time period elapses without another link failure. The alternate port specified in the load-balancing configuration blocks the configured VLANs and unblocks all other segment ports. If the primary edge port cannot determine the alternate port for VLAN balancing, the default action is no preemption.

Each port in a segment has a unique port ID. To determine the port ID of a port, enter the show interfaces interface-id rep detail command in privileged EXEC mode.

Examples

The following example shows how to configure REP VLAN load balancing.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep block port id 0009001818D68700 vlan 1-100

rep lsl-age-timer

To configure the Resilient Ethernet Protocol (REP) link status layer (LSL) age-out timer value, use the rep lsl-age-timer command in interface configuration mode. To restore the default age-out timer value, use the no form of this command.

rep lsl-age-timer milliseconds

no rep lsl-age-timer milliseconds

Syntax Description

milliseconds

REP LSL age-out timer value in milliseconds (ms). The range is from 120 ms to 10000 ms in multiples of 40 ms.

Command Default

The default LSL age-out timer value is 5 ms.

Command Modes

  Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

The rep lsl-age-timer command is used to configure the REP LSL age-out timer value. While configuring REP configurable timers, we recommend that you configure the REP LSL number of retries first and then configure the REP LSL age-out timer value.

Examples

The following example shows how to configure REP LSL age-out timer value.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 1 edge primary
Device(config-if)# rep lsl-age-timer 2000

rep preempt delay

To configure a waiting period after a segment port failure and recovery before Resilient Ethernet Protocol (REP) VLAN load balancing is triggered, use the rep preempt delay command in interface configuration mode. To remove the configured delay, use the no form of this command.

rep preempt delay seconds

no rep preempt delay

Syntax Description

seconds

Number of seconds to delay REP preemption. The range is from 15 to 300 seconds. The default is manual preemption without delay.

Command Default

REP preemption delay is not set. The default is manual preemption without delay.

Command Modes

  Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

You must enter this command on the REP primary edge port.

You must enter this command and configure a preempt time delay for VLAN load balancing to automatically trigger after a link failure and recovery.

If VLAN load balancing is configured, after a segment port failure and recovery, the REP primary edge port starts a delay timer before VLAN load balancing occurs. Note that the timer restarts after each link failure. When the timer expires, the REP primary edge port alerts the alternate port to perform VLAN load balancing (configured by using the rep block port interface configuration command) and prepares the segment for the new topology. The configured VLAN list is blocked at the alternate port, and all other VLANs are blocked at the primary edge port.

You can verify your settings by entering the show interfaces rep command.

Examples

The following example shows how to configure a REP preemption time delay of 100 seconds on the primary edge port.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep preempt delay 100

rep preempt segment

To manually start Resilient Ethernet Protocol (REP) VLAN load balancing on a segment, use the rep preempt segment command in privileged EXEC mode.

rep preempt segment segment-id

Syntax Description

segment-id

ID of the REP segment. The range is from 1 to 1024.

Command Default

Manual preemption is the default behavior.

Command Modes

  Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

Enter this command on the segment, which has the primary edge port on the device.

Ensure that all the other segment configuration is completed before setting preemption for VLAN load balancing. When you enter the rep preempt segment segment-id command, a confirmation message appears before the command is executed because preemption for VLAN load balancing can disrupt the network.

If you do not enter the rep preempt delay seconds command in interface configuration mode on the primary edge port to configure a preemption time delay, the default configuration is to manually trigger VLAN load balancing on the segment. Use the show rep topology privileged EXEC command to see which port in the segment is the primary edge port.

If you do not configure VLAN load balancing, entering this command results in the default behavior; the primary edge port blocks all VLANs.

You configure VLAN load balancing by entering the rep block port command in interface configuration mode on the REP primary edge port before you manually start preemption.

Examples

The following example shows how to manually trigger REP preemption on segment 100.

Device# rep preempt segment 100

rep segment

To enable Resilient Ethernet Protocol (REP) on an interface and to assign a segment ID to the interface, use the rep segment command in interface configuration mode. To disable REP on the interface, use the no form of this command.

rep segment segment-id [edge [no-neighbor] [primary] ] [preferred]

no rep segment

Syntax Description

segment-id

Segment for which REP is enabled. Assign a segment ID to the interface. The range is from 1 to 1024.

edge

(Optional) Configures the port as an edge port. Each segment has only two edge ports.

no-neighbor

(Optional) Specifies the segment edge as one with no external REP neighbor.

primary

(Optional) Specifies that the port is the primary edge port where you can configure VLAN load balancing. A segment has only one primary edge port.

preferred

(Optional) Specifies that the port is the preferred alternate port or the preferred port for VLAN load balancing.

Note 

Configuring a port as a preferred port does not guarantee that it becomes the alternate port; it merely gives it a slight edge among equal contenders. The alternate port is usually a previously failed port.

Command Default

REP is disabled on the interface.

Command Modes

  Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

REP ports must be a Layer 2 IEEE 802.1Q port or 802.1AD port. You must configure two edge ports on each REP segment, a primary edge port and a port to act as a secondary edge port.

If REP is enabled on two ports on a device, both ports must be either regular segment ports or edge ports. REP ports follow these rules:

  • If only one port on a device is configured in a segment, the port should be an edge port.

  • If two ports on a device belong to the same segment, both ports must be regular segment ports.

  • If two ports on a device belong to the same segment and one is configured as an edge port and one as a regular segment port (a misconfiguration), the edge port is treated as a regular segment port.

REP interfaces come up in a blocked state and remain in a blocked state until notified that it is safe to unblock. Be aware of this to avoid sudden connection losses.

When REP is enabled on an interface, the default is for the port to be a regular segment port.

Examples

The following example shows how to enable REP on a regular (nonedge) segment port.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100

The following example shows how to enable REP on a port and identify the port as the REP primary edge port.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100 edge primary

The following example shows how to enable REP on a port and identify the port as the REP secondary edge port.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100 edge

The following example shows how to enable REP as an edge no-neighbor port.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 1 edge no-neighbor primary

rep stcn

To configure a Resilient Ethernet Protocol (REP) edge port to send segment topology change notifications (STCNs) to another interface or to other segments, use the rep stcn command in interface configuration mode. To disable the sending of STCNs to the interface or to the segment, use the no form of this command.

rep stcn {interface interface-id | segment segment-id-list}

no rep stcn {interface | segment}

Syntax Description

interface interface-id

Specifies a physical interface or port channel to receive STCNs.

segment segment-id-list

Specifies one REP segment or a list of segments to receive STCNs. The segment range is from 1 to 1024. You can also configure a sequence of segments (for example 3 to 5, 77, 100).

Command Default

Transmission of STCNs to other interfaces or segments is disabled.

Command Modes

  Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

Enter this command on a segment edge port to send STCNs to one or more segments or to an interface. You can verify your settings by entering the show interfaces rep detail privileged EXEC command.

Examples

The following example shows how to configure a REP edge port to send STCNs to segments 25 to 50.

Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep stcn segment 25-50

show etherchannel

To display EtherChannel information for a channel, use the show etherchannel command in user EXEC mode.

show etherchannel [channel-group-number | {detail | port | port-channel | protocol | summary }] | [auto | detail | load-balance | port | port-channel | protocol | summary]

Syntax Description

channel-group-number

(Optional) Channel group number. The range is 1 to 24.

auto

(Optional) Displays that Etherchannel is created automatically.

detail

(Optional) Displays detailed EtherChannel information.

load-balance

(Optional) Displays the load-balance or frame-distribution scheme among ports in the port channel.

port

(Optional) Displays EtherChannel port information.

port-channel

(Optional) Displays port-channel information.

protocol

(Optional) Displays the protocol that is being used in the channel.

summary

(Optional) Displays a one-line summary per channel group.

Command Default

None

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If you do not specify a channel group number, all channel groups are displayed.

In the output, the passive port list field is displayed only for Layer 3 port channels. This field means that the physical port, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).

Examples

This is an example of output from the show etherchannel auto command:

device# show etherchannel auto
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
        A - formed by Auto LAG

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SUA)        LACP      Gi1/0/45(P) Gi2/0/21(P) Gi3/0/21(P)

This is an example of output from the show etherchannel channel-group-number detail command:

Device> show etherchannel 1 detail
Group state = L2
Ports: 2   Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol:      LACP
                   Ports in the group:
                   -------------------
Port: Gi1/0/1
------------
Port state    = Up Mstr In-Bndl
Channel group = 1        Mode  = Active        Gcchange = -
Port-channel  =          Po1GC = -             Pseudo port-channel = Po1
Port index    =          0Load = 0x00          Protocol = LACP

Flags: S - Device is sending Slow LACPDUs   F - Device is sending fast LACPDU
       A - Device is in active mode.        P - Device is in passive mode.

Local information:
                         LACP port   Admin   Oper   Port   Port
Port     Flags   State   Priority    Key     Key    Number State
Gi1/0/1   SA      bndl     32768      0x1     0x1    0x101  0x3D
Gi1/0/2    A      bndl     32768      0x0     0x1    0x0    0x3D

Age of the port in the current state: 01d:20h:06m:04s

                   Port-channels in the group:
                   ----------------------

Port-channel: Po1   (Primary Aggregator)

Age of the Port-channel = 01d:20h:20m:26s
Logical slot/port = 10/1          Number of ports = 2
HotStandBy port   = null
Port state        = Port-channel Ag-Inuse
Protocol          = LACP

Ports in the Port-channel:

Index  Load   Port      EC state        No of bits
------+------+------+------------------+-----------
 0      00    Gi1/0/1    Active           0
 0      00    Gi1/0/2    Active           0

Time since last port bundled:   01d:20h:24m:44s   Gi1/0/2

This is an example of output from the show etherchannel channel-group-number summary command:

Device> show etherchannel 1 summary
Flags: D - down P - in port-channel
       I - stand-alone s - suspended
       H - Hot-standby (LACP only)
       R - Layer3 S - Layer2
       u - unsuitable for bundling
       U - in use f - failed to allocate aggregator
       d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------
 1     Po1(SU)       LACP        Gi1/0/1(P) Gi1/0/2(P)

This is an example of output from the show etherchannel channel-group-number port-channel command:

Device> show etherchannel 1 port-channel
Port-channels in the group:
----------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 01d:20h:24m:50s
Logical slot/port = 10/1 Number of ports = 2
Logical slot/port = 10/1 Number of ports = 2
Port state = Port-channel Ag-Inuse
Protocol = LACP

Ports in the Port-channel:

Index  Load   Port   EC state           No of bits
------+------+------+------------------+-----------
 0      00    Gi1/0/1 Active             0
 0      00    Gi1/0/2 Active             0

Time since last port bundled: 01d:20h:24m:44s Gi1/0/2

This is an example of output from show etherchannel protocol command:

Device# show etherchannel protocol
Channel-group listing:
-----------------------
Group: 1
----------
Protocol: LACP
Group: 2
----------
Protocol: PAgP

show interfaces rep detail

To display detailed Resilient Ethernet Protocol (REP) configuration and status for all interfaces or a specified interface, including the administrative VLAN, use the show interfaces rep detail command in privileged EXEC mode.

show interfaces [interface-id] rep detail

Syntax Description

interface-id

(Optional) Physical interface used to display the port ID.

Command Modes

  Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Usage Guidelines

Enter this command on a segment edge port to send STCNs to one or more segments or to an interface.

You can verify your settings by entering the show interfaces rep detail privileged EXEC command.

Examples

The following example shows how to display the REP configuration and status for a specified interface.

Device# show interfaces TenGigabitEthernet4/1 rep detail

TenGigabitEthernet4/1 REP enabled
Segment-id: 3 (Primary Edge)
PortID: 03010015FA66FF80
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 02040015FA66FF804050
Port Role: Open
Blocked VLAN: <empty>
Admin-vlan: 1
Preempt Delay Timer: disabled
Configured Load-balancing Block Port: none
Configured Load-balancing Block VLAN: none
STCN Propagate to: none
LSL PDU rx: 999, tx: 652
HFL PDU rx: 0, tx: 0
BPA TLV rx: 500, tx: 4
BPA (STCN, LSL) TLV rx: 0, tx: 0
BPA (STCN, HFL) TLV rx: 0, tx: 0
EPA-ELECTION TLV rx: 6, tx: 5
EPA-COMMAND TLV rx: 0, tx: 0
EPA-INFO TLV rx: 135, tx: 136

show lacp

To display Link Aggregation Control Protocol (LACP) channel-group information, use the show lacp command in user EXEC mode.

show lacp [channel-group-number] {counters | internal | neighbor | sys-id}

Syntax Description

channel-group-number

(Optional) Channel group number. The range is 1 to 24.

counters

Displays traffic information.

internal

Displays internal information.

neighbor

Displays neighbor information.

sys-id

Displays the system identifier that is being used by LACP. The system identifier consists of the LACP system priority and the device MAC address.

Command Default

None

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can enter any show lacp command to display the active channel-group information. To display specific channel information, enter the show lacp command with a channel-group number.

If you do not specify a channel group, information for all channel groups appears.

You can enter the channel-group-number to specify a channel group for all keywords except sys-id .

Examples

This is an example of output from the show lacp counters user EXEC command. The table that follows describes the fields in the display.

Device> show lacp counters
              LACPDUs        Marker     Marker Response   LACPDUs
Port        Sent  Recv     Sent  Recv     Sent  Recv     Pkts  Err
---------------------------------------------------------------------
Channel group:1
Gi2/0/1      19    10        0    0         0    0        0
Gi2/0/2      14    6         0    0         0    0        0


Table 1. show lacp counters Field Descriptions

Field

Description

LACPDUs Sent and Recv

The number of LACP packets sent and received by a port.

Marker Sent and Recv

The number of LACP marker packets sent and received by a port.

Marker Response Sent and Recv

The number of LACP marker response packets sent and received by a port.

LACPDUs Pkts and Err

The number of unknown and illegal packets received by LACP for a port.

This is an example of output from the show lacp internal command:

Device> show lacp 1 internal
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode

Channel group 1
                           LACP port    Admin    Oper    Port     Port
Port      Flags   State    Priority     Key      Key     Number   State
Gi2/0/1    SA      bndl     32768         0x3     0x3       0x4    0x3D
Gi2/0/2    SA      bndl     32768         0x3     0x3       0x5    0x3D

The following table describes the fields in the display:

Table 2. show lacp internal Field Descriptions

Field

Description

State

State of the specific port. These are the allowed values:

  • —Port is in an unknown state.

  • bndl—Port is attached to an aggregator and bundled with other ports.

  • susp—Port is in a suspended state; it is not attached to any aggregator.

  • hot-sby—Port is in a hot-standby state.

  • indiv—Port is incapable of bundling with any other port.

  • indep—Port is in an independent state (not bundled but able to handle data traffic. In this case, LACP is not running on the partner port).

  • down—Port is down.

LACP Port Priority

Port priority setting. LACP uses the port priority to put ports in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.

Admin Key

Administrative key assigned to this port. LACP automatically generates an administrative key value as a hexadecimal number. The administrative key defines the ability of a port to aggregate with other ports. A port’s ability to aggregate with other ports is determined by the port physical characteristics (for example, data rate and duplex capability) and configuration restrictions that you establish.

Oper Key

Runtime operational key that is being used by this port. LACP automatically generates this value as a hexadecimal number.

Port Number

Port number.

Port State

State variables for the port, encoded as individual bits within a single octet with these meanings:

  • bit0: LACP_Activity

  • bit1: LACP_Timeout

  • bit2: Aggregation

  • bit3: Synchronization

  • bit4: Collecting

  • bit5: Distributing

  • bit6: Defaulted

  • bit7: Expired

Note 

In the list above, bit7 is the MSB and bit0 is the LSB.

This is an example of output from the show lacp neighbor command:

Device> show lacp neighbor
Flags: S - Device is sending Slow LACPDUs  F - Device is sending Fast LACPDUs
       A - Device is in Active mode        P - Device is in Passive mode

Channel group 3 neighbors

Partner’s information:

          Partner                Partner               Partner
Port      System ID              Port Number   Age     Flags
Gi2/0/1   32768,0007.eb49.5e80   0xC             19s    SP

          LACP Partner           Partner       Partner
          Port Priority          Oper Key      Port State
          32768                  0x3           0x3C

Partner’s information:

          Partner                Partner               Partner
Port      System ID              Port Number   Age     Flags
Gi2/0/2   32768,0007.eb49.5e80   0xD             15s    SP

          LACP Partner           Partner       Partner
          Port Priority          Oper Key      Port State
          32768                  0x3           0x3C

This is an example of output from the show lacp sys-id command:

Device> show lacp sys-id
32765,0002.4b29.3a00

The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.

show link state group

To display link-state group information, use the show link state group command in privileged EXEC mode.

show link state group [number] [detail]

Syntax Description

number

(Optional) Specifies the number of the link-state group number. The range is 1 to 2.

detail

(Optional) Displays detailed information about the link-state group.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

This command is supported only on the LAN Base image.

To display information about all link-state groups, enter this command without keywords. To display information about a specific link-state group enter the link-state group number.

The output for the show link state group detail displays information for only those link-state groups that have link-state tracking enabled or that have upstream or downstream interfaces configured. If the group does not have a configuration, the group is not shown as enabled or disabled.

Examples

This example shows the output from the show link state group number command:

Device# show link state group 1 

Link State Group: 1     Status: Enabled. Down

This example shows the output from the show link state group detail command:

Device# show link state group detail 

(Up):Interface up (Dwn):Interface Down (Dis):Interface disabled

Link State Group: 1 Status: Enabled, Down
Upstream Interfaces : Gi1/0/15(Dwn) Gi1/0/16(Dwn)
Downstream Interfaces : Gi1/0/11(Dis) Gi1/0/12(Dis) Gi1/0/13(Dis) Gi1/0/14(Dis)

Link State Group: 2 Status: Enabled, Down
Upstream Interfaces : Gi1/0/15(Dwn) Gi1/0/16(Dwn) Gi1/0/17(Dwn)
Downstream Interfaces : Gi1/0/11(Dis) Gi1/0/12(Dis) Gi1/0/13(Dis) Gi1/0/14(Dis)
(Up):Interface up (Dwn):Interface Down (Dis):Interface disabled

show pagp

To display Port Aggregation Protocol (PAgP) channel-group information, use the show pagp command in EXEC mode.

show pagp [channel-group-number] {counters | dual-active | internal | neighbor}

Syntax Description

channel-group-number

(Optional) Channel group number. The range is 1 to 24.

counters

Displays traffic information.

dual-active

Displays the dual-active status.

internal

Displays internal information.

neighbor

Displays neighbor information.

Command Default

None

Command Modes

User EXEC

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number.

Examples

This is an example of output from the show pagp 1 counters command:

Device> show pagp 1 counters
             Information        Flush
Port         Sent   Recv     Sent   Recv
----------------------------------------
Channel group: 1
  Gi1/0/1    45     42       0      0 
  Gi1/0/2    45     41       0      0 
		

This is an example of output from the show pagp dual-active command:

Device> show pagp dual-active
PAgP dual-active detection enabled: Yes
PAgP dual-active version: 1.1
		
Channel group 1
          Dual-Active     Partner              Partner   Partner
Port      Detect Capable  Name                 Port      Version
Gi1/0/1   No              Device               Gi3/0/3   N/A
Gi1/0/2   No              Device               Gi3/0/4   N/A
		
<output truncated>
		
		

This is an example of output from the show pagp 1 internal command:

Device> show pagp 1 internal
Flags:  S - Device is sending Slow hello.  C - Device is in Consistent state.
        A - Device is in Auto mode.
Timers: H - Hello timer is running.        Q - Quit timer is running.
        S - Switching timer is running.    I - Interface timer is running.
		
Channel group 1
                                  Hello    Partner  PAgP     Learning  Group
Port        Flags State   Timers  Interval Count   Priority   Method  Ifindex
Gi1/0/1     SC    U6/S7   H       30s      1        128        Any      16
Gi1/0/2     SC    U6/S7   H       30s      1        128        Any      16
		
		

This is an example of output from the show pagp 1 neighbor command:

Device> show pagp 1 neighbor
		
Flags:  S - Device is sending Slow hello.  C - Device is in Consistent state.
        A - Device is in Auto mode.        P - Device learns on physical port.
		
Channel group 1 neighbors
            Partner              Partner          Partner           Partner Group
Port        Name                 Device ID        Port         Age  Flags   Cap.
Gi1/0/1     device-p2            0002.4b29.4600   Gi01//1        9s SC      10001 
Gi1/0/2     device-p2            0002.4b29.4600   Gi1/0/2       24s SC      10001

show platform backup interface

To display platform-dependent backup information used in a Flex Links configuration, use the show platform backup interface privileged EXEC command.

show platform backup interface [interface-id | | dummyQ]

Syntax Description

interface-id

(Optional) Backup information for all interfaces or the specified interface. The interface can be a physical interface or a port channel.

dummyQ

(Optional) Displays dummy queue information.

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

Use this command only when you are working directly with a technical support representative while troubleshooting a problem.

Do not use this command unless a technical support representative asks you to do so.

show platform etherchannel

To display platform-dependent EtherChannel information, use the show platform etherchannel command in privileged EXEC mode.

show platform etherchannel {data-structures | flags | time-stamps}

Syntax Description

data-structures

Displays EtherChannel data structures.

flags

Displays EtherChannel port flags.

time-stamps

Displays EtherChannel time stamps.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Use this command only when you are working directly with a technical support representative while troubleshooting a problem.

Do not use this command unless a technical support representative asks you to do so.

show platform pm

To display platform-dependent port manager information, use the show platform pm command in privileged EXEC mode.

show platform pm {counters | group-masks | idbs {active-idbs | deleted-idbs} | if-numbers | link-status | module-info | platform-block | port-info interface-id | stack-view | vlan {info | line-state}}

Command Default

None

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The stack-view keyword is not supported on switches running the LAN Lite image.

Use this command only when you are working directly with your technical support representative while troubleshooting a problem.

Do not use this command unless your technical support representative asks you to do so.

show platform spanning-tree

To display platform-dependent spanning-tree information, use the show platform spanning-tree privileged EXEC command.

show platform spanning-tree synchronization [detail | vlan vlan-id]

Syntax Description

synchronization

Displays spanning-tree state synchronization information.

detail

(Optional) Displays detailed spanning-tree information.

vlan vlan-id

(Optional) Displays VLAN device spanning-tree information for the specified VLAN. The range is 1 to 4094.

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

Use this command only when you are working directly with your technical support representative while troubleshooting a problem.

Do not use this command unless your technical support representative asks you to do so.

show rep topology

To display Resilient Ethernet Protocol (REP) topology information for a segment or for all segments, including the primary and secondary edge ports in the segment, use the show rep topology command in privileged EXEC mode.

show rep topology [segment segment-id] [archive] [detail]

Syntax Description

segment segment-id

(Optional) Specifies the segment for which to display the REP topology information. The segment-id range is from 1 to 1024.

archive

(Optional) Displays the previous topology of the segment. This keyword is useful for troubleshooting a link failure.

detail

(Optional) Displays detailed REP topology information.

Command Modes

  Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS Release 15.2(6)E1

This command was introduced.

Examples

The following is sample output from the show rep topology command.

Device# show rep topology

REP Segment 1
BridgeName       PortName   Edge Role
---------------- ---------- ---- ----
10.64.106.63     Te5/4      Pri  Open
10.64.106.228    Te3/4           Open
10.64.106.228    Te3/3           Open
10.64.106.67     Te4/3           Open
10.64.106.67     Te4/4           Alt 
10.64.106.63     Te4/4      Sec  Open

REP Segment 3
BridgeName       PortName   Edge Role
---------------- ---------- ---- ----
10.64.106.63     Gi50/1     Pri  Open
SVT_3400_2       Gi0/3           Open
SVT_3400_2       Gi0/4           Open
10.64.106.68     Gi40/2          Open
10.64.106.68     Gi40/1          Open
10.64.106.63     Gi50/2     Sec  Alt

The following is sample output from the show rep topology detail command.

Device# show rep topology detail

REP Segment 1
10.64.106.63, Te5/4 (Primary Edge)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1700
  Port Number: 010
  Port Priority: 000
  Neighbor Number: 1 / [-6]
10.64.106.228, Te3/4 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b1b.1f20
  Port Number: 010
  Port Priority: 000
  Neighbor Number: 2 / [-5]
10.64.106.228, Te3/3 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b1b.1f20
  Port Number: 00E
  Port Priority: 000
  Neighbor Number: 3 / [-4]
10.64.106.67, Te4/3 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1800
  Port Number: 008
  Port Priority: 000
  Neighbor Number: 4 / [-3]
10.64.106.67, Te4/4 (Intermediate)
  Alternate Port, some vlans blocked
  Bridge MAC: 0005.9b2e.1800
  Port Number: 00A
  Port Priority: 000
  Neighbor Number: 5 / [-2]
10.64.106.63, Te4/4 (Secondary Edge)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1700
  Port Number: 00A
  Port Priority: 000
  Neighbor Number: 6 / [-1]

show spanning-tree

To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command in privileged EXEC mode or user EXEC mode.

show spanning-tree [active | backbonefast | blockedports | bridge | detail | inconsistentports | interface interface-type interface-number | mst | pathcost | root | summary [totals] | uplinkfast | vlan vlan-id]

Syntax Description

active

(Optional) Displays spanning-tree information on active interfaces only.

backbonefast

(Optional) Displays spanning-tree BackboneFast status.

blockedports

(Optional) Displays blocked port information.

bridge

(Optional) Displays status and configuration of this switch.

detail

(Optional) Displays detailed information.

inconsistentports

(Optional) Displays information about inconsistent ports.

interface interface-type interface-number

(Optional) Specifies the type and number of the interface.

mst

(Optional) Specifies multiple spanning-tree.

pathcost

(Optional) Displays spanning-tree pathcost options.

root

(Optional) Displays root-switch status and configuration.

summary

(Optional) Specifies a summary of port states.

totals

(Optional) Displays the total lines of the spanning-tree state section.

uplinkfast

(Optional) Displays spanning-tree UplinkFast status.

vlan vlan-id

(Optional) Specifies the VLAN ID. The range is 1 to 4094.

Command Modes

User EXEC

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If you do not specify a vlan-id value when you use the vlan keyword, the command applies to spanning-tree instances for all VLANs.

Examples

This is an example of output from the show spannning-tree active command:


Device# show spanning-tree active
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     0001.42e2.cdd0
             Cost        3038
             Port        24 (GigabitEthernet2/0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    49153  (priority 49152 sys-id-ext 1)
             Address     0003.fd63.9580
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
  Uplinkfast enabled

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi2/0/1          Root FWD 3019      128.24   P2p
Gi0/1            Root FWD 3019      128.24   P2p
<output truncated>

This is an example of output from the show spanning-tree detail command:


Device# show spanning-tree detail 
  Bridge Identifier has priority 49152, sysid 1, address 0003.fd63.9580
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 32768, address 0001.42e2.cdd0
  Root port is 1 (GigabitEthernet2/0/1), cost of root path is 3038
  Topology change flag not set, detected flag not set
  Number of topology changes 0 last change occurred 1d16h ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0, aging 300
  Uplinkfast enabled

 Port 1 (GigabitEthernet2/0/1) of VLAN0001 is forwarding
   Port path cost 3019, Port priority 128, Port Identifier 128.24.
   Designated root has priority 32768, address 0001.42e2.cdd0
   Designated bridge has priority 32768, address 00d0.bbf5.c680
   Designated port id is 128.25, designated path cost 19
   Timers: message age 2, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 0, received 72364

<output truncated>   

This is an example of output from the show spanning-tree summary command:

Device# show spanning-tree interface mst configuration
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfiguration guard is enabled
Extended system ID   is enabled
Portfast             is disabled by default
PortFast BPDU Guard  is disabled by default
Portfast BPDU Filter is disabled by default
Loopguard            is disabled by default
UplinkFast           is enabled
BackboneFast         is enabled
Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                  1        0         0        11         12
VLAN0002                  3        0         0        1          4
VLAN0004                  3        0         0        1          4
VLAN0006                  3        0         0        1          4
VLAN0031                  3        0         0        1          4
VLAN0032                  3        0         0        1          4
<output truncated>
---------------------- -------- --------- -------- ---------- ----------
37 vlans                  109      0         0        47         156
Station update rate set to 150 packets/sec.

UplinkFast statistics
-----------------------
Number of transitions via uplinkFast (all VLANs)            : 0
Number of proxy multicast addresses transmitted (all VLANs) : 0

BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs)           : 0
Number of inferior BPDUs received (all VLANs)               : 0
Number of RLQ request PDUs received (all VLANs)             : 0
Number of RLQ response PDUs received (all VLANs)            : 0
Number of RLQ request PDUs sent (all VLANs)                 : 0
Number of RLQ response PDUs sent (all VLANs)                : 0

This is an example of output from the show spanning-tree mst configuration command:

Device# show spanning-tree interface mst configuration
Name      [region1]
Revision  1
Instance  Vlans Mapped
--------  ------------------
0         1-9,21-4094
1         10-20
----------------------------

This is an example of output from the show spanning-tree interface mst interface interface-id command:

Device# show spanning-tree interface mst configuration
GigabitEthernet2/0/1 of MST00 is root forwarding
Edge port: no             (default)        port guard : none        (default)
Link type: point-to-point (auto)           bpdu filter: disable     (default)
Boundary : boundary       (STP)            bpdu guard : disable     (default)
Bpdus sent 5, received 74

Instance role state cost      prio vlans mapped
0        root FWD   200000    128  1,12,14-4094

This is an example of output from the show spanning-tree interface mst instance-id command:

Device# show spanning-tree interface mst 0
GigabitEthernet2/0/1 of MST00 is root forwarding
Edge port: no             (default)        port guard : none        (default)
Link type: point-to-point (auto)           bpdu filter: disable     (default)
Boundary : boundary       (STP)            bpdu guard : disable     (default)
Bpdus sent 5, received 74

Instance role state cost      prio vlans mapped
0        root FWD   200000    128  1,12,14-4094

show udld

To display UniDirectional Link Detection (UDLD) administrative and operational status for all ports or the specified port, use the show udld command in user EXEC mode.

show udld [interface_id | neighbors]

Syntax Description

interface-id

(Optional) ID of the interface and port number. Valid interfaces include physical ports, VLANs, and port channels.

neighbors

(Optional) Displays neighbor information only.

Command Default

None

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If you do not enter an interface ID, administrative and operational UDLD status for all interfaces appear.

Examples

This is an example of output from the show udld interface-id command. For this display, UDLD is enabled on both ends of the link, and UDLD detects that the link is bidirectional. The table that follows describes the fields in this display.

Device> show udld gigabitethernet2/0/1
Interface gi2/0/1
---
Port enable administrative configuration setting: Follows device default
Port enable operational state: Enabled
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single Neighbor detected
Message interval: 60
Time out interval: 5
Entry 1
Expiration time: 146
Device ID: 1
Current neighbor state: Bidirectional
Device name: Switch-A
Port ID: Gi2/0/1
Neighbor echo 1 device: Switch-B
Neighbor echo 1 port: Gi2/0/2
Message interval: 5
CDP Device name: Switch-A

Table 3. show udld Field Descriptions

Field

Description

Interface

The interface on the local device configured for UDLD.

Port enable administrative configuration setting

How UDLD is configured on the port. If UDLD is enabled or disabled, the port enable configuration setting is the same as the operational enable state. Otherwise, the enable operational setting depends on the global enable setting.

Port enable operational state

Operational state that shows whether UDLD is actually running on this port.

Current bidirectional state

The bidirectional state of the link. An unknown state appears if the link is down or if it is connected to an UDLD-incapable device. A bidirectional state appears if the link is a normal two-way connection to a UDLD-capable device. All other values mean miswiring.

Current operational state

The current phase of the UDLD state machine. For a normal bidirectional link, the state machine is most often in the Advertisement phase.

Message interval

How often advertisement messages are sent from the local device. Measured in seconds.

Time out interval

The time period, in seconds, that UDLD waits for echoes from a neighbor device during the detection window.

Entry 1

Information from the first cache entry, which contains a copy of echo information received from the neighbor.

Expiration time

The amount of time in seconds remaining before this cache entry is aged out.

Device ID

The neighbor device identification.

Current neighbor state

The neighbor’s current state. If both the local and neighbor devices are running UDLD normally, the neighbor state and local state should be bidirectional. If the link is down or the neighbor is not UDLD-capable, no cache entries appear.

Device name

The device name or the system serial number of the neighbor. The system serial number appears if the device name is not set or is set to the default (Switch).

Port ID

The neighbor port ID enabled for UDLD.

Neighbor echo 1 device

The device name of the neighbors’ neighbor from which the echo originated.

Neighbor echo 1 port

The port number ID of the neighbor from which the echo originated.

Message interval

The rate, in seconds, at which the neighbor is sending advertisement messages.

CDP device name

The CDP device name or the system serial number. The system serial number appears if the device name is not set or is set to the default (Switch).

This is an example of output from the show udld neighbors command:

Device# show udld neighbors
Port     Device Name          Device ID  Port-ID  OperState
-------- -------------------- ---------- -------- --------------
Gi2/0/1  Switch-A             1          Gi2/0/1  Bidirectional
Gi3/0/1  Switch-A             2          Gi3/0/1  Bidirectional 

spanning-tree backbonefast

To enable BackboneFast to allow a blocked port on a device to change immediately to a listening mode, use the spanning-tree backbonefast command in global configuration mode. To return to the default setting, use the no form of this command.

spanning-tree backbonefast

no spanning-tree backbonefast

Syntax Description

This command has no arguments or keywords.

Command Default

BackboneFast is disabled.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Enable BackboneFast so that the device detects indirect link failures and starts the spanning-tree reconfiguration sooner than it would under normal spanning-tree rules.

You can configure BackboneFast for rapid PVST+ or for multiple spanning-tree (MST) mode; however, the feature remains disabled until you change the spanning-tree mode to PVST+.

Use the show spanning-tree privileged EXEC command to verify your settings.

Examples

The following example shows how to enable BackboneFast on the device:


Device(config)# spanning-tree backbonefast

spanning-tree bpdufilter

To enable bridge protocol data unit (BPDU) filtering on the interface, use the spanning-tree bpdufilter command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpdufilter {enable | disable}

no spanning-tree bpdufilter

Syntax Description

enable

Enables BPDU filtering on this interface.

disable

Disables BPDU filtering on this interface.

Command Default

The setting that is already configured when you enter the spanning-tree portfast bpdufilter default command.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

This command has three states:

  • spanning-tree bpdufilter enable —Unconditionally enables BPDU filtering on the interface.

  • spanning-tree bpdufilter disable —Unconditionally disables BPDU filtering on the interface.

  • no spanning-tree bpdufilter —Enables BPDU filtering on the interface if the interface is in the operational PortFast state and if you configure the spanning-tree portfast bpdufilter default command.


Caution

Be careful when you enter the spanning-tree bpdufilter enable command. Enabling BPDU filtering on an interface is similar to disabling the spanning tree for this interface. If you do not use this command correctly, you might create bridging loops.


You can enable BPDU filtering when the device is operating in the per-VLAN spanning-tree plus (PVST+) mode, the rapid-PVST mode, or the multiple spanning-tree (MST) mode.

You can globally enable BPDU filtering on all Port Fast-enabled interfaces with the spanning-tree portfast bpdufilter default command.

The spanning-tree bpdufilter enable command overrides the PortFast configuration.

Examples

This example shows how to enable BPDU filtering on this interface:


Device(config-if)# spanning-tree bpdufilter enable
Device(config-if)# 

spanning-tree bpduguard

To enable bridge protocol data unit (BPDU) guard on the interface, use the spanning-tree bpduguard command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpduguard {enable | disable}

no spanning-tree bpduguard

Syntax Description

enable

Enables BPDU guard on this interface.

disable

Disables BPDU guard on this interface.

Command Default

The setting that is already configured when you enter the spanning-tree portfast bpduguard default command.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Use the BPDU guard feature in a service-provider environment to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure. This command has three states:

  • spanning-tree bpduguard enable —Unconditionally enables BPDU guard on the interface.

  • spanning-tree bpduguard disable —Unconditionally disables BPDU guard on the interface.

  • no spanning-tree bpduguard —Enables BPDU guard on the interface if the interface is in the operational PortFast state and if you configure the spanning-tree portfast bpduguard default command.

Examples

This example shows how to enable BPDU guard on an interface:


Device(config-if)# spanning-tree bpduguard enable
Device(config-if)# 

spanning-tree bridge assurance

To enable Bridge Assurance on your network, use the spanning-tree bridge assurance command. To disable the feature, use the no form of the command.

spanning-tree bridge assurance

no spanning-tree bridge assurance

Syntax Description

This command has no arguments or keywords.

Command Default

Bridge Assurance is enabled

Command Modes

Global configuration mode

Command History

Release Modification
3.8.0E and 15.2.(4)E

Support for the command was introduced.

Usage Guidelines

This feature protects your network from bridging loops. It monitors the receipt of BPDUs on point-to-point links on all network ports. When a port does not receive BPDUs within the allotted hello time period, the port is put into a blocked state (the same as a port inconsistent state, which stops forwarding of frames). When the port resumes receipt of BPDUs, the port resumes normal spanning tree operations.

By default, Bridge Assurance is enabled on all operational network ports, including alternate and backup ports. If you have configured the spanning-tree portfast network command on all the required ports that are connected Layer 2 switches or bridges, Bridge Assurance is automatically effective on all those network ports.

Only Rapid PVST+ and MST spanning tree protocols support Bridge Assurance. PVST+ does not support Bridge Assurance.

For Bridge Assurance to work properly, it must be supported and configured on both ends of a point-to-point link. If the device on one side of the link has Bridge Assurance enabled and the device on the other side does not, then the connecting port is blocked (a Bridge Assurance inconsistent state). We recommend that you enable Bridge Assurance throughout your network.

To enable Bridge Assurance on a port, BPDU filtering and BPDU Guard must be disabled.

You can enable Bridge Assurance in conjunction with Loop Guard.

You can enable Bridge Assurance in conjunction with Root Guard. The latter is designed to provide a way to enforce the root bridge placement in the network.

Disabling Bridge Assurance causes all configured network ports to behave as normal spanning tree ports.

Use the show spanning-tree summary command to see if the feature is enabled on a port.

Examples

The following example shows how to enable Bridge Assurance on all network ports on the switch, and how to configure a network port:


Device(config)# spanning-tree bridge assurance
Device(config)# interface gigabitethernet 5/8
Device(config-if)# spanning-tree portfast network
Device(config-if)# exit
This example show how to display spanning tree information and verify if Bridge Assurance is enabled. Look for these details in the output:
  • Portfast Default—Network

  • Bridge Assurance—Enabled


Device# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0199-VLAN0200, VLAN0128
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is network
Portfast Edge BPDU Guard Default is disabled
Portfast Edge BPDU Filter Default is disabled
Loopguard Default is enabled
PVST Simulation Default is enabled but inactive in rapid-pvst mode
Bridge Assurance is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0199 0 0 0 5 5
VLAN0200 0 0 0 4 4
VLAN0128 0 0 0 4 4
---------------------- -------- --------- -------- ---------- ----------
3 vlans 0 0 0 13 13

spanning-tree cost

To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command in interface configuration mode. To revert to the default value, use the no form of this command.

spanning-tree [vlan vlan-id] cost cost

no spanning-tree cost

Syntax Description

vlan vlan-id

(Optional) Specifies the VLAN range associated with the spanning-tree instance. The range of VLAN IDs is 1 to 4094.

cost

The path cost; valid values are from 1 to 200000000.

Command Default

The default path cost is computed from the bandwidth setting of the interface. Default path costs are:

  • 1 Gb/s: 4

  • 100 Mb/s: 19

  • 10 Mb/s: 100

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

When you specify VLANs associated with a spanning tree instance, you can specify a single VLAN identified by a VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLAN IDs separated by a comma.

When you specify a value for the cost argument, higher values indicate higher costs. This range applies regardless of the protocol type specified.

Examples

This example shows how to set the path cost on an interface to a value of 250:


Device(config)# interface gigabitethernet2/0/1
Device(config-if)# spanning-tree cost 250

This example shows how to set the path cost to 300 for VLANS 10, 12 to 15, and 20:


Device(config-if)# spanning-tree vlan 10,12-15,20 cost 300

spanning-tree etherchannel guard misconfig

To display an error message when the device detects an EtherChannel misconfiguration, use the spanning-tree etherchannel guard misconfig command in global configuration mode. To disable the error message, use the no form of this command.

spanning-tree etherchannel guard misconfig

no spanning-tree etherchannel guard misconfig

Syntax Description

This command has no arguments or keywords.

Command Default

Error messages are displayed.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

When the device detects an EtherChannel misconfiguration, this error message is displayed:


PM-4-ERR_DISABLE: Channel-misconfig error detected on [chars], putting [chars] in err-disable state.

To determine which local ports are involved in the misconfiguration, enter the show interfaces status err-disabled command. To check the EtherChannel configuration on the remote device, enter the show etherchannel summary command on the remote device.

After you correct the configuration, enter the shutdown and the no shutdown commands on the associated port-channel interface.

Examples

This example shows how to enable the EtherChannel-guard misconfiguration:

 Device(config)# spanning-tree etherchannel guard misconfig
		  
		

spanning-tree extend system-id

To enable extended system identification, use the spanning-tree extend system-id command in global configuration mode. To disable extended system identification, use the no form of this command.

spanning-tree extend system-id

no spanning-tree extend system-id

Syntax Description

This command has no arguments or keywords.

Command Default

The extended system ID is enabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The spanning tree uses the extended system ID, the device priority, and the allocated spanning-tree MAC address to make the bridge ID unique for each VLAN or multiple spanning-tree instance. Because a switch stack appears as a single switch to the rest of the network, all switches in the stack use the same bridge ID for a given spanning tree. If the stack's active switch fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC address of the stack's active switch.

Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN.

If your network consists of switches that do not support the extended system ID and switches that do support it, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches.

Examples

This example shows how to enable the extended-system ID:


Device(config)# spanning-tree extend system-id 

spanning-tree guard

To enable or disable root-guard mode or loop-guard mode on the VLANs associated with an interface, use the spanning-tree guard command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree guard {loop | root | none}

no spanning-tree guard

Syntax Description

loop

Enables the loop-guard mode on the interface.

root

Enables root-guard mode on the interface.

none

Sets the guard mode to none.

Command Default

Root-guard mode is disabled.

Loop-guard mode is configured according to the spanning-tree loopguard default command in global configuration mode.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can enable root guard or loop guard when the device is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.

You cannot enable both root guard and loop guard at the same time.

Use the spanning-tree guard loop command to override the setting of the spanning-tree loop guard default setting.

When root guard is enabled, if spanning-tree calculations cause an interface to be selected as the root port, the interface transitions to the root-inconsistent (blocked) state to prevent the device from becoming the root switch or from being in the path to the root. The root port provides the best path from the switch to the root switch.

When the no spanning-tree guard or the no spanning-tree guard none command is entered, root guard is disabled for all VLANs on the selected interface. If this interface is in the root-inconsistent (blocked) state, it automatically transitions to the listening state.

Do not enable root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and are prevented from reaching the forwarding state. The UplinkFast feature is not available when the device is operating in the rapid-PVST+ or MST mode.

Examples

This example shows how to enable root guard on all the VLANs associated with the specified interface:


Device(config)# interface gigabitethernet1/0/1
Device(config-if)# spanning-tree guard root

spanning-tree link-type

To configure a link type for a port, use the spanning-tree link-type command in the interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree link-type {point-to-point | shared}

no spanning-tree link-type

Syntax Description

point-to-point

Specifies that the interface is a point-to-point link.

shared

Specifies that the interface is a shared medium.

Command Default

Link type is automatically derived from the duplex setting unless you explicitly configure the link type.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Rapid Spanning Tree Protocol Plus (RSTP+) fast transition works only on point-to-point links between two bridges.

By default, the device derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.

If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.

Examples

This example shows how to configure the port as a shared link:


Device(config-if)# spanning-tree link-type shared

spanning-tree loopguard default

To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command in global configuration mode. To disable loop guard, use the no form of this command.

spanning-tree loopguard default

no spanning-tree loopguard default

Syntax Description

This command has no arguments or keywords.

Command Default

Loop guard is disabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Loop guard provides additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link.

Loop guard operates only on ports that are considered point-to-point by the spanning tree.

The individual loop-guard port configuration overrides this command.

Examples

This example shows how to enable loop guard:


Device(config)# spanning-tree loopguard default

spanning-tree mode

To switch between per-VLAN Spanning Tree+ (PVST+), Rapid-PVST+, and Multiple Spanning Tree (MST) modes, use the spanning-tree mode command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mode {pvst | mst | rapid-pvst}

no spanning-tree mode

Syntax Description

pvst

Enables PVST+ mode.

mst

Enables MST mode.

rapid-pvst

Enables Rapid-PVST+ mode.

Command Default

The default mode is PVST+.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Only one mode can be active at a time.

All stack members run the same spanning-tree mode.


Caution

Be careful when using the spanning-tree mode command to switch between PVST+, Rapid-PVST+, and MST modes. When you enter the command, all spanning-tree instances are stopped for the previous mode and are restarted in the new mode. Using this command may cause disruption of user traffic.


Examples

This example shows how to enable MST mode:

Device(config)# spanning-tree mode mst

This example shows how to return to the default mode (PVST+):

Device(config)# no spanning-tree mode

spanning-tree mst configuration

To enter MST-configuration mode, use the spanning-tree mst configuration command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst configuration

no spanning-tree mst configuration

Syntax Description

This command has no arguments or keywords.

Command Default

The default value for the Multiple Spanning Tree (MST) configuration is the default value for all its parameters:

  • No VLANs are mapped to any MST instance (all VLANs are mapped to the Common and Internal Spanning Tree [CIST] instance).

  • The region name is an empty string.

  • The revision number is 0.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can use these commands for MST configuration:

  • abort Exits the MST region configuration mode without applying configuration changes.
  • exit Exits the MST region configuration mode and applies all configuration changes.
  • instance instance_id vlan vlan_id Maps VLANs to an MST instance. The range for instance IDs is 1 to 4094. The range for VLANs is 1 to 4094. You can specify a single VLAN identified by a VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma.
  • name name Sets the configuration name. The name string is case sensitive and can be up to 32 characters long.
  • no Negates the instance, name and revision commands or sets them to their defaults.
  • revision version Sets the configuration revision number. The range is 0 to 65535.
  • show [ current | pending Displays the current or pending MST region configuration.

In MST mode, a switch stack supports up to 65 MST instances. The number of VLANs that can be mapped to a particular MST instance is unlimited.

For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration name, and the same configuration revision number.

When you map VLANs to an MST instance, the mapping is incremental, and VLANs specified in the command are added to or removed from the VLANs that were previously mapped. To specify a range, use a hyphen; for example, instance 1 vlan 1-63 maps VLANs 1 to 63 to MST instance 1. To specify a series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.

All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST by using the no form of this command.

Changing an MST-configuration mode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST-configuration mode, make changes to a copy of the current MST configuration. When you have finished editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the mode without committing any change to the configuration by using the abort keyword.

Examples

This example shows how to enter MST-configuration mode, map VLANs 10 to 20 to MST instance 1, name the region region1, set the configuration revision to 1 and display the pending configuration:

Device(config)# spanning-tree mst configuration
Device(config-mst)# instance 1 vlan 10-20
Device(config-mst)# name region1
Device(config-mst)# revision 1
Device(config-mst)# show pending 
Pending MST configuration
Name       [region1]
Revision   1
Instance   Vlans  Mapped
--------   ------------------
0          1-9,21-4094
1          10-20
-----------------------------
 

This example shows how to reset the MST configuration to the default settings:

Device(config)# no spanning-tree mst configuration

spanning-tree mst cost

To set the path cost of the interface for multiple spanning tree (MST) calculations, use the spanning-tree mst cost command in interface configuration mode. To revert to the default value, use the no form of this command.

spanning-tree mst instance-id cost cost

no spanning-tree mst instance-id cost

Syntax Description

instance-id

Range of spanning-tree instances. The range is 1 to 4094.

cost

Path cost. The range is 1 to 200000000.

Command Default

The default path cost is computed from the bandwidth setting of the interface. Default path costs are:

  • 1 Gb/s: 20000

  • 100 Mb/s: 200000

  • 10 Mb/s: 2000000

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

When you specify a value for the cost argument, higher values indicate higher costs.

Examples

This example shows how to set the path cost for an interface associated with MST instances 2 and 4 to 50:


Device(config)# interface gigabitethernet2/0/1
Device(config-if)# spanning-tree mst 2,4 cost 250

spanning-tree mst forward-time

To set the forward-delay timer for MST instances, use the spanning-tree mst forward-time command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst forward-time seconds

no spanning-tree mst forward-time

Syntax Description

seconds

Number of seconds to set the forward-delay timer for all the MST instances. The range is 4 to 30.

Command Default

The default is 15 seconds.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Examples

This example shows how to set the forward-delay timer for all MST instances:


Device(config)# spanning-tree mst forward-time 20

spanning-tree mst hello-time

To set the hello-time delay timer, use the spanning-tree mst hello-time command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst hello-time seconds

no spanning-tree mst hello-time

Syntax Description

seconds

Interval, in seconds, between hello BPDUs. The range is 1 to 10.

Command Default

The default is 2.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If you do not specify the hello-time value, the value is calculated from the network diameter.

Exercise care when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands to modify the hello time.

Examples

This example shows how to set the hello-time delay timer to 3 seconds:


Device(config)# spanning-tree mst hello-time 3

spanning-tree mst max-age

To set the interval between messages that the spanning tree receives from the root switch, use the spanning-tree mst max-age command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst max-age seconds

no spanning-tree mst max-age

Syntax Description

seconds

Interval, in seconds, between messages the spanning tree receives from the root switch. The range is 6 to 40.

Command Default

The default is 20.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Examples

This example shows how to set the max-age timer to 40 seconds:


Device(config)# spanning-tree mst max-age 40

spanning-tree mst max-hops

To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst max-hops hop-count

no spanning-tree mst max-hops

Syntax Description

hop-count

Number of possible hops in the region before a BPDU is discarded. The range is 1 to 255.

Command Default

The default is 20.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Examples

This example shows how to set the number of possible hops to 25:


Device(config)# spanning-tree mst max-hops 25

spanning-tree mst port-priority

To set the priority for an interface, use the spanning-tree mst port-priority command in interface configuration mode. To revert to the default value, use the no form of this command.

spanning-tree mst instance-id port-priority priority

no spanning-tree mst instance-id port-priority

Syntax Description

instance-id

Range of spanning-tree instances. The range is 1 to 4094.

priority

Priority. The range is 0 to 240 in increments of 16.

Command Default

The default is 128.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can assign higher priority values (lower numerical values) to interfaces that you want selected first and lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value, the multiple spanning tree (MST) puts the interface with the lowest interface number in the forwarding state and blocks other interfaces.

If the switch is a member of a switch stack, you must use the spanning-tree mst instance_id cost cost command to select an interface to put in the forwarding state.

Examples

This example shows how to increase the likelihood that the interface associated with spanning-tree instances 20 and 22 is placed into the forwarding state if a loop occurs:


Device(config)# interface gigabitethernet2/0/1
Device(config-if)# spanning-tree mst 20,24 port-priority 0

spanning-tree mst pre-standard

To configure a port to transmit only prestandard bridge protocol data units (BPDUs), use the spanning-tree mst pre-standard command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst pre-standard

no spanning-tree mst pre-standard

Syntax Description

This command has no arguments or keywords.

Command Default

The default is to automatically detect prestandard neighbors.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The port can accept both prestandard and standard BPDUs. If the neighbor types are mismatched, only the common and internal spanning tree (CIST) runs on this interface.


Note

If a switch port is connected to a switch running prestandard Cisco IOS software, you must use the spanning-tree mst pre-standard interface configuration command on the port. If you do not configure the port to send only prestandard BPDUs, the Multiple STP (MSTP) performance might diminish.


When the port is configured to automatically detect prestandard neighbors, the prestandard flag always appears in the show spanning-tree mst commands.

Examples

This example shows how to configure a port to transmit only prestandard BPDUs:


Device(config-if)# spanning-tree mst pre-standard

spanning-tree mst priority

To set the bridge priority for an instance, use the spanning-tree mst priority command in global configuration mode. To return to the default setting, use the no form of this command.

spanning-tree mst instance priority priority

no spanning-tree mst priority

Syntax Description

instance

Instance identification number. The range is 0 to 4094.

priority priority

Specifies the bridge priority. The range is 0 to 614440 in increments of 4096.

Command Default

The default is 32768.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

You can set the bridge priority in increments of 4096 only. Valid values are 0, 4096, 8192, 12288, 16384, 20480. 24576, 28672, 32768, 40960, 45056, 49152, 53248, 57344 and 61440.

You can enter instance as a single instance or a range of instances, for example, 0-3,5,7-9.

Examples

This example shows how to set the spanning tree priority for MST instance 0 to 4096:


Device(config)# spanning-tree mst 0 priority 4096

spanning-tree mst root

To designate the primary and secondary root switch and set the timer value for an instance, use the spanning-tree mst root command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree mst instance root {primary | secondary}

no spanning-tree mst instance root

Syntax Description

instance

Instance identification number. The range is 0 to 4094.

primary

Forces this switch to be the root switch.

secondary

Specifies this switch to act as the root switch, if the primary root fail.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Use this command only on backbone switches. You can enter instance-id as a single instance or a range of instances, for example, 0-3,5,7-9.

When you enter the spanning-tree mst instance-id root command, the software tries to set a high enough priority to make this switch the root of the spanning-tree instance. Because of the extended system ID support, the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance. If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value.)

When you enter the spanning-tree mstinstance-id root secondary command, because of support for the extended system ID, the software changes the switch priority from the default value (32768) to 28672. If the root switch fails, this switch becomes the next root switch (if the other switches in the network use the default switch priority of 32768 and are therefore unlikely to become the root switch).

Examples

This example shows how to configure the switch as the root switch for instance 10:


Device(config)# spanning-tree mst 10 root primary 

spanning-tree mst simulate pvst (global configuration)

To enable PVST + simulation globally, use the spanning-tree mst simulate pvst global command. This is enabled by default. To disable PVST+ simulation, use the no form of this command.

spanning-tree mst simulate pvst global

no spanning-tree mst simulate pvst global

Syntax Description

This command has no arguments or keywords.

Command Default

PVST+ simulation is enabled by default.

Command Modes

Global configuration mode

Command History

Release Modification
3.8.0E and 15.2.(4)E

Support for the command was introduced.

Usage Guidelines

This feature configures MST switches (in the same region) to seamlessly interact with PVST+ switches. Use the show spanning-tree summary command to see if the feature is enabled.

To enable PVST+ simulation on a port, see spanning-tree mst simulate pvst (interface configuration) .

Examples

The following example shows the spanning tree summary when PVST+ simulation is enabled in the MSTP mode:


Device# show spanning-tree summary
Switch is in mst mode (IEEE Standard)
Root bridge for: MST0
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is long
PVST Simulation Default is enabled
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
MST0 2 0 0 0 2
---------------------- -------- --------- -------- ---------- ----------
1 mst 2 0 0 0 2

The following example shows the spanning tree summary when the switch is not in MSTP mode, that is, the switch is in PVST or Rapid-PVST mode. The output string displays the current STP mode:


Device# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN2001-VLAN2002
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
PVST Simulation Default is enabled but inactive in rapid-pvst mode
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 2 0 0 0 2
VLAN2001 2 0 0 0 2
VLAN2002 2 0 0 0 2
---------------------- -------- --------- -------- ---------- ----------
3 vlans 6 0 0 0 6

spanning-tree mst simulate pvst (interface configuration)

To enable PVST + simulation on a port, use the spanning-tree mst simulate pvst command in the interface configuration mode. This is enabled by default. To disable PVST+ simulation, use the no form of this command, or enter the spanning-tree mst simulate pvst disable command.

spanning-tree mst simulate pvst [disable]

no spanning-tree mst simulate pvst

Syntax Description

disable

Disables the PVST+ simulation feature. This prevents a port from automatically interoperating with a connecting device that is running Rapid PVST+.

Command Default

PVST+ simulation is enabled by default.

Command Modes

Interface configuration mode

Command History

Release Modification
3.8.0E and 15.2.(4)E

Support for the command was introduced.

Usage Guidelines

This feature configures MST switches (in the same region) to seamlessly interact with PVST+ switches. Use the show spanning-tree interface interface-id detail command to see if the feature is enabled.

To enable PVST+ simulation globally, see spanning-tree mst simulate pvst global .

Examples

The following example shows the interface details when PVST+ simulation is explicitly enabled on the port:


Device# show spanning-tree interface gi3/13 detail
Port 269 (GigabitEthernet3/13) of VLAN0002 is forwarding
Port path cost 4, Port priority 128, Port Identifier 128.297.
Designated root has priority 32769, address 0013.5f20.01c0
Designated bridge has priority 32769, address 0013.5f20.01c0
Designated port id is 128.297, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
PVST Simulation is enabled
BPDU: sent 132, received 1

The following example shows the interface details when the PVST+ simulation feature is disabled and a PVST Peer inconsistency has been detected on the port:


Device# show spanning-tree interface gi3/13 detail
Port 269 (GigabitEthernet3/13) of VLAN0002 is broken (PVST Peer Inconsistent)
Port path cost 4, Port priority 128, Port Identifier 128.297.
Designated root has priority 32769, address 0013.5f20.01c0
Designated bridge has priority 32769, address 0013.5f20.01c0
Designated port id is 128.297, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
PVST Simulation is disabled
BPDU: sent 132, received 1

spanning-tree pathcost method

To set the default path-cost calculation method, use the spanning-tree pathcost method command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree pathcost method {long | short}

no spanning-tree pathcost method

Syntax Description

long

Specifies the 32-bit based values for default port-path costs.

short

Specifies the 16-bit based values for default port-path costs.

Command Default

short

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The long path-cost calculation method utilizes all 32 bits for path-cost calculation and yields values in the range of 1 through 200,000,000.

The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.

Examples

This example shows how to set the default path-cost calculation method to long:


Device(config)#spanning-tree pathcost method long

This example shows how to set the default path-cost calculation method to short:


Device(config)#spanning-tree pathcost method short

spanning-tree port-priority

To configure an interface priority when two bridges tie for position as the root bridge, use the spanning -tree port -priority command in interface configuration mode. To return to the default value, use the no form of this command.

spanning-tree [vlan vlan-id] port-priority port-priority

no spanning-tree [vlan vlan-id] port-priority

Syntax Description

vlan vlan-id

(Optional) Specifies the VLAN range associated with the spanning-tree instance. The range is 1 to 4094.

port-priority

The port priority in increments of sixteen. The range is 0 to 240.

The default is 128.

Command Default

The port priority is 128.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The priority you set breaks the tie.

Examples

The following example shows how to increase the likelihood that a port will be put in the forwarding state if a loop occurs:


Device(config)# interface gigabitethernet2/0/2
Device(config-if)# spanning-tree vlan 20 port-priority 0

spanning-tree portfast edge (global configuration)

To enable bridge protocol data unit (BPDU) filtering on PortFast edge-enabled interfaces, the BDPU guard feature on PortFast edge-enabled interfaces, or the PortFast edge feature on all nontrunking interfaces, use the spanning-tree portfast edge command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree portfast edge {bpdufilter default | bpduguard default | default}

no portfast edge {bpdufilter default | bpduguard default | default}

Syntax Description

bdpufilter default

Enables BDPU filtering on PortFast edge-enabled interfaces and prevents the switch interface connect to end stations from sending or receiving BPDUs.

bdpuguard default

Enables the BDPU guard feature on PortFast edge-enabled interfaces and places the interfaces that receive BPDUs in an error-disabled state.

default

Enables the PortFast edge feature on all nontrunking interfaces.

Command Default

Disabled

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Cisco IOS XE 3.8.0E and Cisco IOS 15.2.(4)E

Beginning with this release, if you enter the spanning-tree portfast [trunk] command in the global configuration mode, the system automatically saves it as spanning-tree portfast edge [trunk] .

Usage Guidelines

You can enable these features when the switch is operating in the per-VLAN spanning-tree plus (PVST+) rapid-PVST+, or the multiple spanning-tree (MST) mode.

Use the spanning-tree portfast edge bpdufilter default global configuration command to globally enable BPDU filtering on interfaces that are PortFast edge-enabled (the interfaces are in a PortFast edge-operational state). The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to switch interfaces do not receive BPDUs. If a BPDU is received on a PortFast edge-enabled interface, the interface loses its PortFast edge-operational status and BPDU filtering is disabled.

You can override the spanning-tree portfast edge bpdufilter default command by using the spanning-tree portfast edge bpdufilter interface command.


Caution

Be careful when using this command. Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.


Use the spanning-tree portfast edge bpduguard default global configuration command to globally enable BPDU guard on interfaces that are in a PortFast edge-operational state. In a valid configuration, PortFast edge-enabled interfaces do not receive BPDUs. Receiving a BPDU on a PortFast edge-enabled interface signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state. The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree.

You can override the spanning-tree portfast edge bpduguard default command by using the spanning-tree portfast edge bpduguard interface command.

Use the spanning-tree portfast edge default command to globally enable the PortFast edge feature on all nontrunking interfaces. Configure PortFast edge only on interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operation. A PortFast edge-enabled interface moves directly to the spanning-tree forwarding state when linkup occurs; it does not wait for the standard forward-delay time.

You can override the spanning-tree portfast edge default global configuration command by using the spanning-tree portfast edge interface configuration command. You can use the no spanning-tree portfast edge default global configuration command to disable PortFast edge on all interfaces unless they are individually configured with the spanning-tree portfast edge interface configuration command.

Examples

This example shows how to globally enable BPDU filtering by default:

 
Device(config)# spanning-tree portfast edge bpdufilter default

This example shows how to globally enable the BDPU guard feature by default:


Device(config)# spanning-tree portfast edge bpduguard default

This example shows how to globally enable the PortFast feature on all nontrunking interfaces:


Device(config)# spanning-tree portfast edge default

spanning-tree portfast edge (interface configuration)

To enable PortFast edge mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-tree portfast edge command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree portfast edge [disable | trunk]

no spanning-tree portfast edge

Syntax Description

disable

(Optional) Disables PortFast edge on the interface.

trunk

(Optional) Enables PortFast edge mode on the interface.

Command Default

The settings that are configured by the spanning-tree portfast edge default command.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Cisco IOS XE 3.8.0E and Cisco IOS 15.2.(4)E

Beginning with this release, if you enter the spanning-tree portfast [trunk] command in the global configuration mode, the system automatically saves it as spanning-tree portfast edge [trunk] .

Usage Guidelines

You can enable this feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), Rapid PVST+, or the multiple spanning-tree (MST) mode.

This feature affects all VLANs on the interface.

Use this command only on interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.

To enable PortFast edge on trunk ports, you must use the spanning-tree portfast edge trunk interface configuration command. The spanning-tree portfast edge command is not supported on trunk ports.

An interface with the PortFast edge feature enabled is moved directly to the spanning-tree forwarding state without the standard forward-time delay.

You can use the spanning-tree portfast edge default global configuration command to globally enable the PortFast edge feature on all nontrunking interfaces. Use the spanning-tree portfast edge interface configuration command to override the global setting.

If you configure the spanning-tree portfast edge default global configuration command, you can disable PortFast edge on an interface that is not a trunk interface by using the spanning-tree portfast edge disable interface configuration command.

Examples

This example shows how to enable the PortFast edge feature on a port:

Device(config)# interface gigabitethernet1/0/2
Device(config-if)#spanning-tree portfast edge 

spanning-tree transmit hold-count

To specify the transmit hold count, use the spanning-tree transmit hold-count command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree transmit hold-count value

no spanning-tree transmit hold-count

Syntax Description

value

Number of bridge protocol data units (BPDUs) sent every second. The range is 1 to 20.

Command Default

The default is 6.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

This command is supported on all spanning-tree modes.

The transmit hold count determines the number of BPDUs that can be sent before pausing for 1 second.


Note

Increasing the transmit-hold count value can have a significant impact on CPU utilization, especially in Rapid Per-VLAN Spanning Tree (PVST+) mode. Decreasing this value might result in slow convergence. We recommend that you used the default setting.


Examples

This example shows how to specify the transmit hold count 8:


Device(config)# spanning-tree transmit hold-count 8

spanning-tree uplinkfast

To enable UplinkFast, use the spanning-tree uplinkfast command in global configuration mode. To disable UplinkFast, use the no form of this command.

spanning-tree uplinkfast [max-update-rate packets-per-second]

no spanning-tree uplinkfast [max-update-rate]

Syntax Description

max-update-rate packets-per-second

(Optional) Specifies the rate (number of packets per second) at which update packets are sent. The range is 0 to 320000.

The default is 150.

Command Default

UplinkFast is disabled.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

Use this command only on access switches.

You can configure the UplinkFast feature for rapid PVST+ or for multiple spanning-tree (MST) mode, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+.

When you enable UplinkFast, it is enabled for the entire switch; it cannot be enabled for individual VLANs.

When you enable or disable UplinkFast, cross-stack UplinkFast (CSUF) also is automatically enabled or disabled on all nonstack port interfaces. CSUF accelerates the choice of a new root port when a link or switch fails or when spanning tree reconfigures itself.

When UplinkFast is enabled, the switch priority of all VLANs is set to 49152. If you change the path cost to a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled, the path cost of all interfaces and VLAN trunks is increased by 3000 (if you change the path cost to 3000 or above, the path cost is not altered). The changes to the switch priority and the path cost reduces the chance that a switch will become the root switch.

When UplinkFast is disabled, the switch priorities of all VLANs and path costs of all interfaces are set to default values if you did not modify them from their defaults.

When spanning tree detects that the root port has failed, UplinkFast immediately changes to an alternate root port, changing the new root port directly to forwarding state. During this time, a topology change notification is sent.

Do not enable the root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state.

If you set the max-update-rate to 0, station-learning frames are not generated, so the spanning-tree topology converges more slowly after a loss of connectivity.

Examples

This example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:


Device(config)# spanning-tree uplinkfast max-update-rate 200

spanning-tree vlan

To configure Spanning Tree Protocol (STP) on a per-virtual LAN (VLAN) basis, use the spanning-tree vlan command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds | priority priority | [root {primary | secondary} [diameter net-diameter]]]

no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | root]

Syntax Description

vlan-id

VLAN range associated with the spanning-tree instance. The range is 1 to 4094.

forward-time seconds

(Optional) Sets the STP forward delay time in second. The range is 4 to 30.

The default is 15.

hello-time seconds

(Optional) Specifies the duration, in seconds, between the generation of configuration messages by the root switch. The range is 1 to 10.

The default is 2.

max-age seconds

(Optional) Sets the maximum number of seconds the information in a bridge packet data unit (BPDU) is valid. The range is 6 to 40.

The default is 20.

priority priority

(Optional) Sets the STP bridge priority. The range is 0 to 61440 in increments of 4096.

The default for the primary root switch is 24576.

The default for the secondary root switch is 28672.

root primary

(Optional) Forces this switch to be the root switch.

root secondary

(Optional) Specifies this switch to act as the root switch should the primary root fail.

diameter net -diameter

(Optional) Specifies the maximum number of switches between any two points of attachment of end stations. The range is 2 through 7.

Command Default

Spanning tree is enabled on all VLANs.

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If the switch does not hear BPDUs within the time specified by the max-age seconds - value, it recomputes the spanning-tree topology.

Use the spanning-tree vlan vlan-id root only on backbone switches.

The spanning-tree vlan vlan-id root secondary command alters this switch’s priority from 32768 to 28672. If the root switch should fail, this switch becomes the next root switch.


Caution

We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.


Examples

The following example shows how to enable spanning tree on VLAN 200:



Device(config)# spanning-tree vlan 200 

The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:



Device(config)# spanning-tree vlan 10 root primary diameter 4

The following example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:



Device(config)# spanning-tree vlan 10 root secondary diameter 4 

switchport access vlan

To configure a port as a static-access port, use the switchport access vlan command in interface configuration mode. To reset the access mode to the default VLAN mode, use the no form of this command.

switchport access vlan { vlan-id }

no switchport access vlan

Syntax Description

vlan-id

(Optional) Number of the VLAN on the interface in access mode. Valid values are from 1 to 4094.

Command Default

The default access VLAN and trunk interface native VLAN is a default VLAN corresponding to the platform or interface hardware.

A dynamic-access port is initially a member of no VLAN and receives its assignment based on the packet it receives.

Command Modes

Interface configuration mode

Command History

Release Modification

Cisco IOS 15.0(2)EX

This command was introduced.

Usage Guidelines

The port must be in access mode before the switchport access vlan command can take effect.

If the switchport mode is set to access vlan vlan-id , the port operates as a member of the specified VLAN. If set to access vlan dynamic , the port starts discovery of VLAN assignment based on the incoming packets it receives. An access port can be assigned to only one VLAN.

The no switchport access command resets the access mode VLAN to the appropriate default VLAN for the device.

Examples

This example show how to first populate the VLAN database by associating a VLAN ID with a VLAN name, and then configure the VLAN (using the name) on an interface, in the access mode: You can also verify your configuration by entering the show interfaces interface-id switchport in privileged EXEC command and examining information in the Access Mode VLAN: row.

Part 1 - Making the entry in the VLAN database:

Device# configure terminal
Device(config)# vlan 33
Device(config-vlan)# name test
Device(config-vlan)# end
Device#

Part 2 - Checking the VLAN database

Device # show vlan id 33
VLAN  Name   Status   Ports
---- -------------------------------- --------- -------------------------------
33    test   active   

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
33   enet  100033     1500   -      -      -        -   -       0      0

Remote SPAN VLAN
----------------
Disabled

Primary  Secondary Type 													Ports
------- --------- -------------- ------------------------------------------
 

Part 3 - Setting the VLAN on the interface, by using the vlan_name 'test'.

Device # configure terminal
Device(config)# interface GigabitEthernet5/1
Device(config-if)# switchport mode access
Device(config-if)# switchport access vlan name test
Device(config-if)# end
Device#

Part 4 - Verifying running-config

Device # show running-config interface GigabitEthernet5/1
Building configuration...
Current configuration : 113 bytes
!
interface GigabitEthernet5/1
switchport access vlan 33
switchport mode access
Switch#

Part 5 - Also can be verified in interface switchport

Device # show interface GigabitEthernet5/1 switchport
Name: Gi5/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 33 (test)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: None
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#

switchport mode

To configure the VLAN membership mode of a port, use the switchport mode command in interface configuration mode. To reset the mode to the appropriate default for the device, use the no form of this command.

switchport mode {access | dynamic | {auto | desirable} | trunk}

noswitchport mode {access | dynamic | {auto | desirable} | trunk}

Syntax Description

access

Sets the port to access mode (either static-access or dynamic-access depending on the setting of the switchport access vlan interface configuration command). The port is set to access unconditionally and operates as a nontrunking, single VLAN interface that sends and receives nonencapsulated (non-tagged) frames. An access port can be assigned to only one VLAN.

dynamic auto

Sets the port trunking mode dynamic parameter to auto to specify that the interface convert the link to a trunk link. This is the default switchport mode.

dynamic desirable

Sets the port trunking mode dynamic parameter to desirable to specify that the interface actively attempt to convert the link to a trunk link.

trunk

Sets the port to trunk unconditionally. The port is a trunking VLAN Layer 2 interface. The port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two devices or between a device and a router.

Command Default

The default mode is dynamic auto .

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

A configuration that uses the access ,or trunk keywords takes effect only when you configure the port in the appropriate mode by using the switchport mode command. The static-access and trunk configuration are saved, but only one configuration is active at a time.

When you enter access mode, the interface changes to permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.

When you enter trunk mode, the interface changes to permanent trunking mode and negotiates to convert the link into a trunk link even if the interface connecting to it does not agree to the change.

When you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode.

When you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring interface is set to trunk , desirable , or auto mode.

To autonegotiate trunking, the interfaces must be in the same VLAN Trunking Protocol (VTP) domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a point-to-point protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations. To avoid this problem, configure interfaces connected to devices that do not support DTP to not forward DTP frames, which turns off DTP.

  • If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.
  • To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames.

Access ports and trunk ports are mutually exclusive.

The IEEE 802.1x feature interacts with switchport modes in these ways:

  • If you try to enable IEEE 802.1x on a trunk port, an error message appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to trunk, the port mode is not changed.
  • If you try to enable IEEE 802.1x on a port set to dynamic auto or dynamic desirable, an error message appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to dynamic auto or dynamic desirable, the port mode is not changed.
  • If you try to enable IEEE 802.1x on a dynamic-access (VLAN Query Protocol [VQP]) port, an error message appears, and IEEE 802.1x is not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.

You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.

Examples

This example shows how to configure a port for access mode:

Device(config)# interface gigabitethernet2/0/1
Device(config-if)# switchport mode access

This example shows how set the port to dynamic desirable mode:

Device(config)# interface gigabitethernet2/0/1
Device(config-if)# switchport mode dynamic desirable   

This example shows how to configure a port for trunk mode:

Device(config)# interface gigabitethernet2/0/1
Device(config-if)# switchport mode trunk

switchport nonegotiate

To specify that Dynamic Trunking Protocol (DTP) negotiation packets are not sent on the Layer 2 interface, use the switchport nonegotiate command in interface configuration mode. Use the no form of this command to return to the default setting.

switchport nonegotiate

no switchport nonegotiate

Syntax Description

This command has no arguments or keywords.

Command Default

The default is to use DTP negotiation to learn the trunking status.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

The no switchport nonegotiate command removes nonegotiate status.

This command is valid only when the interface switchport mode is access or trunk (configured by using the switchport mode access or the switchport mode trunk interface configuration command). This command returns an error if you attempt to execute it in dynamic (auto or desirable) mode.

Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations. To avoid this problem, turn off DTP by using the switchport nonegotiate command to configure the interfaces connected to devices that do not support DTP to not forward DTP frames.

When you enter the switchport nonegotiate command, DTP negotiation packets are not sent on the interface. The device does or does not trunk according to the mode parameter: access or trunk.

  • If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.

  • To enable trunking on a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames.

Examples

This example shows how to cause a port to refrain from negotiating trunking mode and to act as a trunk or access port (depending on the mode set):

Device(config)# interface gigabitethernet2/0/1
Device(config-if)# switchport nonegotiate

You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command.

udld

To enable aggressive or normal mode in the UniDirectional Link Detection (UDLD) and to set the configurable message timer time, use the udld command in global configuration mode. To disable aggressive or normal mode UDLD on all fiber-optic ports, use the no form of the command.

udld {aggressive | enable | message time message-timer-interval}

no udld {aggressive | enable | message}

Syntax Description

aggressive

Enables UDLD in aggressive mode on all fiber-optic interfaces.

enable

Enables UDLD in normal mode on all fiber-optic interfaces.

message time message-timer-interval

Configures the period of time between UDLD probe messages on ports that are in the advertisement phase and are determined to be bidirectional. The range is 1 to 90 seconds. The default is 15 seconds.

Command Default

UDLD is disabled on all interfaces.

The message timer is set at 15 seconds.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

UDLD supports two modes of operation: normal (the default) and aggressive. In normal mode, UDLD detects unidirectional links due to misconnected interfaces on fiber-optic connections. In aggressive mode, UDLD also detects unidirectional links due to one-way traffic on fiber-optic and twisted-pair links and due to misconnected interfaces on fiber-optic links. For information about normal and aggressive modes, see the Catalyst 2960-X Switch Layer 2 Configuration GuideCatalyst 2960-XR Switch Layer 2 Configuration Guide.

If you change the message time between probe packets, you are making a compromise between the detection speed and the CPU load. By decreasing the time, you can make the detection-response faster but increase the load on the CPU.

This command affects fiber-optic interfaces only. Use the udld interface configuration command to enable UDLD on other interface types.

You can use these commands to reset an interface shut down by UDLD:

  • The udld reset privileged EXEC command to reset all interfaces shut down by UDLD.

  • The shutdown and no shutdown interface configuration commands.

  • The no udld enable global configuration command followed by the udld {aggressive | enable} global configuration command to reenable UDLD globally.

  • The no udld port interface configuration command followed by the udld port or udld port aggressive interface configuration command to reenable UDLD on the specified interface.

  • The errdisable recovery cause udld and errdisable recovery interval interval global configuration commands to automatically recover from the UDLD error-disabled state.

Examples

This example shows how to enable UDLD on all fiber-optic interfaces:

Device(config)# udld enable

You can verify your setting by entering the show udld privileged EXEC command.

udld port

To enable UniDirectional Link Detection (UDLD) on an individual interface or to prevent a fiber-optic interface from being enabled by the udld global configuration command, use the udld port command in interface configuration mode. To return to the udld global configuration command setting or to disable UDLD if entered for a nonfiber-optic port, use the no form of this command.

udld port [aggressive]

no udld port [aggressive]

Syntax Description

aggressive

(Optional) Enables UDLD in aggressive mode on the specified interface.

Command Default

On fiber-optic interfaces, UDLD is disabled and fiber-optic interfaces enable UDLD according to the state of the udld enable or udld aggressive global configuration command.

On nonfiber-optic interfaces, UDLD is disabled.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

A UDLD-capable port cannot detect a unidirectional link if it is connected to a UDLD-incapable port of another device.

UDLD supports two modes of operation: normal (the default) and aggressive. In normal mode, UDLD detects unidirectional links due to misconnected interfaces on fiber-optic connections. In aggressive mode, UDLD also detects unidirectional links due to one-way traffic on fiber-optic and twisted-pair links and due to misconnected interfaces on fiber-optic links.

To enable UDLD in normal mode, use the udld port interface configuration command. To enable UDLD in aggressive mode, use the udld port aggressive interface configuration command.

Use the no udld port command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on nonfiber-optic ports.

Use the udld port aggressive command on fiber-optic ports to override the setting of the udld enable or udld aggressive global configuration command. Use the no form on fiber-optic ports to remove this setting and to return control of UDLD enabling to the udld global configuration command or to disable UDLD on nonfiber-optic ports.

You can use these commands to reset an interface shut down by UDLD:

  • The udld reset privileged EXEC command resets all interfaces shut down by UDLD.

  • The shutdown and no shutdown interface configuration commands.

  • The no udld enable global configuration command, followed by the udld {aggressive | enable} global configuration command reenables UDLD globally.

  • The no udld port interface configuration command, followed by the udld port or udld port aggressive interface configuration command reenables UDLD on the specified interface.

  • The errdisable recovery cause udld and errdisable recovery interval interval global configuration commands automatically recover from the UDLD error-disabled state.

Examples

This example shows how to enable UDLD on an port:

Device(config)# interface gigabitethernet6/0/1
Device(config-if)# udld port

This example shows how to disable UDLD on a fiber-optic interface despite the setting of the udld global configuration command:

Device(config)# interface gigabitethernet6/0/1
Device(config-if)# no udld port

You can verify your settings by entering the show running-config or the show udld interface privileged EXEC command.

udld reset

To reset all interfaces disabled by UniDirectional Link Detection (UDLD) and permit traffic to begin passing through them again (though other features, such as spanning tree, Port Aggregation Protocol (PAgP), and Dynamic Trunking Protocol (DTP) still have their normal effects, if enabled), use the udld reset command in privileged EXEC mode.

udld reset

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS Release 15.0(2)EXCisco IOS Release 15.2(5)E

This command was introduced.

Usage Guidelines

If the interface configuration is still enabled for UDLD, these ports begin to run UDLD again and are disabled for the same reason if the problem has not been corrected.

Examples

This example shows how to reset all interfaces disabled by UDLD:

Device# udld reset
1 ports shutdown by UDLD were reset.