Перейти к содержимому
Приведу пример поиска ARP записи по mac адресу:
show arp | include 10fe.ed58.0555
Просмотр ARP по IP, MAC, VLAN:
sh ip arp 192.168.1.22 sh ip arp 01ac:bc11:1100 sh ip arp vlan 100
Просмотр таблицы mac адресов находящихся в указанном VLAN:
show mac address-table vlan 100
Поиск mac адреса в таблице:
show mac-address-table address 20cf.30bd.d1fe
Просмотр дубликатов mac-адресов:
sh mac-address-table duplicate only
Посмотреть диапазон mac адресов самих модулей в устройстве:
Если понадобится удалить MAC или IP из таблиц, то:
clear ip arp 192.168.1.5 clear mac-address-table dynamic address 6872.5104.aaaa clear arp-cache
Как найти порт коммутатора, к которому подключен хост
Январь 13, 2015
Read the article HOW TO FIND A HOST BY IT’S MAC ADDRESS ON CISCO SWITCH in 
English
В повседневной работе очень часто появляется необходимость определить коммутатор и порт, к которому подключен пользователь или какое-то устройство. Для этого необязательно искать его визуально. Достаточно лишь узнать MAC адрес.
Секрет в том, что каждый коммутатор хранит информацию о всех МАС адресах, которые проявляют хоть какую-то сетевую активность за последние несколько минут. Необходимо просто грамотно этим воспользоваться.
Итак, допустим, что необходимо найти порт коммутатора, в который подключен пользователь Иванов. Достоверно известно, что ip адрес его компьютера 192.168.10.100
Возможно 2 варианта определения MAC адреса:
- Непосредственно на компьютере пользователя выполнить в командной строке команду ipconfig /all
Или
- Узнать МАС адрес удаленно, зная ip адрес компьютера пользователя. Это возможно при условии, что есть доступ к маршрутизатору Cisco или межсетевому экрану Cisco ASA, которое является шлюзом по умолчанию для хоста. ARP таблица на этих устройствах будет содержать соответствие МАС и IP адресов.
Для поиска используется команда sh arp | inc x.x.x.x, где х.х.х.х – ip адрес интересующего хоста.
R-DELTACONFIG-1# sh arp | inc 192.168.10.100
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.100 236 78ac.c0bb.74f2 ARPA Vlan10
Устройство с ip адресом 192.168.10.100 имеет МАС адрес 78ac.c0bb.74f2 и находится во Vlan 10.
Определив МАС адрес устройства, можно продолжить поиск его непосредственного месторасположения на коммутаторе.
Команда show mac address-table (иногда пишется с дополнительным дефисом вместо пробела show mac—address-table) показывает список всех МАС адресов активных устройств, которые подключены к коммутатору.
SW-DELTACONFIG-1# sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 1111.1111.1111 DYNAMIC Fa0/1
2 2222.2222.2222 DYNAMIC Fa0/2
3 3333.3333.3333 DYNAMIC Fa0/3
4 4444.4444.4444 DYNAMIC Fa0/4
Из-за большого количества записей, которые обычно присутствуют в этой таблице, рекомендуется использовать фильтр по нужному МАС адресу, причем достаточно последних 4х символов. В нашем случае поиск МАС адреса 78ac.c0bb.74f2 выглядит так:
SW-DELTACONFIG-1#sh mac address-table | inc 74f2
10 78ac.c0bb.74f2 DYNAMIC Gi0/1
Строка вывода показывает, что хост находится в Vlan 10 и подключен к порту коммутатора Gigabitethernet 0/1.
Если у вас небольшой офис и вся сеть организована только на одном единственном коммутаторе, то поиск окончен. Однако, если под управлением есть несколько устройств, то может быть так, что к найденному порту текущего коммутатора подключен не конечный хост, а другой коммутатор. В этом случае необходимо повторить поиск в таблице МАС адресов соседнего коммутатора.
Если в сети офиса их несколько, то определить имя и адрес управления нужного нам соседнего коммутатора помогут команды sh cdp neighbors, которая покажется имена и связанные порты всех коммутаторов Cisco, подключенных к текущему и sh cdp neighbors detail, в выводе которой дополнительно указаны ip адреса для управления соседними коммутаторами
SW-DELTACONFIG-1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW-TEST-2
Gig 0/1 123 S I WS-C3560G-Gig 0/18
Device ID (SW-TEST-2) – имя соседнего устройства
Local Intrfce (Gig 0/1) – локальный интерфейс, куда подключен соседний коммутатор
Port ID (Gig 0/18) – интерфейс соседнего коммутатора.
SW-DELTACONFIG-1#sh cdp nei detail
-------------------------
Device ID: SW-TEST-2
Entry address(es):
IP address: 192.168.1.202
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/18
Holdtime : 144 sec
Теперь необходимо зайти на соседний коммутатор SW-TEST-2 с адресом управления 192.168.1.202 и произвести на нем поиск нужного нам МАС адреса.
При должной сноровке указанный метод позволит находить хосты в сети любых размеров не более чем за пару минут, не вставая с рабочего места.
Перейти к оглавлению
MAC-адрес — физический адрес любого устройство в сети (компьютера или сервера). Бывают ситуации, когда инженеры не имеют возможности «вживую» проверить оборудование, но при этом требуется знать, какое устройство подключено к порту коммутатора. В этом случае они используют удаленный доступ и смотрят таблицу MAC-адресов, которая есть на любом коммутаторе Cisco.
Рассмотрим простейший случай. В нашей сети имеется один коммутатор, к которому подключены два компьютера и один сервер.
Мы не знаем, какое устройство подключено к какому порту. Но имеем удаленный доступ к свичу и всем хостам. Для того, чтобы вывести таблицу MAC-адресов в Cisco используется команда:
#show mac-address-table
Посмотрим вывод команды на sw1:
Таблица содержим четыре столбца. Для нас важно, что она показывает MAC-адрес и соответствующий ему порт. Теперь, например, мы хотим узнать к какому порту подключен наш сервер. Для этого, узнаем MAC-адрес сервера, удаленно подключившись к нему. Вводим команду
ipconfig /all
Видим MAC 0003.E464.56A1 — соответствует порту fast Ethernet 0/10. Таким образом, становится понятно к какому порту коммутатора Cisco подключен сервер.
Важно! Всегда подписывайте назначения портов. Это можно сделать с помощью команды description.
Смотрим MAC-адреса в определенном VLAN’e
В этом случае разделим сеть компьютеров и сервера на два VLAN:
- для компьютеров PC-1 и PC-2 создадим VLAN 10 и сеть 192.168.10.0/24
- для сервера создадим VLAN 20 и сеть 192.168.20.0/24
Чтобы посмотреть какие устройства находятся в 10 vlan’e на sw1 вводим команду
# show mac-address-table vlan 10
При этом будет также отображаться таблица с MAC-адресами и соответствующими им портами.
Определяем MAC-адрес по IP-адресу
Но что, если нам нужно по IP-адресу определить MAC-адрес устройства. В этом случае нам поможет протокол ARP.
ARP — сетевой протокол, позволяющий по известному IP-адресу компьютера, получить его MAC-адрес. Если компьютер A в сети Ethernet не знает физический адреса компьютера B — он отправляет широковещательный ARP-запрос. Компьютер B отправляет ARP-ответ, в котором и содержится его MAC. После чего компьютер A записывает соответствие IP и MAC к себе в ARP-таблицу.
Роутер также содержит в себе ARP-таблицу. Чтобы посмотреть ее на R1 вводим команду:
# show arp
Помогла ли вам статья?
Спасибо! Ваш голос учтен.
Table Of Contents
Cisco NX-OS Layer 2 Commands
clear mac address-table dynamic
clear spanning-tree counters
clear spanning-tree detected-protocol
clear vlan counters
clear vtp counters
feature private-vlan
feature vtp
instance vlan
mac-address
mac address-table aging-time
mac address-table static
media ethernet
name (VLAN configuration)
name (mst configuration)
private-vlan
private-vlan association
private-vlan mapping
private-vlan synchronize
revision
show forwarding consistency l2
show hardware mac address-table
show interface mac-address
show interface private-vlan mapping
show interface pruning
show interface switchport
show interface trunk
show interface vlan
show interface vlan counters
show mac address-table
show mac address-table aging-time
show running-config spanning-tree
show running-config vlan
show running-config vtp
show spanning-tree
show spanning-tree active
show spanning-tree bridge
show spanning-tree brief
show spanning-tree detail
show spanning-tree interface
show spanning-tree mst
show spanning-tree root
show spanning-tree summary
show spanning-tree vlan
show startup-config vlan
show startup-config vtp
show system vlan reserved
show vlan
show vlan counters
show vlan dot1q tag native
show vlan id
show vlan private-vlan
show vtp counter
show vtp interface
show vtp password
show vtp status
shutdown (VLAN configuration)
spanning-tree bpdufilter
spanning-tree bpduguard
spanning-tree bridge assurance
spanning-tree cost
spanning-tree guard
spanning-tree link-type
spanning-tree loopguard default
spanning-tree mode
spanning-tree mst configuration
spanning-tree mst cost
spanning-tree mst forward-time
spanning-tree mst hello-time
spanning-tree mst max-age
spanning-tree mst max-hops
spanning-tree mst port-priority
spanning-tree mst pre-standard
spanning-tree mst priority
spanning-tree mst root
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst global
spanning-tree pathcost method
spanning-tree port type edge
spanning-tree port type edge bpdufilter default
spanning-tree port type edge bpduguard default
spanning-tree port type edge default
spanning-tree port type network
spanning-tree port type network default
spanning-tree port-priority
spanning-tree vlan
state
switchport mode private-vlan host
switchport mode private-vlan promiscuous
switchport mode private-vlan promiscuous trunk
switchport mode private-vlan trunk secondary
switchport private-vlan association trunk
switchport private-vlan host-association
switchport private-vlan mapping trunk
switchport private-vlan trunk allowed vlan
switchport private-vlan trunk native vlan
switchport trunk pruning vlan
system vlan reserve
vlan (global configuration mode)
vlan configuration
vtp domain
vtp file
vtp mode
vtp mode transparent
vtp password
vtp pruning
vtp version
Cisco NX-OS Layer 2 Commands
This chapter describes the Cisco NX-OS Layer 2 commands.
clear mac address-table dynamic
To clear the dynamic address entries from the MAC address table in Layer 2, use the clear mac address-table dynamic command.
clear mac address-table dynamic [[address mac_addr] [vlan vlan_id] [interface {type slot/port | port-channel number}]
Syntax Description
|
address mac_addr |
(Optional) Specifies the MAC address to remove from the table. Use the format XXXX.XXXX.XXXX. |
|
vlan vlan_id |
(Optional) Specifies the VLAN from which the MAC address should be removed from the table. The range of valid values is from 1 to 4094. |
|
interface type slot/port |
(Optional) Specifies the interface. Use either the type of interface, the slot number, or the port number. |
|
port-channel number |
(Optional) Specifies the port channel number. The range is from 1 to 4096. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries from the table.
To clear static MAC addresses from the table, use the no mac address-table static command in configuration mode.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, the device removes all addresses on the specified interfaces.
This command does not require a license.
Examples
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table:
switch(config)# clear mac address-table dynamic
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table for VLAN 20 on port 2/20:
switch(config)# clear mac address-table dynamic vlan 20 interface ethernet 2/20
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays the information about the MAC address table. |
clear spanning-tree counters
To clear the counters for the Spanning Tree Protocol (STP), use the clear spanning-tree counters command.
clear spanning-tree counters [vlan vlan-id] [interface {ethernet {interface-num} | port-channel {channel-num}}]
Syntax Description
|
vlan vlan-id |
(Optional) Specifies the VLAN. The range is from 1 to 4094. |
|
interface |
(Optional) Specifies the interface type. |
|
ethernet |
Specifies the Ethernet. |
|
interface-num |
Module and port number. |
|
port-channel channel-num |
Port-channel number. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You can clear all the STP counters on the entire device, per VLAN, or per interface.
This command does not require a license.
Examples
This example shows how to clear the STP counters for VLAN 5:
switch# clear spanning-tree counters vlan 5
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about the spanning tree state. |
|
show spanning-tree mst |
Displays information about MST spanning tree state. |
clear spanning-tree detected-protocol
To restart the protocol migration, use the clear spanning-tree detected-protocol command.
clear spanning-tree detected-protocol [interface {ethernet {interface-num} | port-channel {channel-num}}]
Syntax Description
|
interface |
(Optional) Specifies the interface type. |
|
ethernet |
Specifies the Ethernet. |
|
ethernet interface-num |
Module and port number. |
|
port-channel channel-num |
Port-channel number. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) have built-in compatibility mechanisms that allow them to interact properly with other versions of IEEE spanning tree or other regions. For example, a bridge running Rapid PVST+ can send 802.1D bridge protocol data units (BPDUs) on one of its ports when it is connected to a legacy bridge. An MST bridge can detect that a port is at the boundary of a region when it receives a legacy BPDU or an MST BPDU that is associated with a different region.
These mechanisms are not always able to revert to the most efficient mode. For example, a Rapid PVST+ bridge that is designated for a legacy 802.1D bridge stays in 802.1D mode even after the legacy bridge has been removed from the link. Similarly, an MST port assumes that it is a boundary port when the bridges to which it is connected have joined the same region.
To force the MST port to renegotiate with the neighbors, enter the clear spanning-tree detected-protocol command.
If you enter the clear spanning-tree detected-protocol command with no arguments, the command is applied to every port of the device.
This command does not require a license.
Examples
This example shows how to restart the protocol migration on a specific interface:
switch# clear spanning-tree detected-protocol interface gigabitethernet5/8
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about the spanning tree state. |
|
show spanning-tree mst |
Displays information about MST spanning tree state. |
clear vlan counters
To clear the counters for a specified VLAN or all VLANs, use the clear vlan counters command.
clear vlan [id {vlan-id}] counters
Syntax Description
|
id |
(Optional) Specifies the VLAN ID that you want to clear. Valid values are from 1 to 4096. |
|
vlan-id |
Number of the VLAN that you want to clear. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
If you do not specify a VLAN ID, the system clears the counters for all the VLANs, including private VLANs.
This command does not require a license.
Examples
This example shows how to clear the counters for VLAN 50:
switch# clear vlan 50 counters
Related Commands
|
Command |
Description |
|---|---|
|
show vlan counters |
Displays information on statistics for all VLANs or the specified VLAN. |
|
show interface counters |
Displays information about the statistics for the specified VLANs. |
clear vtp counters
To clear the Virtual Trunking Protocol (VTP) counters, use the clear vtp counters command.
clear vtp counters
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to clear the VTP counters:
switch# clear vtp counters
Related Commands
|
Command |
Description |
|---|---|
|
show interface counters |
Displays information about the statistics for the specified VLANs. |
feature private-vlan
To enable private VLANs, use the feature private-vlan command. To return to the default settings, use the no form of this command.
feature private-vlan
no feature private-vlan
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You must use this command to enable private VLAN functionality. You must enable private VLANs before the private VLANs are visible to the user. When private VLANs are disabled, all of the configuration on the feature is removed from the interfaces.
You cannot apply the no feature private-vlan command if the device has any operational ports in private VLAN mode. You must shut down all operational ports in private VLAN mode before you use the no feature private-vlan command. After you shut down the interfaces and enter the no feature private-vlan command, these ports return to the default mode.
This command does not require a license.
Examples
This example shows how to enable private VLAN functionality on the device:
switch(config)# feature private-vlan
Related Commands
|
Command |
Description |
|---|---|
|
show feature |
Displays whether the feature is enabled or disabled. |
|
show vlan private-vlan |
Displays information on private VLANs. If the feature is not enabled, this command returns an error. |
feature vtp
To enable VTPs, use the feature vtp command. To return to the default setting, use the no form of this command.
feature vtp
no feature vtp
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.1(2) |
This command was introduced. |
Usage Guidelines
You must use this command to enable private VTP functionality. You must enable private VTP before you can configure or use any of the functionality.
Note 
When you disable the VTP feature, all of the VTP configurations are lost.
This command does not require a license.
Examples
This example shows how to enable VTP functionality on the device:
switch(config)# feature vtp
Related Commands
|
Command |
Description |
|---|---|
|
show feature |
Displays whether the feature is enabled or disabled. |
instance vlan
To map a VLAN or a set of VLANs to a Multiple Spanning Tree instance (MSTI), use the instance vlan command. To delete the instance and return the VLANs to the default instance (CIST), use the no form of this command.
instance instance-id vlan vlan-id
no instance instance-id vlan vlan-id
Syntax Description5
|
instance-id |
Instances to which the specified VLANs are mapped; the range of valid values is from 0 to 4094. |
|
vlan-id |
Number of the VLAN that you are mapping to the specified MSTI; the range of valid values is from 1 to 4094. |
Defaults
No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).
Command Modes
MST configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
The vlans vlan-range is entered as a single value or a range.
You cannot map VLANs 3968 to 4047 or 4094 to an MST instance. These VLANs are reserved for internal use by the device.
The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added to or removed from the existing instances.
Any unmapped VLAN is mapped to the CIST instance.
Caution
When you change the VLAN-to-MSTI mapping, the system restarts MST.
This command does not require a license.
Examples
This example shows how to map a range of VLANs to MSTI 4:
switch(config)# spanning-tree mst configuration
switch(config-mst)#instance 4 vlan 100-200
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
|
spanning-tree mst configuration |
Enters MST configuration submode. |
mac-address
To configure a static MAC address for a Layer 3 interface, use the mac address command. To return to the default settings, use the no form of this command.
mac-address mac-address
no mac-address mac-address
Syntax Description
|
mac-address |
MAC address for the Layer 3 interface. Use the format XXXX.XXXX.XXXX. |
Defaults
VDC MAC address
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.2(1) |
This command was introduced. |
Usage Guidelines
You can specify a MAC address for all Layer 3 interfaces:
•Layer 3 interfaces
•Layer 3 port channels
•Layer 3 subinterfaces
•VLAN network interface
You cannot configure static MAC addresses on tunnel interfaces.
You cannot use this command on Layer 2 interfaces or individual members of a port channel.
See the Cisco Nexus 7000 Series NX-OS Interfaces Command Reference for information on configuring Layer 3 interfaces.
You cannot configure a static group MAC address to these interfaces.
This command does not require a license.
Examples
This example shows how to configure a static MAC address on a Layer 3 interface:
switch(config)# interface ethernet 7/3
switch(config-1f)# mac-address 02c4.1e42.a3b2
Related Commands
|
Command |
Description |
|---|---|
|
show interface |
Displays information about the interface. |
|
show running-config |
Displays information about the current configuration. |
mac address-table aging-time
To configure the aging time for entries in the Layer 2 table, use the mac address-table aging-time command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [vlan vlan_id]
no mac address-table aging-time [vlan vlan_id]
Syntax Description
|
seconds |
Aging time for MAC table entries for Layer 2. The range is from 120 to 918000 seconds. The default is 1800 seconds. Entering 0 disables the aging time. |
|
vlan vlan_id |
(Optional) Specifies the VLAN to apply the changed aging time. |
Defaults
1800 seconds
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to a different value from that specified by the user (from the rounding process), the system returns an informational message.
When you use this command in the global configuration mode, the age values of all VLANs for which a configuration has not been specified are modified and those VLANs with specifically modified aging times are not modified. When you use the no form of this command without the VLAN parameter, only those VLANs that have not been specifically configured for the aging time reset to the default value. Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only that specified VLAN is modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN is returned to the current global configuration for the aging time, which might or might not be the default value of 300 seconds depending if the global configuration of the device for the aging time has been changed.
The aging time is counted from the last time that the switch detected the MAC address.
This command does not require a license.
Examples
This example shows how to change the length of time an entry remains in the MAC address table to 500 seconds for the entire device:
switch(config)# mac address-table aging-time 500
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays information about the MAC address table. |
|
clear mac address-table aging-time |
Displays information about the MAC address aging time. |
mac address-table static
To configure a static entry for the Layer 2 MAC address table, use the mac address-table static command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port | port-channel number]}
no mac address-table static {address mac_addr} {vlan vlan_id}
Syntax Description
|
mac-address |
MAC address to add to the table. Use the format XXXX.XXXX.XXXX. |
|
vlan vlan-id |
Specifies the VLAN to apply static MAC address to; valid values are from 1 to 4094. |
|
drop |
(Optional) Drops all traffic that is received from and going to the configured MAC address in the specified VLAN. |
|
interface type slot/port |
(Optional) Specifies the interface. Use the type of interface, the slot number, and the port number. |
|
port-channel number |
(Optional) Specifies the interface. Use the port-channel number. |
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast MAC address.
The output interface specified cannot be a VLAN interface or a Switched Virtual Interface (SVI).
Use the no form to remove entries that are profiled by the combination of specified entry information.
This command does not require a license.
Examples
This example shows how to add a static entry to the MAC address table:
switch(config)# mac address-table static 0050.3e8d.6400 vlan 3 interface ethernet 2/1
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays information about MAC address table. |
media ethernet
Note The Cisco NX-OS software supports only Ethernet VLANs on the DC-OS. Although the media ethernet command appears on the device, it does not apply to any configuration.
To set the media type for a VLAN to Ethernet, use the media ethernet command. Use the no form of this command to return to the default value.
media ethernet
no media
Syntax Description
This command has no arguments or keywords.
Defaults
Ethernet is the only media type supported.
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Usage Guidelines
The media ethernet command is not supported in Release 4.0.
This command does not require a license.
Examples
This example shows how to set the media type to Ethernet for VLAN 2:
switch(config-vlan)#media ethernet
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays VLAN information. |
name (VLAN configuration)
To set the name for a VLAN, use the name command. To remove the user-configured name from a VLAN, use the no form of this command.
name vlan-name
no name
Syntax Description
|
vlan-name |
Name of the VLAN; you can use up to 32 alphanumeric, case-sensitive characters. Note |
Defaults
The vlan-name argument is VLANxxxx where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
The name must be unique within the VDC, and the same name can be reused in a separate VDC.
You cannot change the name for the default VLAN, VLAN 1, or for the internally allocated VLANs.
This command does not require a license.
Examples
This example shows how to name VLAN 2:
switch(config-vlan)#name accounting
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays VLAN information. |
name (mst configuration)
To set the name of a Multiple Spanning Tree (MST) region, use the name command. To return to the default name, use the no form of this command.
name name
no name name
Syntax Description
|
name |
Name to assign to the MST region. It can be any string with a maximum length of 32 alphanumeric characters. |
Defaults
None
Command Modes
MST configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Two or more devices with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.
Caution
Be careful when using the
name command to set the name of an MST region. If you make a mistake, you can put the device in a different region. The configuration name is a case-sensitive parameter.
This command does not require a license.
Examples
This example shows how to name a region:
switch(config)# spanning-tree mst configuration
switch(config-mst)#name accounting
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
|
spanning-tree mst configuration |
Enters MST configuration submode. |
private-vlan
To configure private VLANs, use the private-vlan command. To return the specified VLAN(s) to normal VLAN mode, use the no form of this command.
private-vlan {isolated | community | primary}
no private-vlan association
Syntax Description
|
isolated |
Designates the VLAN as an isolated secondary VLAN. |
|
community |
Designates the VLAN as a community secondary VLAN. |
|
primary |
Designates the VLAN as the primary VLAN. |
|
association |
Specifies to delete all associations from the primary VLAN. |
Defaults
None
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
Note Before you configure a VLAN as a secondary VLAN, either community or isolated, you must shut down the VLAN interface, or Switched Virtual Interface (SVI), for that VLAN.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
You cannot configure VLAN1 or the internally allocated VLANs as private VLANs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
An isolated VLAN is a VLAN that is used by isolated ports to communicate with promiscuous ports. An isolated VLAN’s traffic is blocked on all other private ports in the same VLAN. Its traffic can only be received by standard trunking ports and promiscuous ports that are assigned to the corresponding primary VLAN.
A promiscuous port is defined as a private port that is assigned to a primary VLAN.
A community VLAN is defined as the VLAN that carries the traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN.
A primary VLAN is defined as the VLAN that is used to convey the traffic from the routers to customer end stations on private ports.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
This command does not require a license.
Examples
This example shows how to remove a private VLAN relationship from the primary VLAN. The associated secondary VLANs are not deleted.
switch(config-vlan)# no private-vlan association
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays information about VLANs. |
|
show vlan private-vlan |
Displays information about private VLANs. |
private-vlan association
To configure the association between a primary VLAN and a secondary VLAN on a private VLAN, use the private-vlan association command. To remove the association, use the no form of this command.
private-vlan association {[add] secondary-vlan-list | remove secondary-vlan-list}
no private-vlan association
Syntax Description
|
add |
Associates a secondary VLAN to a primary VLAN. |
|
secondary-vlan-list |
Number of the secondary VLAN. |
|
remove |
Clears the association between a secondary VLAN and a primary VLAN. |
Defaults
None
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
Note Before you configure a VLAN as a secondary VLAN, either community or isolated, you must shut down the VLAN interface, or switched virtual interface (SVI), for that VLAN.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. When you enter the no private-vlan command, the VLAN returns to the normal VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. However, when you reconvert the specified VLAN to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations with that VLAN are suspended and return when you recreate the specified VLAN and configure it as the previous secondary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple secondary VLAN IDs.
A private VLAN is a set of private ports that are characterized by using a common set of VLAN number pairs. Each pair is made up of at least two special unidirectional VLANs and is used by isolated ports and/or by a community of ports to communicate with routers.
Multiple community and isolated VLANs are allowed. If you enter a range of primary VLANs, the system uses the first number in the range for the association.
Isolated and community VLANs can only be associated with one primary VLAN. You cannot configure a VLAN that is already associated to a primary VLAN as a primary VLAN.
This command does not require a license.
Examples
This example shows how to create a private VLAN relationship between the primary VLAN 14, the isolated VLAN 19, and the community VLANs 20 and 21:
switch(config-vlan)# private-vlan isolated
switch(config-vlan)# private-vlan community
switch(config-vlan)# private-vlan community
switch(config-vlan)# private-vlan primary
switch(config-vlan)# private-vlan association 19-21
This example shows how to remove isolated VLAN 18 and community VLAN 20 from the private VLAN association:
switch(config-vlan)# private-vlan association remove 18,20
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays information about VLANs. |
|
show vlan private-vlan [type] |
Displays information about private VLANs. |
private-vlan mapping
To create a mapping between the primary and the secondary VLANs so that both VLANs share the same Layer 3 VLAN interface, or switched virtual interface (SVI), use the private-vlan mapping command under the SVI. To remove all private VLAN mappings from the Layer 3 VLAN interface, use the no form of this command.
private-vlan mapping {[add] secondary-vlan-list | remove secondary-vlan-list}
no private-vlan mapping
Syntax Description
|
add |
(Optional) Maps the secondary VLAN to the primary VLAN. |
|
secondary-vlan-list |
VLAN ID of the secondary VLANs to map to the primary VLAN. |
|
remove |
Removes the mapping between the secondary VLAN and the primary VLAN. |
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You must enable private VLANs by using the feature private-vlan command before you can configure private VLANs. The commands for configuring private VLANs are not visible until you enable private VLANs.
The private-vlan mapping command is valid in the interface configuration mode of the primary VLAN.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs.
Note You must enable VLAN interfaces, or SVIs, before you can configure the SVI. Use the feature interface-vlan command to enable VLAN interfaces.
See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x, for information on creating and configuring VLAN interfaces.
Traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN.
When you configure VLANs as secondary private VLANs, the SVIs of those existing VLANs do not function and are considered as down after you enter this command.
You can map a secondary VLAN to only one primary SVI. If you configure the primary VLAN as a secondary VLAN, all the mappings that are specified in this command are suspended.
You must first associate all secondary VLANs with the primary VLAN using the private-vlan command. If you configure a mapping between two VLANs that do not have a valid Layer 2 association, the mapping configuration does not take effect.
See the private-vlan command for more information about primary and secondary VLANs.
This command does not require a license.
Examples
This example shows how to map the interface of VLAN 20 to the Layer 3 VLAN interface, or SVI, of VLAN 18:
switch(config)# interface vlan 18
switch(config-if)# private-vlan mapping 20
This example shows how to permit routing of secondary VLAN-ingress traffic from private VLANs 303 through 307, 309, and 440:
switch# configure terminal
switch(config)# interface vlan 202
switch(config-if)# private-vlan mapping add 303-307,309,440
This example shows how to remove all private VLAN mappings from the SVI of VLAN 19:
switch(config)# interface vlan 19
switch(config-if)# no private-vlan mapping
switch(config-if)#
Related Commands
|
Command |
Description |
|---|---|
|
show interface private-vlan mapping |
Displays information on secondary private VLAN mapping to VLAN interface. |
private-vlan synchronize
To map the secondary VLANs to the same MST instance as the primary VLAN, use the private-vlan synchronize command.
private-vlan synchronize
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
MST configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
If you do not map secondary VLANs to the same MST instance as the associated primary VLAN when you exit the MST configuration submode, the device displays a warning message that lists the secondary VLANs that are not mapped to the same instance as the associated VLAN. The private-vlan synchronize command automatically maps all secondary VLANs to the same instance as the associated primary VLANs.
This command does not require a license.
Examples
This example assumes that a primary VLAN 2 and a secondary VLAN 3 are associated to VLAN 2, and that all VLANs are mapped to the CIST instance 1. This example also shows the output if you try to change the mapping for the primary VLAN 2 only:
switch(config)# spanning-tree mst configuration
switch(config-mst)# instance 1 vlan 2
These secondary vlans are not mapped to the same instance as their primary:
This example shows how to initialize PVLAN synchronization:
switch(config-mst)# private-vlan synchronize
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst configuration |
Displays information about the MST protocol. |
|
spanning-tree mst configuration |
Enters MST configuration submode. |
revision
To set the revision number for the Multiple Spanning Tree (MST) region configuration, use the revision command. To return to the default settings, use the no form of this command.
revision version
no revision version
Syntax Description
|
version |
Revision number for the MST region configuration; the range of valid values is from 0 to 65535. |
Defaults
0
Command Modes
MST configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Two or more devices with the same VLAN mapping and name are considered to be in different MST regions if the configuration revision numbers are different.
Caution
Be careful when using the
revision command to set the revision number of the MST region configuration because a mistake can put the device in a different region.
This command does not require a license.
Examples
This example shows how to set the revision number of the MST region configuration:
switch(config)# spanning-tree mst configuration
switch(config-mst)#revision 5
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST protocol. |
show forwarding consistency l2
To display information about discrepant, missing, or extra MAC addresses between the supervisor and the module, use the show forwarding consistency l2 command.
show forwarding consistency l2 {module}
Syntax Description
|
module |
Module number that you are comparing with the supervisor MAC address table. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1(2) |
This command was introduced. |
Usage Guidelines
Optimally, all the MAC address tables on each module exactly match the MAC address table on the supervisor.
This command does not require a license.
Examples
This example shows how to display hardware information about all the MAC addresses VLAN 1 on module 2:
switch# show forwarding consistency l2 9
Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC age - seconds since last seen
Missing entries in the MAC Table VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+------+----------------------------------
G - 0018.bad7.e115 static - False False sup-eth1(R)
* 1 0001.1234.5600 static - False False Eth9/25G
2 0018.bad7.e115 static - False False sup-eth1(R)G
3 0018.bad7.e115 static - False False sup-eth1(R)
Extra and Discrepant entries in the MAC Table
VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+------+----------------
G - 0018.bad7.dc15 static - False False sup-eth1(R)
* 1 0001.1234.5601 static - False False Eth9/25
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays information about the MAC address table. |
show hardware mac address-table
To display information about the hardware MAC addresses, use the show hardware mac address-table command.
show hardware mac address table {module}
[address {mac-address} {[interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[dynamic [address {mac-address}] [interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[interface {ethernet slot/port | port-channel channel-number}] [address {mac-address}] [vlan vlan-id]]
[static [address {mac-address}] [interface {ethernet slot/port | port-channel channel-number}] [vlan vlan-id]]
[vlan {vlan-id} [address mac-address] [interface {ethernet slot/port | port-channel channel-number}]
Syntax Description
|
module |
Module number. |
|
address mac—address |
(Optional) Specifies the MAC address in the format of X.X.X, XX-XX-XX-XX-XX-XX, XX:XX:XX:XX:XX:XX, XXXX.XXXX.XXXX. |
|
interface |
(Optional) Specifies the interface. |
|
ethernet slot/port |
Displays the Ethernet interface. Use either the type of interface, the slot number, and the port number. The range is from 1 to 253. |
|
port-channel channel-number |
Displays the port channel interface and port-channel number. The range is from 1 to 4096. |
|
vlan vlan-id |
(Optional) Specifies the VLAN number. |
|
dynamic |
(Optional) Specifies dynamic entries only. |
|
static |
(Optional) Specifies static entries only. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
The fields are as follows:
•Valid—Entry is valid in hardware.
•PI—Primary entry.
•BD—Bridge domain.
•MAC—MAC address.
•Index—Destination index; identifies the port on which the MAC address was learned.
•Static—Statically configured entry. The hardware does not modify this entry. This entry is not be aged by the line card process.
•SW—3-bit software value associated with this entry.
•Modified—MAC address entry that was modified by the hardware since last notification. This value is set when index value changes.
•Age byte—Age timer value when last packet arrived with this entry’s MAC address as the source MAC address.
•Tmr sel—Age timer used for updating the age for this entry. Based on the aging value configured for the VLAN, one of the four timers is used for updating the age.
•GM—Specifies the gateway MAC address or not.
•Secure—Secured MAC address.
•TRAP—When this bit is set, the system drops any packet received with this source MAC address as this entry’s MAC address.
•NTFY—Notify. When the Secured and Notify bits are both set, the system redirects packets to the supervisor when the hardware updates the index value.
•RM—Router MAC address.
•RMA—Router MAC address that is active.
Note The RM and RMA fields are not supported on the Cisco Nexus 7000. Series Switch
•Capture—When this bit is set, any packet sent to this destination is copied by setting the CAP1 bit.
•Fld—Flood bit. When this bit is set, any packet sent to this destination MAC causes the flood bit to be set in the result.
•Always learn—Always learn. When this bit is set, the hardware modifies the index value irrespective of whether this entry is marked static or not.
This command does not require a license.
Examples
This example shows how to display hardware information about all the MAC addresses for VLAN 1 on module 2:
switch# show hardware mac address-table 2 vlan 1
Valid| PI| BD | MAC | Index |Stat| SW| Modi| Age| Tmr| GM| Sec| TR | NT | RM | RMA | Cap|Fld| Always
| | | | | ic| | fied|Byte| Sel| |ure| AP | FY | | |TURE| | Learn
-----+---+----+---------------+--------+----+---+-----+----+----+----+----+---+----+----+-----+----+---+-------
1 0 1 0100.0cff.fffe 0x00421 1 1 0 152 0 0 0 0 0 0 0 1 0 0
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays information about the MAC address table. |
show interface mac-address
To display information about the MAC address and the burned-in MAC address, use the show interface mac-address command.
show interface [type slot/port] mac-address
Syntax Description
|
type slot/port |
(Optional) Type of interface, slot number, and port number. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
If you do not specify the interface, the system displays all the MAC addresses. This command displays both the burned-in MAC address and the configured MAC address.
This command does not require a license.
Examples
This example shows how to display information about all the MAC addresses for the device:
switch# show interface mac-address
-----------------------------------------------------------------------------
Interface Mac-Address Burn-in Mac-Address
-----------------------------------------------------------------------------
mgmt0 0019.076c.1a78 0019.076c.1a78
Ethernet2/1 0000.0000.0000 0019.076c.4dac
Ethernet2/2 0000.0000.0000 0019.076c.4dad
Ethernet2/3 0000.0000.0000 0019.076c.4dae
Ethernet2/4 0000.0000.0000 0019.076c.4daf
Ethernet2/5 0000.0000.0000 0019.076c.4db0
Ethernet2/6 0000.0000.0000 0019.076c.4db1
Ethernet2/7 0000.0000.0000 0019.076c.4db2
Ethernet2/8 0000.0000.0000 0019.076c.4db3
Ethernet2/9 0000.0000.0000 0019.076c.4db4
Ethernet2/10 0000.0000.0000 0019.076c.4db5
Ethernet2/11 0000.0000.0000 0019.076c.4db6
Ethernet2/12 0000.0000.0000 0019.076c.4db7
Ethernet2/13 0000.0000.0000 0019.076c.4db8
Ethernet2/14 0000.0000.0000 0019.076c.4db9
Ethernet2/15 0000.0000.0000 0019.076c.4dba
Ethernet2/16 0000.0000.0000 0019.076c.4dbb
Ethernet2/17 0000.0000.0000 0019.076c.4dbc
Ethernet2/18 0000.0000.0000 0019.076c.4dbd
Ethernet2/19 0000.0000.0000 0019.076c.4dbe
Ethernet2/20 0000.0000.0000 0019.076c.4dbf
Ethernet2/21 0000.0000.0000 0019.076c.4dc0
Ethernet2/22 0000.0000.0000 0019.076c.4dc1
Ethernet2/23 0000.0000.0000 0019.076c.4dc2
Ethernet2/24 0000.0000.0000 0019.076c.4dc3
Ethernet2/25 0000.0000.0000 0019.076c.4dc4
Ethernet2/26 0000.0000.0000 0019.076c.4dc5
Ethernet2/27 0000.0000.0000 0019.076c.4dc6
Ethernet2/28 0000.0000.0000 0019.076c.4dc7
Ethernet2/29 0000.0000.0000 0019.076c.4dc8
Ethernet2/30 0000.0000.0000 0019.076c.4dc9
Ethernet2/31 0000.0000.0000 0019.076c.4dca
Ethernet2/32 0000.0000.0000 0019.076c.4dcb
Ethernet2/33 0000.0000.0000 0019.076c.4dcc
Ethernet2/34 0000.0000.0000 0019.076c.4dcd
Ethernet2/35 0000.0000.0000 0019.076c.4dce
Ethernet2/36 0000.0000.0000 0019.076c.4dcf
Ethernet2/37 0000.0000.0000 0019.076c.4dd0
Ethernet2/38 0000.0000.0000 0019.076c.4dd1
Ethernet2/39 0000.0000.0000 0019.076c.4dd2
Ethernet2/40 0000.0000.0000 0019.076c.4dd3
Ethernet2/41 0000.0000.0000 0019.076c.4dd4
Ethernet2/42 0000.0000.0000 0019.076c.4dd5
Ethernet2/43 0000.0000.0000 0019.076c.4dd6
Ethernet2/44 0000.0000.0000 0019.076c.4dd7
Ethernet2/45 0000.0000.0000 0019.076c.4dd8
Ethernet2/46 0000.0000.0000 0019.076c.4dd9
Ethernet2/47 0000.0000.0000 0019.076c.4dda
Ethernet2/48 0000.0000.0000 0019.076c.4ddb
port-channel5 0000.0000.0000 0000.0000.0000
port-channel20 0000.0000.0000 0000.0000.0000
port-channel30 0000.0000.0000 0000.0000.0000
port-channel50 0000.0000.0000 0000.0000.0000
Related Commands
|
Command |
Description |
|---|---|
|
show mac address-table |
Displays information about the MAC address table. |
|
mac address-table static |
Adds static entries to the MAC-address table or configures a static MAC address with IGMP snooping disabled for that address. |
show interface private-vlan mapping
To display information about the private VLAN mapping for the primary VLAN interfaces, use the show interface private-vlan mapping command.
show interface private-vlan mapping
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You can use this command to display the primary and secondary VLAN mapping that allows both VLANs to share the VLAN interface of the primary VLAN.
This command does not require a license.
Examples
This example shows how to display information about the primary and secondary private VLAN mapping:
switch# show interface private-vlan mapping
switch(config)# show interface private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- -----------------
Related Commands
|
Command |
Description |
|---|---|
|
private-vlan mapping |
Creates a mapping between the primary and secondary VLANs so that both VLANs share the same primary VLAN interface. |
|
show interface switchport |
Displays information about the switchports, including those in private VLANs. |
|
show vlan private-vlan |
Displays information about all private VLANs on the device. |
|
show vlan |
Displays summary information about all VLANs. |
show interface pruning
To display interface trunk Virtual Trunking Protocol (VTP) pruning information, use the show interface pruning command.
show interface pruning
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display interface trunk VTP pruning information on the device:
switch# show interface pruning
Port Vlans pruned for lack of request by neighbor
Port Vlan traffic requested of neighbor
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
show interface switchport
To display interface switchport information, use the show interface switchport command.
show interface [if-identifier] switchport
Syntax Description
|
if-identifier |
(Optional) Identifier of an interface. Examples are ethernet 3/22 or port channel 120. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display VTP interface switchport information on the device:
switch# show interface switchport
Switchport Monitor: Not enabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1,10,20-30
Pruning VLANs Enabled: 2-1001
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
show interface trunk
To display interface trunk information, use the show interface trunk command.
show interface [if-identifier] trunk
Syntax Description
|
if-identifier |
(Optional) Identifier of an interface. Examples are ethernet 3/22 or port channel 120. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display VTP interface trunk information on the device:
switch# show interface trunk
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port Vlans Allowed on Trunk
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port VTP in spanning tree forwarding state and not pruned
--------------------------------------------------------------------------------
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
show interface vlan
To display information about specified VLANs, use the show interface vlan command.
show interface vlan vlan-id [brief | description | private-vlan mapping | status]
Syntax Description
|
vlan-id |
Number of the VLAN. The range of values is from 1 to 4096. |
|
brief |
(Optional) Displays a brief description about a specified VLAN. |
|
description |
(Optional) Displays a detailed description about a specified VLAN. |
|
private-vlan mapping |
(Optional) Displays information about the private VLAN mapping, if any, for a specified VLAN. |
|
status |
(Optional) Displays information about the status for a specified VLAN. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
|
4.2(1) |
Display of configured static MAC address for Layer 3 port channels added. |
Usage Guidelines
You can use this command to display information about a specified VLAN, including the private VLANs.
The information is gathered at 1-minute intervals.
When you specify a primary VLAN, the device displays all secondary VLANs mapped to the specified primary VLAN.
The device displays the output for the private-vlan mapping keyword only when you specify a primary private VLAN. If you specify a secondary private VLAN and enter the private-vlan mapping keyword, the output is blank.
Note To display more statistics for the specified VLAN, use the show interface vlan counters and show vlan counters commands.
To display more information about private VLANs, see the show interface private-vlan commands.
You can configure a VLAN network interface with a static MAC address, and this command will display that configured MAC address. See the mac-address command for information on configuring a VLAN network interface with a static MAC address.
This command does not require a license.
Examples
This example shows how to display information about the specified VLAN. This command displays statistical information gathered on the VLAN at 1-minute intervals:
switch# show interface vlan 5
Vlan5 is administratively down, line protocol is down
Hardware is EtherSVI, address is 0000.0000.0000
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Last clearing of "show interface" counters 01:21:55
1 minute input rate 0 bytes/sec, 0 packets/sec
1 minute output rate 0 bytes/sec, 0 packets/sec
input: 0 pkts, 0 bytes - output: 0 pkts, 0 bytes
ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
This example shows how to display a brief description for a specified VLAN. This displays shows the secondary VLAN and type, if configured, and the status:
switch# show interface vlan 5 brief
-------------------------------------------------------------------------------
Interface Secondary VLAN(Type) Status Reason
-------------------------------------------------------------------------------
This example shows how to display the description for a specified VLAN:
switch# show interface vlan 100 description
------------------------------------------
------------------------------------------
This example shows how to display information about the private VLAN mapping, if any, for a specified VLAN:
switch# show interface vlan 200 private-vlan mapping
--------- ----------------------------------------------------------------
This example shows how to display the status for a specified VLAN:
switch# show interface vlan 5 status
------------------------------------------
Interface Status Protocol
------------------------------------------
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information about the switchports, including those configured for private VLANs, |
|
show interface vlan counters |
Displays the statistics for VLANs. |
|
show vlan |
Displays summary information for all VLANs. |
|
show vlan private-vlan |
Displays summary information for all private VLANs. |
show interface vlan counters
To display the statistics for a specified VLAN, use the show interface vlan counters command.
show interface vlan {vlan-id} counters [detailed [all] | snmp]
Syntax Description
|
vlan-id |
VLAN or range of VLANs for which you want to display statistics. The range is from 1 to 4096. |
|
all |
(Optional) Displays all the detailed information for the particular VLAN, including statistics per byte. |
|
snmp |
(Optional) Displays the MIB values. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You can use this command to display information about the received octets, unicast packets, multicast packets, and broadcast packets as well as the transmitted octets, unicast packets, multicast packets, and broadcast packets for all VLANs, including private VLANs.
This command does not require a license.
Examples
This example shows how to display the statistics for a specified VLAN:
switch# show interface vlan 9 counters
--------------------------------------------------------------------------------
Port InOctets InUcastPkts InMcastPkts InBcastPkts
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
--------------------------------------------------------------------------------
This example shows how to display only the nonzero counters for a specified VLAN:
switch# show interface vlan 2 counters detailed
l3_average_input_bits 9947168160
l3_average_input_packets 20723267
l3_routed_bytes_in 39054410460
l3_routed_pkts_in 650906841
l3_ucast_bytes_in 39054410460
l3_ucast_pkts_in 650906841
This example shows how to display all detailed statistics for a specified VLAN:
switch(config)# show interface vlan 9 counters detailed all
0. l3_ipv4_ucast_bytes_in = 0
1. l3_ipv4_ucast_pkts_in = 0
2. l3_ipv4_mcast_bytes_in = 0
3. l3_ipv4_mcast_pkts_in = 0
4. l3_ipv6_ucast_bytes_in = 0
5. l3_ipv6_ucast_pkts_in = 0
6. l3_ipv6_mcast_bytes_in = 0
7. l3_ipv6_mcast_pkts_in = 0
8. l3_ipv4_ucast_bytes_out = 0
9. l3_ipv4_ucast_pkts_out = 0
10. l3_ipv4_mcast_bytes_out = 0
11. l3_ipv4_mcast_pkts_out = 0
12. l3_ipv6_ucast_bytes_out = 0
13. l3_ipv6_ucast_pkts_out = 0
14. l3_ipv6_mcast_bytes_out = 0
15. l3_ipv6_mcast_pkts_out = 0
16. l3_average_input_bytes = 0
17. l3_average_input_packets = 0
18. l3_average_output_bytes = 0
19. l3_average_output_packets = 0
20. l3_routed_bytes_in = 0
21. l3_routed_pkts_in = 0
22. l3_ucast_bytes_in = 0
24. l3_mcast_bytes_in = 0
26. l3_routed_bytes_out = 0
27. l3_routed_pkts_out = 0
28. l3_ucast_bytes_out = 0
29. l3_ucast_pkts_out = 0
30. l3_mcast_bytes_out = 0
31. l3_mcast_pkts_out = 0
This example shows how to display the MIB values for a specified VLAN:
switch(config)# show interface vlan 9 counters snmp
-------------------------------------------------------------------------------
Port InOctets InUcastPkts InMcastPkts InBcastPkts
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
-------------------------------------------------------------------------------
Ethernet2/28 0000.0000.0000 0019.076c.4dc7
Ethernet2/29 0000.0000.0000 0019.076c.4dc8
Ethernet2/30 0000.0000.0000 0019.076c.4dc9
Related Commands
|
Command |
Description |
|---|---|
|
clear counters |
Clears counters on the interfaces. |
show mac address-table
To display the information about the MAC address table, use the show mac address-table command.
show mac address-table [num] [dynamic | static] [address mac-address | count | interface {type slot/port | port-channel number} | vlan vlan-id]
Syntax Description
|
num |
(Optional) MAC address table for a specified module. Note |
|
dynamic |
(Optional) Displays information about the dynamic MAC address table entries only. |
|
static |
(Optional) Displays information about the static MAC address table entries only. |
|
address mac-address |
(Optional) Displays information about the MAC address table for a specific MAC address. |
|
count |
(Optional) Displays the number of MAC address entries for dynamic and static. |
|
interface type slot/port |
(Optional) Specifies the interface. Use either the type of interface, the slot number, or the port number. |
|
port-channel number |
(Optional) Specifies the port-channel number. The range is from 1 to 4096. |
|
vlan vlan-id |
(Optional) Displays information for a specific VLAN only; the range of valid values is from 1 to 4094. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
A primary entry is a MAC address learned on that interface.
Note Use the show mac address-table command without the num argument to display only the primary entries on all modules. When you use the num argument, the device displays all the entries on that module as specified by additional optional arguments.
The device maintains static MAC address entries saved in the startup-config file across reboots and flushes the dynamic entries.
The MAC address table for each virtual device context (VDC) is separate and distinct.
Note To display the MAC address for the VDC, use the show vdc command.
This command does not require a license.
Examples
Note In the following examples, NTFY means notify.
This example shows how to display the information about the entries for the Layer 2 MAC address table:
switch# show mac address-table
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
G - 0018.bad8.3fbd static - False False sup-eth1(R)
* 3 1234.dd56.ee89 static - False False Eth2/1
This example shows how to display the information about the entries for the Layer 2 MAC address table for a specific module:
switch# show mac address-table 2
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
G - 0018.bad8.3fbd static - False False sup-eth1(R)
* 3 1234.dd56.ee89 static - False False Eth2/1
3 0000.23bd.4fda dynamic 70 False False Eth1/1
This example shows how to display the information about the entries for the Layer 2 MAC address table for a specific MAC address:
switch# show mac address-table address 0018.bad8.3fbd
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
G - 0018.bad8.3fbd static - False False sup-eth1(R)
This example shows how to display the information about the dynamic entries for the Layer 2 MAC address table:
switch# show mac address-table dynamic
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
* 3 0010.fcbc.3fbd dynamic 1265 False False Eth2/12
* 3 1234.dd56.ee89 dynamic 850 False False Eth2/1
This example shows how to display the information about the Layer 2 MAC address table for a specific interface:
switch# show mac address-table interface ethernet 2/13
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
* 1 1234.dd56.ee89 dynamic 0 False False Eth2/13
This example shows how to display the static entries in the Layer 2 MAC address table:
switch# show mac address-table static
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
G - 0018.bad8.3fbd static - False False sup-eth1(R)
* 3 1234.dd56.ee89 static - False False Eth2/1
This example shows how to display the entries in the Layer 2 MAC address table for a specific VLAN:
switch# show mac address-table vlan 3
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+------+----------------
* 3 1234.dd56.ee89 static - False False Eth2/1
Related Commands
|
Command |
Description |
|---|---|
|
mac address-table static |
Adds static entries to the MAC address table or configures a static MAC address with IGMP snooping disabled for that address. |
show mac address-table aging-time
To display information about the timeout values for the MAC address table, use the show mac-address-table aging-time command.
show mac address-table aging-time [vlan vlan-id]
Syntax Description
|
vlan vlan-id |
(Optional) Displays information for a specific VLAN only; the range of valid values is from 1 to 4094. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You can configure the MAC address aging time per VLAN or for the entire device. The valid range is from 120 to 918000. Entering 0 disables the MAC aging time.
This command does not require a license.
Examples
This example shows how to display MAC address aging times:
switch# show mac address-table aging-time
Related Commands
|
Command |
Description |
|---|---|
|
mac address-table aging-time |
Configures the aging time for entries in the Layer 2 table. |
show running-config spanning-tree
To display the running configuration for the Spanning Tree Protocol (STP), use the show running-config spanning-tree command.
show running-config spanning-tree [all]
Syntax Description
|
all |
(Optional) Displays current STP operating information including the default settings. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command provides information about the Spanning Tree Protocol.
Note The display output differs slightly depending on whether you are running Rapid Per VLAN Spanning Tree (Rapid PVST+) or Multiple Spanning Tree (MST).
This command does not require a license.
Examples
This example shows how to display information about the running STP configuration when you are running MST:
switch# show running-config spanning-tree
This example shows how to display detailed information about the running STP configuration when you are running MST:
switch# show running-config spanning-tree all
no spanning-tree port type edge default
no spanning-tree port type network default
spanning-tree bridge assurance
no spanning-tree loopguard default
spanning-tree mst simulate pvst global
no snmp-server enable traps bridge topologychange
no snmp-server enable traps bridge newroot
no snmp-server enable traps stpx inconsistency
no snmp-server enable traps stpx loop-inconsistency
no snmp-server enable traps stpx root-inconsistency
spanning-tree mst hello-time 2
spanning-tree mst forward-time 15
spanning-tree mst max-age 20
spanning-tree mst max-hops 20
spanning-tree mst 0 priority 32768
spanning-tree mst configuration
configure interface Ethernet8/1
spanning-tree port-priority 128
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about STP. |
show running-config vlan
To display the running configuration for a specified VLAN, use the show running-config vlan command.
show running-config vlan {vlan-id}
Syntax Description
|
vlan-id |
Number of the VLAN or range of VLANs. Valid numbers range from 1 to 4096. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command provides information about the specified VLAN, including private VLANs.
The display varies with your configuration. If you configure the name, shutdown status, or suspended status, these are also displayed.
This command does not require a license.
Examples
This example shows how to display the running configuration for VLAN 50:
switch(config)# show running-config vlan 50
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays information about all the VLANs on the device. |
show running-config vtp
To display the running configuration for the VLAN Trunking Protocol (VTP), use the show running-config vtp command.
show running-config vtp
Syntax Description
This command has no arguments or keywords
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1(2) |
This command was introduced. |
Usage Guidelines
This command provides information about VTP.
This command does not require a license.
Examples
This example shows how to display the running configuration for VTP:
switch(config)# show running-config vtp
Related Commands
|
Command |
Description |
|---|---|
|
show vtp status |
Displays information about VTP on the device. |
show spanning-tree
To display information about the Spanning Tree Protocol (STP), use the show spanning-tree command.
show spanning-tree [blockedports | inconsistentports | pathcost method]
Syntax Description
|
blockedports |
(Optional) Displays the alternate ports blocked by STP. |
|
inconsistentports |
(Optional) Displays the ports that are in an inconsistent STP state. |
|
pathcost method |
(Optional) Displays whether the short or long path-cost method is used. Note |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
|
4.1(3) |
This command was enhanced to display when a port is part of a virtual port channel (vPC). |
Usage Guidelines
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
Note The display output differs slightly depending on whether you are running Rapid PVST+ or MST.
This command does not require a license.
Examples
This example shows how to display STP when you are running Rapid PVST+:
switch# show spanning-tree
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32772 (priority 32768 sys-id-ext 4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
This example shows how to display STP information when you are running MST:
switch# show spanning-tree
Spanning tree enabled protocol mstp
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ----- --- --------- -------- ------------------------------------
Eth2/1 Altn BKN 20000 128.257 Network, P2p BA_Inc.
Eth2/2 Root FWD 20000 128.258 Edge, P2p
Eth3/48 Desg FWD 20000 128.43228 P2p
This example shows how to display the blocked ports in spanning tree:
switch(config)# show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
This example shows how to determine if any ports are in any STP-inconsistent state:
switch# show spanning-tree inconsistentports
Name Interface Inconsistency
-------------------- ---------------------- ------------------
MST0000 Eth8/1 Bridge Assurance Inconsistent
MST0000 Eth8/2 Bridge Assurance Inconsistent
This example shows how to display the path-cost method when you are running Rapid PVST+:
switch(config)# show spanning-tree pathcost method
Spanning tree default pathcost method used is short
This example shows how to display the path-cost method when you are running MST:
switch(config)# show spanning-tree pathcost method
Spanning tree default pathcost method used is short (Operational value is long)
Table 1-1 describes the fields that are shown in the examples.
|
Field |
Definition and Options |
|---|---|
|
Role |
Current port STP role. Valid values are as follows: • • • • |
|
State |
Current port STP state. Valid values are as follows: • • • • |
|
Type |
Status information; valid values are as follows: • • • • |
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays a brief summary of STP information. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree active
To display Spanning Tree Protocol (STP) information on STP-active interfaces only, use the show spanning-tree active command.
show spanning-tree active [brief | detail]
Syntax Description
|
brief |
(Optional) Displays a brief summary of STP interface information. |
|
detail |
(Optional) Displays a detailed summary of STP interface information. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information on the STP active interfaces:
switch# show spanning-tree active
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32772 (priority 32768 sys-id-ext 4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays a brief summary of STP information. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration about specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree bridge
To display the status and configuration of the Spanning-Tree Protocol (STP) local bridge, use the show spanning-tree bridge command.
show spanning-tree bridge [address | brief | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol]
Syntax Description
|
address |
(Optional) Displays the MAC address for the STP local bridge. |
|
brief |
(Optional) Displays a brief summary of the status and configuration for the STP bridge. |
|
detail |
(Optional) Displays a detailed summary of the status and configuration for the STP bridge. |
|
forward-time |
(Optional) Displays the STP forward delay interval for the bridge. |
|
hello-time |
(Optional) Displays the STP hello time for the bridge. |
|
id |
(Optional) Displays the STP bridge identifier for the bridge. |
|
max-age |
(Optional) Displays the STP maximum-aging time for the bridge. |
|
priority |
(Optional) Displays the bridge priority for this bridge. |
|
system-id |
(Optional) Displays the bridge priority with the system ID extension for this bridge. |
|
protocol |
(Optional) Displays which STP protocol is active, Rapid Per VLAN Spanning Tree (Rapid PVST+) or Multiple Spanning Tree (MST) on the device. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information for the bridge:
switch(config)# show spanning-tree bridge
MST Instance Bridge ID Time Age Dly Protocol
---------------- --------------------------------- ----- --- --- --------
MST0000 32768 (32768,0) 0018.bad7.fc15 2 20 15 mstp
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree brief |
Displays a brief summary of STP information. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree brief
To display a brief summary of the Spanning Tree Protocol (STP) status and configuration on the device, use the show spanning-tree brief command.
show spanning-tree brief [active]
Syntax Description
|
active |
(Optional) Displays information about the STP active interfaces only. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display a brief summary of STP information:
switch(config)# show spanning-tree brief
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree detail
To display detailed information on the Spanning Tree Protocol (STP) status and configuration on the device, use the show spanning-tree detail command.
show spanning-tree detail [active]
Syntax Description
|
active |
(Optional) Displays information about the STP active interfaces only. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display detailed information about the STP configuration:
switch(config)# show spanning-tree detail
VLAN0001 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1, address 0022.5579.7641
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769, address 000d.eca3.9f01
Root port is 4105 (port-channel10), cost of root path is 4
Topology change flag not set, detected flag not set
Number of topology changes 1 last change occurred 20:24:36 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port 4105 (port-channel10, vPC Peer-link) of VLAN0001 is root forwarding
Port path cost 2, Port priority 128, Port Identifier 128.4105
Designated root has priority 32769, address 000d.eca3.9f01
Designated bridge has priority 32769, address 0022.5579.7341
Designated port id is 128.4105, designated path cost 2
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 36729, received 36739
Port 4115 (port-channel20, vPC) of VLAN0001 is designated forwarding
Port path cost 1, Port priority 128, Port Identifier 128.4115
Designated root has priority 32769, address 000d.eca3.9f01
Designated bridge has priority 32769, address 0022.5579.7341
Designated port id is 128.4115, designated path cost 2
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 0
Link type is point-to-point by default
Port 4125 (port-channel30, vPC) of VLAN0001 is root forwarding
Port path cost 1, Port priority 128, Port Identifier 128.4125
Designated root has priority 32769, address 000d.eca3.9f01
Designated bridge has priority 32769, address 000d.eca3.9f01
Designated port id is 128.4125, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 0
Link type is point-to-point by default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays brief summary information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration about specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree interface
To display information about the Spanning Tree Protocol (STP) interface status and configuration of specified interfaces, use the show spanning-tree interface command.
show spanning-tree interface {ethernet {slot/port} | port-channel {channel-number}} [active [brief | detail] | brief [active] | cost | detail [active] | edge | inconsistency | priority | rootcost | state]
Syntax Description
|
ethernet slot/port |
Displays the Ethernet interface and slot or port number. The range is from 1 to 253. |
|
port-channel channel-number |
Port channel number. The range is from 1 to 4096. |
|
active |
(Optional) Displays information about the STP active interfaces only on the specified interfaces. |
|
brief |
(Optional) Displays a brief summary about the specified STP interfaces. |
|
detail |
(Optional) Displays detailed information about the specified STP interfaces. |
|
cost |
(Optional) Displays the STP path cost for the specified interfaces. |
|
edge |
(Optional) Displays the STP-type edge port information for the specified interfaces. |
|
inconsistency |
(Optional) Displays the port STP inconsistency state for the specified interfaces. |
|
priority |
(Optional) Displays the STP port priority for the specified interfaces. |
|
rootcost |
(Optional) Displays the path cost to the root for specified interfaces. |
|
State |
Current port STP state. Valid values are as follows: • • • • |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
The STP port type displays only when you have configured the port as either an STP edge port or an STP network port. If you have not configured the STP port type, no port type displays.
If you specify an interface that is not running STP, the device returns an error message.
When you are running MST, this command displays the PVST simulation setting.
Note If you are running MST, use the show spanning-tree mst command to show more detail on the specified interfaces.
This command does not require a license.
Examples
This example shows how to display STP information about a specified interface when you are running Rapid PVST+:
switch(config)# show spanning-tree interface ethernet 8/2
Vlan Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
VLAN0001 Altn BLK 20000 128.1025 P2p
VLAN0002 Desg FWD 20000 128.1025 P2p
This example shows how to display STP information about a specified interface when you are running MST:
switch(config)# show spanning-tree interface ethernet 2/50
Mst Instance Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
MST0000 Desg FWD 20000 128.1281 P2p
This example shows how to display detailed STP information about a specified interface when you are running Rapid PVST+:
switch(config)# show spanning-tree interface ethernet 8/1 detail
Port 1025 (Ethernet8/1) of VLAN0001 is alternate blocking
Port path cost 20000, Port priority 128, Port Identifier 128.1025
Designated root has priority 28672, address 0018.bad8.239d
Designated bridge has priority 28672, address 0018.bad8.239d
Designated port id is 128.1281, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
The port type is network by default.
BPDU: sent 4657, received 188
Port 1025 (Ethernet8/1) of VLAN0002 is designated forwarding
Port path cost 20000, Port priority 128, Port Identifier 128.1025
Designated root has priority 32770, address 0018.bad7.fc15
Designated bridge has priority 32770, address 0018.bad7.fc15
Designated port id is 128.1025, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default The port type is network by default.
BPDU: sent 4838, received 0
This example shows how to display detailed STP information about a specified interface when you are running MST:
switch(config)# show spanning-tree interface ethernet 10/1 detail
Port 1281 (Ethernet10/1) of MST0000 is designated forwarding
Port path cost 20000, Port priority 128, Port Identifier 128.1281
Designated root has priority 28672, address 0018.bad8.239d
Designated bridge has priority 28672, address 0018.bad8.239d
Designated port id is 128.1281, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default, Internal
PVST Simulation is enabled by default
BPDU: sent 290, received 0
This example shows how to display detailed STP information about a specified port-channel interface when you are running a virtual port channel (vPC):
switch(config)# show spanning-tree interface port-channel 10
Vlan Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
VLAN0001 Root FWD 2 128.4105 (vPC peer-link) P2p
VLAN0002 Root FWD 2 128.4105 (vPC peer-link) P2p
VLAN0003 Root FWD 2 128.4105 (vPC peer-link) P2p
VLAN0004 Root FWD 2 128.4105 (vPC peer-link) P2p
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays brief summary information about STP. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree mst
To display information about the Multiple Spanning Tree (MST ) status and configuration, use the show spanning-tree mst command.
show spanning-tree mst [instance-id [detail | interface {ethernet {slot/port} | port-channel {channel-number}} [detail]]] | [configuration [digest]] | [detail] | [interface {ethernet {slot/port} | port-channel {channel-number}} [detail]]
|
instance-id |
(Optional) MST instance that you want to display. |
|
detail |
(Optional) Displays detailed MST information. |
|
interface |
Displays the interface or range of interfaces that you want to display. |
|
ethernet slot/port |
Displays the Ethernet interface and slot or port number. The range is from 1 to 253. |
|
port-channel channel-number |
Displays the port-channel number. The range is from 1 to 4096. |
|
configuration |
(Optional) Displays current MST regional information. Displays VLAN-to-instance mapping of all VLANs. |
|
digest |
(Optional) Displays information about the MD5 digest. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
If you are not running in Spanning Tree Protocol (STP) Multiple Spanning Tree (MST) mode but are running in STP Rapid Per VLAN Spanning Tree (Rapid PVST+) mode, when you enter this command, the device returns the following message:
ERROR: Switch is not in mst mode
See Table 1-1 for information on valid values for fields.
This command does not require a license.
Examples
This example shows how to display STP information about MST instance information for the VLAN ports that are currently active:
switch# show spanning-tree mst
##### MST0 vlans mapped: 1-4094
Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)
Root this switch for the CIST
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth8/1 Desg FWD 20000 128.1025 P2p
Eth8/2 Desg FWD 20000 128.1026 P2p
This example shows how to display STP information about a specific MST instance:
switch)# show spanning-tree mst 0
##### MST0 vlans mapped: 1-4094
Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)
Root this switch for the CIST
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth8/1 Desg FWD 20000 128.1025 P2p
Eth8/2 Desg FWD 20000 128.1026 P2p
This example shows how to display detailed STP information about the MST protocol:
switch)# show spanning-tree mst detail
##### MST0 vlans mapped: 1-4094
Bridge address 0018.bad7.fc15 priority 32768 (32768 sysid 0)
Root this switch for the CIST
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Eth8/1 of MST0 is designated forwarding
Port info port id 128.1025 priority 128 cost 20000
Designated root address 0018.bad7.fc15 priority 32768 cost 0
Design. regional root address 0018.bad7.fc15 priority 32768 cost 0
Designated bridge address 0018.bad7.fc15 priority 32768 port id 128.1025
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 1379, received 3
Eth8/2 of MST0 is designated forwarding
Port info port id 128.1026 priority 128 cost 20000
Designated root address 0018.bad7.fc15 priority 32768 cost 0
Design. regional root address 0018.bad7.fc15 priority 32768 cost 0
Designated bridge address 0018.bad7.fc15 priority 32768 port id 128.1026
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 1380, received 2
This example shows how to display STP information about specified MST interfaces:
switch)# show spanning-tree mst interface ethernet 8/2
Eth8/2 of MST0 is designated forwarding
Port Type: normal (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : internal bpdu guard : disable (default)
Bpdus sent 1423, received 2
Instance Role Sts Cost Prio.Nbr Vlans mapped
-------- ---- --- --------- -------- -------------------------------
0 Desg FWD 20000 128.1026 1-4094
This example shows how to display information about the MST configuration:
switch)# show spanning-tree mst configuration
Revision: 1 Instances Configured: 3
--------- --------------------------------------------------
----------------------------------------------------------------
This example shows how to display the MD5 digest included in the current MST configuration:
switch)# show spanning-tree mst configuration digest
Revision 10 Instances configured 25
Digest 0x40D5ECA178C657835C83BBCB16723192
Pre-std Digest 0x27BF112A75B72781ED928D9EC5BB4251
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays brief summary information about STP. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree root
To display the status and configuration of the Spanning Tree Protocol (STP) root bridge, use the show spanning-tree root command.
show spanning-tree root [address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id]]
Syntax Description
|
address |
(Optional) Displays the MAC address for the STP root bridge. |
|
brief |
(Optional) Displays a brief summary of the status and configuration for the the root bridge. |
|
cost |
(Optional) Displays the path cost from the root to this bridge. |
|
detail |
(Optional) Displays detailed information about the status and configuration for the root bridge. |
|
forward-time |
(Optional) Displays the STP forward delay interval for the root bridge. |
|
hello-time |
(Optional) Displays the STP hello time for the root bridge. |
|
id |
(Optional) Displays the STP bridge identifier for the root bridge. |
|
max-age |
(Optional) Displays the STP maximum-aging time for the root bridge. |
|
port |
(Optional) Displays which port is the root port. |
|
priority |
(Optional) Displays the bridge priority for the root bridge. |
|
system-id |
(Optional) Displays the bridge identifier with the system ID extension for the root bridge. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information for the root bridge:
switch(config)# show spanning-tree root
MST Instance Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------ ----- --- --- ----------------
MST0000 32768 0018.bad7.fc15 0 2 20 15 This bridge is root
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays a brief summary about STP information. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree summary |
Displays summary information about STP. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree summary
To display summary Spanning Tree Protocol (STP) information on the device, use the show spanning-tree summary command.
show spanning-tree summary [totals]
Syntax Description
|
totals |
(Optional) Displays totals only of STP information. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.2(1) |
Updated the example to display information for STP-lite. For more information about STP-lite, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500. |
|
4.0 |
This command was introduced. |
Usage Guidelines
The display output for this command differs when you are running Rapid Per VLAN Spanning Tree (Rapid PVST+) or Multiple Spanning Tree (MST).
This command does not require a license.
Examples
This example shows how to display a summary of STP information about the device when you are running Rapid PVST+:
switch(config)# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
---------------------- -------- --------- -------- ---------- ----------
STP-lite running in the following VLAN instances
------------------------------------------------
This example shows how to display a summary of STP information about the device when you are running MST:
switch(config)# show spanning-tree summary
Switch is in mst mode (IEEE Standard)
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is long
PVST Simulation is enabled
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
---------------------- -------- --------- -------- ---------- ----------
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays a brief summary about STP information. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree vlan |
Displays STP information about specified VLANs. |
show spanning-tree vlan
To display Spanning Tree Protocol (STP) information for specified VLANs, use the show spanning-tree vlan command.
show spanning-tree vlan {vlan-id}
[active [brief | detail]
| blockedports
| bridge [address] | brief | detail | forward-time | hello-time | id | max-age | priority [system-id] | protocol
| brief [active]
| detail
| inconsistentports
| interface {ethernet {slot/port} | port-channel {channel-number}} [active [brief | detail]] | brief [active] | cost | detail [active] | edge | inconsistency | priority | rootcost | state]]
| root [address | brief | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id]]
| summary}
Syntax Description
|
vlan-id |
VLAN or range of VLANs that you want to display. The range is from 1 to 4096. |
|
active |
(Optional) Displays information on STP VLANs and active ports. |
|
brief |
(Optional) Displays a brief summary of STP information for the specified VLANs. |
|
detail |
(Optional) Displays detailed STP information for the specified VLANs. |
|
blockedports |
(Optional) Displays the STP alternate ports in the blocked state for the specified VLANs. |
|
bridge |
(Optional) Displays the status and configuration of the bridge for the specified VLANs. |
|
address |
(Optional) Displays the MAC address for the specified STP bridge for the specified VLANs. |
|
forward-time |
(Optional) Displays the STP forward delay interval for the bridge for the specified VLANs. |
|
hello-time |
(Optional) Displays the STP hello time for the bridge for the specified VLANs. |
|
id |
(Optional) Displays the STP bridge identifier for the specified VLANs. |
|
max-age |
(Optional) Displays the STP maximum-aging time for the specified VLANs. |
|
priority |
(Optional) Displays the STP priority for the specified VLANs. |
|
system-id |
(Optional) Displays the bridge identification with the system ID added for the specified VLANs. |
|
protocol |
(Optional) Displays which STP protocol is active on the device. |
|
inconsistentports |
(Optional) Displays the ports that are in an inconsistent STP state for specified VLANs. |
|
ethernet slot/port |
Displays the Ethernet interafce and slot or port number. The range is from 1 to 253. |
|
port-channel channel-number |
Displays the port channel interface. The range is from 1 to 4096. |
|
cost |
(Optional) Displays the STP path cost for the specified VLANs. |
|
edge |
(Optional) Displays the STP-type edge port information for the specified interface for the specified VLANs. |
|
inconsistency |
(Optional) Displays the STP port inconsistency state for the specified interface for the specified VLANs. |
|
priority |
(Optional) Displays the STP priority for the specified VLANs. |
|
rootcost |
(Optional) Displays the path cost to the root for specified interfaces for the specified VLANs. |
|
state |
Current port STP state. Valid values are as follows: • • • • |
|
port |
(Optional) Displays information about the root port for the specified VLANs, |
|
summary |
(Optional) Displays summary STP information about the specified VLANs. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display STP information about VLAN 4:
switch# show spanning-tree vlan 4
Spanning tree enabled protocol rstp
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32772 (priority 32768 sys-id-ext 4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 2 128.4105 (vPC peer-link) P2p
Po20 Desg FWD 1 128.4115 (vPC) P2p
Po30 Root FWD 1 128.4125 (vPC) P2p
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays information about the MST STP. |
|
show spanning-tree |
Displays information about STP. |
|
show spanning-tree active |
Displays information about the STP active interfaces only. |
|
show spanning-tree bridge |
Displays the bridge ID, timers, and protocol for the local bridge on the device. |
|
show spanning-tree brief |
Displays brief summary information about STP. |
|
show spanning-tree detail |
Displays detailed information about STP. |
|
show spanning-tree interface |
Displays the STP interface status and configuration of specified interfaces. |
|
show spanning-tree root |
Displays the status and configuration of the root bridge for the STP instance to which this device belongs. |
|
show spanning-tree summary |
Displays summary information about STP. |
show startup-config vlan
To display VLAN configuration information in the startup configuration, use the show startup-config vlan command.
show startup-config vlan {vlan-id}
Syntax Description
|
vlan-id |
Number of VLAN or range of VLANs. Valid numbers range from 1 to 4096. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1(2) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the VLAN information in the startup configuration:
switch(config)# show startup-config vlan
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays information about all the VLANs on the device. |
show startup-config vtp
To display VLAN Trunking Protocol (VTP) configuration information in the startup configuration, use the show startup-config vtp command.
show startup-config vtp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1(2) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the VTP information in the startup configuration:
switch(config)# show startup-config vtp
Related Commands
|
Command |
Description |
|---|---|
|
show vtp status |
Displays information about VTP on the device. |
show system vlan reserved
To display the system reserved VLAN range, use the show system vlan reserved command.
show system vlan reserved
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
network-poerator
vdc-admin
vdc-operator
Command History
|
Release |
Modification |
|---|---|
|
5.2(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the system reserved VLAN range:
switch# show system vlan reserved
system current running vlan reservation: 3968-4095
Related Commands
|
Command |
Description |
|---|---|
|
system vlan reserve |
Configures the reserved VLAN range. |
|
write erase all |
Reverts to the default reserved VLAN range. |
show vlan
To display VLAN information, use the show vlan command.
show vlan [all-ports | brief | {name name} | summary]
Syntax Description
|
all-ports |
(Optional) Displays all ports on VLANs. |
|
brief |
(Optional) Displays only a single line for each VLAN, naming the VLAN, status, and ports. |
|
name name |
(Optional) Displays information about a single VLAN that is identified by the VLAN name; valid values are an ASCII string from 1 to 32 characters. |
|
summary |
(Optional) Displays the number of existing VLANs on the device. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
Changed the command output. |
|
4.0 |
This command was introduced. |
Usage Guidelines
This command displays information for all VLANs, including private VLANs, on the device.
Each access port can belong to only one VLAN. Trunk ports can be on multiple VLANs.
Note Although a port can be associated with a VLAN as an access VLAN, a native VLAN, or one of the trunk allowed ports, the display under Ports for this commands lists only access VLANs.
If you shut down a VLAN using the state suspend or the state active command, these values appear in the Status field:
•suspended—The VLAN is suspended.
•active—The VLAN is active.
If you shut down a VLAN using the shutdown command, these values appear in the Status field:
•act/lshut—The VLAN status is active but shut down locally.
•sus/lshut—The VLAN status is suspended but shut down locally.
If a VLAN is shut down internally, these values appear in the Status field:
•act/ishut—The VLAN status is active but shut down internally.
•sus/ishut—The VLAN status is suspended but shut down internally.
If a VLAN is shut down locally and internally, the value that is displayed in the Status field is act/ishut or sus/ishut. If a VLAN is shut down locally only, the value that is displayed in the Status field is act/lshut or sus/lshut.
Examples
This example shows how to display information for all VLANs on the device:
---- -------------------------------- --------- -------------------------------
1 default active Eth5/1, Eth5/2, Eth5/3, Eth5/4
Eth5/5, Eth5/6, Eth5/7, Eth5/8
Eth5/12, Eth5/13, Eth5/14
Eth5/15, Eth5/16, Eth5/17
Eth5/18, Eth5/19, Eth5/20
Eth5/21, Eth5/22, Eth5/23
Eth5/24, Eth5/25, Eth5/26
Eth5/27, Eth5/28, Eth5/29
Eth5/30, Eth5/31, Eth5/32
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
This example shows how to display the VLANs and all ports for each VLAN:
switch# show vlan all-ports
---- -------------------------------- --------- -------------------------------
1 default active Po5, Po37, Po50, Eth2/1, Eth2/2
Eth2/3, Eth2/5, Eth2/7, Eth2/8
Eth2/21, Eth2/22, Eth2/23
Eth2/24, Eth2/25, Eth2/26
Eth2/27, Eth2/28, Eth2/46
50 VLAN0050 active Eth2/6
This example shows how to display the VLAN name, status, and associated ports only:
---- -------------------------------- --------- -------------------------------
1 default active Eth2/5, Eth2/7, Eth2/8, Eth2/9
Eth2/10, Eth2/15, Eth2/47
50 VLAN0050 active Eth2/6
This example shows how to display the VLAN information for a specific VLAN by name:
switch# show vlan name test
---- -------------------------------- --------- -------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------100
This example shows how to display information about the number of VLANs configured on the device:
switch# show vlan summary
Number of existing VLANs : 9
Number of existing user VLANs : 9
Number of existing extended VLANs : 0
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information about the switch ports, including those switch ports in private VLANs, |
|
show vlan private-vlan |
Displays private VLAN information. |
show vlan counters
To display the statistics for a specified VLAN or for all VLANs, use the show vlan counters command.
show vlan [id {vlan—id}] counters
Syntax Description
|
id |
(Optional) Displays the VLAN ID that you want to clear. |
|
vlan-id |
Number of the VLAN that you want to clear. The range is from 1 to 4096. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command displays the counters for all the VLANs, including the private VLANs, on the device.
If you omit the VLAN ID, the system displays statistics for all the VLANs on the device. This command displays:
•Transmitted and received unicast, multicast, and routed packets and octets
•Information about Layer 2, IPv4, and IPv6 unicast, multicast, and unknown packets and octets
Separate VLAN ranges with a hyphen, and separate VLANs with a comma and no spaces in between. For example, you can enter the following:
switch# show vlan id 1-4,3,7,5-20
This command does not require a license.
Examples
This example shows how to display statistics for VLAN 9:
switch(config)# show vlan id 9 counters
L2 IPv4 Unicast Octets :0
L2 IPv4 Unicast Packets :0
L2 IPv4 Multicast Octets :0
L2 IPv4 Multicast Packets :0
L2 IPv6 Unicast Octets :0
L2 IPv6 Unicast Packets :0
L2 IPv6 Multicast Octets :0
L2 IPv6 Multicast Packets :0
L2 Unicast Octets :25600000
L2 Unicast Packets :400000
L2 Broadcast Octets :12800000
L2 Broadcast Packets :200000
L2 Unknown Unicast Octets :19200000
L2 Unknown Unicast Packets :300000
L3 Multicast Octets In :0
L3 Multicast Packets In :0
L3 Multicast Octets Out :0
L3 Multicast Packets Out :0
L3 Unicast Packets Out :0
Related Commands
|
Command |
Description |
|---|---|
|
clear vlan counters |
Clears the counters for all or specified VLANs on the device. |
show vlan dot1q tag native
To display the status of tagging on the native VLANs, use the show vlan dot1q tag native command.
show vlan dot1q tag native
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the status of native VLAN tagging on the device:
switch# show vlan dot1q tag native
vlan dot1q native tag is disabled
Related Commands
|
Command |
Description |
|---|---|
|
vlan dot1q tag native |
Enables 802.1Q tagging for all the VLANs in a trunk on the device. |
show vlan id
To display information and statistics for an individual VLAN or a range of VLANs, use the show vlan id command.
show vlan id [counters]
Syntax Description
|
id |
Number of the VLAN or range of VLANs. The range is from 1 to 4096. |
|
counters |
Statistics about specified VLANs. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
Use this command to display information and statistics about an individual VLAN or a range of VLANs, including private VLANs.
When you use the counters argument, this command displays the following statistics for the individual VLAN or range of VLANs:
•Transmitted and received unicast, multicast, and routed packets and octets
•Information on Layer 2, IPv4, and IPv6 unicast, multicast, and unknown packets and octets
Note You can also display information about individual VLANs by using the show vlan name command.
This command does not require a license.
Examples
This example shows how to display information for VLAN 50:
---- -------------------------------- --------- -------------------------------
50 VLAN0050 active Eth2/6
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
This example shows how to display statistics for VLAN 10:
switch(config)# show vlan id 10 counters
L2 IPv4 Unicast Octets :0
L2 IPv4 Unicast Packets :0
L2 IPv4 Multicast Octets :0
L2 IPv4 Multicast Packets :0
L2 IPv6 Unicast Octets :0
L2 IPv6 Unicast Packets :0
L2 IPv6 Multicast Octets :0
L2 IPv6 Multicast Packets :0
L2 Unicast Octets :25600000
L2 Unicast Packets :400000
L2 Broadcast Octets :12800000
L2 Broadcast Packets :200000
L2 Unknown Unicast Octets :19200000
L2 Unknown Unicast Packets :300000
L3 Multicast Octets In :0
L3 Multicast Packets In :0
L3 Multicast Octets Out :0
L3 Multicast Packets Out :0
L3 Unicast Packets Out :0
Related Commands
|
Command |
Description |
|---|---|
|
clear vlan counters |
Clears the counters for all or specified VLANs on the device. |
|
show vlan |
Displays information about VLANs on the device. |
show vlan private-vlan
To display private VLAN information, use the show vlan private-vlan command.
show vlan [id {vlan-id}] private-vlan [type]
Syntax Description
|
id |
Number of the VLAN or range of VLANs. The range is from 1 to 4096. |
|
vlan-id |
(Optional) Private VLAN information for the specified VLAN. The range is from 1 to 4096. |
|
type |
(Optional) Displays the private VLAN type (primary, isolated, or community). |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information about all private VLANs on the device:
switch(config)# show vlan private-vlan
Primary Secondary Type Ports
------- --------- --------------- ------------------------
200 201 isolated Eth2/26, Eth2/27
200 202 community Eth2/26, Eth2/28
This example shows how to display information for a specific private VLAN:
switch(config)# show vlan id 202 private-vlan
Primary Secondary Type Ports
------- --------- --------------- ---------------------------
200 202 community Eth2/26, Eth2/28
This example shows how to display information about the types of all private VLANs on the device:
switch(config)# show vlan private-vlan type
This example shows how to display information on the type for the specified private VLAN:
switch(config)# show vlan id 202 private-vlan type
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information about the switch ports, including those in private switch ports VLANs. |
|
show interface private-vlan mapping |
Displays information about the private VLAN mapping between the primary and secondary VLANs so that both VLANs share the same primary VLAN interface. |
|
show vlan |
Displays information about all the VLANs on the device. |
show vtp counter
To display the Virtual Trunking Protocol (VTP) statistics information, use the show vtp counter command.
show vtp counter
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display statistics information about VTP on the device:
Summary advertisements received : 544
Subset advertisements received : 270
Request advertisements received : 0
Summary advertisements transmitted : 260
Subset advertisements transmitted : 5
Request advertisements transmitted : 274
Number of config revision errors : 0
Number of config digest errors : 270
Number of V1 summary errors : 0
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Ethernet1/31 12977 12982 542
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
show vtp interface
To display the Virtual Trunking Protocol (VTP) interface status and configuration, use the show vtp interface command.
show vtp interface [if-identifier]
Syntax Description
|
if-identifier |
(Optional) Identifier of an interface. Examples are ethernet 3/22 or port channel 120. |
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
If a single interface is specified, then the information for that interface alone is presented to the user; otherwise, the command applies to all currently active interfaces.
This command does not require a license.
Examples
This example shows how to display the VTP interface status and configuration on the device:
switch# show vtp interface ethernet 3/22
--------------------------------
switch# show vtp interface
--------------------------------
Related Commands
|
Command |
Description |
|---|---|
|
show vtp counters |
Displays VTP statistics information. |
|
show interface pruning |
Displays interface trunk VTP pruning information. |
|
show interface counters |
Displays information about the statistics for the specified VLANs. |
show vtp password
To display a Virtual Trunking Protocol (VTP) password, use the show vtp password command.
show vtp password
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display a VTP password on the device:
switch# show vtp password squ1rrel
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
show vtp status
To display the Virtual Trunking Protocol (VTP) information, use the show vtp status command.
show vtp status
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1(2) |
This command was introduced. |
Usage Guidelines
This command is not available if VTP is not enabled.
Note You cannot enable or configure VTP pruning or V2 modes.
This command does not require a license.
Examples
This example shows how to display information about VTP on the device:
VTP Version : 2 (capable)
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of exisiting VLANs : 17
VTP Operating Mode : Server
VTP Pruning Mode : Disabled (Operationally Disabled)
MD5 Digest : 0x8D 0x0D 0xB4 0xE8 0xC3 0x3C 0x7F 0x99
Configuration last modified by 0.0.0.0 at 6-30-10 18:05:13
Related Commands
|
Command |
Description |
|---|---|
|
feature vtp |
Enables VTP on the device. |
|
vtp domain |
Configures the VTP domain name. |
|
vtp version |
Configures the VTP version. |
shutdown (VLAN configuration)
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
no shutdown
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
Once you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the device automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
•act/lshut—VLAN status is active and shut down internally.
•sus/lshut—VLAN status is suspended and shut down internally.
Note If the VLAN is suspended and shut down, you use both the no shutdown and state active commands to return the VLAN to the active state.
This command does not require a license.
Examples
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config-vlan)#no shutdown
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays VLAN information. |
spanning-tree bpdufilter
To enable BPDU Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter {enable | disable}
no spanning-tree bpdufilter
Syntax Description
|
enable |
Enables BPDU Filtering on this interface. |
|
disable |
Disables BPDU Filtering on this interface. |
Defaults
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Caution
Be careful when you enter the
spanning-tree bpdufilter enable command on specified interfaces. Explicitly configuring BPDU Filtering on a port that is not connected to a host can cause a bridging loop because the port ignores any BPDU that it receives, and the port moves to the STP forwarding state.
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
This command does not require a license.
Examples
This example shows how to enable BPDU Filtering on this interface:
switch(config-if)# spanning-tree bpdufilter enable
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree bpduguard
To enable bridge protocol data unit (BPDU) Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard
Syntax Description
|
enable |
Enables BPDU Guard on this interface. |
|
disable |
Disables BPDU Guard on this interface. |
Defaults
The setting that is already configured when you enter the spanning-tree port type edge bpduguard default command.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
Caution
Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the device and network operation.
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See spanning-tree port type edge bpduguard default for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
•spanning-tree bpduguard enable—Unconditionally enables BPDU Guard on the interface.
•spanning-tree bpduguard disable—Unconditionally disables BPDU Guard on the interface.
•no spanning-tree bpduguard—Enables BPDU Guard on the interface if it is an operational spanning tree edge port and if the spanning-tree port type edge bpduguard default command is configured.
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
This command does not require a license.
Examples
This example shows how to enable BPDU Guard on this interface:
switch(config-if)# spanning-tree bpduguard enable
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree bridge assurance
To enable Bridge Assurance on the device, use the spanning-tree bridge assurance command. To disable Bridge Assurance, use the no form of this command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Use this command to enable Bridge Assurance on the device.
Bridge Assurance is active only on spanning tree network interfaces. To configure an interface as a spanning tree network interface, use either the spanning-tree port type network command or the spanning-tree port type network default command.
Note Bridge Assurance works only on point-to-point links. You must configure this feature on both ends of the link.
When Bridge Assurance is enabled on network ports, all ports send bridge protocol data units (BPDUs). When a Bridge Assurance-enabled network port does not receive any BPDUs for a specified period, that interface moves into the blocking state. After the network port receives a BPDU again, the port begins its normal spanning tree transitions.
An interface that is connected to a Layer 2 host and misconfigured as a spanning tree network port moves into the blocking state.
Note Bridge Assurance is configured globally only.
This command does not require a license.
Examples
This example shows how to enable Bridge Assurance on the device:
switch(config)# spanning-tree bridge assurance
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree cost
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [vlan vlan-id] cost {value | auto}
no spanning-tree [vlan vlan-id] cost
Syntax Description
|
vlan vlan-id |
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094. |
|
value |
Value of the port cost. The available cost range depends on the path-cost calculation method as follows: • • |
|
auto |
Sets the value of the port cost by the media speed of the interface (see Table 1-2 for the values). |
Defaults
auto
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
The STP port path cost default value is determined from the media speed and path-cost calculation method of a LAN interface (see Table 1-2). See the spanning-tree pathcost method command for information on setting the path-cost calculation method for Rapid PVST+.
|
Bandwidth |
Short Path-Cost Method Port Cost |
Long Path-Cost Method Port Cost |
|---|---|---|
|
10 Mbps |
100 |
2,000,000 |
|
100 Mbps |
19 |
200,000 |
|
1-Gigabit Ethernet |
4 |
20,000 |
|
10-Gigabit Ethernet |
2 |
2,000 |
When you configure the value, note that higher values indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The port channel bundle is considered a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note Use this command to set the port cost for Rapid Per VLAN Spanning Tree Plus (PVST+). Use the spanning-tree mst cost command to set the port cost for Multiple Spanning Tree (MST).
This command does not require a license.
Examples
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
switch(config)# interface ethernet 2/0
switch(config-if)# spanning-tree cost 250
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about the spanning tree configuration. |
spanning-tree guard
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard {loop | root | none}
no spanning-tree guard
Syntax Description
|
loop |
Enables Loop Guard on the interface. |
|
root |
Enables Root Guard on the interface. |
|
none |
Sets the guard mode to none. |
Defaults
Disabled
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You cannot enable Loop Guard if Root Guard is enabled, although the device accepts the command to enable Loop Guard on spanning tree edge ports.
This command does not require a license.
Examples
This example shows how to enable Root Guard:
switch(config-if)# spanning-tree guard root
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type {auto | point-to-point | shared}
no spanning-tree link-type
Syntax Description
|
auto |
Sets the link type based on the duplex setting of the interface. |
|
point-to-point |
Specifies that the interface is a point-to-point link. |
|
shared |
Specifies that the interface is a shared medium. |
Defaults
auto
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Fast transition (specified in IEEE 802.1w) works only on point-to-point links between two bridges.
By default, the device derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, you cannot use the fast transition feature, regardless of the duplex setting.
This command does not require a license.
Examples
This example shows how to configure the port as a shared link:
switch(config-if)# spanning-tree link-type shared
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree interface |
Displays information about the spanning tree state. |
spanning-tree loopguard default
To enable Loop Guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
When you enter the Loop Guard command for the specified interface, that spanning-tree guard loop command overrides this command.
This command does not require a license.
Examples
This example shows how to enable Loop Guard:
switch(config)# spanning-tree loopguard default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree mode
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode {rapid-pvst | mst}
no spanning-tree mode
Syntax Description
|
rapid-pvst |
Sets the STP mode to Rapid PVST+. |
|
mst |
Sets the STP mode to MST. |
Defaults
Rapid PVST+
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You cannot use both Rapid PVST+ and MST in a single virtual device context (VDC). You can, however, use Rapid PVST+ in one VDC and MST in another VDC.
Caution
Be careful when using the
spanning-tree mode command to switch between Rapid PVST+ and MST modes. When you enter the command, all STP instances are stopped for the previous mode and are restarted in the new mode. Using this command may cause the user traffic to be disrupted.
This command does not require a license.
Examples
This example shows how to switch to MST mode:
switch(config)# spanning-tree mode mst
This example shows how to return to the default mode (Rapid PVST+):
switch(config)# no spanning-tree mode
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays the information about the spanning tree configuration. |
spanning-tree mst configuration
To enter the Multiple Spanning Tree (MST) configuration submode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
Syntax Description
This command has no keywords or arguments.
Defaults
The default value for the MST configuration is the default value for all its parameters:
•No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).
•The region name is an empty string.
•The revision number is 0.
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
The MST configuration consists of three main parameters:
•Instance VLAN mapping—See the instance vlan command.
•Region name—See the name (mst configuration) command.
•Configuration revision number—See the revision command.
The abort and exit commands allow you to exit MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving MST configuration submode.
The abort command leaves MST configuration submode without committing any changes.
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration submode, the following warning message is displayed:
These secondary vlans are not mapped to the same instance as their primary:
See the switchport mode private-vlan host command to fix this problem.
Changing an mst configuration submode parameter can cause connectivity loss. To reduce service disruptions, when you enter mst configuration submode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:
% MST CFG:Configuration change lost because of concurrent access
This command does not require a license.
Examples
This example shows how to enter MST-configuration submode:
switch(config)# spanning-tree mst configuration
This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
switch(config)# no spanning-tree mst configuration
Related Commands
|
Command |
Description |
|---|---|
|
instance vlan |
Maps a VLAN or a set of VLANs to an MST instance. |
|
name (mst configuration) |
Sets the name of an MST region. |
|
revision |
Sets the revision number for the MST configuration. |
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst cost
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the common and internal spanning tree [CIST] with instance ID 0), use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost {cost | auto}
no spanning-tree mst instance-id cost
Syntax Description
|
instance-id |
Instance ID number; the range of valid values is from 0 to 4094. |
|
cost |
Port cost for an instance; the range of valid values is from 1 to 200,000,000. |
|
auto |
Sets the value of the port cost by the media speed of the interface. |
Defaults
auto
•10 Mbps—2,000,000
•100 Mbps—200,000
•1 Gigabit Ethernet—20,000
•10 Gigabit Ethernet—2,000
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The port-channel bundle is considered a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
This command does not require a license.
Examples
This example shows how to set the interface path cost:
switch(config-if)# spanning-tree mst 0 cost 17031970
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst forward-time
To set the forward-delay timer for all the instances on the device, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Syntax Description
|
seconds |
Number of seconds to set the forward-delay timer for all the instances on the device; the range of valid values is from 4 to 30 seconds. |
Defaults
15
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the forward-delay timer:
switch(config)# spanning-tree mst forward-time 20
switch(config)#
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the device, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Syntax Description
|
seconds |
Number of seconds to set the hello-time delay timer for all the instances on the device; the range of valid values is from 1 to 10 seconds. |
Defaults
2
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
Note We recommend that you configure the hello time to be 4 seconds when you are working with virtual port channels (vPCs).
This command does not require a license.
Examples
This example shows how to set the hello-time delay timer:
switch(config)# spanning-tree mst hello-time 3
switch(config)#
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst max-age
To set the max-age timer for all the instances on the device, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
no spanning-tree mst max-age
Syntax Description
|
seconds |
Number of seconds to set the max-age timer for all the instances on the device; the range of valid values is from 6 to 40 seconds. |
Defaults
20
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
This parameter is used only by Instance 0 or the IST.
This command does not require a license.
Examples
This example shows how to set the max-age timer:
switch(config)# spanning-tree mst max-age 40
switch(config)#
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst max-hops
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
no spanning-tree mst max-hops
Syntax Description
|
hop-count |
Number of possible hops in the region before a BPDU is discarded; the range of valid values is from 1 to 255 hops. |
Defaults
20
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the number of possible hops:
switch(config)# spanning-tree mst max-hops 25
switch(config)#
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst port-priority
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance—including the common and internal spanning tree (CIST) with instance ID 0, use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
Syntax Description
|
instance-id |
Instance ID number; valid values are from 0 to 4094. |
|
priority |
Port priority for an instance; the range of valid values is from 0 to 224 in increments of 32. |
Defaults
priority is 128.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Examples
This example shows how to set the interface priority:
switch(config-if)# spanning-tree mst 0 port-priority 64
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
|
spanning-tree port-priority |
Configures the port priority for default STP, which is Rapid PVST+. |
spanning-tree mst pre-standard
To force the specified interface to send pre-standard, rather than standard, Multiple Spanning Tree (MST) messages, use the spanning-tree mst pre-standard command. To return to the default setting, use the no form of this command.
spanning-tree mst pre-standard
no spanning-tree mst pre-standard
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0(2) |
This command was introduced. |
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority argument to 0 to make the device root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This command does not require a license.
Examples
This example shows how to set the bridge priority:
switch(config)# spanning-tree mst pre-standard 0 root priority 4096
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst priority
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst {instance-id} priority priority-value
no spanning-tree mst {instance-id} priority
Syntax Description
|
instance-id |
Instance identification number; the range of valid values is from 0 to 4094. |
|
priority-value |
Bridge priority; see the «Usage Guidelines» section for valid values and additional information. |
Defaults
priority-value default is 32768.
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority argument to 0 to make the device root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This command does not require a license.
Examples
This example shows how to set the bridge priority:
switch(config)# spanning-tree mst priority 4096
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst root
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst {instance-id} root {primary | secondary} [diameter dia [hello-time hello-time]]
no spanning-tree mst {instance-id} root
Syntax Description
|
instance-id |
Instance identification number; the range of valid values is from 0 to 4094. |
|
primary |
Specifies the high priority (low value) that is high enough to make the bridge root of the spanning-tree instance. |
|
secondary |
Specifies the device as a secondary root, should the primary root fail. |
|
diameter dia |
(Optional) Specifies the timer values for the bridge that are based on the network diameter. |
|
hello-time hello-time |
(Optional) Specifies the duration between the generation of configuration messages by the root device. The range is from 1 to 10 seconds; the default is 2 seconds. |
Defaults
spanning-tree mst root has no default settings.
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
The diameter dia and hello-time hello-time keywords and arguments are available for instance 0 (IST) only.
If you do not specify the hello-time argument, the argument is calculated from the network diameter. You must first specify the diameter dia keyword and argument before you can specify the hello-time hello-time keyword and argument.
This command does not require a license.
Examples
This example shows how to designate the primary root:
switch(config)# spanning-tree mst 0 root primary
This example shows how to set the priority and timer values for the bridge:
switch(config)# spanning-tree mst 0 root primary diameter 7 hello-time 2
switch(config)# spanning-tree mst 5 root primary
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree mst |
Displays the information about the MST protocol. |
spanning-tree mst simulate pvst
To prevent specific Multiple Spanning Tree (MST) interfaces from automatically interoperating with a connecting device running Rapid per VLAN Spanning Tree (Rapid PVST+), use the spanning-tree mst simulate pvst disable command. To return specific interfaces to the default settings that are set globally for the device, use the no form of this command. To reenable specific interfaces to automatically interoperate between MST and Rapid PVST+, use the spanning-tree mst simulate pvst command.
spanning-tree mst simulate pvst
no spanning-tree mst simulate pvst
spanning-tree mst simulate pvst disable
Syntax Description
This command has no keywords or arguments.
Defaults
Enabled. By default, all interfaces on the device interoperate seamlessly between MST and Rapid PVST+. See spanning-tree mst simulate pvst global to change this behavior globally.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Note The interfaces must be in Layer 2 port mode to use this command.
MST interoperates with Rapid PVST+ with no need for user configuration. The PVST simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal Spanning Tree Protocol STP transition process.
Note To block automatic MST and Rapid PVST+ interoperability for the entire device, use the no spanning-tree mst simulate pvst global command, which can be used in interface command mode.
This command is useful when you want to prevent accidental connection with a device running Rapid PVST+.
To reenable seamless operation between MST and Rapid PVST+ on specific interfaces, use the spanning-tree mst simulate pvst command.
This command does not require a license.
Examples
This example shows how to prevent specified ports from automatically interoperating with a connected device running Rapid PVST+:
switch(config-if)# spanning-tree mst simulate pvst disable
Related Commands
|
Command |
Description |
|---|---|
|
spanning-tree mst simulate pvst global |
Enables global seamless interoperation between MST and Rapid PVST+. |
spanning-tree mst simulate pvst global
To prevent the Multiple Spanning Tree (MST) device from automatically interoperating with a connecting device running Rapid Per VLAN Spanning Tree (Rapid PVST+), use the no spanning-tree mst simulate pvst global command. To return to the default settings, which is seamless operation between MST and Rapid PVST+ on the device, use the spanning-tree mst simulate pvst global command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
Syntax Description
This command has no keywords or arguments.
Defaults
Enabled. By default, the device interoperates seamlessly between MST and Rapid PVST+.
Command Modes
Global configuration
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
MST does not require user configuration to interoperate with Rapid PVST+. The PVST simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the no spanning-tree mst simulate pvst global command, the device running in MST mode moves all interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) into the Spanning Tree Protocol (STP) blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
You can also use this command from the interface mode, and the configuration applies to the entire device.
Note To block automatic MST and Rapid PVST+ interoperability for specific interfaces, see the spanning-tree mst simulate pvst command.
This command is useful when you want to prevent accidental connection with a device not running MST.
To return the device to seamless operation between MST and Rapid PVST+, use the spanning-tree mst simulate pvst global command.
This command does not require a license.
Examples
This example shows how to prevent all ports on the device from automatically interoperating with a connected device running Rapid PVST+:
switch(config)# no spanning-tree mst simulate pvst global
Related Commands
|
Command |
Description |
|---|---|
|
spanning-tree mst simulate pvst |
Enables seamless interoperation between MST and Rapid PVST+ by the interface. |
spanning-tree pathcost method
To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.
spanning-tree pathcost method {long | short}
no spanning-tree pathcost method
Syntax Description
|
long |
Specifies the 32-bit based values for port path costs. |
|
short |
Specifies the 16-bit based values for port path costs. |
Defaults
short
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Note This command applies only to the Rapid Per VLAN Spanning Tree Plus (PVST+) spanning tree mode, which is the default mode. When you are using MST spanning tree mode, the device uses only the long method for calculating path cost; this is not user-configurable for MST.
The long path-cost calculation method uses all 32 bits for path-cost calculations and yields valued in the range of 2 through 2,00,000,000.
The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.
This command does not require a license.
Examples
This example shows how to set the default pathcost method to long:
switch(config)# spanning-tree pathcost method long
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
spanning-tree port type edge
To configure an interface connected to a Layer 2 host as an edge port, which automatically transitions the port to the spanning tree forwarding state without passing through the blocking or learning states, use the spanning-tree port type edge command. To return the port to a normal spanning tree port, use the no spanning-tree port type command or the spanning-tree port type normal command.
spanning-tree port type edge [trunk]
no spanning-tree port type
spanning-tree port type normal
Syntax Description
|
trunk |
(Optional) Configures the trunk port as a spanning tree edge port. |
Defaults
The default is the global setting for the default port type edge that is configured when you entered the spanning-tree port type edge default command. If you did not configure a global setting, the default spanning tree port type is normal.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You can also use this command to configure a port in trunk mode as a spanning tree edge port.
Caution
You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the device and network operation.
When linkup occurs, spanning tree edge ports are moved directly to the spanning tree forwarding state without waiting for the standard forward-time delay.
Note This functionality that was previously provided by the Cisco-proprietary PortFast feature.
When you use this command, the system returns a message similar to the following:
Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
When you use this command without the trunk keyword, the system returns a message similar to the following:
%Portfast has been configured on GigabitEthernet2/8 but will only
have effect when the interface is in a non-trunking mode.
To configure trunk interfaces as spanning tree edge ports, use the spanning-tree port type trunk command. To remove the spanning tree edge port type setting, use the spanning-tree port type normal command.
The default spanning tree port type is normal.
This command does not require a license.
Examples
This example shows how to configure an interface connected to a Layer 2 host as an edge port, which automatically transitions that interface to the forwarding state on linkup:
switch(config-if)# spanning-tree port type edge
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree interface |
Displays the information about the spanning tree interface. |
spanning-tree port type edge bpdufilter default
To enable BPDU Filtering by default on all spanning tree edge ports, use the spanning-tree port type edge bpdufilter default command. To disable BPDU Filtering by default on all edge ports, use the no form of this command.
spanning-tree port type edge bpdufilter default
no spanning-tree port type edge bpdufilter default
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
To enable BPDU Filtering by default, you must:
•Configure the interface as a spanning tree edge port by using the spanning-tree port type edge or the spanning-tree port type edge default command.
•Enable BPDU Filtering.
Use this command to enable BPDU Filtering globally on all spanning tree edge ports. BPDU Filtering prevents a port from sending or receiving any BPDUs.
Caution
Be careful when using this command. Using this command incorrectly can cause bridging loops.
You can override the global effects of this spanning-tree port type edge bpdufilter default command by configuring BPDU Filtering at the interface level. See the spanning-tree bpdufilter command for complete information on using this feature at the interface level.
Note Be careful when enabling BPDU Filtering. The feature’s functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU Filtering is applied only on ports that are operational spanning tree edge ports. Ports send a few BPDUs at a linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, that port immediately becomes a normal spanning tree port with all the normal transitions and BPDU Filtering is disabled. When enabled locally on a port, BPDU Filtering prevents the device from receiving or sending BPDUs on this port.
This command does not require a license.
Examples
This example shows how to enable BPDU Filtering globally on all spanning tree edge operational ports by default:
switch(config)# spanning-tree port type edge bpdufilter default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays the information about the spanning tree configuration. |
|
spanning-tree bpdufilter |
Enables BPDU Filtering on the interface. |
|
spanning-tree port type edge |
Configures an interface as a spanning tree edge port. |
spanning-tree port type edge bpduguard default
To enable BPDU Guard by default on all spanning tree edge ports, use the spanning-tree port type edge bpduguard default command. To disable BPDU Guard on all edge ports by default, use the no form of this command.
spanning-tree port type edge bpduguard default
no spanning-tree port type edge bpduguard default
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
To enable BPDU Guard by default, you must do the following:
•Configure the interface as spanning tree edge ports by entering the spanning-tree port type edge or the spanning-tree port type edge default command.
•Enable BPDU Guard.
Use this command to enable BPDU Guard globally on all spanning tree edge ports. BPDU Guard disables a port if it receives a BPDU.
Global BPDU Guard is applied only on spanning tree edge ports.
You can also enable BPDU Guard per interface; see the spanning-tree bpduguard command for more information.
Note We recommend that you enable BPDU Guard on all spanning tree edge ports.
This command does not require a license.
Examples
This example shows how to enable BPDU Guard by default on all spanning tree edge ports:
switch(config)# spanning-tree port type edge bpduguard default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays the information about the spanning tree configuration. |
|
spanning-tree bpduguard |
Enables BPDU guard on the interface. |
|
spanning-tree port type edge |
Configures an interface as a spanning tree edge port. |
spanning-tree port type edge default
To configure all access ports that are connected to Layer 2 hosts as edge ports by default, use the spanning-tree port type edge default command. To restore all ports connected to Layer 2 hosts as normal spanning tree ports by default, use the no form of this command.
spanning-tree port type edge default
no spanning-tree port type edge default
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Use this command to automatically configure all interfaces as spanning tree edge ports by default. This command does not work on trunk ports.
Caution
Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the device and network operation.
When a linkup occurs, an interface configured as an edge port automatically moves the interface directly to the spanning tree forwarding state without waiting for the standard forward-time delay. (This transition was previously configured as the Cisco-proprietary PortFast feature.)
When you use this command, the system returns a message similar to the following:
Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
You can configure individual interfaces as edge ports using the spanning-tree port type edge command.
The default spanning tree port type is normal.
This command does not require a license.
Examples
This example shows how to globally configure all ports connected to Layer 2 hosts as spanning tree edge ports:
switch(config)# spanning-tree port type edge default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree configuration. |
|
spanning-tree port type edge |
Configures an interface as a spanning tree edge port. |
spanning-tree port type network
To configure the interface that connects to a Layer 2 switch or bridge as a network spanning tree port, regardless of the global configuration, use the spanning-tree port type network command. To return the port to a normal spanning tree port, use the spanning-tree port type normal command.
spanning-tree port type network
no spanning-tree port type
spanning-tree port type normal
Syntax Description
This command has no arguments or keywords.
Defaults
The default is the global setting for the default port type network that is configured when you entered the spanning-tree port type network default command. If you did not configure a global setting, the default spanning tree port type is normal.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Use this command to configure an interface that connects to a Layer 2 switch or bridge as a spanning tree network port. Bridge Assurance runs only on Spanning Tree Protocol (STP) network ports.
Note If you mistakenly configure ports connected to Layer 2 hosts as STP network ports and enable Bridge Assurance, those ports automatically move into the blocking state.
Note Bridge Assurance is enabled by default, and all interfaces configured as spanning tree network ports have Bridge Assurance enabled.
To configure a port as a spanning tree network port, use the spanning-tree port type network command. To remove this configuration, use the spanning-tree port type normal command. When you use the no spanning-tree port type command, the software returns the port to the global default setting for network port types.
You can configure all ports that are connected to Layer 2 switches or bridges as spanning tree network ports by default by entering the spanning-tree port type network default command.
The default spanning tree port type is normal.
This command does not require a license.
Examples
This example shows how to configure an interface connected to a Layer 2 switch or bridge as a spanning tree network port:
switch(config-if)# spanning-tree port type network
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree interface |
Displays information about the spanning tree configuration per specified interface. |
spanning-tree port type network default
To configure all ports as spanning tree network ports by default, use the spanning-tree port type network default command. To restore all ports to normal spanning tree ports by default, use the no form of this command.
spanning-tree port type network default
no spanning-tree port type network default
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Use this command to automatically configure all interfaces that are connected to Layer 2 switches or bridges as spanning tree network ports by default. Then, you can use the spanning-tree port type edge command to configure specified ports that are connected to Layer 2 hosts as spanning-tree edge ports.
Note If you mistakenly configure ports connected to Layer 2 hosts as Spanning Tree Protocol (STP) network ports and Bridge Assurance is enabled, those ports automatically move into the blocking state.
If you have enabled Bridge Assurance on the device, all network ports automatically run that feature. To enable Bridge Assurance, see the spanning-tree bridge assurance command.
Configure only the ports that connect to other Layer 2 switches or bridges as network ports because the Bridge Assurance feature causes network ports that are connected to Layer 2 hosts to move into the spanning tree blocking state.
You can identify individual interfaces as network ports by using the spanning-tree port type network command.
The default spanning tree port type is normal.
This command does not require a license.
Examples
This example shows how to globally configure all ports connected to Layer 2 switches or bridges as spanning tree network ports:
switch(config)# spanning-tree port type network default
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree configuration. |
spanning-tree port-priority
To set an interface priority when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.
spanning-tree [vlan vlan-id] port-priority value
no spanning-tree [vlan vlan-id] port-priority
Syntax Description
|
vlan vlan-id |
(Optional) Specifies the VLAN identification number; the range of valid values is from 0 to 4094. |
|
value |
Port priority; valid values are from 1 to 224 in increments of 32. |
Defaults
value is 128.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Note Use this command to configure the port priority for Rapid Per VLAB Spanning Tree Plus (PVST+) spanning tree mode, which is the default Spanning Tree Protocol (STP) mode. To configure the port priority for Multiple Spanning Tree (MST) spanning tree mode, use the spacing-tree mst port-priority command.
Do not use the vlan vlan-id parameter on access ports. The software uses the port priority value for access ports and the VLAN port priority values for trunk ports.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
This command does not require a license.
Examples
This example shows how to increase the likelihood that the spanning tree instance on access port interface 2/0 is chosen as the root bridge by changing the port priority to 32:
switch(config-if)# spanning-tree port-priority 32
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about the spanning tree state. |
|
spanning-tree interface priority |
Displays information on the spanning tree port priority for the interface. |
spanning-tree vlan
To configure Spanning Tree Protocol (STP) parameters on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [forward-time value | hello-time value | max-age value | priority value | [root {primary | secondary} [diameter dia [hello-time hello-time]]]]
no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | root]
Syntax Description
|
vlan-id |
VLAN identification number; the range of valid values is from 0 to 4094. |
|
forward-time value |
(Optional) Specifies the STP forward-delay time; the range of valid values is from 4 to 30 seconds. |
|
hello-time value |
(Optional) Specifies the number of seconds between the generation of configuration messages by the root device; the range of valid values is from 1 to 10 seconds. |
|
max-age value |
(Optional) Specifies the maximum number of seconds that the information in a bridge protocol data unit (BPDU) is valid; the range of valid values is from 6 to 40 seconds. |
|
priority value |
(Optional) Specifies the STP-bridge priority; the valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, or 61440. All other values are rejected. |
|
root primary |
(Optional) Forces this device to be the root bridge. |
|
root secondary |
(Optional) Forces this device to be the root switch if the primary root fails. |
|
diameter dia |
(Optional) Specifies the maximum number of bridges between any two points of attachment between end stations. |
Defaults
The defaults are as follows:
•forward-time—15 seconds
•hello-time—2 seconds
•max-age—20 seconds
•priority—32768
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
Caution
When disabling spanning tree on a VLAN using the
no spanning-tree vlan
vlan-id
command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.
Caution
We do not recommend disabling spanning tree even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.
When setting the max-age seconds, if a bridge does not see BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary alters this device’s bridge priority to 24576. If you enter the spanning-tree root primary command and the device does not become the root then the bridge priority is changed to 4096 less than the bridge priority of the current bridge. The command fails if the value required to be the root bridge is less than 1. If the device does not become the root, an error results.
If the network devices are set for the default bridge priority of 32768 and you enter the spanning-tree root secondary command, the software alters this device’s bridge priority to 28762. If the root device fails, this device becomes the next root switch.
Use the spanning-tree root command on the backbone switches only.
Note We recommend that you configure the hello time to be 4 seconds when you are working with virtual port channels (vPCs).
This command does not require a license.
Examples
This example shows how to enable spanning tree on VLAN 200:
switch(config)# spanning-tree vlan 200
This example shows how to configure the device as the root switch for VLAN 10 with a network diameter of 4:
switch(config)# spanning-tree vlan 10 root primary diameter 4
This example shows how to configure the device as the secondary root switch for VLAN 10 with a network diameter of 4:
switch(config)# spanning-tree vlan 10 root secondary diameter 4
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree |
Displays information about the spanning tree state. |
state
To set the operational state for a VLAN, use the state command. To return a VLAN to its default operational state, use the no form of this command.
state {active | suspend}
no state
Syntax Description
|
active |
Specifies that the VLAN is actively passing traffic. |
|
suspend |
Specifies that the VLAN is not passing any packets. |
Defaults
active
Command Modes
VLAN configuration submode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
You cannot suspend the state for VLAN 1 or VLANs 1006 to 4094.
VLANs in the suspended state do not pass packets.
This command does not require a license.
Examples
This example shows how to suspend VLAN 2:
switch(config-vlan)#state suspend
Related Commands
|
Command |
Description |
|---|---|
|
show vlan |
Displays VLAN information. |
switchport mode private-vlan host
To set the interface type to be a Layer 2 host port for a private VLAN, use the switchport mode private-vlan host command.
switchport mode private-vlan host
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You must first use the switchport command on the interface before you can use the switchport mode private-vlan host command.
When you configure a port as a host private VLAN port and one of the following applies, the port becomes inactive:
•The port does not have a valid private VLAN association configured.
•The port is a Switched Port Analyzer (SPAN) destination.
•The private VLAN association is suspended.
If you delete a private VLAN port association, or if you configure a private port as a SPAN destination, the deleted private VLAN port association or the private port that is configured as a SPAN destination becomes inactive.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
This command does not require a license.
Examples
This example shows how to set a port to host mode for private VLANs:
switch(config-if)# switchport mode private-vlan host
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information on all interfaces configured as switchports. |
switchport mode private-vlan promiscuous
To set the interface type to be a Layer 2 promiscuous port for a private VLAN, use the switchport mode private-vlan promiscuous command.
switchport mode private-vlan promiscuous
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
You must first use the switchport command on the interface before you can use the switchport mode private-vlan promiscuous command.
When you configure a port as a promiscuous private VLAN port and one of the following applies, the port becomes inactive:
•The port does not have a valid private VLAN mapping configured.
•The port is a Switched Port Analyzer (SPAN) destination.
If you delete a private VLAN port mapping or if you configure a private port as a SPAN destination, the deleted private VLAN port mapping or the private port that is configured as a SPAN destination becomes inactive.
See the private-vlan command for more information on promiscuous ports.
This command does not require a license.
Examples
This example shows how to set a port to promiscuous mode for private VLANs:
switch(config-if)# switchport mode private-vlan promiscuous
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information on all interfaces configured as switchports. |
switchport mode private-vlan promiscuous trunk
To set the interface type to be a Layer 2 promiscuous trunk port for a private VLAN, use the switchport mode private-vlan promiscuous trunk command.
switchport mode private-vlan promiscuous trunk
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
5.0(2) |
This command was introduced. |
Usage Guidelines
Note See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for more information on trunk interfaces.
You must first use the switchport command on the interface before you can use the switchport mode private-vlan promiscuous trunk command. To return to the default Layer 3 port mode, enter the no switchport command.
Beginning with Cisco Release 5.0(2) for the Cisco Nexus 7000 Series devices, you can configure private VLAN promiscuous trunk ports to carry traffic for multiple primary VLANs and their mapped secondary VLANs.
You must map the primary and secondary VLANs, by entering the private-vlan mapping command, before the pair you are mapping to a promiscuous trunk port can become operational. You can map 16 pairs of primary and secondary VLANs to a private VLAN promiscuous trunk port.
This command does not require a license.
Examples
This example shows how to set a port to be a promiscuous trunk port for private VLANs:
switch(config-if)# switchport mode private-vlan promiscuous trunk
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information about all interfaces configured as switchports. |
switchport mode private-vlan trunk secondary
To set the interface type to be a Layer 2 isolated trunk port for a private VLAN, use the switchport mode private-vlan trunk secondary command.
switchport mode private-vlan trunk secondary
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
5.0(2) |
This command was introduced. |
Usage Guidelines
Note See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for more information on trunk interfaces.
You must first use the switchport command on the interface before you can use the switchport mode private-vlan trunk secondary command. To return to the default Layer 3 port mode, enter the no switchport command.
Note You can only make private VLAN isolated ports trunk ports; you cannot make private VLAN community ports trunk ports.
Beginning with Cisco Release 5.0(2) for the Cisco Nexus 7000 Series devices, you can configure private VLAN isolated trunk ports to carry traffic for multiple isolated VLANs and their associated primary VLANs.
Note Each secondary VLAN on an isolated trunk port must be associated with a different primary VLAN. You cannot put two isolated VLANs that are associated with the same primary VLAN into a private VLAN isolated trunk port.
You can map 16 pairs of primary and secondary VLANs to a private VLAN isolated trunk port.
You must associate the primary and secondary isolated VLANs before the pair you map to an isolated trunk port can become operational.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
This command does not require a license.
Examples
This example shows how to set a port to be an isolated trunk port for private VLANs:
switch(config-if)# switchport mode private-vlan trunk secondary
Related Commands
|
Command |
Description |
|---|---|
|
show interface switchport |
Displays information about all interfaces configured as switchports. |
switchport private-vlan association trunk
To add private VLANs, associated isolated VLANs, and primary VLANs to a private VLAN isolated trunk port, use the switchport private-vlan association trunk command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan association trunk {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan association trunk [{primary-vlan-id} {secondary-vlan-id}]
Syntax Description
|
primary-vlan-id |
Number of the primary VLAN of the private VLAN relationship. |
|
secondary-vlan-id |
Number of the isolated VLAN of the private VLAN relationship. Note |
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
5.0(2) |
This command was introduced. |
Usage Guidelines
You must have configured the interface using the switchport mode private-vlan trunk secondary command before this command becomes operational.
You use the switchport private-vlan association trunk command to add private VLANs, isolated VLANs, and their associated primary VLANs to the isolated trunk port. In this way, the isolated trunk port can carry multiple private VLANs. You can add up to 16 pairs of isolated and primary VLANs to each isolated trunk port. You must associate the private VLANs by entering the private-vlan association command before this command becomes operational.
Note Each secondary VLAN on an isolated trunk port must be associated with a different primary VLAN. You cannot put two isolated VLANs that are associated with the same primary VLAN into a private VLAN isolated trunk port.
Delete associations by doing the following:
•Private VLAN associations, both primary and secondary VLANs, by entering the no form of this command.
•Secondary VLANs and their associated primary VLANs by entering the no form of the command with the primary-vlan-id argument
•Specified primary and secondary associated private VLANs by entering the no form of the command and the primary-vlan-id and secondary-vlan-id arguments.
This command does not require a license.
Examples
This example shows how to add isolated VLAN 200 and its associated primary VLAN 100 to a private VLAN isolated trunk port:
switch(config-if)# switchport private-vlan association trunk 100 200
Related Commands
|
Command |
Description |
|---|---|
|
show vlan private-vlan |
Displays information about private VLANs. |
switchport private-vlan host-association
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan host-association
Syntax Description
|
primary-vlan-id |
Number of the primary VLAN of the private VLAN relationship. |
|
secondary-vlan-id |
Number of the secondary VLAN of the private VLAN relationship. |
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
4.0 |
This command was introduced. |
Usage Guidelines
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on primary VLANs, secondary VLANs, and isolated or community ports.
This command does not require a license.
Examples
This example shows how to configure a Layer 2 host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
switch(config-if)# switchport private-vlan host-association 18 20
This example shows how to remove the private VLAN association from the port:
switch(config-if)# no switchport private-vlan host-association
Related Commands
|
Command |
Description |
|---|---|
|
show vlan private-vlan |
Displays information about private VLANs. |
switchport private-vlan mapping trunk
To add or remove private VLAN pairs to the private VLAN promiscuous trunk port, use the switchport private-vlan mapping trunk command. To remove private VLAN mappings from the promiscuous trunk interface, use the no form of this command.
switchport private-vlan mapping trunk primary-vlan {add secondary-vlan-list | remove secondary-vlan-list}
no switchport private-vlan mapping trunk [{primary-vlan} [{secondary-vlan-list}]]
Syntax Description
|
primary-vlan |
ID of the primary VLAN that you are adding to the private VLAN promiscuous trunk port. |
|
add |
Adds the secondary VLAN of the primary VLAN to the promiscuous trunk port. |
|
secondary-vlan-list |
ID of the secondary VLANs that you are adding to the promiscuous trunk port. |
|
remove |
Removes the secondary VLAN of the primary VLAN to the promiscuous trunk port. |
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.0(2) |
This command was introduced. |
Usage Guidelines
You must have configured the interface by using the switchport mode private-vlan trunk promiscuous command before this command becomes operational.
You use the switchport private-vlan mapping trunk command to add private VLANs, primary VLANs, and specified associated secondary VLANs to the promiscuous trunk port. In this way, the promiscuous trunk port can carry multiple private VLANs as well as normal VLANs. The secondary VLAN can be either an isolated or community VLAN. The private VLAN mapping between primary and secondary VLANs must be operational (see the private-vlan mapping command). You can add up to 16 pairs of isolated and primary VLANs to each isolated trunk port.
You must reenter the command for each primary VLAN that you are working with.
When you are using the no form of this command, the following guidelines apply:
•If you do not specify any primary VLANs, the system removes all the private VLANs on this interface.
•If you specify only the primary VLAN, the system removes that primary VLAN and all secondary VLANs associated with that primary VLAN on this interface.
•If you specify the primary VLAN and specific secondary VLANs, the system removes only those specified private VLAN pairs from this interface.
Note You must configure this interface as a VLAN interface if you want Layer 3 communication on this port.
The secondary-vlan-list argument cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs.
This command does not require a license.
Examples
This example shows how to map two primary VLANs and selected associated secondary VLANs to the promiscuous trunk interface:
switch(config-if)# switchport private-vlan mapping trunk 200 add 3,5
switch(config-if)# switchport private-vlan mapping trunk 100 add 10
Related Commands
|
Command |
Description |
|---|---|
|
show vlan private-vlan |
Displays information about private VLANs. |
switchport private-vlan trunk allowed vlan
To add allowed VLANs to the private VLAN promiscuous and isolated trunk ports, use the switchport private-vlan trunk allowed vlan command. To remove VLANs from the promiscuous and isolated trunk interfaces, use the no form of this command.
switchport private-vlan trunk allowed vlan {add vlan-list | all | except vlan-list | none | remove vlan-list}
no switchport private-vlan trunk no allowed vlan vlan-list
Syntax Description
|
add |
Adds a defined list of VLANs on the private VLAN promiscuous and isolated trunk ports. The default value is no VLANs allowed. Note |
|
vlan-list |
Allowed VLANs that transmit through this interface in tagged format when in trunking mode; the range of valid values is from 1 to 3968 and 4048 to 4093. |
|
except |
Allows all VLANs to transmit through this interface in tagged format except the specified values. |
|
none |
Blocks all VLANs transmitting through this interface in tagged format. |
|
remove |
Removes the defined list of VLANs from those currently set. |
Defaults
Empty; no VLANs are allowed on the private VLAN promiscuous and isolated trunk ports by default.
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.0(2) |
This command was introduced. |
Usage Guidelines
You must have configured the interface by using either the switchport mode private-vlan trunk secondary or the switchport mode private-vlan trunk promiscuous command for this command to become operational.
When you map the private primary and secondary private VLANs to the isolated and promiscuous trunk ports, the system automatically adds all the primary VLANs into the list of allowed VLANs for this interface.
Note Ensure that the native VLAN is on the allowed VLANs on this interface. By default, these interface do not allow any traffic. So, even if you are using the default VLAN 1 as the native VLAN, you must configure that VLAN as allowed or you will not pass traffic.
This command does not require a license.
Examples
This example shows how to configure the native default VLAN 1 to be allowed on a private VLAN promiscuous or isolated trunk port:
switch(config-if)# switchport private-vlan trunk allowed vlan add 1
Related Commands
|
Command |
Description |
|---|---|
|
show interface |
Displays information about interfaces. |
switchport private-vlan trunk native vlan
To set the native VLAN for private VLAN promiscuous and isolated trunk ports, use the switchport private-vlan trunk native vlan command. To return to the default value, use the no form of this command.
switchport private-vlan trunk native vlan vlan-id
no switchport private-vlan trunk native vlan vlan-id
Syntax Description
|
vlan-list |
Native VLAN for the private VLAN promiscuous and isolated trunk interfaces. The range of valid values is from 1 to 3968 and 4048 to 4093. |
Defaults
1
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.0(2) |
This command was introduced. |
Usage Guidelines
You must have configured the interface by using either the switchport mode private-vlan trunk secondary or the switchport mode private-vlan trunk promiscuous command before this command becomes operational.
Note If you are using a private VLAN as the native VLAN for the promiscuous trunk port, you must enter a value for a primary VLAN or a normal VLAN; you cannot configure a secondary VLAN as the native VLAN. If you are using a private VLAN as the native VLAN for the isolated trunk port, you must enter a value for a secondary VLAN or a normal VLAN; you cannot configure a primary VLAN as the native VLAN.
This command does not require a license.
Examples
This example shows how to configure the native VLAN on a private VLAN promiscuous or isolated trunk port:
switch(config-if)# switchport private-vlan trunk native vlan 5
Related Commands
|
Command |
Description |
|---|---|
|
show interface |
Displays information about interfaces. |
switchport trunk pruning vlan
To configure pruning eligibility on trunk ports, use the switchport trunk pruning vlan command.
switchport trunk pruning vlan [add | except | none | remove] vlan-id
Syntax Description
|
add |
(Optional) Adds a VLAN to the current list. |
|
except |
(Optional) Specifies all VLANs except a particular VLAN. |
|
none |
(Optional) Specifies no VLANs. |
|
remove |
(Optional) Removes the VLANs from the current list. |
|
all |
(Optional) Specifies all VLAN from the current list. |
|
vlan-id |
VLAN ID. The range is from 2 to 1001. |
Defaults
None
Command Modes
Interface configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to add a VLAN to the current list:
switch(config-if)# switchport trunk pruning vlan add 20
This example shows how to remove a VLAN from the current list:
switch(config-if)# switchport trunk pruning vlan remove 12
Related Commands
|
Command |
Description |
|---|---|
|
show spanning-tree summary |
Displays information about the spanning tree state. |
system vlan reserve
To configure a reserved VLAN range, use the system vlan reserve command. To delete the reserved VLAN range configuration, use the no form of this command.
system vlan start-vlan-id reserve
no system vlan start-vlan-id reserve
Syntax Description
|
start-vlan-id |
Starting VLAN ID. 128 VLANS are reserved starting from the start VLAN ID. For example, if you specify the starting VLAN ID as 0, the reserved VLAN range is from 0 to 127. |
Defaults
3968-4096
Command Modes
Any command mode
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.2(1) |
This command was introduced. |
Usage Guidelines
When you configure the system reserved VLAN range, all configuration on the VLANs that fall under the reserved VLAN range are deleted.
The user-configured system reserved VLAN range comes into effect only after a reload.
This command does not require a license.
Examples
This example shows how to configure a reserved VLAN range:
switch# system vlan 2000 reserve
This will delete all configs on vlans 2000-2127. Continue anyway? [no]
This example shows how to remove the reserved VLAN configuration:
switch# no system vlan 2000 reserve
This will delete all configs on vlans 2000-2127. Continue anyway? [no]
switch#
Related Commands
|
Command |
Description |
|---|---|
|
write erase |
Reverts to the default reserved VLAN range. |
|
show system vlan reserved |
Displays information about the reserved VLAN usage. |
vlan (global configuration mode)
To add a VLAN or to enter the VLAN configuration mode, use the vlan command. To delete the VLAN and exit the VLAN configuration mode, use the no form of this command.
vlan {vlan-id | vlan-range}
no vlan {vlan-id | vlan-range}
Syntax Description
|
vlan-id |
Number of the VLAN; the range of valid values is from 1 to 4094. Note |
|
vlan-range |
Range of configured VLANs; see the «Usage Guidelines» section for a list of valid values. |
Defaults
None
Command Modes
Global configuration
Note You can also create and delete VLANs in the VLAN configuration submode using these same commands.
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.0 |
This command was introduced. |
Usage Guidelines
When you enter the vlan vlan-id command, a new VLAN is created with all default parameters and causes the CLI to enter VLAN configuration submode. If the vlan-id argument that you entered matches an existing VLAN, nothing happens except that you enter VLAN configuration submode.
You can enter the vlan-range using a comma (,), a dash (—), and the number.
VLAN 1 parameters are factory configured and cannot be changed; you cannot create or delete this VLAN. Additionally, you cannot create or delete VLAN 4095 or any of the internally allocated VLANs.
When you delete a VLAN, all the access ports in that VLAN are shut down and no traffic flows. On trunk ports, the traffic continues to flow for the other VLANs allowed on that port, but the packets for the deleted VLAN are dropped. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, that specified VLAN, the device automatically reinstates all the original ports to that VLAN.
This command does not require a license.
Examples
This example shows how to add a new VLAN and enter VLAN configuration submode:
This example shows how to add a range of new VLANs and enter VLAN configuration submode:
switch(config)# vlan 2,5,10-12,20,25,4000
This example shows how to delete a VLAN:
switch(config)# no vlan 2
Related CommandsP
|
Command |
Description |
|---|---|
|
show vlan |
Displays VLAN information. |
vlan configuration
To configure a VLAN prior to or without needing to actually create the VLAN, use the vlan configuration command.
vlan configuration vlan-id
Syntax Description
|
vlan-id |
VLAN ID. The range is from 1 to 2499 and from 2628 to 4093. The VLAN range can be specified in the format shown in this example: 1-5, 10 or 2-5,7-19. |
Defaults
None
Command Modes
Global configuration mode (config)
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|
5.2(1) |
This command was introduced. |
Usage Guidelines
If you use the vlan configuration command to configure a VLAN that you have not yet created and you later want to create that VLAN, use the vlan command to create the configured VLAN.
The show vlan command does not display any VLAN until and unless you actually create the VLAN.
This command does not require a license.
Examples
This example shows how to configure a VLAN and enter the VLAN configuration mode:
switch# configure terminal
switch(config)# vlan configuration 2-5,7-19
switch(config-vlan-config)#
Related Commands
|
Command |
Description |
|---|---|
|
show running-config vlan |
Displays the running configuration for a specified VLAN. |
vtp domain
To set the name of the Virtual Trunking Protocol (VTP) administrative domain, use the vtp domain command. To remove the VTP domain name, use the no form of this command.
vtp domain domain-name
no vtp domain domain-name
Syntax Description
|
domain-name |
Name of the VTP administrative domain. The domain name can be a maximum of 32 characters. |
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1 (2) |
This command was introduced. |
Usage Guidelines
This command is not available if VTP is not enabled.
A network device can be in only one VTP domain. A VTP domain is made up of one or more network devices that share the same VTP domain name and that are inconnected with trunk interfaces.
This command does not require a license.
Examples
This example shows how to configure the VTP domain name:
switch(config)# vtp domain acconting
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
vtp file
To set the name of a Virtual Trunking Protocol (VTP) file, use the vtp file command.
vtp file file-name
Syntax Description
|
file-name |
ASCII name of the IFS file system file where VTP configuration is stored. |
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1 (1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set a name of a VTP file:
switch(config)# vtp file eng_vlans.info
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
vtp mode
To configure the Virtual Trunking Protocol (VTP) device mode, use the vtp mode command. To return to default values, use the no form of this command.
vtp mode {client | off | server | transparent}
no vtp mode
Syntax Description
|
client |
Sets the device to client mode. |
|
off |
Sets the device to off mode. |
|
server |
Sets the device to server mode. |
|
transparent |
Sets the device to transparent mode. |
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the device to client mode:
switch(config)# vtp mode client
This example shows how to set the device to off mode:
switch(config)# vtp mode off
This example shows how to set the device to server mode:
switch(config)# vtp mode server
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
vtp mode transparent
To configure the Virtual Trunking Protocol (VTP) mode, use the vtp mode transparent command.
vtp mode transparent
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1 (2) |
This command was introduced. |
Usage Guidelines
This command is not available if VTP is not enabled. This command is optional because VTP runs only in transparent mode.
This command does not require a license.
Examples
This example shows how to configure the VTP mode:
switch(config)# vtp mode transparent
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
vtp password
To create a Virtual Trunking Protocol (VTP) password, use the vtp password command. To delete the password, use the no form of this command.
vtp password password-value
no vtp password
Syntax Description
|
password-value |
ASCII password for the VTP administrative domain. The maximum size is 64 characters. |
Defaults
None
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to create a VTP password:
switch(config)# vtp password squ1rrel
This example shows how to delete a VTP password:
switch(config)# no vtp password squ1rrel
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp password |
Displays the VTP password value. |
vtp pruning
To set the Virtual Trunking Protocol (VTP) adminstrative domain to permit pruning, use the vtp pruning command. To remove the VTP domain permit pruning, use the no form of this command.
vtp pruning
no vtp pruning
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
5.1 (1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to set the VTP administrative domain to permit pruning:
switch(config)# vtp pruning
This example shows how to remove the VTP administrative domain to permit pruning:
switch(config)# no vtp pruning
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
vtp version
To configure the Virtual Trunking Protocol (VTP) version you want to use, use the vtp version command. To return to default values, use the no vtp version command.
vtp version {1 | 2}
no vtp version
Syntax Description
|
1 |
Specifies VTP version 1. |
|
2 |
Specifies VTP version 2. |
Defaults
1
Command Modes
Global configuration
Supported User Roles
network-admin
vdc-admin
Command History
|
Release |
Modification |
|---|---|
|
4.1 (2) |
This command was introduced. |
Usage Guidelines
This command is not available if VTP is not enabled.
This command does not require a license.
Examples
This example shows how to configure the VTP version:
switch(config)# vtp version 2
Related CommandsP
|
Command |
Description |
|---|---|
|
show vtp status |
Displays VTP information. |
Use these:
show cdp neighbor
show mac address-table
show ip arp
show cdp neighbor
This will show you other Cisco devices (Switches/Routers/WAPs/Fibre Switches) connected to the switch, tell you on which port they are connected to the switch, what their remote device name/IP are, and what model they are, and on what interface on the remote device they connect to that port on.
show mac address-table
This will show the MAC addresses to the ports, and is somewhat useful as you can use utilities to find the manufacturers, and you can get that info from the other devices individually.
However if you have portchannels/trunks you’ll want to figure out where they connect to and check those devices again.
show ip arp
This will save you a TON of time, so long as you have an IP address configured on the switch for each VLAN that it contains for the local network there you can see what IPs in that network match what MAC addresses from the previous command.
Ie. this spits out a list of IP addresses to MAC addresses to VLANs.
You can easily use Excel to map the ports that have MAC addresses found in show mac address-table to the IPs that match the MAC addresses from show ip arp
Add in that if you’re in a domain you can get the dnz zone file and match the IPS.
In a Windows Environment you can easily run DNSCMD on your Domain controller to quickly output a list of FQDNs to IPs and you can list most of your infrastructure by name to port.