|
This chapter describes the Cisco IOS commands that have been created or changed for the Catalyst 2900 series switches. Table 2-1 lists and describes the commands in this chapter sorted by command modes from which they are entered.
Commands | Description | |
---|---|---|
Privileged EXEC mode |
| |
| clear cgmp | Delete the multicast addresses and router ports maintained by CGMP. |
| clear mac-address-table | Delete all addresses in the MAC address table. |
| clear vmps statistics | Clear the statistics maintained by the VLAN Query Protocol (VQP) client. |
| clear vtp counters | Clear the VLAN Trunk Protocol (VTP) counters. |
| show cgmp | Display the current state of the CGMP-learned multicast groups and routers. |
| show interface | Display the administrative and operational status of a switching (nonrouting) port. |
| show mac-address-table | Display the MAC address table. |
| show port block | Display the blocking of unicast and multicast filtering for the port. |
| show port group | Display the ports that are assigned to groups. |
| show port monitor | Display the ports that have port monitoring enabled. |
| show port network | Display the network ports on the switch. |
| show port security | Display the ports that have port security enabled. |
| show port storm-control | Display the setting of broadcast-storm control. |
| show spanning-tree | Display Spanning-Tree Protocol (STP) information. |
| show vlan | Display information about a VLAN. |
| show vmps | Display the VQP version, reconfirmation interval, retry count, server IP addresses, and are the current and primary servers. |
| show vmps statistics | Display the VQP client-side statistics. |
| show vtp | Display general information about the VTP management domain, status, and counters. |
| vlan database | Enter VLAN database mode. |
| vmps reconfirm | Send VQP queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS). |
Global configuration mode |
| |
| cgmp | Enable Cisco Group Management Protocol. |
| mac-address-table aging-time | Set the length of time that a dynamic entry remains in the address table. |
| mac-address-table dynamic | Add a dynamic address entry to the address table. |
| mac-address-table secure | Add a secure address entry to the address table. |
| mac-address-table static | Add a static address entry to the address table. |
| shutdown vlan | Shut down local traffic on the specified VLAN. |
| snmp-server enable traps vlan-membership | Enable SNMP notification for VMPS changes. |
| snmp-server enable traps vtp | Enable SNMP notification for VTP changes. |
| snmp-server host | Specify the host that receives SNMP traps. |
| spanning-tree | Enable an instance of STP. |
| spanning-tree forward-time | Specify the forward delay interval for the switch. |
| spanning-tree hello-time | Specify the interval between hello Bridge Protocol Data Units (BPDUs). |
| spanning-tree max-age | Change the interval the switch waits to receive BPDUs from the root switch. |
| spanning-tree priority | Configure the bridge priority for the specified spanning-tree instance. |
| spanning-tree protocol | Define the type of STP. |
| vmps reconfirm | Change the reconfirmation interval for the VQP client. |
| vmps retry | Configure the per-server retry count for the VQP client. |
| vmps server | Configure the primary VMPS and up to three secondary servers. |
| vtp file | Modify the VTP configuration storage filename. |
VLAN database mode |
| |
abort | Abandon the proposed new VLAN database, and return to privileged EXEC mode. | |
apply | Implement the proposed new VLAN database, propagate it throughout the administrative domain, and remain in VLAN database mode. | |
exit | Implement the proposed new VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. | |
reset | Abandon the proposed new VLAN database, and remain in VLAN database mode. | |
show changes | Display the differences between the currently implemented VLAN database on the switch and the proposed new VLAN database. | |
show current | Display the currently implemented VLAN database on the switch or a single selected VLAN from it. | |
show proposed | Display the proposed new VLAN database or a single selected VLAN from it. | |
vlan | Configure a VLAN by its VLAN ID. | |
vtp | Configure the VTP mode. | |
vtp domain | Configure the VTP administrative domain. | |
vtp password | Configure the VTP password. | |
vtp pruning | Enable pruning in the VTP administrative domain. | |
vtp v2-mode | Enable VTP version 2 mode in the administrative domain. | |
Interface configuration mode |
| |
| duplex | Specify the duplex mode of operation for a port. |
| ip address | Set a primary or secondary IP address of a port. |
| port block | Prevent the flooding of unknown destination MAC addresses and multicast addresses on this port. |
| port group | Place a port into a port aggregation group. |
| port monitor | Implement port monitoring on this port. |
| port network | Enable a port as the network port for a VLAN. |
| port security | Enable port security on a port. |
| port storm-control | Disable broadcast traffic if too many broadcast packets are seen on this port. |
| shutdown | Disable a port. |
| spanning-tree cost | Set a different path cost. |
| spanning-tree portfast | Enable the Port Fast option on the switch. |
| spanning-tree port-priority | Configure the STP priority of a port. |
| speed | Specify the speed of a port. |
| switchport access | Configure a port as an access or dynamic VLAN port. |
| switchport mode | Configure the VLAN membership mode of a port. |
| switchport multi | Configure a port to be a multi-VLAN port. |
| switchport trunk allowed vlan | Control which VLANs can receive and transmit traffic on the trunk. |
| switchport trunk encapsulation | Set the encapsulation format on the trunk. |
| switchport trunk native | Set the native VLAN for untagged traffic when in 802.1Q trunking mode. |
Table 2-2 lists the commands that have been replaced by new commands. These replaced commands continue to perform their normal function in the current release but are no longer documented. Support for these commands will cease in a future release.
Old Commands | New Commands | ||
---|---|---|---|
Interface Configuration mode | Global Configuration mode | ||
| spantree disable no spantree disable |
| no spanning-tree vlan 1 spanning-tree vlan 1 |
| spantree forward-time seconds no spantree forward-time |
| spanning-tree vlan 1 forward-time seconds no spanning-tree vlan 1 forward-time |
| spantree hello-time seconds no spantree hello-time |
| spanning-tree vlan 1 hello-time seconds no spanning-tree vlan 1 hello-time |
| spantree max-age seconds no spantree max-age |
| spanning-tree vlan 1 max-age seconds no spanning-tree vlan 1 max-age |
| spantree priority bridge-priority no spantree priority |
| spanning-tree vlan 1 priority bridge-priority no spanning-tree vlan 1 priority |
| spantree protocol {ieee | dec | ibm} no spantree protocol |
| spanning-tree vlan 1 protocol {ieee | dec | ibm} no spanning-tree vlan 1 protocol |
Note The concept of VLANs did not exist for the above old commands; therefore, the equivalent new commands apply to VLAN 1. The range of values for the spantree commands are identical to the ones for the spanning-tree commands. | |||
|
| ||
Interface Configuration mode | Interface Configuration mode | ||
| spantree cost cost no spantree cost |
| spanning-tree vlan 1 cost cost no spanning-tree vlan 1 cost |
| spantree portfast interface no spantree portfast interface |
| spanning-tree vlan 1 portfast interface no spanning-tree vlan 1 portfast interface |
| spantree priority port-priority no spantree priority |
| spanning-tree vlan 1 port-priority port-priority no spanning-tree vlan 1 port-priority |
Note The above commands are supported on interfaces other than VLAN 1. |
Use the abort VLAN database command to abandon the proposed new VLAN database, exit VLAN database mode, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.
abort
This command has no arguments or keywords.
No default is defined.
VLAN database
If you have added, deleted, or modified VLAN parameters in the VLAN database mode but you do not want to keep the changes, the abort command causes all the changes to be abandoned. The VLAN configuration that was running before you entered VLAN database mode continues to be used.
The following example shows how to abandon the proposed new VLAN database and exit to the privileged EXEC mode:
Switch(vlan)# abort
Switch#
You can verify that no VLAN database changes occurred by entering the show vlan brief command in privileged EXEC mode.
Use the apply VLAN database command to implement the proposed new VLAN database, increment the database configuration revision number, propagate it throughout the administrative domain, and remain in VLAN database mode. This command is available only in the Enterprise Edition Software.
apply
This command has no arguments or keywords.
No default is defined.
VLAN database
The apply command implements the configuration changes you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.
You cannot use this command when the switch is in the VLAN Trunk Protocol (VTP) client mode.
The following example shows how to implement the proposed new VLAN database and recognize it as the current database:
Switch(vlan)# apply
You can verify that VLAN database changes occurred by entering the show vlan command in privileged EXEC mode.
Use the cgmp global configuration command to enable Cisco Group Management Protocol (CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging time. Use the no form of this command to disable CGMP.
cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime]
leave-processing | (Optional) Enable Fast Leave processing on the switch. |
holdtime | (Optional) Set the amount of time a router connection is retained before the switch ceases to exchange messages with it. |
time | Number of seconds a router connection is retained before the switch ceases to exchange messages with it. You can enter a number from 10 to 6000 seconds. |
CGMP is enabled.
Fast Leave is disabled.
The hold time is 300 seconds.
Global configuration
CGMP must be enabled before the Fast Leave option can be enabled.
The following example shows how to disable CGMP:
Switch(config)# no cgmp
The following example shows how to disable the Fast Leave option:
Switch(config)# no cgmp leave-processing
The following example shows how to set the amount of time the switch waits before ceasing to exchange messages with a router:
Switch(config)# cgmp holdtime 400
The following example shows how to remove the amount of time the switch waits before ceasing to exchange messages with a router:
Switch(config)# no cgmp holdtime
You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.
clear cgmp
show cgmp
Use the clear cgmp privileged EXEC command to delete information that was learned by the switch using the Cisco Group Management Protocol (CGMP).
clear cgmp [vlan vlan-id] | [group [address] | router [address]]
vlan | (Optional) Delete groups only within vlan-id. |
vlan-id | VLAN for which the CGMP groups or routers are to be deleted. |
group | (Optional) Delete all known multicast groups and their destination ports. Limited to a VLAN if the vlan keyword is entered. Limited to a specific group if the address parameter is entered. |
address | MAC address of the group or router. |
router | (Optional) Delete all routers, their ports, and expiration times. Limited to a given VLAN if the vlan keyword is entered. Limited to a specific router if the address parameter is entered. |
Privileged EXEC
Using clear cgmp with no arguments deletes all groups and routers in all VLANs.
The following example shows how to delete all groups and routers on VLAN 2:
Switch# clear cgmp vlan 2
The following example shows how to delete all groups on all VLANs:
Switch# clear cgmp group
The following example shows how to delete a router address on VLAN 2:
Switch# clear cgmp vlan 2 router 0012.1234.1234
You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.
cgmp
show cgmp
Use the clear mac-address-table privileged EXEC command to delete entries from the MAC address table.
clear mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface] [vlan vlan-id]
static | (Optional) Delete only static addresses. |
dynamic | (Optional) Delete only dynamic addresses. |
secure | (Optional) Delete only secure addresses. |
address | (Optional) Delete the address hw-addr of type static, dynamic, and secure as specified. |
hw-addr | Delete this address. |
interface | (Optional) Delete an address on the interface interface of type static, dynamic, or secure as specified. |
interface | Delete MAC addresses on this port. |
vlan | (Optional) Delete all the addresses for vlan-id. |
vlan-id | Delete MAC addresses in this VLAN. |
Privileged EXEC
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.
The following example shows how to delete static addresses with the in-port value equal to fa0/7:
Switch# clear mac-address-table static interface fa0/7
The following example shows how to delete all secure addresses in VLAN 3:
Switch# clear mac-address-table secure vlan 3
The following example shows how to delete a specific address from all ports in all VLANs. If the address exists in multiple VLANs or multiple ports, all the instances are deleted.
Switch# clear mac-address-table address 0099.7766.5544
The following example shows how to delete a specific address only in VLAN 2:
Switch# clear mac-address-table address 0099.7766.5544 vlan 2
You can verify the previous commands by entering the show mac-address-table command in privileged EXEC mode.
show mac-address-table
Use the clear vmps statistics privileged EXEC command to clear the statistics maintained by the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.
clear vmps statistics
This command has no arguments or keywords.
No default is defined.
Privileged EXEC
The following example shows how to clear VLAN Membership Policy Server (VMPS) statistics:
Switch# clear vmps statistics
You can verify the previous command by entering the show vmps statistics command in privileged EXEC mode.
show vmps statistics
Use the clear vtp counters privileged EXEC command to clear the VLAN Trunk Protocol (VTP) and pruning counters. This command is available only in the Enterprise Edition Software.
clear vtp counters
This command has no arguments or keywords.
No default is defined.
Privileged EXEC
The following example shows how to clear the VTP counters:
Switch# clear vtp counters
You can verify the previous command by entering the show vtp counters command in privileged EXEC mode.
show vtp counters
Use the duplex interface configuration command to specify the duplex mode of operation for a Fast Ethernet port. Use the no form of this command to return the port to its default value.
duplex {full | half | auto}
no duplex
full | Port is in full-duplex mode. |
half | Port is in half-duplex mode. |
auto | Port automatically detects whether it should run in full- or half-duplex mode. |
The default is auto.
Interface configuration
Certain ports can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All ports can be configured for either full or half duplex.
For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.
For Gigabit Ethernet ports, setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter.
The following example shows how to set port 1 on a Fast Ethernet module installed in slot 2 to full duplex:
Switch(config)# interface fastethernet2/1
Switch(config-if)# duplex full
The following example shows how to set port 1 on a Gigabit Ethernet module installed in slot 2 to full duplex:
Switch(config)# interface gigabitethernet2/1
Switch(config-if)# duplex full
You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
show running-config
speed
Use the exit VLAN database command to implement the proposed new VLAN database, increment the database configuration number, propagate it throughout the administrative domain, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.
exit
This command has no arguments or keywords.
No default is defined.
VLAN database
The exit command implements all the configuration changes you made since you entered VLAN database mode and uses them for the running configuration. This command returns you to privileged EXEC mode.
The following example shows how to implement the proposed new VLAN database and exit to privileged EXEC mode:
Switch(vlan)# exit
Switch#
You can verify the previous command by entering the show vlan brief command in privileged EXEC mode.
abort
apply
reset
show vlan
shutdown vlan
vlan database
Use the ip address interface configuration command to set an IP address for a port. Use the no form of this command to remove an IP address or disable IP processing.
ip address ip-address mask
no ip address ip-address mask
ip-address | IP address. |
mask | Mask for the associated IP subnet. |
No IP address is defined for the port.
Interface configuration
A port can have one IP address.
The IP address of the switch can only be accessed by nodes connected to ports that belong to VLAN 1.
The following example shows how to configure the IP address for the switch on a subnetted network:
Switch(config)# interface vlan 1
Switch(config-if)# ip address 172.20.128.2 255.255.255.0
You can verify the previous commands by entering the show running-config command in privileged EXEC mode.
show running-config
Use the mac-address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. Use the no form of this command to use the default aging-time interval. The aging time applies to all VLANs.
mac-address-table aging-time age
no mac-address-table aging-time
age | Number from 10 to 1000000 seconds. |
The default is 300 seconds.
Global configuration
If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time. This can reduce the possibility of flooding when the hosts transmit again.
The following example shows how to set the aging time to 200 seconds:
Switch(config)# mac-address-table aging-time 200
You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
clear mac-address-table
mac-address-table dynamic
mac-address-table secure
port block
show cgmp
show mac-address-table
Use the mac-address-table dynamic global configuration command to add dynamic addresses to the MAC address table. Dynamic addresses are automatically added to the address table and dropped from it when they are not in use. Use the no form of this command to remove dynamic entries from the MAC address table.
mac-address-table dynamic hw-addr interface [vlan vlan-id]
no mac-address-table dynamic hw-addr [vlan vlan-id]
hw-addr | MAC address added to or removed from the table. |
interface | Port to which packets destined for hw-addr are forwarded. |
vlan | (Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded. This keyword is optional if the port is a static-access or dynamic-access VLAN port. In this case, the VLAN assigned to the port is assumed to be that of the port associated with the MAC address. Note When this command is executed on a dynamic-access port, queries to the VLAN Membership Policy Server (VMPS) do not occur. The VMPS cannot verify if the address is allowed or determine to which VLAN the port should be assigned. This command should only be used for testing purposes.This keyword is required for multi-VLAN and trunk ports. This keyword is required on trunk ports to specify to which VLAN the dynamic address is assigned. |
vlan-id | ID of the VLAN to which packets destined for hw-addr are forwarded. |
Global configuration
If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.
The following example shows how to add a MAC address on port fa1/1 to VLAN 4:
Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa1/1 vlan 4
You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
clear mac-address-table
mac-address-table aging-time
mac-address-table static
show mac-address-table
Use the mac-address-table secure global configuration command to add secure addresses to the MAC address table. Use the no form of this command to remove secure entries from the MAC address table.
mac-address-table secure hw-addr interface [vlan vlan-id]
no mac-address-table secure hw-addr [vlan vlan-id]
hw-addr | MAC address that is added to the table. |
interface | Port to which packets destined for hw-addr are forwarded. |
vlan | (Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded. This keyword is optional if the port is a static-access VLAN port. In this case, the VLAN assigned to the port is assumed to be that of the port associated with the MAC address. This keyword is required for multi-VLAN and trunk ports. |
vlan-id | ID of the VLAN to which secure entries are added. |
Global configuration
Secure addresses can be assigned only to one port at a time. Therefore, if a secure address table entry for the specified MAC address and VLAN already exists on another port, it is removed from that port and assigned to the specified one.
In Enterprise Edition Software, dynamic-access ports do not support secure addresses.
The following example shows how to add a secure MAC address to VLAN 6 of port fa1/1:
Switch(config)# mac-address-table secure 00c0.00a0.03fa fa1/1 vlan 6
You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table static
show mac-address-table
Use the mac-address-table static global configuration command to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.
mac-address-table static hw-addr in-port out-port-list [vlan vlan-id]
no mac-address-table static hw-addr [in-port in-port] [out-port-list out-port-list] [vlan vlan-id]
hw-addr | MAC address to add to the address table. |
in-port | Input port from which packets received with a destination address of hw-addr are forwarded to the list of ports in the out-port-list. The in-port must belong to the same VLAN as all the ports in the out-port-list. |
out-port-list | List of ports to which packets received on ports in in-port are forwarded. All ports in the list must belong to the same VLAN. |
vlan | (Optional) The interface and VLAN parameters together specify a destination to which packets destined for the specified MAC address are forwarded. This keyword is optional if all the ports specified by in-port-list and out-port-list are static-access VLAN ports. The VLAN assigned to the ports is assumed. This keyword is required for multi-VLAN and trunk ports. Dynamic-access ports cannot be included in static addresses as either the source (in-port) or destination (out-port). This keyword is required on trunk ports to specify to which VLAN the static address is assigned. |
vlan-id | ID of the VLAN to which static address entries are forwarded. |
Global configuration
When a packet is received on the input port, it is forwarded to the VLAN of each port you specify for the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address already defined as one modifies the port map (vlan and out-port-list) for the input port specified.
If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.
Traffic from a static address is only accepted from a port defined in the in-port variable.
In Enterprise Edition Software, dynamic-access ports cannot be configured as the source or destination port in a static address entry.
The following example adds a static address with port 1 as an input port and ports 2 and 8 of VLAN 4 as output ports:
Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8 vlan 4
You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.
clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table secure
show mac-address-table
Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.
port block {unicast | multicast}
no port block {unicast | multicast}
unicast | Packets with unknown unicast addresses are not forwarded to this port. |
multicast | Packets with unknown multicast addresses are not forwarded to this port. |
Flood unknown unicast and multicast packets to all ports.
Interface configuration
The port block command cannot be entered for a network port.
In Enterprise Edition Software, if a trunk port is not a network port, the unicast keyword applies. The multicast keyword is supported on trunk ports. Both port block features affect all the VLANs associated with the trunk port.
The following example shows how to block the forwarding of multicast and unicast packets to a port:
Switch(config-if)# port block unicast
Switch(config-if)# port block multicast
You can verify the previous commands by entering the show port block command in privileged EXEC mode.
show port block
Use the port group interface configuration command to assign a port to a Fast EtherChannel or Gigabit EtherChannel port group. Up to 12 port groups can be created on a switch. Any number of ports can belong to a destination-based port group. Up to eight ports can belong to a source-based port group. Use the no form of this command to remove a port from a port group.
port group group-number [distribution {source | destination}]
no port group
group-number | Port group number to which the port belongs. A number from 1 to 12 is valid. |
distribution | (Optional) Forwarding method for the port group. |
source | Set the port to forward traffic to a port group based on the packet source address. This is the default forwarding method. |
destination | Set the port to forward traffic to a port group based on the packet destination address. |
Port does not belong to a port group.
The default forwarding method is source.
Interface configuration
Any port can belong to a port group, but the following restrictions apply:
When a group is first formed, the switch automatically sets the following parameters to be the same on all ports:
Configuration of the first port added to the group is used when setting the above parameters for other ports in the group. After a group is formed, changing any parameter in the above list changes the parameter on all other ports.
Use the distribution parameter to customize the port group to your particular environment. The forwarding method you choose depends on how your network is configured. However, source-based forwarding works best for most network configurations. See the "Setting Port Features" section for more information.
The following example shows how to add a port to a port group using the default source-based forwarding:
Switch(config-if)# port group 1
The following example shows how to add a port to a group using destination-based forwarding:
Switch(config-if)# port group 2 distribution destination
You can verify the previous commands by entering the show port group command in privileged EXEC mode.
show port group
Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the port to its default value.
port monitor [interface]
no port monitor [interface]
interface | (Optional) Module and port number for which SPAN is to be enabled. |
Port does not monitor any other ports.
Interface configuration
Enabling port monitoring without specifying a port causes all other ports in the same VLAN to be monitored.
All ports can be monitor ports, but the following restrictions apply:
The following example shows how to enable port monitoring on port fa0/2:
Switch(config-if)# port monitor fa0/2
You can verify the previous command by entering the show port monitor command in privileged EXEC mode.
show port monitor
Use the port network interface configuration command to define a port as the switch network port. All traffic with unknown unicast addresses is forwarded to the network port on the same VLAN. Use the no form of this command to return the port to the default value.
port network
no port network
This command has no arguments or keywords.
No network port is defined.
Interface configuration
The following restrictions apply to network ports:
The following example shows how to set a port as a network port.
Switch(config-if)# port network
You can verify the previous command by entering the show port network command in privileged EXEC mode.
show port network
Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the port to its default value.
port security [action {shutdown | trap}]
port security [max-mac-count addresses]
no port security
action | (Optional) Action to take when an address violation occurs on this port. |
shutdown | Disable the port when a security violation occurs. |
trap | Generate an SNMP trap when a security violation occurs. |
max-mac-count | (Optional) Maximum number of secure addresses that this port can support. |
addresses | Number from 1 to 132. |
Port security is disabled.
When enabled, the default action is to generate an SNMP trap.
Interface configuration
If you specify trap, use the snmp-server host command to configure the SNMP trap host to receive traps.
The following restrictions apply to secure ports:
The following example shows how to enable port security and what action the port takes in case of an address violation (shutdown).
Switch(config-if)# port security action shutdown
The following example shows how to set the maximum number of addresses that the port can learn to 8.
Switch(config-if)# port security max-mac-count 8
You can verify the previous commands by entering the show port security command in privileged EXEC mode.
show port security
Use the port storm-control interface configuration command to enable broadcast-storm control on a port. Use the no form of this command to disable storm control or one of the storm-control parameters on the port.
port storm-control {filter | trap | threshold {rising rising-number falling falling-number}}
no port storm-control {filter | trap | threshold}
filter | (Optional) Disable the port during a broadcast storm. |
trap | (Optional) Generate an SNMP trap when the traffic on the port crosses the rising or falling threshold. |
threshold | (Optional) Rising and falling threshold values to follow. |
rising | Block the normal flooding of broadcast packets when the value specified for rising-number is reached. |
rising-number | 0 to 4294967295 broadcast packets per second. |
falling | Restart the normal flooding of broadcast packets when the value specified for falling-number is reached. |
falling-number | 0 to 4294967295 broadcast packets per second. |
Broadcast storm control is not enabled.
Interface configuration
The following example shows how to enable broadcast storm control on a port. In this example, flooding is inhibited when the number of broadcast packets arriving on the port reaches 1000 and is restarted when the number returns to 200.
Switch(config-if)# port storm-control threshold rising 1000 falling 200
You can verify the previous command by entering the show port storm-control command in privileged EXEC mode.
show port storm-control
Use the reset VLAN database command to abandon the proposed VLAN database and remain in VLAN database mode. This command resets the proposed database to the currently implemented VLAN database on the switch. This command is available only in the Enterprise Edition Software.
reset
This command has no arguments or keywords.
No default is defined.
VLAN database
The following example shows how to abandon the proposed VLAN database and reset to the current VLAN database:
Switch(vlan)# reset
Switch(vlan)#
You can verify the previous command by entering the show changes and show proposed commands in VLAN database mode.
Use the show cgmp privileged EXEC command to display the current state of the CGMP-learned multicast groups and routers.
show cgmp [state | holdtime | [vlan vlan-id] | [group [address] | router [address]]]
state | (Optional) Display whether CGMP is enabled or not, whether Fast Leave is enabled or not, and the router port timeout value. |
holdtime | (Optional) Display the router port timeout value in seconds. |
vlan | (Optional) Limit the display to the specified VLAN. |
vlan-id | ID of VLAN to which the command applies. |
group | (Optional) Display all known multicast groups and the destination ports. Limited to given VLAN if vlan keyword is entered; limited to a specific group if the address parameter is entered. |
address | MAC address of the group or router. |
router | (Optional) Display all routers, their ports, and expiration times. Limited to given VLAN if vlan keyword entered; limited to a specific router if the address parameter is entered. |
Privileged EXEC
This command displays CGMP information about known routers and groups, as well as whether CGMP is enabled, whether Fast Leave is enabled, and the current value of the router timeout. If show cgmp is entered with no arguments, all information is displayed.
The following is sample output from the show cgmp command.
Switch# show cgmp
CGMP is running.
CGMP Fast Leave is not running.
Default router timeout is 300 sec.
vLAN IGMP MAC Address Interfaces
------ ----------------- -----------
1 0100.5e01.0203 Fa0/8
1 0100.5e00.0128 Fa0/8
vLAN IGMP Router Expire Interface
------ ----------------- -------- ----------
1 0060.5cf3.d1b3 197 sec Fa0/8
cgmp
clear cgmp
Use the show changes VLAN database command to display the differences between the VLAN database currently on the switch and the proposed VLAN database. You can also display the differences between the two for a selected VLAN. This command is available only in the Enterprise Edition Software.
show changes [vlan-id]
vlan-id | (Optional) ID of the VLAN in the current or proposed database. If this variable is omitted, all the differences between the two VLAN databases are displayed, including the pruning state and V2 mode. Valid IDs are from 1 to 1005. |
VLAN database
The following is sample output from the show changes command. It displays the differences between the current and proposed databases.
Switch(vlan)# show changes
DELETED:
VLAN ISL Id: 4
Name: VLAN0004
Media Type: Ethernet
VLAN 802.10 Id: 100004
State: Operational
MTU: 1500
DELETED:
VLAN ISL Id: 6
Name: VLAN0006
Media Type: Ethernet
VLAN 802.10 Id: 100006
State: Operational
MTU: 1500
MODIFIED:
VLAN ISL Id: 7
Current State: Operational
Modified State: Suspended
The following is sample output from the show changes 7 command. It displays the differences between VLAN 7 in the current database and the proposed database.
Switch(vlan)# show changes 7
MODIFIED:
VLAN ISL Id: 7
Current State: Operational
Modified State: Suspended
Use the show current VLAN database command to display the current VLAN database on the switch or a selected VLAN from it. This command is available only in the Enterprise Edition Software.
show current [vlan-id]
vlan-id | (Optional) ID of the VLAN in the current database. If this variable is omitted, the entire VLAN database displays, included the pruning state and V2 mode. Valid IDs are from 1 to 1005. |
VLAN database
The following is sample output from the show current command. It displays the current VLAN database.
Switch(vlan)# show current
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003
VLAN ISL Id: 2
Name: VLAN0002
Media Type: Ethernet
VLAN 802.10 Id: 100002
State: Operational
MTU: 1500
VLAN ISL Id: 3
Name: VLAN0003
Media Type: Ethernet
VLAN 802.10 Id: 100003
State: Operational
MTU: 4000
VLAN ISL Id: 4
Name: VLAN0004
Media Type: Ethernet
VLAN 802.10 Id: 100004
State: Operational
MTU: 1500
VLAN ISL Id: 5
Name: VLAN0005
Media Type: Ethernet
VLAN 802.10 Id: 100005
State: Operational
MTU: 1500
VLAN ISL Id: 6
Name: VLAN0006
Media Type: Ethernet
VLAN 802.10 Id: 100006
State: Operational
MTU: 1500
The following is sample output from the show current 2 command. It displays only VLAN 2 of the current database.
Switch(vlan)# show current 2
VLAN ISL Id: 2
Name: VLAN0002
Media Type: Ethernet
VLAN 802.10 Id: 100002
State: Operational
MTU: 1500
Use the show interface privileged EXEC mode command to display the administrative and operational status of a switching (nonrouting) port.
show interface interface-id [switchport [allowed-vlan | prune-elig]]
interface-id | ID of the module and port number. |
switchport | (Optional) Display the administrative and operational status of a switching (nonrouting) port. |
allowed-vlan | (Optional) Display the VLAN IDs that receive and transmit all types of traffic on the trunk port. By default, all VLAN IDs are included. |
prune-elig | (Optional) Display the VLAN ID whose flood traffic can be pruned. VLAN 1 and VLANs 1002 through 1005 are not eligible for pruning. By default, no VLANs are pruning eligible on the trunk. |
Privileged EXEC
The following is sample output from the show interface fa0/2 switchport command. Table 2-3 describes each field in the display.
Switch# show interface fa0/2 switchport
Name: fa0/2
Switchport: Enabled
Administrative Mode: Static Access
Operational Mode: Static Access
Administrative Trunking Encapsulation: ISL
Operational Trunking Encapsulation: ISL
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-30, 50, 100-1005
Pruning VLANs Enabled: NONE
Field | Description |
---|---|
Name | Displays the port name. |
Switchport | Displays the administrative and operational status of the port. In this display, the port is in switchport mode. |
Administrative Mode Operational Mode | Displays the administrative and operational mode. |
Administrative Trunking Encapsulation Operation Trunking Encapsulation Negotiation of Trunking | Displays the administrative and operational encapsulation method. Also displays whether trunking negotiation is enabled. |
Access Mode VLAN | VLAN ID. |
Trunking Native Mode Trunking VLANs Enabled Trunking VLANs Active | Lists the VLAN ID of the trunk that is in native mode. Lists the active VLANs on the trunk. |
Pruning VLANs Enabled | Lists the VLANs that are pruning eligible. |
Use the show mac-address-table privileged EXEC command to display the MAC address table.
show mac-address-table [static | dynamic | secure | self | aging-time | count]
[address hw-addr] [interface interface] [vlan vlan-id]
static | (Optional) Display only the static addresses. |
dynamic | (Optional) Display only the dynamic addresses. |
secure | (Optional) Display only the secure addresses. |
self | (Optional) Display only addresses added by the switch itself. |
aging-time | (Optional) Display aging-time for dynamic addresses for all VLANs. |
count | (Optional) Display a count for different kinds of MAC addresses. |
address | (Optional) Display information for a specific address. |
hw-addr | Display information for this address. |
interface | (Optional) Display addresses for a specific port. |
interface | Display addresses for this port. |
vlan | (Optional) Display addresses for a specific VLAN. |
vlan-id | Display addresses for this VLAN. |
Privileged EXEC
This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.
The following is sample output from the show mac-address-table command:
Switch# show mac-address-table
Dynamic Addresses Count: 9
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count: 41
Total MAC addresses: 50
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0010.0de0.e289 Dynamic 1 FastEthernet0/1
0010.7b00.1540 Dynamic 2 FastEthernet0/5
0010.7b00.1545 Dynamic 2 FastEthernet0/5
0060.5cf4.0076 Dynamic 1 FastEthernet0/1
0060.5cf4.0077 Dynamic 1 FastEthernet0/1
0060.5cf4.1315 Dynamic 1 FastEthernet0/1
0060.70cb.f301 Dynamic 1 FastEthernet0/1
00e0.1e42.9978 Dynamic 1 FastEthernet0/1
00e0.1e9f.3900 Dynamic 1 FastEthernet0/1
clear mac-address-table
show port block {unicast | multicast} [interface]
unicast | Display whether or not ports are blocking unicast packets. |
multicast | Display whether or not ports are blocking multicast packets. |
interface | (Optional) Display whether the port specified is blocking unicast or multicast packets. |
Privileged EXEC
If the variable interface is omitted, the show port block unicast and show port block multicast commands display packet blocking information on all ports.
The following is sample output from the show port block command:
Switch# show port block unicast fa0/8
FastEthernet0/8 is blocked from unknown unicast addresses
port block
Use the show port group privileged EXEC command to list the ports that belong to a port group.
show port group [group-number]
group-number | (Optional) Port group to which the port is assigned. |
Privileged EXEC
If the variable group-number is omitted, the show port group command displays all port groups on the switch.
The following is sample output from the show port group command:
Switch# show port group 1
Group Interface
----- ---------------
1 FastEthernet0/1
1 FastEthernet0/4
port group
Use the show port monitor privileged EXEC command to display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled.
show port monitor [interface]
interface | (Optional) Module and port number enabled for SPAN. |
Privileged EXEC
If the variable interface is omitted, the show port monitor command displays all monitor ports on the switch.
The following is sample output from the show port monitor command:
Switch# show port monitor fa0/8
Monitor Port Port Being Monitored
------------------ --------------------
FastEthernet0/8 FastEthernet0/1
FastEthernet0/8 FastEthernet0/2
FastEthernet0/8 FastEthernet0/3
FastEthernet0/8 FastEthernet0/4
port monitor
Use the show port network privileged EXEC command to display the network port defined for the switch or VLAN.
show port network [interface]
interface | (Optional) Port to be displayed. |
Privileged EXEC
If the variable interface is omitted, the show port network command displays all network ports on the switch.
The following is sample output from the show port network command:
Switch# show port network
Network Port VLAN ID
------------ -------
FastEthernet0/11 1
port network
Use the show port security privileged EXEC command to show the port security parameters defined for the port.
show port security [interface]
interface | (Optional) Port to be displayed. |
Privileged EXEC
If the variable interface is omitted, the show port security command displays all secure ports on the switch.
The following is sample output from the show port security command for fixed port 07:
Switch# show port security fa0/7
Secure Port Secure Addr Secure Addr Security Security Action
Cnt (Current) Cnt (Max) Reject Cnt
--------------- ------------- ----------- ---------- ----------------
FastEthernet0/7 0 132 0 Send Trap
port security
Use the show port storm-control privileged EXEC command to display the rising and falling thresholds for broadcast storm control. This command also displays the action that the switch takes when the thresholds are reached.
show port storm-control [interface]
interface | (Optional) Port to be displayed. |
Privileged EXEC
If the variable interface is omitted, the show port storm-control command displays broadcast storm control settings on all ports on the switch.
The following is sample output from the show port storm-control command:
Switch# show port storm-control
Interface Filter State Trap State Rising Falling Current Traps Sent
--------- ------------- ------------- ------ ------- ------- ----------
Fa0/1 <inactive> <inactive> 1000 200 0 0
Fa0/2 <inactive> <inactive> 500 250 0 0
Fa0/3 <inactive> <inactive> 500 250 0 0
Fa0/4 <inactive> <inactive> 500 250 0 0
port storm-control
Use the show proposed VLAN database command to display the proposed VLAN database or a selected VLAN from it. This command is available only in the Enterprise Edition Software.
show proposed [vlan-id]
vlan-id | (Optional) ID of the VLAN in the proposed database. If this variable is omitted, the entire VLAN database displays, included the pruning state and V2 mode. Valid IDs are from 1 to 1005. |
VLAN database
If the variable vlan-id is omitted, the show proposed command displays the entire proposed VLAN database.
The proposed VLAN database is not the running configuration until you use the exit or apply command.
The following is sample output from the show proposed command:
Switch(vlan)# show proposed
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003
VLAN ISL Id: 2
Name: VLAN0002
Media Type: FDDI Net
VLAN 802.10 Id: 100002
State: Operational
MTU: 1500
STP Type: IBM
VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Bridge Type: SRB
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1003
VLAN ISL Id: 1003
Name: trcrf-default
Media Type: TRCRF
VLAN 802.10 Id: 101003
State: Operational
MTU: 4472
Bridge Type: SRB
Ring Number: 3276
Bridge Number: 1
Parent VLAN: 1005
Maximum ARE Hop Count: 7
Maximum STE Hop Count: 7
Backup CRF Mode: Disabled
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1002
VLAN ISL Id: 1004
Name: fddinet-default
Media Type: FDDI Net
VLAN 802.10 Id: 101004
State: Operational
MTU: 1500
Bridge Type: SRB
Bridge Number: 1
STP Type: IBM
VLAN ISL Id: 1005
Name: trbrf-default
Media Type: TRBRF
VLAN 802.10 Id: 101005
State: Operational
MTU: 4472
Bridge Type: SRB
Bridge Number: 15
STP Type: IBM
Use the show spanning-tree privileged EXEC command to show spanning-tree information for the specified spanning-tree instances.
show spanning-tree [vlan stp-list] [interface interface-list]
vlan | (Optional) Specify VLAN IDs for the stp-list variable when displaying information about spanning-tree instances. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
interface | (Optional) Specify ports for which spanning-tree instances are displayed. |
interface-list | List of ports for which spanning-tree information is displayed. Enter each port separated by a space. Ranges are not supported. |
Privileged EXEC
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
The following is sample output from the show spanning-tree command for VLAN 1:
Switch# show spanning-tree vlan 1
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0010.0b3f.ac80
Root port is 5, cost of root path is 10
Topology change flag not set, detected flag not set, changes 1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 in Spanning tree 1 is down
Port path cost 100, Port priority 128
Designated root has priority 32768, address 0010.0b3f.ac80
Designated bridge has priority 32768, address 00e0.1eb2.ddc0
Designated port is 1, path cost 10
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
...
The following is sample output from the show spanning-tree interface command for port 3:
Switch# show spanning-tree interface fa0/3
Interface Fa0/3 (port 3) in Spanning tree 1 is down
Port path cost 100, Port priority 128
Designated root has priority 6000, address 0090.2bba.7a40
Designated bridge has priority 32768, address 00e0.1e9f.4abf
Designated port is 3, path cost 410
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol
Use the show vlan privileged EXEC command to display the parameters for all configured VLANs or one VLAN (if the VLAN ID or name is specified) in the administrative domain.
Standard Edition Software:
show vlan {brief | id vlan-id}
Enterprise Edition Software:
show vlan [brief | id vlan-id | name vlan-name]
brief | (Optional) Display one line for each VLAN with the VLAN name, status, and its ports. |
id | (Optional) Display VLAN status by VLAN ID. |
vlan-id | ID of the VLAN displayed. Valid IDs are from 1 to 1005. |
name | (Optional) Display VLAN status by VLAN name. This keyword is available only in the Enterprise Edition Software. |
vlan-name | Name of the VLAN displayed. The VLAN name is an ASCII string from 1 to 32 characters. This option is available only in the Enterprise Edition Software. |
Privileged EXEC
The following is sample output from the show vlan command (Enterprise Edition Software only):
Switch# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/8, Fa0/10, Fa0/11,
Fa0/12, Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa1/1, Fa1/2
2 VLAN0002 active Fa0/2
3 VLAN0003 active Fa0/3
4 VLAN0004 active Fa0/4
5 VLAN0005 suspended Fa0/5
6 VLAN0006 active Fa0/6
7 VLAN0007 active
10 VLAN0010 act/lshut
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- ------ ------
1 enet 100001 1500 - - - - 1002 1003
6 fdnet 100006 1500 - - - ieee 0 0
7 trnet 100007 1500 - - 5 ieee 0 0
1002 fddi 101002 1500 - - - - 1 1003
1003 tr 101003 1500 1005 3276 - - 1 1002
1004 fdnet 101004 1500 - - 1 ibm 0 0
1005 trnet 101005 1500 - - 15 ibm 0 0
The following is sample output from the show vlan brief command (Enterprise Edition Software only):
Switch# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11, Fa0/12, Fa0/13, Fa0/14,
Fa0/15, Fa0/16, Fa1/1, Fa1/2,
Fa1/3, Fa1/4, Fa2/3, Fa2/4
2 VLAN0002 active
3 VLAN0003 active
6 VLAN0006 active
7 VLAN0007 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
The following is sample output from the show vlan id 6or show vlan name VLAN006 command (Enterprise Edition Software only):
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
6 VLAN0006 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- ------ ------
6 fdnet 100006 1500 - - - ieee 0 0
This command has no arguments or keywords.
Privileged EXEC
The following is sample output from the show vmps command:
Switch# show vmps
VQP Client Status:
--------------------
VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server: 172.20.128.86 (primary, current)
172.20.128.87
Reconfirmation status
---------------------
VMPS Action: No Dynamic Port
vmps reconfirm
vmps retry
vmps server
This command has no arguments or keywords.
Privileged EXEC
This following is sample output from the show vmps statistics command. Table 2-4 describes each field in the display.
Switch# show vmps statistics
VMPS Client Statistics
----------------------
VQP Queries: 0
VQP Responses: 0
VMPS Changes: 0
VQP Shutdowns: 0
VQP Denied: 0
VQP Wrong Domain: 0
VQP Wrong Version: 0
VQP Insufficient Resource: 0
Field | Description |
---|---|
VQP Queries | Number of queries sent by the client to the VLAN Membership Policy Server (VMPS). |
VQP Responses | Number of responses sent to the client from the VMPS. |
VMPS Changes | Number of times that the VMPS changed from one server to another. |
VQP Shutdowns | Number of times the VMPS sent a response to shutdown the port. The client disables the port and removes all dynamic addresses on this port from the address table. You must administratively reenable the port to restore connectivity. |
VQP Denied | Number of times the VMPS denied the client request for security reasons. When the VMPS response says to deny an address, no frame is forwarded to or from the workstation with that address (broadcast or multicast frames are delivered to the workstation if the port has been assigned to a VLAN). The client keeps the denied address in the address table as a blocked address to prevent further queries from being sent to the VMPS for each new packet received from this workstation. The client ages the address if no new packets are received from this workstation on this port within the aging time period. |
VQP Wrong Domain | Number of times the management domain in the request does not match the one for the VMPS. Any previous VLAN assignments of the port are not changed. Receipt of this response indicates that the server and the client have not been configured with the same VTP management domain. |
VQP Wrong Version | Number of times the version field in the query packet contains a value that is higher than the version supported by the VMPS. Previous VLAN assignment of the port is not changed. Catalyst 2900 series switches send only VMPS version 1 requests. |
VQP Insufficient Resource | Number of times the VMPS is unable to answer the request because of a resource availability problem. If the retry limit has not yet been reached, the client repeats the request with the same server or with the next alternate server, depending on whether the per-server retry count has been reached. |
Use the show vtp privileged EXEC mode command to display general information about the VLAN Trunk Protocol (VTP) management domain, status, and counters. This command is available only in the Enterprise Edition Software.
show vtp {counters | status}
counters | Display the VTP counters for the switch. |
status | Display general information about the VTP management domain. |
Privileged EXEC
The following is sample output from the show vtp counters command. Table 2-5 describes each field in the display.
Switch# show vtp counters
VTP statistics:
summary advts received : 0
subset advts received : 0
request advts received : 0
summary advts transmitted : 0
subset advts transmitted : 0
request advts transmitted : 0
No. of config revision errors : 0
No. of config digest errors : 0
No. of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Fa2/1 242 0 0
Field | Description |
---|---|
Summary Advts Received | Number of summary advertisements received by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update timestamp and identity, the authentication checksum, and the number of subset advertisements to follow. |
Subset Advts Received | Number of subset advertisements received by this switch on its trunk ports. Subset advertisements contain all the information for one or more VLANs. |
Request Advts Received | Number of advertisement requests received by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs. |
Summary Advts Transmitted | Number of summary advertisements sent by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update timestamp and identity, the authentication checksum, and the number of subset advertisements to follow. |
Subset Advts Transmitted | Number of subset advertisements sent by this switch on its trunk ports. Subset advertisements contain all the information for one or more VLANs. |
Request Advts Transmitted | Number of advertisement requests sent by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs. |
No. of Configuration Revision Errors | Number of revision errors. Whenever you define a new VLAN, delete an existing one, suspend or resume an existing VLAN, or modify the parameters on an existing VLAN, the configuration revision number of the switch increments. Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the MD5 digest values do not match. This error indicates that the VTP password in the two switches is different, or the switches have different configurations. These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network. |
No. of Configuration Digest Errors | Number of MD5 digest errors. Digest errors increment whenever the MD5 digest in the summary packet and the MD5 digest of the received advertisement calculated by the switch do not match. This error usually indicates that the VTP password in the two switches is different. To solve this problem, make sure the VTP password on all switches is the same. These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network. |
No. of V1 Summary Errors | Number of version 1 errors. Version 1 summary errors increment whenever a switch in VTP V2 mode receives a VTP version 1 frame. These errors indicate that at least one neighboring switch is either running VTP version 1 or VTP version 2 with V2-mode disabled. To solve this problem, change the configuration of the switches in VTP V2-mode to disabled. |
Join Transmitted | Number of VTP pruning messages transmitted on the trunk. |
Join Received | Number of VTP pruning messages received on the trunk. |
Summary Advts Received from non-pruning-capable device | Number of VTP summary messages received on the trunk from devices that do not support pruning. |
The following is sample output from the show vtp status command. Table 2-6 describes each field in the display.
Switch# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 68
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : test1
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x3D 0x02 0xD4 0x3A 0xC4 0x46 0xA1 0x03
Configuration last modified by 172.20.130.52 at 3-4-93 22:25:
Field | Description |
---|---|
VTP Version | Displays the VTP version operating on the switch. By default, Catalyst 2900 series switches implement version 1 but can be set to version 2. |
Configuration Revision | Number of configuration revisions on this switch. |
Maximum VLANs Supported Locally | Maximum number of VLANs supported locally. |
Number of Existing VLANs | Number of existing VLANs. |
VTP Operating Mode | Displays the VTP operating mode, which can be server, client, or transparent. Server: a switch in VTP server mode is enabled for VTP and sends advertisements. You can configure VLANs on it. The switch guarantees that it can recover all the VLAN information in the current VTP database from nonvolatile storage after reboot. By default, every switch is a VTP server. Client: a switch in VTP client mode is enabled for VTP, can send advertisements, but does not have enough nonvolatile storage to store VLAN configurations. You cannot configure VLANs on it. When a VTP client starts up, it does not transmit VTP advertisements until it receives advertisements to initialize its VLAN database. Transparent: a switch in VTP transparent mode is disabled for VTP, does not transmit advertisements or learn from advertisements sent by other devices, and cannot affect VLAN configurations on other devices in the network. The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received. The configuration of multi-VLAN ports causes the switch to automatically enter transparent mode. Note Catalyst 2900 series switches support up to 64 VLANs. If you define more than 64 or if the switch receives an advertisement that contains more than 64 VLANs, the switch automatically enters VTP transparent mode and operates with the VLAN configuration preceding the one that sent it into transparent mode. |
VTP Domain Name | Name that identifies the administrative domain for the switch. |
VTP Pruning Mode | Displays whether pruning is enabled or disabled. Enabling pruning on a VTP server enables pruning for the entire management domain. Pruning restricts flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. |
VTP V2 Mode | Displays if VTP version 2 mode is enabled. All VTP version 2 switches operate in version 1 mode by default. Each VTP switch automatically detects the capabilities of all the other VTP devices. A network of VTP devices should be configured to version 2 only if all VTP switches in the network can operate in version 2 mode. |
VTP Traps Generation | Displays whether VTP traps are transmitted to a network management station. |
MD5 Digest | A 16-byte checksum of the VTP configuration. |
Configuration Last Modified | Displays the date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database. |
Use the shutdown interface configuration command to disable a port. Use the no form of this command to restart a disabled port.
shutdown
no shutdown
This command has no arguments or keywords.
Interface configuration
The shutdown command for a port causes it to stop forwarding. You can enable the port with the no shutdown command.
In the Enterprise Edition Software, the no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shutdown. The port must first be a member of an active VLAN before it can be reenabled.
The following examples show how to disable fixed port fa0/8 and how to reenable it:
Switch(config)# interface fa0/8
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
You can verify the previous commands by entering the show interface command in privileged EXEC mode.
Use the shutdown vlan global configuration command to shutdown (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN. This command is available only in the Enterprise Edition Software.
shutdown vlan vlan-id
no shutdown vlan vlan-id
vlan-id | ID of the VLAN to be locally shut down. Valid IDs are from 2 to 1001, excluding VLANs defined as default VLANs under the VLAN Trunk Protocol (VTP). The default VLANs are 1 and 1002-1005. |
No default is defined.
Global configuration
The shutdown vlan command does not change the VLAN information in VTP database. It shuts down traffic locally, but the switch still advertises VTP information.
The following example shows how to shutdown traffic on VLAN 2:
Switch(config)# shutdown vlan 2
You can verify the previous command by entering the show vlan command in privileged EXEC mode.
This command has no arguments or keywords.
SNMP traps for VMPS are disabled.
Global configuration
Specify the host that receives the traps by using the snmp-server host command.
The following example shows how to enable VMPS to send trap notifications:
Switch(config)# snmp-server enable trap vlan-membership
You can verify the previous command by entering the show running-config command in privileged EXEC mode.
show running-config
snmp-server host
This command has no arguments or keywords.
SNMP traps for VTP are disabled.
Global configuration
Specify the host that receives the traps by using the snmp-server host command.
The following example shows how to enable VTP to send trap notifications:
Switch(config)# snmp-server enable trap vtp
You can verify the previous command by entering the show vtp status or show running-config command in privileged EXEC mode.
show running-config
show vtp status
snmp-server host
Use the snmp-server host global configuration command to specify the host that receives SNMP traps. Use the no form of this command to remove the specified host.
snmp-server host host-address community-string [c2900 | config | snmp | tty | udp-port port-number | vlan-membership | vtp]
no snmp-server host host-address
host-address | IP address or name of the SNMP trap host. |
community-string | Password-like community string sent with the trap operation. |
c2900 | Send SNMP Catalyst 2900 series traps. |
config | Send SNMP configuration traps. |
snmp | Send SNMP-type traps. |
tty | Send Cisco enterprise-specific traps when a Transmission Control Protocol (TCP) connection closes. |
udp-port {port-number} | UDP port of the host to use. The default is 162. |
vlan-membership | Send SNMP VLAN Membership Policy Server (VMPS) traps. This option is available only in the Enterprise Edition Software. |
vtp | Send SNMP VLAN Trunk Protocol (VTP) traps. This option is available only in the Enterprise Edition Software. |
Global configuration
The SNMP trap host address and community string are not defined.
Traps are disabled.
The following example shows how to configure an SNMP host to receive VTP traps:
Switch(config)# snmp-server host 172.20.128.178 traps vtp
snmp-server enable traps vlan-membership
snmp-server enable traps vtp
Use the spanning-tree global configuration command to enable Spanning-Tree Protocol (STP) on a VLAN. Use the no form of the command to disable STP on a VLAN.
spanning-tree [vlan stp-list]
no spanning-tree [vlan stp-list]
vlan | (Optional) Include VLAN IDs in the stp-list variable when enabling STP. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
STP is enabled.
Global configuration
Disabling STP causes the VLAN or list of VLANs to stop participating in STP. Ports that are administratively down remain down. Received Bridge Protocol Data Units (BPDUs) are forwarded like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.
STP can be disabled on a VLAN that is not currently active. The setting takes effect when the VLAN is activated.
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can enable STP on a VLAN that has no ports assigned to it.
The following example shows how to disable STP on VLAN 5:
Switch(config)# no spanning-tree vlan 5
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode. In this instance, VLAN 5 does not appear in the list.
show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree cost interface configuration command to set the path cost for Spanning-Tree Protocol (STP) calculations. Use the no form of this command to return to the default value.
spanning-tree [vlan stp-list] cost cost
no spanning-tree [vlan stp-list] cost
vlan | (Optional) Include VLAN IDs in the stp-list variable when setting the path cost. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
cost | Set a cost. |
cost | Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies whether or not the IEEE or DEC STP has been specified. |
The default path cost is computed from the interface bandwidth setting. The following are IEEE default path cost values:
Interface configuration
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can set a cost for a port or on a VLAN that does not exist. The setting takes effect when the VLAN exists.
The following example shows how to set a path cost value of 250 for VLAN 1:
Switch(config-if)# spanning-tree vlan 1 cost 250
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree portfast
spanning-tree priority
Use the spanning-tree forward-time global configuration command to set the forwarding-time for the specified spanning-tree instances. Use the no form of this command to return to the default value.
spanning-tree [vlan stp-list] forward-time seconds
no spanning-tree [vlan stp-list] forward-time
vlan | (Optional) Include VLAN IDs in the stp-list variable when setting the forwarding-time. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
seconds | Forward-delay interval from 4 to 200 seconds. |
The default configuration IEEE Spanning-Tree Protocol (STP) is 15 seconds. The default for IBM STP is 4 seconds, and the default for DEC STP is 30 seconds.
Global configuration
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can set the forwarding-time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to set the spanning-tree forwarding time to 18 seconds for VLAN 20:
Switch(config)# spanning-tree vlan 20 forward-time 18
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree hello-time global configuration command to specify the interval between hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the default interval.
spanning-tree [vlan stp-list] hello-time seconds
no spanning-tree [vlan stp-list] hello-time
vlan | (Optional) Include VLAN IDs in the stp-list variable when specifying the hello-time. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
seconds | Interval from 1 to 10 seconds. |
The default configuration IEEE Spanning-Tree Protocol (STP) is 2 seconds. The default for IBM STP is 2 seconds, and the default for DEC STP is 1 second.
Global configuration
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can set the hello time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to set the spanning-tree hello-delay time to 3 seconds for VLAN 20:
Switch (config) # spanning-tree vlan 20 hello-time 3
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree max-age global configuration command to change the interval between messages the spanning tree receives from the root switch. If a switch does not receive a Bridge Protocol Data Unit (BPDU) message from the root switch within this interval, it recomputes the STP topology. Use the no form of this command to return to the default interval.
spanning-tree [vlan stp-list] max-age seconds
no spanning-tree [vlan stp-list] max-age
vlan | (Optional) Include VLAN IDs in the stp-list variable when changing the interval that switch waits to hear BPDUs from the root switch. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
seconds | Interval the switch waits between receiving BPDUs from the root switch. Enter a number from 6 to 200. |
The default configuration (IEEE STP) is 20 seconds. The default for DEC STP is 15 seconds, and the default for IBM STP is 10 seconds.
Global configuration
The max-age setting must be greater than the hello-time setting.
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can set the max-age on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:
Switch (config)# spanning-tree vlan 20 max-age 30
The following example shows how to reset the max-age parameter to the default value for spanning-tree instances 100 through 102:
Switch (config)# no spanning-tree vlan 100 101 102 max-age
You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree priority
spanning-tree protocol
Use the spanning-tree portfast interface configuration command to enable the Port Fast feature on a port in all its associated VLANs. When the Port Fast feature is enabled, the port changes directly from a blocking state to a forwarding state without making the intermediate Spanning-Tree Protocol (STP) status changes. Use the no form of this command to return the port to default operation.
spanning-tree portfast interface
no spanning-tree portfast
interface | Module and port number enabled for the Port Fast feature. |
The Port Fast feature is disabled.
Interface configuration
This feature should only be used on ports that connect to end stations.
This feature affects all VLANs on the port.
A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state.
In Enterprise Edition Software, the Port Fast feature is automatically enabled on dynamic-access ports.
The following example shows how to enable the Port Fast feature on fixed port 2.
Switch(config-if)# spanning-tree portfast fa0/2
spanning-tree portfast
spanning-tree port-priority
Use the spanning-tree port-priority interface configuration command to set a port priority that is used when two switches tie for position as the root switch. Use the no form of this command to return to the default value.
spanning-tree [vlan stp-list] port-priority port-priority
no spanning-tree [vlan stp-list] port-priority
vlan | (Optional) Include VLAN IDs in the stp-list variable when setting the port priority. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
port-priority | Number from 0 to 255. |
The default configuration (IEEE STP) is 128. The default for IBM STP and DEC STP is also 128.
Interface configuration
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can set the port priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to increase the likelihood that the spanning-tree instance 20 is chosen as the root switch on port fa0/2:
Switch(config)# interface fa0/2
Switch(config-if)# spanning-tree vlan 20 port-priority 0
You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree port-priority
spanning-tree protocol
Use the spanning-tree priority global configuration command to configure the switch priority for the specified spanning-tree instance. This will change the likelihood that the switch is selected as the root switch. Use the no form of this command to revert to the default value.
spanning-tree [vlan stp-list] priority bridge-priority
no spanning-tree [vlan stp-list] priority
vlan | (Optional) Include VLAN IDs in the stp-list variable when configuring the switch priority. |
stp-list | (Optional) List of STP instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
bridge-priority | A number from 0 to 65535. The lower the number, the more likely the switch will be chosen as root. |
The default configuration (IEEE STP) is 32768. The default value for IBM STP and DEC STP is also 32768.
Global configuration
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.
You can configure the switch priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to set the spanning-tree priority to 125 for a list of VLANs:
Switch (config)# spanning-tree vlan 20 100 101 102 priority 125
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree max-age
spanning-tree protocol
Use the spanning-tree protocol global configuration command to specify the Spanning-Tree Protocol (STP) to be used for specified spanning-tree instances. Use the no form to use the default protocol.
spanning-tree [vlan stp-list] protocol {ieee | dec | ibm}
no spanning-tree [vlan stp-list] protocol
vlan | (Optional) Include VLAN IDs in the stp-list variable when specifying the protocol. |
stp-list | (Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported. |
ieee | IEEE Ethernet STP. |
dec | DEC STP. |
ibm | IBM STP. |
The default protocol is ieee.
Global configuration
Changing the spanning-tree protocol causes STP parameters to change to default values of the new protocol.
If the variable stp-list is omitted, this command applies to the STP instance associated with VLAN 1.
You can change the protocol on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.
The following example shows how to change the STP protocol for VLAN 20 to the DEC version of STP:
Switch(config)# spanning-tree vlan 20 protocol dec
You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.
show spanning-tree
spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
Use the speed interface configuration command to specify the speed of a Fast Ethernet port. Use the no form of this command to return the port to its default value.
speed {10 | 100 | auto}
no speed
10 | Port runs at 10 Mbps. |
100 | Port runs at 100 Mbps. |
auto | Port automatically detects whether it should run at 10 or 100 Mbps. |
The default is auto.
For Gigabit Ethernet ports, the speed is 1000 Mbps and not configurable.
Interface configuration
Certain ports can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent.
The following example shows how to set port 1 on module 2 to 100 Mbps:
Switch(config)# interface fastethernet2/1
Switch(config-if)# speed 100
duplex
Use the switchport access interface configuration command to configure a port as a static-access or dynamic-access port. If the mode is set to access, the port operates as a member of the configured VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives. Use the no form of this command to reset the access mode to the default VLAN for the switch.
switchport access vlan {vlan-id | dynamic}
no switchport access vlan {vlan-id | dynamic}
vlan | Assign a VLAN to the port. |
vlan-id | ID of the VLAN. Valid IDs are from 1 to 1001. |
dynamic | Port is assigned to a VLAN based on the source MAC address of a host (or hosts) connected to that port. The switch sends every new source MAC address received to the VLAN Membership Policy Server (VMPS) to obtain the VLAN name to which the dynamic-access port should be assigned. If the port already has a VLAN assigned and the source has already been approved by the VMPS, the switch forwards the packet to the VLAN. This keyword is only supported in the Enterprise Edition Software. |
All ports are in static-access mode in VLAN 1.
A dynamic-access port is initially a member of no VLAN and receives its assignment based on the packets it receives.
Interface configuration
The port must be in access mode before the switchport access vlan vlan-id or switchport access vlan dynamic command can take effect. For more information, see the "switchport mode" section.
An access port can be assigned to only one VLAN.
When the no switchport access vlan form is used, the access mode is reset to static access on VLAN 1.
The following restrictions apply to dynamic-access ports:
The following example shows how to assign a port already in access mode to VLAN 2 (instead of the default VLAN 1):
Switch(config-if)# switchport access vlan 2
The following example shows how to assign a port already in access mode to dynamic:
Switch(config-if)# switchport access vlan dynamic
The following example shows how to reconfigure a dynamic-access port to a static-access port:
Switch(config-if)# no switchport access vlan dynamic
You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.
switchport mode
switchport multi
switchport trunk
Use the switchport mode interface configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.
switchport mode {access | multi | trunk}
no switchport mode {access | multi | trunk}
access | Set the port to access mode (either static-access or dynamic-access depending on the setting of the switchport access vlan command). The port operates as a nontrunking, single VLAN interface that transmits and receives nonencapsulated frames. An access port can be assigned to only one VLAN. |
multi | Set the port to multi-VLAN port mode. The port operates as a nontrunking VLAN interface that transmits and receives nonencapsulated frames. A multi-VLAN port can be assigned to one or more VLANs. |
trunk | Set the port to a trunking VLAN Layer-2 interface. The port transmits and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router. This keyword is supported only in the Enterprise Edition Software. |
All ports are static-access ports in VLAN 1.
Interface configuration
Configuration using the access, multi, or trunk keywords takes effect only when the port is changed to the corresponding mode by using the switchport mode command. The static-access, multi-VLAN, and trunk (Enterprise Edition Software only) configurations are saved, but only one configuration is active at a time.
The no switchport mode form resets the mode to static access.
Only these combinations of port modes can appear on a single switch:
Trunk and multi-VLAN ports cannot coexist on the same switch. If you want to change a multi-VLAN or trunk port into another mode, you must first change it to an access port and then reassign it to the new mode.
The following example shows how to configure a port for access mode:
Switch(config-if)# switchport mode access
The following example shows how to configure a port for multi-VLAN mode:
Switch(config-if)# switchport mode multi
The following example shows how to configure a port for trunk mode:
Switch(config-if)# switchport mode trunk
You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.
switchport access
switchport multi
switchport trunk
Use the switchport multi interface configuration command to configure a list of VLANs to which the port is associated. If the mode is set to multi, the port operates as a member of all VLANs in the list. Use the no form of this command to reconfigure the port as an access port.
switchport multi vlan {add vlan-list | remove vlan-list}
no switchport multi vlan
vlan | Indicate the VLAN to which the port is associated. |
add | Add specified VLAN IDs to the list. |
vlan-list | List of VLAN IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 1 to 1001. |
remove | Remove the specified VLAN IDs. |
The default for VLAN membership of a multi-VLAN port is VLAN 1.
Interface configuration
The switchport mode multi command must be entered before the switchport multi vlan vlan-list command can take effect.
In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.
A multi-VLAN port cannot be a secure port or a monitor port.
A multi-VLAN port cannot coexist with a trunk port on the same switch.
Caution To avoid loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers. |
The following example shows how to assign a multi-VLAN port already in multi mode to two VLANs:
Switch(config-if)# switchport multi vlan 2,4
The following example shows how to assign a multi-VLAN port already in multi mode to a range of VLANs:
Switch(config-if)# switchport multi vlan 5-10
The following example shows how to reset the VLAN list of a multi-VLAN port to the default (VLAN 1 only):
Switch(config-if)# no switchport multi vlan
You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.
switchport access
switchport mode
switchport trunk
Use the switchport trunk allowed vlan interface configuration command to control which VLANs can receive and transmit traffic on the trunk. Use the no form of this command to reset the allowed list to the default value. This command is available only in the Enterprise Edition Software.
switchport trunk allowed vlan {add vlan-list | all | except vlan-list | remove vlan-list}
no switchport trunk allowed vlan
add | Add specified VLAN IDs to the list. |
vlan-list | List of VLAN IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 1 to 1001. |
all | Add all VLAN IDs to the list. |
except | Add VLAN IDs except the specified ones. |
remove | Remove the specified VLAN IDs. |
All VLANs are included in the allowed list.
Interface configuration
When the no switchport trunk allowed vlan form is used, the allowed list is reset to the default list, which allows all VLANs.
In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs. You cannot remove VLAN 1 or 1002 to 1005 from the list.
A trunk port cannot be a secure port or a monitor port. However, a static-access port can monitor a VLAN on a trunk port. The VLAN monitored is the one associated with the static-access port.
If a trunk port is identified as a network port, the trunk port becomes the network port for all the VLANs associated with the port.
The following example shows how to add VLANs 1, 2, 5, and 6 to the allowed list:
Switch(config-if)# switchport trunk allowed vlan add 1,2,5,6
You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.
switchport mode
switchport trunk encapsulation
switchport trunk native
Use the switchport trunk encapsulation interface configuration command to set the encapsulation format on the trunk port. Use the no form of this command to reset the format to the default. This command is available only in the Enterprise Edition Software.
switchport trunk encapsulation {isl | dot1q}
no switchport trunk encapsulation
isl | Set the encapsulation format to Inter-Switch Link (ISL). The switch encapsulates all received and transmitted packets with an ISL header. The switch filters native frames received from an ISL trunk port. |
dot1q | Set the tagging format to IEEE 802.1Q. With this format, the switch supports simultaneous tagged and untagged traffic on a port. |
The default encapsulation format is ISL.
Interface configuration
You cannot configure one end of the trunk as an 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and another port on the same switch as a 802.1Q trunk.
This command is only applicable on switch platforms and port hardware that support both formats.
The following example shows how to configure the encapsulation format to 802.1Q:
Switch(config-if)# switchport trunk encapsulation dot1q
You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.
switchport mode
switchport trunk allowed vlan
switchport trunk native
Use the switchport trunk native interface configuration command to set the native VLAN for untagged traffic when in 802.1Q trunking mode. Use the no form of this command to reset the native VLAN to the default. This command is available only in the Enterprise Edition Software.
switchport trunk native vlan vlan-id
no switchport trunk native
vlan | Indicate the VLAN to which the port is associated. |
vlan-id | ID of the VLAN that is sending and receiving untagged traffic on the trunk port. Valid IDs are from 1 to 1001. |
VLAN 1 is the default native VLAN ID on the port.
Interface configuration
All untagged traffic received on the 802.1Q trunk port is forwarded with the native VLAN configured for the port.
If a packet has a VLAN ID equal to the outgoing port's native VLAN ID, the packet is transmitted untagged; otherwise, the switch transmits the packet with a tag.
The following example shows how to configure VLAN 3 as the default port to send all untagged traffic:
Switch(config-if)# switchport trunk native vlan 3
You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.
switchport mode
switchport trunk allowed vlan
switchport trunk encapsulation
Use the vlan VLAN database command to configure VLAN characteristics. Use the no form of this command to delete a VLAN and its configured characteristics. This command is available only in the Enterprise Edition Software.
vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]
no vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]
Table 2-7 lists the valid syntax for each media type.
Media Type | Valid Syntax |
---|---|
Ethernet | vlan vlan-id [name vlan-name] media ethernet [state {suspend | active}] |
FDDI | vlan vlan-id [name vlan-name] media fddi [state {suspend | active}] |
FDDI-NET | vlan vlan-id [name vlan-name] media fdi-net [state {suspend | active}] If VTP V2 mode is disabled, do not set the stp type to auto. |
Token Ring | VTP V2 mode is disabled. vlan vlan-id [name vlan-name] media tokenring [state {suspend | active}] |
Token Ring concentrator relay function (TRCRF) | VTP V2 mode is enabled. vlan vlan-id [name vlan-name] media tokenring [state {suspend | active}] |
Token Ring-NET | VTP V2 mode is disabled. vlan vlan-id [name vlan-name] media tr-net [state {suspend | active}] |
Token Ring bridge relay function (TRBRF) | VTP V2 mode is enabled. vlan vlan-id [name vlan-name] media tr-net [state {suspend | active}] |
Table 2-8 describes the rules for configuring VLANs.
Configuration | Rule |
---|---|
VTP V2 mode is enabled, and you are configuring a TRCRF VLAN media type. | Specify a parent VLAN ID of a TRBRF that already exists in the database. Specify a ring number. Do not leave this field blank. Specify unique ring numbers when TRCRF VLANs have the same parent VLAN ID. Only one backup CRF can be enabled. |
VTP V2 mode is enabled, and you are configuring VLANs other than TRCRF media type. | Do not specify a backup CRF. |
VTP V2 mode is enabled, and you are configuring a TRBRF VLAN media type. | Specify a bridge number. Do not leave this field blank. |
VTP V2 mode is disabled. | No VLAN can have an STP type set to auto. This rule applies to Ethernet, FDDI, FDDI-NET, Token Ring, and Token Ring-NET VLANs. |
Add a VLAN that requires translational bridging (values are not set to zero). | The translational bridging VLAN IDs that are used must already exist in the database. The translational bridging VLAN IDs that a configuration points to must also contain a pointer to the original VLAN in one of the translational bridging parameters (for example, Ethernet points to FDDI, and FDDI points to Ethernet). The translational bridging VLAN IDs that a configuration points to must be different media types than the original VLAN (for example, Ethernet can point to Token Ring). If both translational bridging VLAN IDs are configured, these VLANs must be different media types (for example, Ethernet can point to FDDI and Token Ring). |
vlan-id | ID of the configured VLAN. Valid IDs are from 1 to 1005 and must be unique within the administrative domain. |
name | (Optional) Name of the VLAN to follow. |
vlan-name | ASCII string from 1 to 32 characters that must be unique within the administrative domain. |
media | (Optional) VLAN media type to follow. |
ethernet | Ethernet media type. |
fddi | FDDI media type. |
fdi-net | FDDI network entity title (NET) media type. |
tokenring | Token Ring media type if the VTP V2 mode is disabled. TRCRF media type if the VTP V2 mode is enabled. |
tr-net | Token Ring network entity title (NET) media type if the VTP V2 mode is disabled. TRBRF media type if the VTP V2 mode is enabled. |
state | (Optional) State of the VLAN to follow. |
active | VLAN is operational. |
suspend | VLAN is suspended. Suspended VLANs do not pass packets. |
said | (Optional) The security association identifier (SAID) as documented in IEEE 802.10 to follow. |
said-value | Integer from 1 to 4294967294 that must be unique within the administrative domain. |
mtu | (Optional) Maximum transmission unit (packet size in bytes) to follow. |
mtu-size | Packet size in bytes from 1500 to 18190 that the VLAN can use. |
ring | (Optional) Logical ring for an FDDI, Token Ring, or TRCRF VLAN to follow. |
ring-number | Integer from 1 to 4095. |
bridge | (Optional) Logical distributed source-routing bridge to follow. This bridge that interconnects all logical rings having this VLAN as a parent VLAN in FDDI-NET, Token Ring-NET, and TRBRF VLANs. |
bridge-number | Integer from 0 to 15. |
type | Bridge type to follow. Applies only to TRCRF VLANs. |
srb | Source-route bridging VLAN. |
srt | Source-route transparent bridging VLAN. |
parent | (Optional) Parent VLAN of an existing FDDI, Token Ring, or TRCRF VLAN to follow. This parameter identifies the TRBRF to which a TRCRF belongs and is required when defining a TRCRF. |
parent-vlan-id | Integer from 0 to 1005. |
stp type | (Optional) Spanning-tree type for FDDI-NET, Token Ring-NET, or TRBRF VLAN to follow. |
ieee | IEEE Ethernet STP running source-route transparent (SRT) bridging. |
ibm | IBM STP running source-route bridging (SRB). |
auto | STP running a combination of source-route transparent bridging (IEEE) and source-route bridging (IBM). |
are | Number of all-routes explorer (ARE) hops to follow. This keyword applies only to TRCRF VLANs. |
are-number | Integer from 0 to 13 that defines the maximum number of ARE hops for this VLAN. |
ste | Number of spanning-tree explorer (STE) hops to follow. This keyword applies only to TRCRF VLANs. |
ste-number | Integer from 0 to 13 that defines the maximum number of STE hops for this VLAN. |
backupcrf | Backup CRF mode to follow. This keyword applies only to TRCRF VLANs. |
enable | Enable backup CRF mode for this VLAN. |
disable | Disable backup CRF mode for this VLAN. |
tb-vlan1 and tb-vlan2 | (Optional) First and second VLAN to which this VLAN is translationally bridged. Translational VLANs translate FDDI or Token Ring to Ethernet, for example. |
tb-vlan1-id and tb-vlan2-id | Integer that ranges from 0 to 1005. |
The vlan-name variable is VLANxxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.
The media type is ethernet.
The state is active.
The SAID value is 100000 plus the VLAN ID.
The MTU size for Ethernet, FDDI, and FDDI-NET VLANs is 1500 bytes. The MTU size for Token Ring and Token Ring-NET VLANs is 1500 bytes. The MTU size for TRBRF and TRCRF VLANs is 4472 bytes.
The ring number for Token Ring VLANs is zero. For FDDI VLANs, there is no default. For TRCRF VLANs, you must specify a ring number.
The bridge number is zero (no source-routing bridge) for FDDI-NET and Token Ring-NET VLANs. For TRBRF VLANs, you must specify a bridge number.
The parent VLAN ID is zero (no parent VLAN) for FDDI and Token Ring VLANs. For TRCRF VLANs, you must specify a parent VLAN ID. For both Token Ring and TRCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TRBRF VLAN.
The STP type is ieee for FDDI-NET VLANs. For Token Ring-NET and TRBRF VLANs, the default is ibm.
The ARE value is 7.
The STE value is 7.
Backup CRF is disabled.
The tb-vlan1-id and tb-vlan2-id variables are zero (no translational bridging).
VLAN database
When the no vlan vlan-id form is used, the VLAN is deleted. Deleting VLANs automatically resets to zero any other parent VLANs and translational bridging parameters that refer to the deleted VLAN.
When the no vlan vlan-id name vlan-name form is used, the VLAN name returns to the default name (VLANxxxx, where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number).
When the no vlan vlan-id media form is used, the media type returns to the default (ethernet). Changing the VLAN media type (including the no form) resets the VLAN MTU to the default MTU for the type (unless the mtu keyword is also present in the command). It also resets the VLAN parent and translational bridging VLAN to the default (unless the parent, tb-vlan1, and/or tb-vlan2 are also present in the command).
When the no vlan vlan-id state form is used, the VLAN state returns to the default (active).
When the no vlan vlan-id said form is used, the VLAN SAID returns to the default (100,000 plus the VLAN ID).
When the no vlan vlan-id mtu form is used, the VLAN MTU returns to the default for the applicable VLAN media type. You can also modify the MTU using the media keyword.
When the no vlan vlan-id ring form is used, the VLAN logical ring number returns to the default (0).
When the no vlan vlan-id bridge form is used, the VLAN source-routing bridge number returns to the default (0). The vlan vlan-id bridge command is only used for FDDI-NET and Token Ring-NET VLANs and is ignored in other VLAN types.
When the no vlan vlan-id parent form is used, the parent VLAN returns to the default (0). The parent VLAN resets to the default if the parent VLAN is deleted or if the media keyword changes the VLAN type or the VLAN type of the parent VLAN.
When the no vlan vlan-id stp type form is used, the VLAN spanning-tree type returns to the default (ieee).
When the no vlan vlan-id tb-vlan1 or no vlan vlan-id tb-vlan2 form is used, the VLAN translational bridge VLAN (or VLANs, if applicable) returns to the default (0). Translational bridge VLANs must be a different VLAN type than the affected VLAN, and if two are specified, the two must be different VLAN types from each other. A translational bridge VLAN resets to the default if the translational bridge VLAN is deleted, if the media keyword changes the VLAN type, or if the media keyword changes the VLAN type of the corresponding translation bridge VLAN.
The following example shows how to add an Ethernet VLAN with default media characteristics. The default includes a vlan-name of VLANxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee. The VLAN is added if it did not already exist; otherwise, this command does nothing.
Switch(vlan)# vlan 2
The following example shows how to modify an existing VLAN by changing its name and MTU size:
Switch(vlan)# no vlan name engineering mtu 1200
You can verify the previous commands by entering the show vlan command in privileged EXEC mode.
The vlan database privileged EXEC command causes the command-line interface (CLI) to enter VLAN database mode so that you can add, delete, and modify VLAN configurations and globally propagate these changes using the VLAN Trunk Protocol (VTP). This command is available only in the Enterprise Edition Software.
vlan database
This command has no arguments or keywords.
No default is defined.
Privileged EXEC
To return to the privileged EXEC mode from the VLAN database mode, enter the exit command.
The following example shows how to enter the VLAN database mode from the privileged EXEC mode:
Switch# vlan database
Switch(vlan)#
This command has no arguments or keywords.
No default is defined.
Privileged EXEC
The following example shows how to immediately send VQP queries to the VMPS:
Switch# vmps reconfirm
You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time the assignments were reconfirmed either as a result of reconfirmation timer expiring or because the vmps reconfirm command was issued.
show vmps
vmps reconfirm
interval | Reconfirmation interval for VQP client queries to the VLAN Membership Policy Server (VMPS) to reconfirm dynamic VLAN assignments. The interval range is from 1 to 120 minutes. |
The default reconfirmation interval is 60 minutes.
Global configuration
The following example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:
Switch(config)# vmps reconfirm 20
You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Reconfirm Interval row.
count | Number of attempts to contact the VLAN Membership Policy Server (VMPS) by the client before querying the next server in the list. The retry range is from 1 to 10. |
The default retry count is 3.
Global configuration
Switch(config)# vmps retry 7
You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Server Retry Count row.
ipaddress | IP address or host name of the primary or secondary VMPS servers. If you specify a host name, the Domain Name System (DNS) server must be configured. |
primary | (Optional) Determines whether primary or secondary VMPS servers are being configured. |
No primary or secondary VMPS servers are defined.
Global configuration
The first server entered is automatically selected as the primary server whether or not primary is entered. The first server address can be overridden by using primary in a subsequent command.
When using the no form without specifying the ipaddress, all configured servers are deleted. If you delete all servers when dynamic-access ports are present, the switch cannot forward packets from new sources on these ports because it cannot query the VMPS.
The following example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS server, and the servers with IP addresses 191.10.49.21 and 191.10.49.22 as secondary servers:
Switch(config)# vmps server 191.10.49.20 primary
Switch(config)# vmps server 191.10.49.21
Switch(config)# vmps server 191.10.49.22
The following example shows how to delete the server with IP address 191.10.49.21:
Switch(config)# no vmps server 191.10.49.21
You can verify the previous commands by entering the show vmps command in privileged EXEC mode and examining information in the VMPS Domain Server row.
Use the vtp VLAN database command to configure the VLAN Trunk Protocol (VTP) mode. Use the no form of this command to return to the default setting. This command is available only in the Enterprise Edition Software.
vtp {server | client | transparent}
no vtp {server | client | transparent}
server | Place the switch in VTP server mode. A switch in VTP server mode is enabled for VTP and sends advertisements. You can configure VLANs on it. The switch can recover all the VLAN information in the current VTP database from nonvolatile storage after reboot. |
client | Place the switch in VTP client mode. A switch in VTP client mode is enabled for VTP, can send advertisements, but does not have enough nonvolatile storage to store VLAN configurations. You cannot configure VLANs on it. When a VTP client starts up, it does not transmit VTP advertisements until it receives advertisements to initialize its VLAN database. |
transparent | Place the switch in VTP transparent mode. A switch in VTP transparent mode is disabled for VTP, does not transmit advertisements or learn from advertisements sent by other devices, and cannot affect VLAN configurations on other devices in the network. The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received. The configuration of multi-VLAN ports causes the switch to automatically enter transparent mode. |
Server mode is the default mode.
VLAN database
The no vtp client and no vtp transparent forms of the command return the switch to VTP server mode.
The vtp server command is the same as no vtp client or no vtp transparent except that it does not return an error if the switch is not in client or transparent mode.
The following example shows how to place the switch in VTP transparent mode:
Switch(vlan)# vtp transparent
You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.
Use the vtp domain VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain. This command is available only in the Enterprise Edition Software.
vtp domain domain-name
domain-name | ASCII string from 1 to 32 characters that identifies the VTP administrative domain for the switch. The domain name is case sensitive. |
No domain name is defined.
VLAN database
The switch is in the no-management-domain state until you configure a domain name. While in the no-management-domain state, the switch does not transmit any VTP advertisements even if changes occur to the local VLAN configuration. The switch leaves the no-management-domain state after receiving the first VTP summary packet on any port that is currently trunking or after configuring a domain name using the vtp domain command. If the switch receives its domain from a summary packet, it resets its configuration revision number to zero. After the switch leaves the no-management-domain state, it can never be configured to reenter it until you clear the NVRAM and reload the software.
Domain names are case sensitive.
Once you configure a domain name, it cannot be removed. You can only reassign it to a different domain.
The following example shows how to set the administrative domain for the switch:
Switch(vlan)# vtp domain OurDomainName
You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.
show vtp status
vtp password
Use the vtp file global configuration command to modify the VLAN Trunk Protocol (VTP) configuration storage filename. Use the no form of this command to return the filename to its default name. This command is available only in the Enterprise Edition Software.
vtp file ifsfilename
no vtp file
ifsfilename | The IOS IFS filename where the VTP VLAN configuration is stored. |
The default filename is flash:vlan.dat.
Global configuration
This command cannot be used to load a new database; it only renames the file in which the existing database is stored.
The following example shows how to rename the filename for VTP configuration storage to vtpfilename:
Switch(config)# vtp file vtpfilename
Use the vtp password VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain password. Use the no form of this command to remove the password. This command is available only in the Enterprise Edition Software.
vtp password password-value
no vtp password password-value
password | Set the password for the generation of the 16-byte secret value used in MD5 digest calculation to be sent in VTP advertisements and to validate received VTP advertisements. |
password-value | ASCII string from 8 to 64 characters. The password is case sensitive. |
No password is defined.
VLAN database
Passwords are case sensitive. Passwords should match on all switches in the same domain.
When the no vtp password form of the command is used, the switch returns to the no password state.
The following example shows how to configure the VTP domain password:
Switch(vlan)# vtp password ThisIsOurDomain'sPassword
vtp domain
Use the vtp pruning VLAN database command to enable pruning in the VLAN Trunk Protocol (VTP) administrative domain. Use the no form of this command to disable pruning. This command is available only in the Enterprise Edition Software.
vtp pruning
no vtp pruning
pruning | Enable pruning in the VTP administrative domain. If you enable pruning on the VTP server, it is enabled for the entire management domain. Only VLANs included in the pruning-eligible list can be pruned. For Catalyst 2900 series switches, no VLANs are pruning eligible on the trunk port. |
Pruning is disabled.
VLAN database
The following example shows how to enable pruning in the proposed new VLAN database:
Switch(vlan)# vtp pruning
You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.
Use the vtp v2-mode VLAN database command to enable VLAN Trunk Protocol (VTP) version 2 in the administrative domains. Use the no form of this command to disable V2 mode. This command is available only in the Enterprise Edition Software.
vtp v2-mode
no vtp v2-mode
v2-mode | Enable V2 mode in the VTP administrative domain. Each VTP switch automatically detects the capabilities of all the other VTP devices. To use V2 mode, all VTP switches in the network must support version 2; otherwise, you must configure them to operate in VTP version 1 mode (no vtp v2-mode). If you are using VTP in a Token Ring environment, VTP V2 mode must be enabled. If you are configuring a Token Ring bridge relay function (TRBRF) or Token Ring concentrator relay function (TRCRF) VLAN media type, you must use version 2. If you are configuring a Token Ring or Token Ring-NET VLAN media type, you must use version 1. |
VTP version 2 is disabled.
VLAN database
Toggling the V2 mode state modifies certain parameters of certain default VLANs.
The following example shows how to enable V2 mode in the proposed new VLAN database:
Switch(vlan)# vtp v2-mode
You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.
|