cc/td/doc/product/lan/c2900xl/c2900sa4
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Cisco IOS Commands

Cisco IOS Commands

This chapter describes the Cisco IOS commands that have been created or changed for the Catalyst  2900 series switches. Table 2-1 lists and describes the commands in this chapter sorted by command modes from which they are entered.


Table 2-1: Commands Created or Changed for the Catalyst 2900 Series Switches
Commands Description
Privileged EXEC mode

clear cgmp

Delete the multicast addresses and router ports maintained by CGMP.

clear mac-address-table

Delete all addresses in the MAC address table.

clear vmps statistics

Clear the statistics maintained by the VLAN Query Protocol (VQP) client.

clear vtp counters

Clear the VLAN Trunk Protocol (VTP) counters.

show cgmp

Display the current state of the CGMP-learned multicast groups and routers.

show interface

Display the administrative and operational status of a switching (nonrouting) port.

show mac-address-table

Display the MAC address table.

show port block

Display the blocking of unicast and multicast filtering for the port.

show port group

Display the ports that are assigned to groups.

show port monitor

Display the ports that have port monitoring enabled.

show port network

Display the network ports on the switch.

show port security

Display the ports that have port security enabled.

show port storm-control

Display the setting of broadcast-storm control.

show spanning-tree

Display Spanning-Tree Protocol (STP) information.

show vlan

Display information about a VLAN.

show vmps

Display the VQP version, reconfirmation interval, retry count, server IP addresses, and are the current and primary servers.

show vmps statistics

Display the VQP client-side statistics.

show vtp

Display general information about the VTP management domain, status, and counters.

vlan database

Enter VLAN database mode.

vmps reconfirm

Send VQP queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).

Global configuration mode

cgmp

Enable Cisco Group Management Protocol.

mac-address-table aging-time

Set the length of time that a dynamic entry remains in the address table.

mac-address-table dynamic

Add a dynamic address entry to the address table.

mac-address-table secure

Add a secure address entry to the address table.

mac-address-table static

Add a static address entry to the address table.

shutdown vlan

Shut down local traffic on the specified VLAN.

snmp-server enable traps vlan-membership

Enable SNMP notification for VMPS changes.

snmp-server enable traps vtp

Enable SNMP notification for VTP changes.

snmp-server host

Specify the host that receives SNMP traps.

spanning-tree

Enable an instance of STP.

spanning-tree forward-time

Specify the forward delay interval for the switch.

spanning-tree hello-time

Specify the interval between hello Bridge Protocol Data Units (BPDUs).

spanning-tree max-age

Change the interval the switch waits to receive BPDUs from the root switch.

spanning-tree priority

Configure the bridge priority for the specified spanning-tree instance.

spanning-tree protocol

Define the type of STP.

vmps reconfirm

Change the reconfirmation interval for the VQP client.

vmps retry

Configure the per-server retry count for the VQP client.

vmps server

Configure the primary VMPS and up to three secondary servers.

vtp file

Modify the VTP configuration storage filename.

VLAN database mode

abort

Abandon the proposed new VLAN database, and return to privileged EXEC mode.

apply

Implement the proposed new VLAN database, propagate it throughout the administrative domain, and remain in VLAN database mode.

exit

Implement the proposed new VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

reset

Abandon the proposed new VLAN database, and remain in VLAN database mode.

show changes

Display the differences between the currently implemented VLAN database on the switch and the proposed new VLAN database.

show current

Display the currently implemented VLAN database on the switch or a single selected VLAN from it.

show proposed

Display the proposed new VLAN database or a single selected VLAN from it.

vlan

Configure a VLAN by its VLAN ID.

vtp

Configure the VTP mode.

vtp domain

Configure the VTP administrative domain.

vtp password

Configure the VTP password.

vtp pruning

Enable pruning in the VTP administrative domain.

vtp v2-mode

Enable VTP version 2 mode in the administrative domain.

Interface configuration mode

duplex

Specify the duplex mode of operation for a port.

ip address

Set a primary or secondary IP address of a port.

port block

Prevent the flooding of unknown destination MAC addresses and multicast addresses on this port.

port group

Place a port into a port aggregation group.

port monitor

Implement port monitoring on this port.

port network

Enable a port as the network port for a VLAN.

port security

Enable port security on a port.

port storm-control

Disable broadcast traffic if too many broadcast packets are seen on this port.

shutdown

Disable a port.

spanning-tree cost

Set a different path cost.

spanning-tree portfast

Enable the Port Fast option on the switch.

spanning-tree port-priority

Configure the STP priority of a port.

speed

Specify the speed of a port.

switchport access

Configure a port as an access or dynamic VLAN port.

switchport mode

Configure the VLAN membership mode of a port.

switchport multi

Configure a port to be a multi-VLAN port.

switchport trunk allowed vlan

Control which VLANs can receive and transmit traffic on the trunk.

switchport trunk encapsulation

Set the encapsulation format on the trunk.

switchport trunk native

Set the native VLAN for untagged traffic when in 802.1Q trunking mode.

Replaced and Obsoleted Commands

Table 2-2 lists the commands that have been replaced by new commands. These replaced commands continue to perform their normal function in the current release but are no longer documented. Support for these commands will cease in a future release.


Table 2-2: Replaced Commands
Old Commands New Commands
Interface Configuration mode Global Configuration mode

spantree disable

no spantree disable

no spanning-tree vlan 1

spanning-tree vlan 1

spantree forward-time seconds

no spantree forward-time

spanning-tree vlan 1 forward-time seconds

no spanning-tree vlan 1 forward-time

spantree hello-time seconds

no spantree hello-time

spanning-tree vlan 1 hello-time seconds

no spanning-tree vlan 1 hello-time

spantree max-age seconds

no spantree max-age

spanning-tree vlan 1 max-age seconds

no spanning-tree vlan 1 max-age

spantree priority bridge-priority

no spantree priority

spanning-tree vlan 1 priority bridge-priority

no spanning-tree vlan 1 priority

spantree protocol {ieee | dec | ibm}

no spantree protocol

spanning-tree vlan 1 protocol {ieee | dec | ibm}

no spanning-tree vlan 1 protocol

Note The concept of VLANs did not exist for the above old commands; therefore, the equivalent new commands apply to VLAN 1. The range of values for the spantree commands are identical to the ones for the spanning-tree commands.

Interface Configuration mode Interface Configuration mode

spantree cost cost

no spantree cost

spanning-tree vlan 1 cost cost

no spanning-tree vlan 1 cost

spantree portfast interface

no spantree portfast interface

spanning-tree vlan 1 portfast interface

no spanning-tree vlan 1 portfast interface

spantree priority port-priority

no spantree priority

spanning-tree vlan 1 port-priority port-priority

no spanning-tree vlan 1 port-priority

Note The above commands are supported on interfaces other than VLAN 1.

abort

Use the abort VLAN database command to abandon the proposed new VLAN database, exit VLAN database mode, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.

abort

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

If you have added, deleted, or modified VLAN parameters in the VLAN database mode but you do not want to keep the changes, the abort command causes all the changes to be abandoned. The VLAN configuration that was running before you entered VLAN database mode continues to be used.

Example

The following example shows how to abandon the proposed new VLAN database and exit to the privileged EXEC mode:

Switch(vlan)# abort Switch#

You can verify that no VLAN database changes occurred by entering the show vlan brief command in privileged EXEC mode.

Related Commands
apply
exit
reset
show vlan
shutdown vlan
vlan database

apply

Use the apply VLAN database command to implement the proposed new VLAN database, increment the database configuration revision number, propagate it throughout the administrative domain, and remain in VLAN database mode. This command is available only in the Enterprise Edition Software.

apply

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

The apply command implements the configuration changes you made after you entered VLAN database mode and uses them for the running configuration. This command keeps you in VLAN database mode.

You cannot use this command when the switch is in the VLAN Trunk Protocol (VTP) client mode.

Example

The following example shows how to implement the proposed new VLAN database and recognize it as the current database:

Switch(vlan)# apply

You can verify that VLAN database changes occurred by entering the show vlan command in privileged EXEC mode.

Related Commands
abort
exit
reset
show vlan
shutdown vlan
vlan database

cgmp

Use the cgmp global configuration command to enable Cisco Group Management Protocol (CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging time. Use the no form of this command to disable CGMP.

cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime]

Syntax Description

leave-processing

(Optional) Enable Fast Leave processing on the switch.

holdtime

(Optional) Set the amount of time a router connection is retained before the switch ceases to exchange messages with it.

time

Number of seconds a router connection is retained before the switch ceases to exchange messages with it. You can enter a number from 10 to 6000 seconds.

Defaults

CGMP is enabled.

Fast Leave is disabled.

The hold time is 300 seconds.

Command Mode

Global configuration

Usage Guideline

CGMP must be enabled before the Fast Leave option can be enabled.

Examples

The following example shows how to disable CGMP:

Switch(config)# no cgmp

The following example shows how to disable the Fast Leave option:

Switch(config)# no cgmp leave-processing

The following example shows how to set the amount of time the switch waits before ceasing to exchange messages with a router:

Switch(config)# cgmp holdtime 400

The following example shows how to remove the amount of time the switch waits before ceasing to exchange messages with a router:

Switch(config)# no cgmp holdtime

You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.

Related Commands

clear cgmp
show cgmp

clear cgmp

Use the clear cgmp privileged EXEC command to delete information that was learned by the switch using the Cisco Group Management Protocol (CGMP).

clear cgmp [vlan vlan-id] | [group [address] | router [address]]

Syntax Description

vlan

(Optional) Delete groups only within vlan-id.

vlan-id

VLAN for which the CGMP groups or routers are to be deleted.

group

(Optional) Delete all known multicast groups and their destination ports. Limited to a VLAN if the vlan keyword is entered. Limited to a specific group if the address parameter is entered.

address

MAC address of the group or router.

router

(Optional) Delete all routers, their ports, and expiration times. Limited to a given VLAN if the vlan keyword is entered. Limited to a specific router if the address parameter is entered.

Command Mode

Privileged EXEC

Usage Guidelines

Using clear cgmp with no arguments deletes all groups and routers in all VLANs.

Examples

The following example shows how to delete all groups and routers on VLAN 2:

Switch# clear cgmp vlan 2

The following example shows how to delete all groups on all VLANs:

Switch# clear cgmp group

The following example shows how to delete a router address on VLAN 2:

Switch# clear cgmp vlan 2 router 0012.1234.1234

You can verify the previous commands by entering the show cgmp command in privileged EXEC mode.

Related Commands

cgmp
show cgmp

clear mac-address-table

Use the clear mac-address-table privileged EXEC command to delete entries from the MAC address table.

clear mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface] [vlan vlan-id]

Syntax Description

static

(Optional) Delete only static addresses.

dynamic

(Optional) Delete only dynamic addresses.

secure

(Optional) Delete only secure addresses.

address

(Optional) Delete the address hw-addr of type static, dynamic, and secure as specified.

hw-addr

Delete this address.

interface

(Optional) Delete an address on the interface interface of type static, dynamic, or secure as specified.

interface

Delete MAC addresses on this port.

vlan

(Optional) Delete all the addresses for vlan-id.

vlan-id

Delete MAC addresses in this VLAN.

Command Mode

Privileged EXEC

Usage Guidelines

This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, all of the conditions in the argument must be true for that entry to be deleted.

Examples

The following example shows how to delete static addresses with the in-port value equal to fa0/7:

Switch# clear mac-address-table static interface fa0/7

The following example shows how to delete all secure addresses in VLAN 3:

Switch# clear mac-address-table secure vlan 3

The following example shows how to delete a specific address from all ports in all VLANs. If the address exists in multiple VLANs or multiple ports, all the instances are deleted.

Switch# clear mac-address-table address 0099.7766.5544

The following example shows how to delete a specific address only in VLAN 2:

Switch# clear mac-address-table address 0099.7766.5544 vlan 2

You can verify the previous commands by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

show mac-address-table

clear vmps statistics

Use the clear vmps statistics privileged EXEC command to clear the statistics maintained by the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.

clear vmps statistics

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to clear VLAN Membership Policy Server (VMPS) statistics:

Switch# clear vmps statistics

You can verify the previous command by entering the show vmps statistics command in privileged EXEC mode.

Related Commands

show vmps statistics

clear vtp counters

Use the clear vtp counters privileged EXEC command to clear the VLAN Trunk Protocol (VTP) and pruning counters. This command is available only in the Enterprise Edition Software.

clear vtp counters

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to clear the VTP counters:

Switch# clear vtp counters

You can verify the previous command by entering the show vtp counters command in privileged EXEC mode.

Related Commands

show vtp counters

duplex

Use the duplex interface configuration command to specify the duplex mode of operation for a Fast Ethernet port. Use the no form of this command to return the port to its default value.

duplex {full | half | auto}
no duplex

Syntax Description

full

Port is in full-duplex mode.

half

Port is in half-duplex mode.

auto

Port automatically detects whether it should run in full- or half-duplex mode.

Default

The default is auto.

Command Mode

Interface configuration

Usage Guidelines

Certain ports can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All ports can be configured for either full or half duplex.

For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.

For Gigabit Ethernet ports, setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter.


Note For guidelines on setting the switch speed and duplex parameters, see the Catalyst 2900 Series XL Installation and Configuration Guide.
Examples

The following example shows how to set port 1 on a Fast Ethernet module installed in slot 2 to full duplex:

Switch(config)# interface fastethernet2/1 Switch(config-if)# duplex full

The following example shows how to set port 1 on a Gigabit Ethernet module installed in slot 2 to full duplex:

Switch(config)# interface gigabitethernet2/1 Switch(config-if)# duplex full

You can verify the previous commands by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config
speed

exit

Use the exit VLAN database command to implement the proposed new VLAN database, increment the database configuration number, propagate it throughout the administrative domain, and return to privileged EXEC mode. This command is available only in the Enterprise Edition Software.

exit

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Usage Guidelines

The exit command implements all the configuration changes you made since you entered VLAN database mode and uses them for the running configuration. This command returns you to privileged EXEC mode.

Example

The following example shows how to implement the proposed new VLAN database and exit to privileged EXEC mode:

Switch(vlan)# exit Switch#

You can verify the previous command by entering the show vlan brief command in privileged EXEC mode.

Related Commands

abort
apply
reset
show vlan
shutdown vlan
vlan database

ip address

Use the ip address interface configuration command to set an IP address for a port. Use the no form of this command to remove an IP address or disable IP processing.

ip address ip-address mask
no ip address ip-address mask

Syntax Description

ip-address

IP address.

mask

Mask for the associated IP subnet.

Default

No IP address is defined for the port.

Command Mode

Interface configuration

Usage Guidelines

A port can have one IP address.

The IP address of the switch can only be accessed by nodes connected to ports that belong to VLAN  1.

Example

The following example shows how to configure the IP address for the switch on a subnetted network:

Switch(config)# interface vlan 1 Switch(config-if)# ip address 172.20.128.2 255.255.255.0

You can verify the previous commands by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config

mac-address-table aging-time

Use the mac-address-table aging-time global configuration command to set the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. Use the no form of this command to use the default aging-time interval. The aging time applies to all VLANs.

mac-address-table aging-time age
no mac-address-table aging-time

Syntax Description

age

Number from 10 to 1000000 seconds.

Default

The default is 300 seconds.

Command Mode

Global configuration

Usage Guidelines

If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time. This can reduce the possibility of flooding when the hosts transmit again.

Example

The following example shows how to set the aging time to 200 seconds:

Switch(config)# mac-address-table aging-time 200

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table dynamic
mac-address-table secure
port block
show cgmp
show mac-address-table

mac-address-table dynamic

Use the mac-address-table dynamic global configuration command to add dynamic addresses to the MAC address table. Dynamic addresses are automatically added to the address table and dropped from it when they are not in use. Use the no form of this command to remove dynamic entries from the MAC address table.

mac-address-table dynamic hw-addr interface [vlan vlan-id]
no mac-address-table dynamic hw-addr [vlan vlan-id]

Syntax Description

hw-addr

MAC address added to or removed from the table.

interface

Port to which packets destined for hw-addr are forwarded.

vlan

(Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded.

This keyword is optional if the port is a static-access or dynamic-access VLAN port. In this case, the VLAN assigned to the port is assumed to be that of the port associated with the MAC address.

Note When this command is executed on a dynamic-access port, queries to the VLAN Membership Policy Server (VMPS) do not occur. The VMPS cannot verify if the address is allowed or determine to which VLAN the port should be assigned. This command should only be used for testing purposes.

This keyword is required for multi-VLAN and trunk ports.

This keyword is required on trunk ports to specify to which VLAN the dynamic address is assigned.

vlan-id

ID of the VLAN to which packets destined for hw-addr are forwarded.

Command Mode

Global configuration

Usage Guidelines

If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.

Example

The following example shows how to add a MAC address on port fa1/1 to VLAN 4:

Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa1/1 vlan 4

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table static
show mac-address-table

mac-address-table secure

Use the mac-address-table secure global configuration command to add secure addresses to the MAC address table. Use the no form of this command to remove secure entries from the MAC address table.

mac-address-table secure hw-addr interface [vlan vlan-id]
no mac-address-table secure hw-addr [vlan vlan-id]

Syntax Description

hw-addr

MAC address that is added to the table.

interface

Port to which packets destined for hw-addr are forwarded.

vlan

(Optional) The interface and vlan parameters together specify a destination to which packets destined for hw-addr are forwarded.

This keyword is optional if the port is a static-access VLAN port. In this case, the VLAN assigned to the port is assumed to be that of the port associated with the MAC address.

This keyword is required for multi-VLAN and trunk ports.

vlan-id

ID of the VLAN to which secure entries are added.

Command Mode

Global configuration

Usage Guidelines

Secure addresses can be assigned only to one port at a time. Therefore, if a secure address table entry for the specified MAC address and VLAN already exists on another port, it is removed from that port and assigned to the specified one.

In Enterprise Edition Software, dynamic-access ports do not support secure addresses.

Example

The following example shows how to add a secure MAC address to VLAN 6 of port fa1/1:

Switch(config)# mac-address-table secure 00c0.00a0.03fa fa1/1 vlan 6

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table static
show mac-address-table

mac-address-table static

Use the mac-address-table static global configuration command to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.

mac-address-table static hw-addr in-port out-port-list [vlan vlan-id]
no mac-address-table static hw-addr [in-port in-port] [out-port-list out-port-list] [vlan vlan-id]

Syntax Description

hw-addr

MAC address to add to the address table.

in-port

Input port from which packets received with a destination address of hw-addr are forwarded to the list of ports in the out-port-list. The in-port must belong to the same VLAN as all the ports in the out-port-list.

out-port-list

List of ports to which packets received on ports in in-port are forwarded. All ports in the list must belong to the same VLAN.

vlan

(Optional) The interface and VLAN parameters together specify a destination to which packets destined for the specified MAC address are forwarded.

This keyword is optional if all the ports specified by in-port-list and out-port-list are static-access VLAN ports. The VLAN assigned to the ports is assumed.

This keyword is required for multi-VLAN and trunk ports.

Dynamic-access ports cannot be included in static addresses as either the source (in-port) or destination (out-port).

This keyword is required on trunk ports to specify to which VLAN the static address is assigned.

vlan-id

ID of the VLAN to which static address entries are forwarded.

Command Mode

Global configuration

Usage Guidelines

When a packet is received on the input port, it is forwarded to the VLAN of each port you specify for the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address already defined as one modifies the port map (vlan and out-port-list) for the input port specified.

If the variable vlan-id is omitted and the no form of the command is used, the MAC address is removed from all VLANs.

Traffic from a static address is only accepted from a port defined in the in-port variable.

In Enterprise Edition Software, dynamic-access ports cannot be configured as the source or destination port in a static address entry.

Example

The following example adds a static address with port 1 as an input port and ports 2 and 8 of VLAN 4 as output ports:

Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8 vlan 4

You can verify the previous command by entering the show mac-address-table command in privileged EXEC mode.

Related Commands

clear mac-address-table
mac-address-table aging-time
mac-address-table dynamic
mac-address-table secure
show mac-address-table

port block

Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.

port block {unicast | multicast}
no port block {unicast | multicast}

Syntax Description

unicast

Packets with unknown unicast addresses are not forwarded to this port.

multicast

Packets with unknown multicast addresses are not forwarded to this port.

Default

Flood unknown unicast and multicast packets to all ports.

Command Mode

Interface configuration

Usage Guidelines

The port block command cannot be entered for a network port.

In Enterprise Edition Software, if a trunk port is not a network port, the unicast keyword applies. The multicast keyword is supported on trunk ports. Both port block features affect all the VLANs associated with the trunk port.

Example

The following example shows how to block the forwarding of multicast and unicast packets to a port:

Switch(config-if)# port block unicast Switch(config-if)# port block multicast

You can verify the previous commands by entering the show port block command in privileged EXEC mode.

Related Commands

show port block

port group

Use the port group interface configuration command to assign a port to a Fast EtherChannel or Gigabit EtherChannel port group. Up to 12 port groups can be created on a switch. Any number of ports can belong to a destination-based port group. Up to eight ports can belong to a source-based port group. Use the no form of this command to remove a port from a port group.

port group group-number [distribution {source | destination}]
no port group

Syntax Description

group-number

Port group number to which the port belongs. A number from 1 to 12 is valid.

distribution

(Optional) Forwarding method for the port group.

source

Set the port to forward traffic to a port group based on the packet source address. This is the default forwarding method.

destination

Set the port to forward traffic to a port group based on the packet destination address.

Defaults

Port does not belong to a port group.

The default forwarding method is source.

Command Mode

Interface configuration

Usage Guidelines

Any port can belong to a port group, but the following restrictions apply:

When a group is first formed, the switch automatically sets the following parameters to be the same on all ports:

Configuration of the first port added to the group is used when setting the above parameters for other ports in the group. After a group is formed, changing any parameter in the above list changes the parameter on all other ports.

Use the distribution parameter to customize the port group to your particular environment. The forwarding method you choose depends on how your network is configured. However, source-based forwarding works best for most network configurations. See the "Setting Port Features" section for more information.

Examples

The following example shows how to add a port to a port group using the default source-based forwarding:

Switch(config-if)# port group 1

The following example shows how to add a port to a group using destination-based forwarding:

Switch(config-if)# port group 2 distribution destination

You can verify the previous commands by entering the show port group command in privileged EXEC mode.

Related Commands

show port group

port monitor

Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the port to its default value.

port monitor [interface]
no port monitor [interface]

Syntax Description

interface

(Optional) Module and port number for which SPAN is to be enabled.

Default

Port does not monitor any other ports.

Command Mode

Interface configuration

Usage Guidelines

Enabling port monitoring without specifying a port causes all other ports in the same VLAN to be monitored.

All ports can be monitor ports, but the following restrictions apply:

Example

The following example shows how to enable port monitoring on port fa0/2:

Switch(config-if)# port monitor fa0/2

You can verify the previous command by entering the show port monitor command in privileged EXEC mode.

Related Commands

show port monitor

port network

Use the port network interface configuration command to define a port as the switch network port. All traffic with unknown unicast addresses is forwarded to the network port on the same VLAN. Use the no form of this command to return the port to the default value.

port network
no port network

Syntax Description

This command has no arguments or keywords.

Default

No network port is defined.

Command Mode

Interface configuration

Usage Guidelines

The following restrictions apply to network ports:

Example

The following example shows how to set a port as a network port.

Switch(config-if)# port network

You can verify the previous command by entering the show port network command in privileged EXEC mode.

Related Commands

show port network

port security

Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the port to its default value.

port security [action {shutdown | trap}]
port security [max-mac-count addresses]
no port security

Syntax Description

action

(Optional) Action to take when an address violation occurs on this port.

shutdown

Disable the port when a security violation occurs.

trap

Generate an SNMP trap when a security violation occurs.

max-mac-count

(Optional) Maximum number of secure addresses that this port can support.

addresses

Number from 1 to 132.

Defaults

Port security is disabled.

When enabled, the default action is to generate an SNMP trap.

Command Mode

Interface configuration

Usage Guidelines

If you specify trap, use the snmp-server host command to configure the SNMP trap host to receive traps.

The following restrictions apply to secure ports:

Examples

The following example shows how to enable port security and what action the port takes in case of an address violation (shutdown).

Switch(config-if)# port security action shutdown

The following example shows how to set the maximum number of addresses that the port can learn to 8.

Switch(config-if)# port security max-mac-count 8

You can verify the previous commands by entering the show port security command in privileged EXEC mode.

Related Commands

show port security

port storm-control

Use the port storm-control interface configuration command to enable broadcast-storm control on a port. Use the no form of this command to disable storm control or one of the storm-control parameters on the port.

port storm-control {filter | trap | threshold {rising rising-number falling falling-number}}
no port storm-control {filter | trap | threshold}

Syntax Description

filter

(Optional) Disable the port during a broadcast storm.

trap

(Optional) Generate an SNMP trap when the traffic on the port crosses the rising or falling threshold.

threshold

(Optional) Rising and falling threshold values to follow.

rising

Block the normal flooding of broadcast packets when the value specified for rising-number is reached.

rising-number

0 to 4294967295 broadcast packets per second.

falling

Restart the normal flooding of broadcast packets when the value specified for falling-number is reached.

falling-number

0 to 4294967295 broadcast packets per second.

Default

Broadcast storm control is not enabled.

Command Mode

Interface configuration

Example

The following example shows how to enable broadcast storm control on a port. In this example, flooding is inhibited when the number of broadcast packets arriving on the port reaches 1000 and is restarted when the number returns to 200.

Switch(config-if)# port storm-control threshold rising 1000 falling 200

You can verify the previous command by entering the show port storm-control command in privileged EXEC mode.

Related Commands

show port storm-control

reset

Use the reset VLAN database command to abandon the proposed VLAN database and remain in VLAN database mode. This command resets the proposed database to the currently implemented VLAN database on the switch. This command is available only in the Enterprise Edition Software.

reset

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

VLAN database

Example

The following example shows how to abandon the proposed VLAN database and reset to the current VLAN database:

Switch(vlan)# reset Switch(vlan)#

You can verify the previous command by entering the show changes and show proposed commands in VLAN database mode.

Related Commands
abort
apply
exit
show changes
show proposed
shutdown vlan
vlan database

show cgmp

Use the show cgmp privileged EXEC command to display the current state of the CGMP-learned multicast groups and routers.

show cgmp [state | holdtime | [vlan vlan-id] | [group [address] | router [address]]]

Syntax Description

state

(Optional) Display whether CGMP is enabled or not, whether Fast Leave is enabled or not, and the router port timeout value.

holdtime

(Optional) Display the router port timeout value in seconds.

vlan

(Optional) Limit the display to the specified VLAN.

vlan-id

ID of VLAN to which the command applies.

group

(Optional) Display all known multicast groups and the destination ports. Limited to given VLAN if vlan keyword is entered; limited to a specific group if the address parameter is entered.

address

MAC address of the group or router.

router

(Optional) Display all routers, their ports, and expiration times. Limited to given VLAN if vlan keyword entered; limited to a specific router if the address parameter is entered.

Command Mode

Privileged EXEC

Usage Guidelines

This command displays CGMP information about known routers and groups, as well as whether CGMP is enabled, whether Fast Leave is enabled, and the current value of the router timeout. If show cgmp is entered with no arguments, all information is displayed.

Sample Display

The following is sample output from the show cgmp command.

Switch# show cgmp CGMP is running. CGMP Fast Leave is not running. Default router timeout is 300 sec. vLAN IGMP MAC Address Interfaces ------ ----------------- ----------- 1 0100.5e01.0203 Fa0/8 1 0100.5e00.0128 Fa0/8 vLAN IGMP Router Expire Interface ------ ----------------- -------- ---------- 1 0060.5cf3.d1b3 197 sec Fa0/8
Related Commands

cgmp
clear cgmp

show changes

Use the show changes VLAN database command to display the differences between the VLAN database currently on the switch and the proposed VLAN database. You can also display the differences between the two for a selected VLAN. This command is available only in the Enterprise Edition Software.

show changes [vlan-id]

Syntax Description

vlan-id

(Optional) ID of the VLAN in the current or proposed database. If this variable is omitted, all the differences between the two VLAN databases are displayed, including the pruning state and V2 mode. Valid IDs are from 1 to 1005.

Command Mode

VLAN database

Sample Displays

The following is sample output from the show changes command. It displays the differences between the current and proposed databases.

Switch(vlan)# show changes DELETED: VLAN ISL Id: 4 Name: VLAN0004 Media Type: Ethernet VLAN 802.10 Id: 100004 State: Operational MTU: 1500 DELETED: VLAN ISL Id: 6 Name: VLAN0006 Media Type: Ethernet VLAN 802.10 Id: 100006 State: Operational MTU: 1500 MODIFIED: VLAN ISL Id: 7 Current State: Operational Modified State: Suspended

The following is sample output from the show changes 7 command. It displays the differences between VLAN 7 in the current database and the proposed database.

Switch(vlan)# show changes 7 MODIFIED: VLAN ISL Id: 7 Current State: Operational Modified State: Suspended
Related Commands
show current
show proposed

show current

Use the show current VLAN database command to display the current VLAN database on the switch or a selected VLAN from it. This command is available only in the Enterprise Edition Software.

show current [vlan-id]

Syntax Description

vlan-id

(Optional) ID of the VLAN in the current database. If this variable is omitted, the entire VLAN database displays, included the pruning state and V2 mode. Valid IDs are from 1 to 1005.

Command Mode

VLAN database

Sample Displays

The following is sample output from the show current command. It displays the current VLAN database.

Switch(vlan)# show current VLAN ISL Id: 1 Name: default Media Type: Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 VLAN ISL Id: 3 Name: VLAN0003 Media Type: Ethernet VLAN 802.10 Id: 100003 State: Operational MTU: 4000 VLAN ISL Id: 4 Name: VLAN0004 Media Type: Ethernet VLAN 802.10 Id: 100004 State: Operational MTU: 1500 VLAN ISL Id: 5 Name: VLAN0005 Media Type: Ethernet VLAN 802.10 Id: 100005 State: Operational MTU: 1500 VLAN ISL Id: 6 Name: VLAN0006 Media Type: Ethernet VLAN 802.10 Id: 100006 State: Operational MTU: 1500

The following is sample output from the show current 2 command. It displays only VLAN 2 of the current database.

Switch(vlan)# show current 2 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500
Related Commands
show changes
show proposed

show interface

Use the show interface privileged EXEC mode command to display the administrative and operational status of a switching (nonrouting) port.

show interface interface-id [switchport [allowed-vlan | prune-elig]]

Syntax Description

interface-id

ID of the module and port number.

switchport

(Optional) Display the administrative and operational status of a switching (nonrouting) port.

allowed-vlan

(Optional) Display the VLAN IDs that receive and transmit all types of traffic on the trunk port. By default, all VLAN IDs are included.

prune-elig

(Optional) Display the VLAN ID whose flood traffic can be pruned. VLAN 1 and VLANs 1002 through 1005 are not eligible for pruning. By default, no VLANs are pruning eligible on the trunk.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show interface fa0/2 switchport command. Table 2-3 describes each field in the display.

Switch# show interface fa0/2 switchport Name: fa0/2 Switchport: Enabled Administrative Mode: Static Access Operational Mode: Static Access Administrative Trunking Encapsulation: ISL Operational Trunking Encapsulation: ISL Negotiation of Trunking: Disabled Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: 1-30, 50, 100-1005 Pruning VLANs Enabled: NONE


Table 2-3: Show Interface Ethernet2/2 Switchport Field Descriptions
Field Description

Name

Displays the port name.

Switchport

Displays the administrative and operational status of the port. In this display, the port is in switchport mode.

Administrative Mode

Operational Mode

Displays the administrative and operational mode.

Administrative Trunking Encapsulation

Operation Trunking Encapsulation

Negotiation of Trunking

Displays the administrative and operational encapsulation method. Also displays whether trunking negotiation is enabled.

Access Mode VLAN

VLAN ID.

Trunking Native Mode

Trunking VLANs Enabled

Trunking VLANs Active

Lists the VLAN ID of the trunk that is in native mode. Lists the active VLANs on the trunk.

Pruning VLANs Enabled

Lists the VLANs that are pruning eligible.

Related Commands
switchport access
switchport mode
switchport multi
switchport trunk

show mac-address-table

Use the show mac-address-table privileged EXEC command to display the MAC address table.

show mac-address-table [static | dynamic | secure | self | aging-time | count]
[address hw-addr] [interface interface] [vlan vlan-id]

Syntax Description

static

(Optional) Display only the static addresses.

dynamic

(Optional) Display only the dynamic addresses.

secure

(Optional) Display only the secure addresses.

self

(Optional) Display only addresses added by the switch itself.

aging-time

(Optional) Display aging-time for dynamic addresses for all VLANs.

count

(Optional) Display a count for different kinds of MAC addresses.

address

(Optional) Display information for a specific address.

hw-addr

Display information for this address.

interface

(Optional) Display addresses for a specific port.

interface

Display addresses for this port.

vlan

(Optional) Display addresses for a specific VLAN.

vlan-id

Display addresses for this VLAN.

Command Mode

Privileged EXEC

Usage Guidelines

This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.

Sample Display

The following is sample output from the show mac-address-table command:

Switch# show mac-address-table Dynamic Addresses Count: 9 Secure Addresses (User-defined) Count: 0 Static Addresses (User-defined) Count: 0 System Self Addresses Count: 41 Total MAC addresses: 50 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0010.0de0.e289 Dynamic 1 FastEthernet0/1 0010.7b00.1540 Dynamic 2 FastEthernet0/5 0010.7b00.1545 Dynamic 2 FastEthernet0/5 0060.5cf4.0076 Dynamic 1 FastEthernet0/1 0060.5cf4.0077 Dynamic 1 FastEthernet0/1 0060.5cf4.1315 Dynamic 1 FastEthernet0/1 0060.70cb.f301 Dynamic 1 FastEthernet0/1 00e0.1e42.9978 Dynamic 1 FastEthernet0/1 00e0.1e9f.3900 Dynamic 1 FastEthernet0/1
Related Commands

clear mac-address-table

show port block

Use the show port block privileged EXEC command to display the blocking of unicast or multicast flooding to a port.

show port block {unicast | multicast} [interface]

Syntax Description

unicast

Display whether or not ports are blocking unicast packets.

multicast

Display whether or not ports are blocking multicast packets.

interface

(Optional) Display whether the port specified is blocking unicast or multicast packets.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port block unicast and show port block multicast commands display packet blocking information on all ports.

Sample Display

The following is sample output from the show port block command:

Switch# show port block unicast fa0/8 FastEthernet0/8 is blocked from unknown unicast addresses
Related Commands

port block

show port group

Use the show port group privileged EXEC command to list the ports that belong to a port group.

show port group [group-number]

Syntax Description

group-number

(Optional) Port group to which the port is assigned.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable group-number is omitted, the show port group command displays all port groups on the switch.

Sample Display

The following is sample output from the show port group command:

Switch# show port group 1 Group Interface ----- --------------- 1 FastEthernet0/1 1 FastEthernet0/4
Related Commands

port group

show port monitor

Use the show port monitor privileged EXEC command to display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled.

show port monitor [interface]

Syntax Description

interface

(Optional) Module and port number enabled for SPAN.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port monitor command displays all monitor ports on the switch.

Sample Display

The following is sample output from the show port monitor command:

Switch# show port monitor fa0/8 Monitor Port Port Being Monitored ------------------ -------------------- FastEthernet0/8 FastEthernet0/1 FastEthernet0/8 FastEthernet0/2 FastEthernet0/8 FastEthernet0/3 FastEthernet0/8 FastEthernet0/4
Related Commands

port monitor

show port network

Use the show port network privileged EXEC command to display the network port defined for the switch or VLAN.

show port network [interface]

Syntax Description

interface

(Optional) Port to be displayed.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port network command displays all network ports on the switch.

Sample Display

The following is sample output from the show port network command:

Switch# show port network
Network Port VLAN ID ------------ ------- FastEthernet0/11 1
Related Commands

port network

show port security

Use the show port security privileged EXEC command to show the port security parameters defined for the port.

show port security [interface]

Syntax Description

interface

(Optional) Port to be displayed.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port security command displays all secure ports on the switch.

Sample Display

The following is sample output from the show port security command for fixed port 07:

        Switch# show port security fa0/7 Secure Port Secure Addr Secure Addr Security Security Action Cnt (Current) Cnt (Max) Reject Cnt --------------- ------------- ----------- ---------- ---------------- FastEthernet0/7 0 132 0 Send Trap
Related Commands

port security

show port storm-control

Use the show port storm-control privileged EXEC command to display the rising and falling thresholds for broadcast storm control. This command also displays the action that the switch takes when the thresholds are reached.

show port storm-control [interface]

Syntax Description

interface

(Optional) Port to be displayed.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable interface is omitted, the show port storm-control command displays broadcast storm control settings on all ports on the switch.

Sample Display

The following is sample output from the show port storm-control command:

        Switch# show port storm-control
      Interface Filter State Trap State Rising Falling Current Traps Sent --------- ------------- ------------- ------ ------- ------- ---------- Fa0/1 <inactive> <inactive> 1000 200 0 0 Fa0/2 <inactive> <inactive> 500 250 0 0 Fa0/3 <inactive> <inactive> 500 250 0 0 Fa0/4 <inactive> <inactive> 500 250 0 0
Related Commands

port storm-control

show proposed

Use the show proposed VLAN database command to display the proposed VLAN database or a selected VLAN from it. This command is available only in the Enterprise Edition Software.

show proposed [vlan-id]

Syntax Description

vlan-id

(Optional) ID of the VLAN in the proposed database. If this variable is omitted, the entire VLAN database displays, included the pruning state and V2 mode. Valid IDs are from 1  to  1005.

Command Mode

VLAN database

Usage Guidelines

If the variable vlan-id is omitted, the show proposed command displays the entire proposed VLAN database.

The proposed VLAN database is not the running configuration until you use the exit or apply command.

Sample Display

The following is sample output from the show proposed command:

Switch(vlan)# show proposed VLAN ISL Id: 1 Name: default Media Type: Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: FDDI Net VLAN 802.10 Id: 100002 State: Operational MTU: 1500 STP Type: IBM VLAN ISL Id: 1002 Name: fddi-default Media Type: FDDI VLAN 802.10 Id: 101002 State: Operational MTU: 1500 Bridge Type: SRB Translational Bridged VLAN: 1 Translational Bridged VLAN: 1003 VLAN ISL Id: 1003 Name: trcrf-default Media Type: TRCRF VLAN 802.10 Id: 101003 State: Operational MTU: 4472 Bridge Type: SRB Ring Number: 3276 Bridge Number: 1 Parent VLAN: 1005 Maximum ARE Hop Count: 7 Maximum STE Hop Count: 7 Backup CRF Mode: Disabled Translational Bridged VLAN: 1 Translational Bridged VLAN: 1002 VLAN ISL Id: 1004 Name: fddinet-default Media Type: FDDI Net VLAN 802.10 Id: 101004 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM VLAN ISL Id: 1005 Name: trbrf-default Media Type: TRBRF VLAN 802.10 Id: 101005 State: Operational MTU: 4472 Bridge Type: SRB Bridge Number: 15 STP Type: IBM
Related Commands
show changes
show proposed

show spanning-tree

Use the show spanning-tree privileged EXEC command to show spanning-tree information for the specified spanning-tree instances.

show spanning-tree [vlan stp-list] [interface interface-list]

Syntax Description

vlan

(Optional) Specify VLAN IDs for the stp-list variable when displaying information about spanning-tree instances.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

interface

(Optional) Specify ports for which spanning-tree instances are displayed.

interface-list

List of ports for which spanning-tree information is displayed. Enter each port separated by a space. Ranges are not supported.

Command Mode

Privileged EXEC

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

Sample Display

The following is sample output from the show spanning-tree command for VLAN 1:

Switch# show spanning-tree vlan 1 Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0010.0b3f.ac80 Root port is 5, cost of root path is 10 Topology change flag not set, detected flag not set, changes 1 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0 Interface Fa0/1 in Spanning tree 1 is down Port path cost 100, Port priority 128 Designated root has priority 32768, address 0010.0b3f.ac80 Designated bridge has priority 32768, address 00e0.1eb2.ddc0 Designated port is 1, path cost 10 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0 ...

The following is sample output from the show spanning-tree interface command for port 3:

Switch# show spanning-tree interface fa0/3 Interface Fa0/3 (port 3) in Spanning tree 1 is down Port path cost 100, Port priority 128 Designated root has priority 6000, address 0090.2bba.7a40 Designated bridge has priority 32768, address 00e0.1e9f.4abf Designated port is 3, path cost 410 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0
Related Commands

spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

show vlan

Use the show vlan privileged EXEC command to display the parameters for all configured VLANs or one VLAN (if the VLAN ID or name is specified) in the administrative domain.

Standard Edition Software:

show vlan {brief | id vlan-id}

Enterprise Edition Software:

show vlan [brief | id vlan-id | name vlan-name]

Syntax Description

brief

(Optional) Display one line for each VLAN with the VLAN name, status, and its ports.

id

(Optional) Display VLAN status by VLAN ID.

vlan-id

ID of the VLAN displayed. Valid IDs are from 1 to 1005.

name

(Optional) Display VLAN status by VLAN name. This keyword is available only in the Enterprise Edition Software.

vlan-name

Name of the VLAN displayed. The VLAN name is an ASCII string from 1 to 32 characters. This option is available only in the Enterprise Edition Software.

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show vlan command (Enterprise Edition Software only):

Switch# show vlan
      VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/8, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa1/1, Fa1/2 2 VLAN0002 active Fa0/2 3 VLAN0003 active Fa0/3 4 VLAN0004 active Fa0/4 5 VLAN0005 suspended Fa0/5 6 VLAN0006 active Fa0/6 7 VLAN0007 active 10 VLAN0010 act/lshut 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- ------ ------ 1 enet 100001 1500 - - - - 1002 1003 6 fdnet 100006 1500 - - - ieee 0 0 7 trnet 100007 1500 - - 5 ieee 0 0 1002 fddi 101002 1500 - - - - 1 1003 1003 tr 101003 1500 1005 3276 - - 1 1002 1004 fdnet 101004 1500 - - 1 ibm 0 0 1005 trnet 101005 1500 - - 15 ibm 0 0

Note In the standard edition software, this command is not available.

The following is sample output from the show vlan brief command (Enterprise Edition Software only):

Switch# show vlan brief
      VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa1/1, Fa1/2, Fa1/3, Fa1/4, Fa2/3, Fa2/4 2 VLAN0002 active 3 VLAN0003 active 6 VLAN0006 active 7 VLAN0007 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active

Note In the standard edition software, this command does not show information for VLANs 1002 to 1005.

The following is sample output from the show vlan id 6or show vlan name VLAN006 command (Enterprise Edition Software only):

        VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 6 VLAN0006 active VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- ------ ------ 6 fdnet 100006 1500 - - - ieee 0 0

Note In the standard edition software, this command does not show VTP-specific information.
Related Commands
switchport
vlan

show vmps

Use the show vmps privileged EXEC command to display the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN Membership Policy Server (VMPS) IP addresses, and the current and primary servers. This command is available only in the Enterprise Edition Software.
show vmps
Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

The following is sample output from the show vmps command:

Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.86 (primary, current) 172.20.128.87 Reconfirmation status --------------------- VMPS Action: No Dynamic Port
Related Commands

vmps reconfirm
vmps retry
vmps server

show vmps statistics

Use the show vmps statistics privileged EXEC command to display the VLAN Query Protocol (VQP) client-side statistics and counters. This command is available only in the Enterprise Edition Software.
show vmps statistics
Syntax Description

This command has no arguments or keywords.

Command Mode

Privileged EXEC

Sample Display

This following is sample output from the show vmps statistics command. Table 2-4 describes each field in the display.

Switch# show vmps statistics VMPS Client Statistics ---------------------- VQP Queries: 0 VQP Responses: 0 VMPS Changes: 0 VQP Shutdowns: 0 VQP Denied: 0 VQP Wrong Domain: 0 VQP Wrong Version: 0 VQP Insufficient Resource: 0


Table 2-4: Show Vmps Statistics Field Descriptions
Field Description

VQP Queries

Number of queries sent by the client to the VLAN Membership Policy Server (VMPS).

VQP Responses

Number of responses sent to the client from the VMPS.

VMPS Changes

Number of times that the VMPS changed from one server to another.

VQP Shutdowns

Number of times the VMPS sent a response to shutdown the port. The client disables the port and removes all dynamic addresses on this port from the address table. You must administratively reenable the port to restore connectivity.

VQP Denied

Number of times the VMPS denied the client request for security reasons. When the VMPS response says to deny an address, no frame is forwarded to or from the workstation with that address (broadcast or multicast frames are delivered to the workstation if the port has been assigned to a VLAN). The client keeps the denied address in the address table as a blocked address to prevent further queries from being sent to the VMPS for each new packet received from this workstation. The client ages the address if no new packets are received from this workstation on this port within the aging time period.

VQP Wrong Domain

Number of times the management domain in the request does not match the one for the VMPS. Any previous VLAN assignments of the port are not changed. Receipt of this response indicates that the server and the client have not been configured with the same VTP management domain.

VQP Wrong Version

Number of times the version field in the query packet contains a value that is higher than the version supported by the VMPS. Previous VLAN assignment of the port is not changed. Catalyst 2900 series switches send only VMPS version 1 requests.

VQP Insufficient Resource

Number of times the VMPS is unable to answer the request because of a resource availability problem. If the retry limit has not yet been reached, the client repeats the request with the same server or with the next alternate server, depending on whether the per-server retry count has been reached.

Related Commands
clear vmps statistics

show vtp

Use the show vtp privileged EXEC mode command to display general information about the VLAN Trunk Protocol (VTP) management domain, status, and counters. This command is available only in the Enterprise Edition Software.

show vtp {counters | status}

Syntax Description

counters

Display the VTP counters for the switch.

status

Display general information about the VTP management domain.

Command Mode

Privileged EXEC

Sample Displays

The following is sample output from the show vtp counters command. Table 2-5 describes each field in the display.

Switch# show vtp counters VTP statistics: summary advts received : 0 subset advts received : 0 request advts received : 0 summary advts transmitted : 0 subset advts transmitted : 0 request advts transmitted : 0 No. of config revision errors : 0 No. of config digest errors : 0 No. of V1 summary errors : 0
      VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa2/1 242 0 0


Table 2-5: Show Vtp Counters Field Descriptions
Field Description

Summary Advts Received

Number of summary advertisements received by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update timestamp and identity, the authentication checksum, and the number of subset advertisements to follow.

Subset Advts Received

Number of subset advertisements received by this switch on its trunk ports. Subset advertisements contain all the information for one or more VLANs.

Request Advts Received

Number of advertisement requests received by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.

Summary Advts Transmitted

Number of summary advertisements sent by this switch on its trunk ports. Summary advertisements contain the management domain name, the configuration revision number, the update timestamp and identity, the authentication checksum, and the number of subset advertisements to follow.

Subset Advts Transmitted

Number of subset advertisements sent by this switch on its trunk ports. Subset advertisements contain all the information for one or more VLANs.

Request Advts Transmitted

Number of advertisement requests sent by this switch on its trunk ports. Advertisement requests normally request information on all VLANs. They can also request information on a subset of VLANs.

No. of Configuration Revision Errors

Number of revision errors.

Whenever you define a new VLAN, delete an existing one, suspend or resume an existing VLAN, or modify the parameters on an existing VLAN, the configuration revision number of the switch increments.

Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the MD5 digest values do not match. This error indicates that the VTP password in the two switches is different, or the switches have different configurations.

These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.

No. of Configuration Digest Errors

Number of MD5 digest errors.

Digest errors increment whenever the MD5 digest in the summary packet and the MD5 digest of the received advertisement calculated by the switch do not match. This error usually indicates that the VTP password in the two switches is different. To solve this problem, make sure the VTP password on all switches is the same.

These errors indicate that the switch is filtering incoming advertisements, which causes the VTP database to become unsynchronized across the network.

No. of V1 Summary Errors

Number of version 1 errors.

Version 1 summary errors increment whenever a switch in VTP V2 mode receives a VTP version 1 frame. These errors indicate that at least one neighboring switch is either running VTP version 1 or VTP version 2 with V2-mode disabled. To solve this problem, change the configuration of the switches in VTP V2-mode to disabled.

Join Transmitted

Number of VTP pruning messages transmitted on the trunk.

Join Received

Number of VTP pruning messages received on the trunk.

Summary Advts Received from non-pruning-capable device

Number of VTP summary messages received on the trunk from devices that do not support pruning.

The following is sample output from the show vtp status command. Table 2-6 describes each field in the display.

Switch# show vtp status VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 68 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : test1 VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x3D 0x02 0xD4 0x3A 0xC4 0x46 0xA1 0x03 Configuration last modified by 172.20.130.52 at 3-4-93 22:25:


Table 2-6: Show Vtp Status Field Descriptions
Field Description

VTP Version

Displays the VTP version operating on the switch. By default, Catalyst 2900 series switches implement version 1 but can be set to version 2.

Configuration Revision

Number of configuration revisions on this switch.

Maximum VLANs Supported Locally

Maximum number of VLANs supported locally.

Number of Existing VLANs

Number of existing VLANs.

VTP Operating Mode

Displays the VTP operating mode, which can be server, client, or transparent.

Server: a switch in VTP server mode is enabled for VTP and sends advertisements. You can configure VLANs on it. The switch guarantees that it can recover all the VLAN information in the current VTP database from nonvolatile storage after reboot. By default, every switch is a VTP server.

Client: a switch in VTP client mode is enabled for VTP, can send advertisements, but does not have enough nonvolatile storage to store VLAN configurations. You cannot configure VLANs on it. When a VTP client starts up, it does not transmit VTP advertisements until it receives advertisements to initialize its VLAN database.

Transparent: a switch in VTP transparent mode is disabled for VTP, does not transmit advertisements or learn from advertisements sent by other devices, and cannot affect VLAN configurations on other devices in the network. The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received. The configuration of multi-VLAN ports causes the switch to automatically enter transparent mode.

Note Catalyst 2900 series switches support up to 64 VLANs. If you define more than 64 or if the switch receives an advertisement that contains more than 64 VLANs, the switch automatically enters VTP transparent mode and operates with the VLAN configuration preceding the one that sent it into transparent mode.

VTP Domain Name

Name that identifies the administrative domain for the switch.

VTP Pruning Mode

Displays whether pruning is enabled or disabled. Enabling pruning on a VTP server enables pruning for the entire management domain. Pruning restricts flooded traffic to those trunk links that the traffic must use to access the appropriate network devices.

VTP V2 Mode

Displays if VTP version 2 mode is enabled. All VTP version 2 switches operate in version 1 mode by default. Each VTP switch automatically detects the capabilities of all the other VTP devices. A network of VTP devices should be configured to version 2 only if all VTP switches in the network can operate in version 2 mode.

VTP Traps Generation

Displays whether VTP traps are transmitted to a network management station.

MD5 Digest

A 16-byte checksum of the VTP configuration.

Configuration Last Modified

Displays the date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.

Related Commands
clear vtp counters
vtp

shutdown

Use the shutdown interface configuration command to disable a port. Use the no form of this command to restart a disabled port.

shutdown
no shutdown

Syntax Description

This command has no arguments or keywords.

Command Mode

Interface configuration

Usage Guidelines

The shutdown command for a port causes it to stop forwarding. You can enable the port with the no shutdown command.

In the Enterprise Edition Software, the no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shutdown. The port must first be a member of an active VLAN before it can be reenabled.

Examples

The following examples show how to disable fixed port fa0/8 and how to reenable it:

Switch(config)# interface fa0/8 Switch(config-if)# shutdown Switch(config-if)# no shutdown

You can verify the previous commands by entering the show interface command in privileged EXEC mode.

shutdown vlan

Use the shutdown vlan global configuration command to shutdown (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN. This command is available only in the Enterprise Edition Software.

shutdown vlan vlan-id
no shutdown vlan vlan-id

Syntax Description

vlan-id

ID of the VLAN to be locally shut down. Valid IDs are from 2 to 1001, excluding VLANs defined as default VLANs under the VLAN Trunk Protocol (VTP). The default VLANs are 1 and 1002-1005.

Default

No default is defined.

Command Mode

Global configuration

Usage Guidelines

The shutdown vlan command does not change the VLAN information in VTP database. It shuts down traffic locally, but the switch still advertises VTP information.

Example

The following example shows how to shutdown traffic on VLAN 2:

Switch(config)# shutdown vlan 2

You can verify the previous command by entering the show vlan command in privileged EXEC mode.

Related Commands
abort
apply
exit
reset
vlan database

snmp-server enable traps vlan-membership

Use the snmp-server enable traps vlan-membership global configuration command to enable SNMP notification for VLAN Membership Policy Server (VMPS) changes. Use the no form of this command to disable the VMPS trap notification. This command is available only in the Enterprise Edition Software.
snmp-server enable traps vlan-membership
no snmp-server enable traps vlan-membership
Syntax Description

This command has no arguments or keywords.

Default

SNMP traps for VMPS are disabled.

Command Mode

Global configuration

Usage Guidelines

Specify the host that receives the traps by using the snmp-server host command.

Example

The following example shows how to enable VMPS to send trap notifications:

Switch(config)# snmp-server enable trap vlan-membership

You can verify the previous command by entering the show running-config command in privileged EXEC mode.

Related Commands

show running-config
snmp-server host

snmp-server enable traps vtp

Use the snmp-server enable traps vtp global configuration command to enable SNMP notification for VLAN Trunk Protocol (VTP) changes. Use the no form of this command to disable VTP trap notification. This command is available only in the Enterprise Edition Software.
snmp-server enable traps vtp
no snmp-server enable traps vtp

Syntax Description

This command has no arguments or keywords.

Default

SNMP traps for VTP are disabled.

Command Mode

Global configuration

Usage Guidelines

Specify the host that receives the traps by using the snmp-server host command.

Example

The following example shows how to enable VTP to send trap notifications:

Switch(config)# snmp-server enable trap vtp

You can verify the previous command by entering the show vtp status or show running-config command in privileged EXEC mode.

Related Commands

show running-config
show vtp status
snmp-server host

snmp-server host

Use the snmp-server host global configuration command to specify the host that receives SNMP traps. Use the no form of this command to remove the specified host.

snmp-server host host-address community-string [c2900 | config | snmp | tty | udp-port port-number | vlan-membership | vtp]
no snmp-server host host-address

Syntax Description

host-address

IP address or name of the SNMP trap host.

community-string

Password-like community string sent with the trap operation.

c2900

Send SNMP Catalyst 2900 series traps.

config

Send SNMP configuration traps.

snmp

Send SNMP-type traps.

tty

Send Cisco enterprise-specific traps when a Transmission Control Protocol (TCP) connection closes.

udp-port {port-number}

UDP port of the host to use. The default is 162.

vlan-membership

Send SNMP VLAN Membership Policy Server (VMPS) traps. This option is available only in the Enterprise Edition Software.

vtp

Send SNMP VLAN Trunk Protocol (VTP) traps. This option is available only in the Enterprise Edition Software.

Command Mode

Global configuration

Defaults

The SNMP trap host address and community string are not defined.

Traps are disabled.

Example

The following example shows how to configure an SNMP host to receive VTP traps:

Switch(config)# snmp-server host 172.20.128.178 traps vtp
Related Commands

snmp-server enable traps vlan-membership
snmp-server enable traps vtp

spanning-tree

Use the spanning-tree global configuration command to enable Spanning-Tree Protocol (STP) on a VLAN. Use the no form of the command to disable STP on a VLAN.

spanning-tree [vlan stp-list]
no spanning-tree [vlan stp-list]

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when enabling STP.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

Default

STP is enabled.

Command Mode

Global configuration

Usage Guidelines

Disabling STP causes the VLAN or list of VLANs to stop participating in STP. Ports that are administratively down remain down. Received Bridge Protocol Data Units (BPDUs) are forwarded like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.

STP can be disabled on a VLAN that is not currently active. The setting takes effect when the VLAN is activated.

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can enable STP on a VLAN that has no ports assigned to it.

Example

The following example shows how to disable STP on VLAN 5:

Switch(config)# no spanning-tree vlan 5

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode. In this instance, VLAN 5 does not appear in the list.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

spanning-tree cost

Use the spanning-tree cost interface configuration command to set the path cost for Spanning-Tree Protocol (STP) calculations. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] cost cost
no spanning-tree [vlan stp-list] cost

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when setting the path cost.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

cost

Set a cost.

cost

Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies whether or not the IEEE or DEC STP has been specified.

Defaults

The default path cost is computed from the interface bandwidth setting. The following are IEEE default path cost values:

Command Mode

Interface configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set a cost for a port or on a VLAN that does not exist. The setting takes effect when the VLAN exists.

Example

The following example shows how to set a path cost value of 250 for VLAN 1:

Switch(config-if)# spanning-tree vlan 1 cost 250

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree portfast
spanning-tree priority

spanning-tree forward-time

Use the spanning-tree forward-time global configuration command to set the forwarding-time for the specified spanning-tree instances. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] forward-time seconds
no spanning-tree [vlan stp-list] forward-time

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when setting the forwarding-time.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

seconds

Forward-delay interval from 4 to 200 seconds.

Defaults

The default configuration IEEE Spanning-Tree Protocol (STP) is 15 seconds. The default for IBM STP is 4 seconds, and the default for DEC STP is 30 seconds.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the forwarding-time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree forwarding time to 18 seconds for VLAN 20:

Switch(config)# spanning-tree vlan 20 forward-time 18

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority
spanning-tree protocol

spanning-tree hello-time

Use the spanning-tree hello-time global configuration command to specify the interval between hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the default interval.

spanning-tree [vlan stp-list] hello-time seconds
no spanning-tree [vlan stp-list] hello-time

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when specifying the hello-time.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

seconds

Interval from 1 to 10 seconds.

Defaults

The default configuration IEEE Spanning-Tree Protocol (STP) is 2 seconds. The default for IBM STP is 2 seconds, and the default for DEC STP is 1 second.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the hello time on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree hello-delay time to 3 seconds for VLAN 20:

Switch (config) # spanning-tree vlan 20 hello-time 3

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree
spanning-tree port-priority
spanning-tree protocol

spanning-tree max-age

Use the spanning-tree max-age global configuration command to change the interval between messages the spanning tree receives from the root switch. If a switch does not receive a Bridge Protocol Data Unit (BPDU) message from the root switch within this interval, it recomputes the STP topology. Use the no form of this command to return to the default interval.

spanning-tree [vlan stp-list] max-age seconds
no spanning-tree [vlan stp-list] max-age

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when changing the interval that switch waits to hear BPDUs from the root switch.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

seconds

Interval the switch waits between receiving BPDUs from the root switch. Enter a number from 6 to 200.

Defaults

The default configuration (IEEE STP) is 20 seconds. The default for DEC STP is 15 seconds, and the default for IBM STP is 10 seconds.

Command Mode

Global configuration

Usage Guidelines

The max-age setting must be greater than the hello-time setting.

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the max-age on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Examples

The following example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:

Switch (config)# spanning-tree vlan 20 max-age 30

The following example shows how to reset the max-age parameter to the default value for spanning-tree instances 100 through 102:

Switch (config)# no spanning-tree vlan 100 101 102 max-age

You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree priority
spanning-tree protocol

spanning-tree portfast

Use the spanning-tree portfast interface configuration command to enable the Port Fast feature on a port in all its associated VLANs. When the Port Fast feature is enabled, the port changes directly from a blocking state to a forwarding state without making the intermediate Spanning-Tree Protocol (STP) status changes. Use the no form of this command to return the port to default operation.

spanning-tree portfast interface
no spanning-tree portfast

Syntax

interface

Module and port number enabled for the Port Fast feature.

Default

The Port Fast feature is disabled.

Command Mode

Interface configuration

Usage Guidelines

This feature should only be used on ports that connect to end stations.

This feature affects all VLANs on the port.

A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state.

In Enterprise Edition Software, the Port Fast feature is automatically enabled on dynamic-access ports.

Example

The following example shows how to enable the Port Fast feature on fixed port 2.

Switch(config-if)# spanning-tree portfast fa0/2
Related Commands

spanning-tree portfast
spanning-tree port-priority

spanning-tree port-priority

Use the spanning-tree port-priority interface configuration command to set a port priority that is used when two switches tie for position as the root switch. Use the no form of this command to return to the default value.

spanning-tree [vlan stp-list] port-priority port-priority
no spanning-tree [vlan stp-list] port-priority

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when setting the port priority.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

port-priority

Number from 0 to 255.

Defaults

The default configuration (IEEE STP) is 128. The default for IBM STP and DEC STP is also 128.

Command Mode

Interface configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can set the port priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to increase the likelihood that the spanning-tree instance 20 is chosen as the root switch on port fa0/2:

Switch(config)# interface fa0/2
Switch(config-if)# spanning-tree vlan 20 port-priority 0

You can verify the previous commands by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree port-priority
spanning-tree protocol

spanning-tree priority

Use the spanning-tree priority global configuration command to configure the switch priority for the specified spanning-tree instance. This will change the likelihood that the switch is selected as the root switch. Use the no form of this command to revert to the default value.

spanning-tree [vlan stp-list] priority bridge-priority
no spanning-tree [vlan stp-list] priority

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when configuring the switch priority.

stp-list

(Optional) List of STP instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

bridge-priority

A number from 0 to 65535. The lower the number, the more likely the switch will be chosen as root.

Defaults

The default configuration (IEEE STP) is 32768. The default value for IBM STP and DEC STP is also 32768.

Command Mode

Global configuration

Usage Guidelines

If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN 1.

You can configure the switch priority on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to set the spanning-tree priority to 125 for a list of VLANs:

Switch (config)# spanning-tree vlan 20 100 101 102 priority 125

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree forward-time
spanning-tree hello-time
spanning-tree max-age
spanning-tree protocol

spanning-tree protocol

Use the spanning-tree protocol global configuration command to specify the Spanning-Tree Protocol (STP) to be used for specified spanning-tree instances. Use the no form to use the default protocol.

spanning-tree [vlan stp-list] protocol {ieee | dec | ibm}
no spanning-tree [vlan stp-list] protocol

Syntax Description

vlan

(Optional) Include VLAN IDs in the stp-list variable when specifying the protocol.

stp-list

(Optional) List of spanning-tree instances. Each spanning-tree instance is associated with a VLAN ID. Enter each VLAN ID separated by a space. Ranges are not supported.

ieee

IEEE Ethernet STP.

dec

DEC STP.

ibm

IBM STP.

Default

The default protocol is ieee.

Command Mode

Global configuration

Usage Guidelines

Changing the spanning-tree protocol causes STP parameters to change to default values of the new protocol.

If the variable stp-list is omitted, this command applies to the STP instance associated with VLAN 1.

You can change the protocol on a VLAN that has no ports assigned to it. The setting takes effect when you assign ports to it.

Example

The following example shows how to change the STP protocol for VLAN 20 to the DEC version of STP:

Switch(config)# spanning-tree vlan 20 protocol dec

You can verify the previous command by entering the show spanning-tree command in privileged EXEC mode.

Related Commands

show spanning-tree
spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority

speed

Use the speed interface configuration command to specify the speed of a Fast Ethernet port. Use the no form of this command to return the port to its default value.

speed {10 | 100 | auto}
no speed

Syntax Description

10

Port runs at 10 Mbps.

100

Port runs at 100 Mbps.

auto

Port automatically detects whether it should run at 10 or 100 Mbps.

Defaults

The default is auto.

For Gigabit Ethernet ports, the speed is 1000 Mbps and not configurable.

Command Mode

Interface configuration

Usage Guidelines

Certain ports can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent.


Note For guidelines on setting the switch speed and duplex parameters, see the Catalyst 2900 Series XL Installation and Configuration Guide.
Example

The following example shows how to set port 1 on module 2 to 100 Mbps:

Switch(config)# interface fastethernet2/1 Switch(config-if)# speed 100
Related Commands

duplex

switchport access

Use the switchport access interface configuration command to configure a port as a static-access or dynamic-access port. If the mode is set to access, the port operates as a member of the configured VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives. Use the no form of this command to reset the access mode to the default VLAN for the switch.

switchport access vlan {vlan-id | dynamic}
no switchport access vlan {vlan-id | dynamic}

Syntax

vlan

Assign a VLAN to the port.

vlan-id

ID of the VLAN. Valid IDs are from 1 to 1001.

dynamic

Port is assigned to a VLAN based on the source MAC address of a host (or hosts) connected to that port. The switch sends every new source MAC address received to the VLAN Membership Policy Server (VMPS) to obtain the VLAN name to which the dynamic-access port should be assigned. If the port already has a VLAN assigned and the source has already been approved by the VMPS, the switch forwards the packet to the VLAN. This keyword is only supported in the Enterprise Edition Software.

Defaults

All ports are in static-access mode in VLAN 1.

A dynamic-access port is initially a member of no VLAN and receives its assignment based on the packets it receives.

Command Mode

Interface configuration

Usage Guidelines

The port must be in access mode before the switchport access vlan vlan-id or switchport access vlan dynamic command can take effect. For more information, see the "switchport mode" section.

An access port can be assigned to only one VLAN.

When the no switchport access vlan form is used, the access mode is reset to static access on VLAN  1.

The following restrictions apply to dynamic-access ports:

Examples

The following example shows how to assign a port already in access mode to VLAN 2 (instead of the default VLAN 1):

Switch(config-if)# switchport access vlan 2

The following example shows how to assign a port already in access mode to dynamic:

Switch(config-if)# switchport access vlan dynamic

The following example shows how to reconfigure a dynamic-access port to a static-access port:

Switch(config-if)# no switchport access vlan dynamic

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport mode
switchport multi
switchport trunk

switchport mode

Use the switchport mode interface configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.

switchport mode {access | multi | trunk}
no switchport mode {access | multi | trunk}

Syntax

access

Set the port to access mode (either static-access or dynamic-access depending on the setting of the switchport access vlan command). The port operates as a nontrunking, single VLAN interface that transmits and receives nonencapsulated frames. An access port can be assigned to only one VLAN.

multi

Set the port to multi-VLAN port mode. The port operates as a nontrunking VLAN interface that transmits and receives nonencapsulated frames. A multi-VLAN port can be assigned to one or more VLANs.

trunk

Set the port to a trunking VLAN Layer-2 interface. The port transmits and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router. This keyword is supported only in the Enterprise Edition Software.

Default

All ports are static-access ports in VLAN 1.

Command Mode

Interface configuration

Usage Guidelines

Configuration using the access, multi, or trunk keywords takes effect only when the port is changed to the corresponding mode by using the switchport mode command. The static-access, multi-VLAN, and trunk (Enterprise Edition Software only) configurations are saved, but only one configuration is active at a time.

The no switchport mode form resets the mode to static access.

Only these combinations of port modes can appear on a single switch:

Trunk and multi-VLAN ports cannot coexist on the same switch. If you want to change a multi-VLAN or trunk port into another mode, you must first change it to an access port and then reassign it to the new mode.

Examples

The following example shows how to configure a port for access mode:

Switch(config-if)# switchport mode access

The following example shows how to configure a port for multi-VLAN mode:

Switch(config-if)# switchport mode multi

The following example shows how to configure a port for trunk mode:

Switch(config-if)# switchport mode trunk

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport access
switchport multi
switchport trunk

switchport multi

Use the switchport multi interface configuration command to configure a list of VLANs to which the port is associated. If the mode is set to multi, the port operates as a member of all VLANs in the list. Use the no form of this command to reconfigure the port as an access port.

switchport multi vlan {add vlan-list | remove vlan-list}
no switchport multi vlan

Syntax

vlan

Indicate the VLAN to which the port is associated.

add

Add specified VLAN IDs to the list.

vlan-list

List of VLAN IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 1 to 1001.

remove

Remove the specified VLAN IDs.

Default

The default for VLAN membership of a multi-VLAN port is VLAN 1.

Command Mode

Interface configuration

Usage Guidelines

The switchport mode multi command must be entered before the switchport multi vlan vlan-list command can take effect.

In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs.

A multi-VLAN port cannot be a secure port or a monitor port.

A multi-VLAN port cannot coexist with a trunk port on the same switch.

Caution To avoid loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers.
Examples

The following example shows how to assign a multi-VLAN port already in multi mode to two VLANs:

Switch(config-if)# switchport multi vlan 2,4

The following example shows how to assign a multi-VLAN port already in multi mode to a range of VLANs:

Switch(config-if)# switchport multi vlan 5-10

The following example shows how to reset the VLAN list of a multi-VLAN port to the default (VLAN 1 only):

Switch(config-if)# no switchport multi vlan

You can verify the previous commands by entering the show interface interface-id switchport command in privileged EXEC mode and examining information in the Administrative Mode and Operational Mode rows.

Related Commands

switchport access
switchport mode
switchport trunk

switchport trunk allowed vlan

Use the switchport trunk allowed vlan interface configuration command to control which VLANs can receive and transmit traffic on the trunk. Use the no form of this command to reset the allowed list to the default value. This command is available only in the Enterprise Edition Software.

switchport trunk allowed vlan {add vlan-list | all | except vlan-list | remove vlan-list}
no switchport trunk allowed vlan

Syntax

add

Add specified VLAN IDs to the list.

vlan-list

List of VLAN IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 1 to 1001.

all

Add all VLAN IDs to the list.

except

Add VLAN IDs except the specified ones.

remove

Remove the specified VLAN IDs.

Default

All VLANs are included in the allowed list.

Command Mode

Interface configuration

Usage Guidelines

When the no switchport trunk allowed vlan form is used, the allowed list is reset to the default list, which allows all VLANs.

In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to designate a range of IDs. You cannot remove VLAN 1 or 1002 to 1005 from the list.

A trunk port cannot be a secure port or a monitor port. However, a static-access port can monitor a VLAN on a trunk port. The VLAN monitored is the one associated with the static-access port.

If a trunk port is identified as a network port, the trunk port becomes the network port for all the VLANs associated with the port.

Example

The following example shows how to add VLANs 1, 2, 5, and 6 to the allowed list:

Switch(config-if)# switchport trunk allowed vlan add 1,2,5,6

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk encapsulation
switchport trunk native

switchport trunk encapsulation

Use the switchport trunk encapsulation interface configuration command to set the encapsulation format on the trunk port. Use the no form of this command to reset the format to the default. This command is available only in the Enterprise Edition Software.

switchport trunk encapsulation {isl | dot1q}
no switchport trunk encapsulation

Syntax

isl

Set the encapsulation format to Inter-Switch Link (ISL). The switch encapsulates all received and transmitted packets with an ISL header. The switch filters native frames received from an ISL trunk port.

dot1q

Set the tagging format to IEEE 802.1Q. With this format, the switch supports simultaneous tagged and untagged traffic on a port.

Default

The default encapsulation format is ISL.

Command Mode

Interface configuration

Usage Guidelines

You cannot configure one end of the trunk as an 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and another port on the same switch as a 802.1Q trunk.

This command is only applicable on switch platforms and port hardware that support both formats.

Example

The following example shows how to configure the encapsulation format to 802.1Q:

Switch(config-if)# switchport trunk encapsulation dot1q

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk allowed vlan
switchport trunk native

switchport trunk native

Use the switchport trunk native interface configuration command to set the native VLAN for untagged traffic when in 802.1Q trunking mode. Use the no form of this command to reset the native VLAN to the default. This command is available only in the Enterprise Edition Software.

switchport trunk native vlan vlan-id
no switchport trunk native

Syntax

vlan

Indicate the VLAN to which the port is associated.

vlan-id

ID of the VLAN that is sending and receiving untagged traffic on the trunk port. Valid IDs are from 1 to 1001.

Default

VLAN 1 is the default native VLAN ID on the port.

Command Mode

Interface configuration

Usage Guidelines

All untagged traffic received on the 802.1Q trunk port is forwarded with the native VLAN configured for the port.

If a packet has a VLAN ID equal to the outgoing port's native VLAN ID, the packet is transmitted untagged; otherwise, the switch transmits the packet with a tag.

Example

The following example shows how to configure VLAN 3 as the default port to send all untagged traffic:

Switch(config-if)# switchport trunk native vlan 3

You can verify the previous command by entering the show interface interface-id switchport command in privileged EXEC mode.

Related Commands

switchport mode
switchport trunk allowed vlan
switchport trunk encapsulation

vlan

Use the vlan VLAN database command to configure VLAN characteristics. Use the no form of this command to delete a VLAN and its configured characteristics. This command is available only in the Enterprise Edition Software.

vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

no vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id] [stp type {ieee | ibm | auto}]
[are are-number] [ste ste-number] [backupcrf {enable | disable}]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]


Note Catalyst 2900 series switches support only Ethernet ports. You configure only FDDI and Token Ring media-specific characteristics for VLAN Trunk Protocol (VTP) global advertisements to other switches. These VLANs are locally suspended.

Table 2-7 lists the valid syntax for each media type.


Table 2-7: Valid Syntax for Different Media Types
Media Type Valid Syntax

Ethernet

vlan vlan-id [name vlan-name] media ethernet [state {suspend | active}]
[said said-value] [mtu mtu-size] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

FDDI

vlan vlan-id [name vlan-name] media fddi [state {suspend | active}]
[said said-value] [mtu mtu-size] [ring ring-number] [parent parent-vlan-id] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

FDDI-NET

vlan vlan-id [name vlan-name] media fdi-net [state {suspend | active}]
[said said-value] [mtu mtu-size] [bridge bridge-number]
[stp type {ieee | ibm | auto}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

If VTP V2 mode is disabled, do not set the stp type to auto.

Token Ring

VTP V2 mode is disabled.

vlan vlan-id [name vlan-name] media tokenring [state {suspend | active}]
[said said-value] [mtu mtu-size] [ring ring-number] [parent parent-vlan-id]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

Token Ring concentrator relay function (TRCRF)

VTP V2 mode is enabled.

vlan vlan-id [name vlan-name] media tokenring [state {suspend | active}]
[said said-value] [mtu mtu-size] [ring ring-number] [parent parent-vlan-id]
[bridge type {srb | srt}] [are are-number] [ste ste-number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

Token Ring-NET

VTP V2 mode is disabled.

vlan vlan-id [name vlan-name] media tr-net [state {suspend | active}]
[said said-value] [mtu mtu-size] [bridge bridge-number]
[stp type {ieee | ibm}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

Token Ring bridge relay function (TRBRF)

VTP V2 mode is enabled.

vlan vlan-id [name vlan-name] media tr-net [state {suspend | active}]
[said said-value] [mtu mtu-size] [bridge bridge-number]
[stp type {ieee | ibm | auto}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

VLAN Configuration Rules

Table 2-8 describes the rules for configuring VLANs.


Table 2-8: VLAN Configuration Rules
Configuration Rule

VTP V2 mode is enabled, and you are configuring a TRCRF VLAN media type.

Specify a parent VLAN ID of a TRBRF that already exists in the database.

Specify a ring number. Do not leave this field blank.

Specify unique ring numbers when TRCRF VLANs have the same parent VLAN ID. Only one backup CRF can be enabled.

VTP V2 mode is enabled, and you are configuring VLANs other than TRCRF media type.

Do not specify a backup CRF.

VTP V2 mode is enabled, and you are configuring a TRBRF VLAN media type.

Specify a bridge number. Do not leave this field blank.

VTP V2 mode is disabled.

No VLAN can have an STP type set to auto.

This rule applies to Ethernet, FDDI, FDDI-NET, Token Ring, and Token Ring-NET VLANs.

Add a VLAN that requires translational bridging (values are not set to zero).

The translational bridging VLAN IDs that are used must already exist in the database.

The translational bridging VLAN IDs that a configuration points to must also contain a pointer to the original VLAN in one of the translational bridging parameters (for example, Ethernet points to FDDI, and FDDI points to Ethernet).

The translational bridging VLAN IDs that a configuration points to must be different media types than the original VLAN (for example, Ethernet can point to Token Ring).

If both translational bridging VLAN IDs are configured, these VLANs must be different media types (for example, Ethernet can point to FDDI and Token Ring).

Syntax Description

vlan-id

ID of the configured VLAN. Valid IDs are from 1 to 1005 and must be unique within the administrative domain.

name

(Optional) Name of the VLAN to follow.

vlan-name

ASCII string from 1 to 32 characters that must be unique within the administrative domain.

media

(Optional) VLAN media type to follow.

ethernet

Ethernet media type.

fddi

FDDI media type.

fdi-net

FDDI network entity title (NET) media type.

tokenring

Token Ring media type if the VTP V2 mode is disabled.

TRCRF media type if the VTP V2 mode is enabled.

tr-net

Token Ring network entity title (NET) media type if the VTP V2 mode is disabled.

TRBRF media type if the VTP V2 mode is enabled.

state

(Optional) State of the VLAN to follow.

active

VLAN is operational.

suspend

VLAN is suspended. Suspended VLANs do not pass packets.

said

(Optional) The security association identifier (SAID) as documented in IEEE 802.10 to follow.

said-value

Integer from 1 to 4294967294 that must be unique within the administrative domain.

mtu

(Optional) Maximum transmission unit (packet size in bytes) to follow.

mtu-size

Packet size in bytes from 1500 to 18190 that the VLAN can use.

ring

(Optional) Logical ring for an FDDI, Token Ring, or TRCRF VLAN to follow.

ring-number

Integer from 1 to 4095.

bridge

(Optional) Logical distributed source-routing bridge to follow. This bridge that interconnects all logical rings having this VLAN as a parent VLAN in FDDI-NET, Token Ring-NET, and TRBRF VLANs.

bridge-number

Integer from 0 to 15.

type

Bridge type to follow. Applies only to TRCRF VLANs.

srb

Source-route bridging VLAN.

srt

Source-route transparent bridging VLAN.

parent

(Optional) Parent VLAN of an existing FDDI, Token Ring, or TRCRF VLAN to follow. This parameter identifies the TRBRF to which a TRCRF belongs and is required when defining a TRCRF.

parent-vlan-id

Integer from 0 to 1005.

stp type

(Optional) Spanning-tree type for FDDI-NET, Token Ring-NET, or TRBRF VLAN to follow.

ieee

IEEE Ethernet STP running source-route transparent (SRT) bridging.

ibm

IBM STP running source-route bridging (SRB).

auto

STP running a combination of source-route transparent bridging (IEEE) and source-route bridging (IBM).

are

Number of all-routes explorer (ARE) hops to follow. This keyword applies only to TRCRF VLANs.

are-number

Integer from 0 to 13 that defines the maximum number of ARE hops for this VLAN.

ste

Number of spanning-tree explorer (STE) hops to follow. This keyword applies only to TRCRF VLANs.

ste-number

Integer from 0 to 13 that defines the maximum number of STE hops for this VLAN.

backupcrf

Backup CRF mode to follow. This keyword applies only to TRCRF VLANs.

enable

Enable backup CRF mode for this VLAN.

disable

Disable backup CRF mode for this VLAN.

tb-vlan1 and tb-vlan2

(Optional) First and second VLAN to which this VLAN is translationally bridged. Translational VLANs translate FDDI or Token Ring to Ethernet, for example.

tb-vlan1-id and tb-vlan2-id

Integer that ranges from 0 to 1005.

Defaults

The vlan-name variable is VLANxxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.

The media type is ethernet.

The state is active.

The SAID value is 100000 plus the VLAN ID.

The MTU size for Ethernet, FDDI, and FDDI-NET VLANs is 1500 bytes. The MTU size for Token Ring and Token Ring-NET VLANs is 1500 bytes. The MTU size for TRBRF and TRCRF VLANs is 4472 bytes.

The ring number for Token Ring VLANs is zero. For FDDI VLANs, there is no default. For TRCRF VLANs, you must specify a ring number.

The bridge number is zero (no source-routing bridge) for FDDI-NET and Token Ring-NET VLANs. For TRBRF VLANs, you must specify a bridge number.

The parent VLAN ID is zero (no parent VLAN) for FDDI and Token Ring VLANs. For TRCRF VLANs, you must specify a parent VLAN ID. For both Token Ring and TRCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TRBRF VLAN.

The STP type is ieee for FDDI-NET VLANs. For Token Ring-NET and TRBRF VLANs, the default is ibm.

The ARE value is 7.

The STE value is 7.

Backup CRF is disabled.

The tb-vlan1-id and tb-vlan2-id variables are zero (no translational bridging).

Command Mode

VLAN database

Usage Guidelines

When the no vlan vlan-id form is used, the VLAN is deleted. Deleting VLANs automatically resets to zero any other parent VLANs and translational bridging parameters that refer to the deleted VLAN.

When the no vlan vlan-id name vlan-name form is used, the VLAN name returns to the default name (VLANxxxx, where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number).

When the no vlan vlan-id media form is used, the media type returns to the default (ethernet). Changing the VLAN media type (including the no form) resets the VLAN MTU to the default MTU for the type (unless the mtu keyword is also present in the command). It also resets the VLAN parent and translational bridging VLAN to the default (unless the parent, tb-vlan1, and/or tb-vlan2 are also present in the command).

When the no vlan vlan-id state form is used, the VLAN state returns to the default (active).

When the no vlan vlan-id said form is used, the VLAN SAID returns to the default (100,000 plus the VLAN ID).

When the no vlan vlan-id mtu form is used, the VLAN MTU returns to the default for the applicable VLAN media type. You can also modify the MTU using the media keyword.

When the no vlan vlan-id ring form is used, the VLAN logical ring number returns to the default (0).

When the no vlan vlan-id bridge form is used, the VLAN source-routing bridge number returns to the default (0). The vlan vlan-id bridge command is only used for FDDI-NET and Token Ring-NET VLANs and is ignored in other VLAN types.

When the no vlan vlan-id parent form is used, the parent VLAN returns to the default (0). The parent VLAN resets to the default if the parent VLAN is deleted or if the media keyword changes the VLAN type or the VLAN type of the parent VLAN.

When the no vlan vlan-id stp type form is used, the VLAN spanning-tree type returns to the default (ieee).

When the no vlan vlan-id tb-vlan1 or no vlan vlan-id tb-vlan2 form is used, the VLAN translational bridge VLAN (or VLANs, if applicable) returns to the default (0). Translational bridge VLANs must be a different VLAN type than the affected VLAN, and if two are specified, the two must be different VLAN types from each other. A translational bridge VLAN resets to the default if the translational bridge VLAN is deleted, if the media keyword changes the VLAN type, or if the media keyword changes the VLAN type of the corresponding translation bridge VLAN.

Examples

The following example shows how to add an Ethernet VLAN with default media characteristics. The default includes a vlan-name of VLANxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee. The VLAN is added if it did not already exist; otherwise, this command does nothing.

Switch(vlan)# vlan 2

The following example shows how to modify an existing VLAN by changing its name and MTU size:

Switch(vlan)# no vlan name engineering mtu 1200

You can verify the previous commands by entering the show vlan command in privileged EXEC mode.

Related Commands
show vlan

vlan database

The vlan database privileged EXEC command causes the command-line interface (CLI) to enter VLAN database mode so that you can add, delete, and modify VLAN configurations and globally propagate these changes using the VLAN Trunk Protocol (VTP). This command is available only in the Enterprise Edition Software.

vlan database

Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Usage Guidelines

To return to the privileged EXEC mode from the VLAN database mode, enter the exit command.


Note This command mode is different from other modes because it is session oriented. When you add, delete, or modify VLAN parameters, the changes are not applied until you exit the session by entering the apply or exit commands. When the changes are applied, the VTP configuration version is incremented. You can also not apply the changes to the VTP database by entering abort.
Example

The following example shows how to enter the VLAN database mode from the privileged EXEC mode:

Switch# vlan database Switch(vlan)#
Related Commands
abort
apply
exit
reset
shutdown vlan

vmps reconfirm (Privileged EXEC)

Use the vmps reconfirm privileged EXEC command to immediately send VLAN Query Protocol (VQP) queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS). This command is available only in the Enterprise Edition Software.
vmps reconfirm
Syntax Description

This command has no arguments or keywords.

Default

No default is defined.

Command Mode

Privileged EXEC

Example

The following example shows how to immediately send VQP queries to the VMPS:

Switch# vmps reconfirm

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time the assignments were reconfirmed either as a result of reconfirmation timer expiring or because the vmps reconfirm command was issued.

Related Commands

show vmps
vmps reconfirm

vmps reconfirm (Global Configuration)

Use the vmps reconfirm global configuration command to change the reconfirmation interval for the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.
vmps reconfirm interval
Syntax Description

interval

Reconfirmation interval for VQP client queries to the VLAN Membership Policy Server (VMPS) to reconfirm dynamic VLAN assignments. The interval range is from 1 to 120 minutes.

Default

The default reconfirmation interval is 60 minutes.

Command Mode

Global configuration

Example

The following example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:

Switch(config)# vmps reconfirm 20

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Reconfirm Interval row.

Related Commands
show vmps
vmps reconfirm

vmps retry

Use the vmps retry global configuration command to configure the per-server retry count for the VLAN Query Protocol (VQP) client. This command is available only in the Enterprise Edition Software.
vmps retry count
Syntax Description

count

Number of attempts to contact the VLAN Membership Policy Server (VMPS) by the client before querying the next server in the list. The retry range is from 1 to 10.

Default

The default retry count is 3.

Command Mode

Global configuration

Example
The following example shows how to set the retry count to 7:
Switch(config)# vmps retry 7

You can verify the previous command by entering the show vmps command in privileged EXEC mode and examining information in the Server Retry Count row.

Related Commands
show vmps

vmps server

Use the vmps server global configuration command to configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers. Use the no form of this command to remove a VMPS server. This command is available only in the Enterprise Edition Software.
vmps server ipaddress [primary]
no vmps server [ipaddress]
Syntax Description

ipaddress

IP address or host name of the primary or secondary VMPS servers. If you specify a host name, the Domain Name System (DNS) server must be configured.

primary

(Optional) Determines whether primary or secondary VMPS servers are being configured.

Default

No primary or secondary VMPS servers are defined.

Command Mode

Global configuration

Usage Guidelines

The first server entered is automatically selected as the primary server whether or not primary is entered. The first server address can be overridden by using primary in a subsequent command.

When using the no form without specifying the ipaddress, all configured servers are deleted. If you delete all servers when dynamic-access ports are present, the switch cannot forward packets from new sources on these ports because it cannot query the VMPS.

Examples

The following example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS server, and the servers with IP addresses 191.10.49.21 and 191.10.49.22 as secondary servers:

Switch(config)# vmps server 191.10.49.20 primary Switch(config)# vmps server 191.10.49.21 Switch(config)# vmps server 191.10.49.22

The following example shows how to delete the server with IP address 191.10.49.21:

Switch(config)# no vmps server 191.10.49.21

You can verify the previous commands by entering the show vmps command in privileged EXEC mode and examining information in the VMPS Domain Server row.

Related Commands
show vmps

vtp

Use the vtp VLAN database command to configure the VLAN Trunk Protocol (VTP) mode. Use the no form of this command to return to the default setting. This command is available only in the Enterprise Edition Software.

vtp {server | client | transparent}
no vtp {server | client | transparent}

Syntax Description

server

Place the switch in VTP server mode. A switch in VTP server mode is enabled for VTP and sends advertisements. You can configure VLANs on it. The switch can recover all the VLAN information in the current VTP database from nonvolatile storage after reboot.

client

Place the switch in VTP client mode. A switch in VTP client mode is enabled for VTP, can send advertisements, but does not have enough nonvolatile storage to store VLAN configurations. You cannot configure VLANs on it. When a VTP client starts up, it does not transmit VTP advertisements until it receives advertisements to initialize its VLAN database.

transparent

Place the switch in VTP transparent mode. A switch in VTP transparent mode is disabled for VTP, does not transmit advertisements or learn from advertisements sent by other devices, and cannot affect VLAN configurations on other devices in the network. The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received. The configuration of multi-VLAN ports causes the switch to automatically enter transparent mode.


Note Catalyst 2900 series switches support up to 64 VLANs. If you define more than 64 or if the switch receives an advertisement that contains more than 64 VLANs, the switch automatically enters VTP transparent mode and operates with the VLAN configuration preceding the one that put it into transparent mode. The count of 64 VLANs always includes VLAN 1 but never includes VLANs 1002 to 1005. The switch can have 64 active VLANs, plus VLANs 1002 through 1005, which are inactive.
Default

Server mode is the default mode.

Command Mode

VLAN database

Usage Guidelines

The no vtp client and no vtp transparent forms of the command return the switch to VTP server mode.

The vtp server command is the same as no vtp client or no vtp transparent except that it does not return an error if the switch is not in client or transparent mode.

Example

The following example shows how to place the switch in VTP transparent mode:

Switch(vlan)# vtp transparent

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands
show vtp status

vtp domain

Use the vtp domain VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain. This command is available only in the Enterprise Edition Software.

vtp domain domain-name

Syntax Description

domain-name

ASCII string from 1 to 32 characters that identifies the VTP administrative domain for the switch. The domain name is case sensitive.

Default

No domain name is defined.

Command Mode

VLAN database

Usage Guidelines

The switch is in the no-management-domain state until you configure a domain name. While in the no-management-domain state, the switch does not transmit any VTP advertisements even if changes occur to the local VLAN configuration. The switch leaves the no-management-domain state after receiving the first VTP summary packet on any port that is currently trunking or after configuring a domain name using the vtp domain command. If the switch receives its domain from a summary packet, it resets its configuration revision number to zero. After the switch leaves the no-management-domain state, it can never be configured to reenter it until you clear the NVRAM and reload the software.

Domain names are case sensitive.

Once you configure a domain name, it cannot be removed. You can only reassign it to a different domain.

Example

The following example shows how to set the administrative domain for the switch:

Switch(vlan)# vtp domain OurDomainName

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands

show vtp status
vtp password

vtp file

Use the vtp file global configuration command to modify the VLAN Trunk Protocol (VTP) configuration storage filename. Use the no form of this command to return the filename to its default name. This command is available only in the Enterprise Edition Software.

vtp file ifsfilename
no vtp file

Syntax Description

ifsfilename

The IOS IFS filename where the VTP VLAN configuration is stored.

Default

The default filename is flash:vlan.dat.

Command Mode

Global configuration

Usage Guidelines

This command cannot be used to load a new database; it only renames the file in which the existing database is stored.

Example

The following example shows how to rename the filename for VTP configuration storage to vtpfilename:

Switch(config)# vtp file vtpfilename
Related Commands
vtp

vtp password

Use the vtp password VLAN database command to configure the VLAN Trunk Protocol (VTP) administrative domain password. Use the no form of this command to remove the password. This command is available only in the Enterprise Edition Software.

vtp password password-value
no vtp password password-value

Syntax Description

password

Set the password for the generation of the 16-byte secret value used in MD5 digest calculation to be sent in VTP advertisements and to validate received VTP advertisements.

password-value

ASCII string from 8 to 64 characters. The password is case sensitive.

Default

No password is defined.

Command Mode

VLAN database

Usage Guidelines

Passwords are case sensitive. Passwords should match on all switches in the same domain.

When the no vtp password form of the command is used, the switch returns to the no password state.

Example

The following example shows how to configure the VTP domain password:

Switch(vlan)# vtp password ThisIsOurDomain'sPassword
Related Commands

vtp domain

vtp pruning

Use the vtp pruning VLAN database command to enable pruning in the VLAN Trunk Protocol (VTP) administrative domain. Use the no form of this command to disable pruning. This command is available only in the Enterprise Edition Software.

vtp pruning
no vtp pruning

Syntax Description

pruning

Enable pruning in the VTP administrative domain. If you enable pruning on the VTP server, it is enabled for the entire management domain. Only VLANs included in the pruning-eligible list can be pruned. For Catalyst 2900 series switches, no VLANs are pruning eligible on the trunk port.

Default

Pruning is disabled.

Command Mode

VLAN database

Example

The following example shows how to enable pruning in the proposed new VLAN database:

Switch(vlan)# vtp pruning

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands
show vtp status
vtp
vtp v2-mode

vtp v2-mode

Use the vtp v2-mode VLAN database command to enable VLAN Trunk Protocol (VTP) version 2 in the administrative domains. Use the no form of this command to disable V2 mode. This command is available only in the Enterprise Edition Software.

vtp v2-mode
no vtp v2-mode

Syntax Description

v2-mode

Enable V2 mode in the VTP administrative domain. Each VTP switch automatically detects the capabilities of all the other VTP devices. To use V2 mode, all VTP switches in the network must support version 2; otherwise, you must configure them to operate in VTP version 1 mode (no vtp v2-mode).

If you are using VTP in a Token Ring environment, VTP V2 mode must be enabled.

If you are configuring a Token Ring bridge relay function (TRBRF) or Token Ring concentrator relay function (TRCRF) VLAN media type, you must use version 2.

If you are configuring a Token Ring or Token Ring-NET VLAN media type, you must use version 1.

Default

VTP version 2 is disabled.

Command Mode

VLAN database

Usage Guidelines

Toggling the V2 mode state modifies certain parameters of certain default VLANs.

Example

The following example shows how to enable V2 mode in the proposed new VLAN database:

Switch(vlan)# vtp v2-mode

You can verify the previous commands by entering the show vtp status command in privileged EXEC mode.

Related Commands
show vtp status
vtp
vtp pruning


hometocprevnextglossaryfeedbacksearchhelp

Copyright 1989-1998©Cisco Systems Inc.