Configuring Cisco C1100TG-ES-24 EtherSwitch Network Interface Module

This document provides on how to configure Cisco C1100TG-ES-24 EtherSwitch Network Interface Module on the Cisco 1100 Terminal Gateway. This chapter contains the following sections:

Overview

The Cisco C1100TG-ES-24 EtherSwitch Network Interface Module (NIM) integrates the Layer 2 features and provides a 1-Gbps connection to the multigigabit fabric (MGF) for intermodule communication.

Finding Support Information for Platforms and Cisco IOS Software Images

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on Cisco.com is not required.

Software Features

The following are the switching software features supported on the Cisco Cisco C1100TG-ES-24 EtherSwitch Network Interface Module:

Assigning IP Addresses to Switch Virtual Interfaces

To configure IP routing, you need to assign IP addresses to Layer 3 network interfaces. This enables communication with the hosts on those interfaces that use IP. IP routing is disabled by default, and no IP addresses are assigned to Switch Virtual Interfaces (SVIs).

An IP address identifies a destination for IP packets. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network addresses. RFC 1166, “Internet Numbers,” contains the official description of these IP addresses.

An interface can have one primary IP address. A a subnet mask identifies the bits that denote the network number in an IP address.

Beginning in privileged EXEC mode, follow these steps to assign an IP address and a network mask to an SVI

SUMMARY STEPS

  1. configure terminal
  2. interface vlan vlan_id
  3. ip address ip-address subnet-mask
  4. end
  5. show interfaces [interface-id ]show ip interface [interface-id ]show running-config interface [interface-id ]
  6. copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface vlan vlan_id

Enter interface configuration mode, and specify the Layer 3 VLAN to configure.

Step 3

ip address ip-address subnet-mask

Configure the IP address and IP subnet mask.

Step 4

end

Return to privileged EXEC mode.

Step 5

show interfaces [interface-id ]show ip interface [interface-id ]show running-config interface [interface-id ]

Verify your entries.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

What to do next

IEEE 802.1x Protocol

The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that prevents clients from connecting to a LAN through publicly accessible ports unless they are authenticated. The authentication server authenticates each client connected to a port before making available any services offered by the router or the LAN.

Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic can pass through the port. For more information on IEEE 802.1x port-based authentication, see the Configuring IEEE 802.1x Port-Based Authentication chapter of the Security Configuration Guide, Cisco IOS XE Gibraltar 16.10.x.

IGMP Snooping for IPv4

IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content. You can configure the switch to use IGMP snooping in subnets that receive IGMP queries from either IGMP or the IGMP snooping querier. IGMP snooping constrains IPv4 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv4 multicast traffic only to those ports that want to receive it.

Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients. For more information on this feature, see http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_1_e/configuration/guide/scg3750x/swigmp.html .

MAC Table Manipulation

This section includes the following:

Creating a Static Entry in the MAC Address Table

MAC Address-Based Traffic Blocking

Configuring and Verifying the Aging Timer

Creating a Static Entry in the MAC Address Table

Perform the following task to create a static entry in the MAC address table.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. mac address-table static mac-address vlan vlan-id interface Interface-id
  4. end
  5. show mac address-table

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

mac address-table static mac-address vlan vlan-id interface Interface-id

Example:

Router(config)# mac address-table static 00ff.ff0d.2dc0 vlan 1 interface gigabitethernet 0/1/0

Creates a static entry in the MAC address table.

Step 4

end

Example:

Router(config)# end

Returns to privileged EXEC mode.

Step 5

show mac address-table

Example:

Router# show mac address-table

Verifies the MAC address table.

MAC Address-Based Traffic Blocking

Perform the following task to block all traffic to or from a MAC address in a specified VLAN.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. mac address-table static mac-address vlan vlan-id drop
  4. end
  5. show mac address-table

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router#configure terminal

Enters global configuration mode.

Step 3

mac address-table static mac-address vlan vlan-id drop

Example:

Router(config)# mac address-table static 00ff.ff0d.2dc0 vlan 1 drop

Creates a static entry with drop action in the MAC address table.

Step 4

end

Example:

Router(config)# end

Returns to privileged EXEC mode.

Step 5

show mac address-table

Example:

Router# show mac address-table

Verifies the MAC address table.

Configuring and Verifying the Aging Timer

Perform this task to configure the aging timer.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. mac address-table aging-time time
  4. end
  5. show mac address-table aging-time

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

mac address-table aging-time time

Example:

Router(config)# mac address-table aging-time 600
or
Example:

Router(config)# mac address-table aging-time 0

Configures the MAC address aging timer age in seconds.

  • The accept value is either 0 or 10-1000000 seconds. Default value is 300 seconds.

  • The maximum aging timer supported by switch chipset is 634 seconds. If configure greater than 634 seconds, MAC address will age out after 634 seconds.

  • The value 0 means dynamic MAC entries will never age out.

Step 4

end

Example:

Router(config)# end

Returns to privileged EXEC mode.

Step 5

show mac address-table aging-time

Example:

Router# show mac address-table aging-time

Verifies the MAC address table.

Spanning Tree Protocol

Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Spanning tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or to a switched LAN of multiple segments. For more information on this feature, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/geshwic_cfg.html .

Configuring the Switched Port Analyzer

This section describes how to configure a Switched Port Analyzer (SPAN) session on Cisco C1100TG-ES-24. The following restrictions apply to the Cisco C1100TG-ES-24:

  • Only intra-module local SPAN is supported and cross module SPAN is not supported.
  • Each Cisco C1100TG-ES-24 supports only one local SPAN session.
  • Each SPAN session supports only one source port and one destination port.

Note
Tx, Rx, or both Tx and Rx monitoring is supported.
Configuring the SPAN Sources

To configure the source for a SPAN session, use the monitor session session source {interface type 0/slot/port | vlan vlan_ID [, | - | rx | tx | both ]} command in global configuration mode. This command specifies the SPAN session, the source interfaces or VLANs, and the traffic direction to be monitored. 


Router(config)# monitor session
 
1
 source interface
 
gigabitethernet 0/1/1
Configuring SPAN Destinations

To configure the destination for a SPAN session, use the monitor session session destination {interface type slot/subslot/port | - | rx | tx | both ]} command in global configuration mode. 


Router(config)# monitor session
 
1
 destination interface
 
gigabitethernet 0/1/1
Verifying the SPAN Session

Use the show monitor session command to verify the sources and destinations configured for the SPAN session. 


Router#show monitor session 1
 
Session 1 
--------- 
Session 1
---------
Type : Local Session
Source Ports :
Both : Gi0/1/0
Destination Ports : Gi0/1/1
Removing a SPAN Session

To remove sources or destinations from the SPAN session, use the no monitor session session command in global configuration mode as shown in the following example:

Router(config)#no monitor session 1

Configuring Layer 2 Quality of Service

Cisco C1100TG-ES-24 supports four egress queues on each port for L2 data traffic. The four queues are strict priority queues by default, which is, queue one is lowest priority queue and queue four is highest priority queue. Shaped Deficit Weight Round Robin (SDWRR) is also supported and the weight of each queue can be configured.

The Cisco C1100TG-ES-24 L2 QoS configuration is a global configuration and it is not per module nor per port.

Configuring 802.1p COS-based Queue Mapping

Beginning in privileged EXEC mode, follow these steps to configure the CoS based queue mapping:

SUMMARY STEPS

  1. configure terminal
  2. wrr-queue cos-map qid cos1..cosn
  3. end
  4. show wrr-queue cos-map

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

wrr-queue cos-map qid cos1..cosn

Specify the CoS values that are mapped to the queue id.

Default values are as follows:

CoS Value - Queue ID

0, 1 - Q1

2, 3 - Q2

4, 5 - Q3

6, 7 - Q4

Step 3

end

Return to privileged EXEC mode.

Step 4

show wrr-queue cos-map

Display the mapping of the queues.

What to do next

To disable the new CoS settings and return to default settings, use the no wrr-queue cos-map global configuration command.

Configuring SDWRR Priority

Beginning in privileged EXEC mode, follow these steps to configure the SDWRR priority:

SUMMARY STEPS

  1. configure terminal
  2. wrr-queue bandwidth weight1...weight4
  3. end
  4. show wrr-queue bandwidth

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

wrr-queue bandwidth weight1...weight4

Assign SDWRR weights to the four CoS queues. The range for the WRR values weight1 through weight4 is 1 to 255.

Step 3

end

Return to privileged EXEC mode.

Step 4

show wrr-queue bandwidth

Display the SDWRR bandwidth allocation for the queues.

What to do next

Note
Once SDWRR priority is configured the SDWRR scheduling will be activated and strict priority will be disabled. To disable the SDWRR scheduling and enable the strict priority scheduling, use the no wrr-queue bandwidth global configuration command.
Configuring the CoS Value for an Interface

Beginning in privileged EXEC mode, follow these steps to define the default CoS value of a port or to assign the default CoS to all incoming packets on the port:

SUMMARY STEPS

  1. configure terminal
  2. Interface interface-id
  3. switchport priority {default default-cos | override}
  4. end
  5. show interface interface-id switchport
  6. copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

Interface interface-id

Specify the EtherSwitch interface and enter interface configuration mode.

Step 3

switchport priority {default default-cos | override}

Configure the default CoS value for the port.

  • For default-cos, specify a default CoS value to be assigned to a port. For incoming untagged packets, the default CoS value becomes the CoS value for the packet. The CoS range is 0 to 7. The default is 0.
  • •Use the override keyword to override the CoS value of the incoming tagged packets and to apply the default port CoS value to the packets. By default, CoS override is disabled.

Step 4

end

Return to privileged EXEC mode.

Step 5

show interface interface-id switchport

Verify your entries

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

What to do next

To return to the default setting, use the no switchport priority {default | override} interface configuration command.

Configuring LAN Ports for Layer 2 Switching

This chapter describes how to use the command-line interface (CLI) to configure Gigabit Ethernet, and 10/100/1000-Gigabit Ethernet LAN ports for Layer 2 switching on the device. The configuration tasks in this section apply to LAN ports on LAN switching modules.

Layer 2 LAN Port Modes

The following table lists the Layer 2 LAN port modes and describes how they function on LAN ports.

Table 1. Layer 2 LAN Port Modes

Mode

Function

switchport mode access

Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN port becomes a nontrunk port even if the neighboring LAN port does not agree to the change.

switchport mode dynamic desirable

Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk , desirable , or auto mode. This is the default mode for all LAN ports.

switchport mode dynamic auto

Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk or desirable mode.

switchport mode trunk

Puts the LAN port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not agree to the change.

switchport nonegotiate

Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.


Note
DTP is a point-to-point protocol. However, some internetworking devices might forward DTP frames improperly. To avoid this problem, ensure that LAN ports connected to devices that do not support DTP are configured with the access keyword if you do not intend to trunk across those links. To enable trunking to a device that does not support DTP, use the nonegotiate keyword to cause the LAN port to become a trunk but not generate DTP frames.

Default Layer 2 LAN Interface Configuration

The following table shows the Layer 2 LAN port default configuration.

Table 2. Layer 2 LAN Interface Default Configuration

Feature

Default

Interface mode:

  • Before entering the switchport command
  • After entering the switchport command

switchport mode dynamic desirable

Default access VLAN

VLAN 1

Native VLAN (for 802.1Q trunks)

VLAN 1

Configuring LAN Interfaces for Layer 2 Switching

These sections describe how to configure Layer 2 switching on the device:


Note
Use the default interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet } slot/subslot/port command to revert an interface to its default configuration.
Configuring a LAN Port for Layer 2 Switching

To configure a LAN port for Layer 2 switching, perform this task:

SUMMARY STEPS

  1. Router(config)# interface type 1 slot/subslot/port
  2. Router(config-if)# shutdown
  3. Router# show running-config interface [type 2 slot/port ]
  4. Router# show interfaces [type 3 slot/subslot/port ] switchport
  5. Router# show interfaces [type 4 slot/subslot/port ] trunk

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# interface type 1 slot/subslot/port

Selects the LAN port to configure.

Step 2

Router(config-if)# shutdown

(Optional) Shuts down the interface to prevent traffic flow until configuration is complete.

Step 3

Router# show running-config interface [type 2 slot/port ]

Displays the running configuration of the interface.

Step 4

Router# show interfaces [type 3 slot/subslot/port ] switchport

Displays the switch port configuration of the interface.

Step 5

Router# show interfaces [type 4 slot/subslot/port ] trunk

Displays the trunk configuration of the interface.

1 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet
2 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet
3 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet
4 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet
What to do next

After you enter the switchport command, the default mode is switchport mode dynamic desirable . If the neighboring port supports trunking and is configured to allow trunking, the link becomes a Layer 2 trunk when you enter the switchport command. By default, LAN trunk ports negotiate encapsulation. If the neighboring port supports ISL and 802.1Q encapsulation and both ports are set to negotiate the encapsulation type, the trunk uses ISL encapsulation (10-Gigabit Ethernet ports do not support ISL encapsulation).

Configuring a Layer 2 Switching Port as a Trunk

These section describe configuring a Layer 2 switching port as a trunk:

Configuring the Layer 2 Switching Port as 802.1Q Trunk

Note
Complete the steps in the Configuring a LAN Port for Layer 2 Switching before performing the tasks in this section.
  • When you enter the switchport command with no other keywords, the default mode is switchport mode dynamic desirable and switchport trunk encapsulation negotiate .

To configure the Layer 2 switching port as an ISL or 802.1Q trunk, perform this task:

Command

Purpose 


Router(config-if)# switchport mode trunk

(Optional) Configures the Layer 2 switching port mode as 802.1Q trunk.

When configuring the Layer 2 switching port as 802.1Q trunk, note the following information:

  • The switchport mode trunk command (see the Configuring the Layer 2 Trunk Not to Use DTP) is not compatible with the switchport trunk encapsulation negotiate command.
  • To support the switchport mode trunk command, you must configure the encapsulation as 802.1Q.
Configuring the Layer 2 Trunk to Use DTP

Note
Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.

To configure the Layer 2 trunk to use DTP, perform this task:

Command

Purpose 


Router(config-if)# switchport mode dynamic  {auto  | desirable }

(Optional) Configures the trunk to use DTP. 


Router(config-if)# no switchport mode

Reverts to the default trunk trunking mode (switchport mode dynamic desirable ).

When configuring the Layer 2 trunk to use DTP, note the following information:

  • Required only if the interface is a Layer 2 access port or to specify the trunking mode.
  • See the Layer 2 LAN Port Modes table for information about trunking modes.
Configuring the Layer 2 Trunk Not to Use DTP

Note
Complete the steps in the “Configuring a LAN Port for Layer 2 Switching” section before performing the tasks in this section.

To configure the Layer 2 trunk not to use DTP, perform this task:

SUMMARY STEPS

  1. Router(config-if)# switchport mode trunk
  2. Router(config-if)# no switchport mode
  3. Router(config-if)# switchport nonegotiate
  4. Router(config-if)# no switchport nonegotiate

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config-if)# switchport mode trunk

(Optional) Configures the port to trunk unconditionally.

Step 2

Router(config-if)# no switchport mode

Reverts to the default trunk trunking mode (switchport mode dynamic desirable ).

Step 3

Router(config-if)# switchport nonegotiate

(Optional) Configures the trunk not to use DTP.

Step 4

Router(config-if)# no switchport nonegotiate

Enables DTP on the port.

What to do next

When configuring the Layer 2 trunk not to use DTP, note the following information:

  • Before entering the switchport mode trunk command, you must configure the encapsulation (see the “Configuring the Layer 2 Switching Port as 802.1Q Trunk” section).
  • To support the switchport nonegotiate command, you must enter the switchport mode trunk command.
  • Enter the switchport mode dynamic trunk command. See Layer 2 LAN Port Modes table for information about trunking modes.
  • Before entering the switchport nonegotiate command, you must configure the encapsulation (see the “Configuring the Layer 2 Switching Port as 802.1Q Trunk” section) and configure the port to trunk unconditionally with the switchport mode trunk command (see the “Configuring the Layer 2 Trunk to Use DTP” section).
Configuring the 802.1Q Native VLAN

Command

Purpose 


Router(config-if)# switchport access vlan  vlan_ID

(Optional) Configures the access VLAN, which is used if the interface stops trunking. The vlan_ID value can be 1 through 4094, except reserved VLANs. 


Router(config-if)# no switchport access vlan

Reverts to the default value (VLAN 1).


Note
Complete the steps in the Configuring a LAN Port for Layer 2 Switching before performing the tasks in this section.

To configure the 802.1Q native VLAN, perform this task:

Command

Purpose 


Router(config-if)# switchport trunk native vlan  vlan_ID

(Optional) Configures the 802.1Q native VLAN. 


Router(config-if)# no switchport trunk native vlan

Reverts to the default value (VLAN 1).

When configuring the native VLAN, note the following information:

  • The vlan_ID value can be 1 through 4094, except reserved VLANs.
  • The access VLAN is not automatically used as the native VLAN.
Configuring the List of VLANs Allowed on a Trunk

Note
Complete the steps in the Configuring a LAN Port for Layer 2 Switching before performing the tasks in this section.

To configure the list of VLANs allowed on a trunk, perform this task:

Command

Purpose 


Router(config-if)# switchport trunk allowed vlan  {add  | except  | none  | remove } vlan  [,vlan [,vlan [,...]]

(Optional) Configures the list of VLANs allowed on the trunk. 


Router(config-if)# no switchport trunk allowed vlan

Reverts to the default value (all VLANs allowed).

When configuring the list of VLANs allowed on a trunk, note the following information:

  • The vlan parameter is either a single VLAN number from 1 through 4094, or a range of VLANs described by two VLAN numbers, the lesser one first, separated by a dash. Do not enter any spaces between comma-separated vlan parameters or in dash-specified ranges.
  • All VLANs are allowed by default.
  • You can remove VLAN 1. If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), and DTP in VLAN 1.

STP Overview

STP is a Layer 2 link-management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. STP operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN basis.

Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules support the following three STP:

Multiple Spanning Tree protocol

MST maps multiple VLANs into a spanning tree instance, with each instance having a spanning tree topology independent of other spanning tree instances. This architecture provides multiple forwarding paths for data traffic, enables load balancing, and reduces the number of spanning tree instances required to support a large number of VLANs. MST improves the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

Per-VLAN Spanning Tree+

Per-VLAN Spanning Tree+ (PVST+) is an extension of the PVST standard. Per-VLAN Spanning Tree+ (PVST+) allows interoperability between CST and PVST in Cisco switches and supports the IEEE 802.1Q standard.

Rapid Per-VLAN Spanning Tree+

Rapid-PVST uses the existing configuration for PVST+; however, Rapid-PVST uses RSTP to provide faster convergence. Independent VLANs run their own RSTP instance. Dynamic entries are flushed immediately on a per-port basis upon receiving a topology change. UplinkFast and BackboneFast configurations are ignored in Rapid-PVST mode; both features are included in RSTP.

Default STP Configuration

The following table shows the default STP configuration.

Table 3. STP Default Configuration

Feature

Default Value

Disable state

STP disabled for all VLANs

Bridge priority

32768

STP port priority (configurable on a per-port basis—used on LAN ports configured as Layer 2 access ports)

128

STP port cost (configurable on a per-port basis—used on LAN ports configured as Layer 2 access ports)

Gigabit Ethernet: 4

STP VLAN port priority (configurable on a per-VLAN basis—used on LAN ports configured as Layer 2 trunk ports)

128

STP VLAN port cost (configurable on a per-VLAN basis—used on LAN ports configured as Layer 2 trunk ports)

Gigabit Ethernet:1000000000

Hello time

2 seconds

Forward delay time

15 seconds

Maximum aging time

20 seconds

Mode

PVST

Enabling STP


Note
STP is disabled by default on all VLANs.

You can enable STP on a per-VLAN basis. The Cisco 4-Ports and 8-Ports Layer 2 Gigabit EtherSwitch Network Interface Modules maintain a separate instance of STP for each VLAN (except on VLANs on which you disable STP).

To enable STP on a per-VLAN basis, perform this task:

SUMMARY STEPS

  1. Device(config)# spanning-tree mode [pvst | rapid-pvst | mst ]
  2. Device(config)# spanning-tree vlan vlan_ID
  3. Device(config)# default spanning-tree vlan vlan_ID
  4. Device(config)# no spanning-tree vlan vlan_ID
  5. Device(config)# end
  6. Device# show spanning-tree vlan vlan_ID

DETAILED STEPS

  Command or Action Purpose

Step 1

Device(config)# spanning-tree mode [pvst | rapid-pvst | mst ]

Enables STP on a required mode.

Step 2

Device(config)# spanning-tree vlan vlan_ID

Enables STP on a per-VLAN basis. The vlan_ID value can be 1 through 4094, except reserved VLANs (see STP Default Configuration table).

Step 3

Device(config)# default spanning-tree vlan vlan_ID

Reverts all STP parameters to default values for the specified VLAN.

Step 4

Device(config)# no spanning-tree vlan vlan_ID

Disables STP on the specified VLAN; see the following Cautions for information regarding this command.

Step 5

Device(config)# end

Exits configuration mode.

Step 6

Device# show spanning-tree vlan vlan_ID

Verifies that STP is enabled.

What to do next

Caution

Do not disable spanning tree on a VLAN unless all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the VLAN. This action can have unexpected results because switches and bridges with spanning tree enabled will have incomplete information regarding the physical topology of the network.


Caution

We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree serves as a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.

This example shows how to enable STP on VLAN 200: 


Device# configure terminal
 
Device(config)# spanning-tree mst
Device(config)# spanning-tree vlan 200
 
Device(config)# end
 
Device#

Note
STP is disabled by default.

This example shows how to verify the configuration: 



Device(config)# spanning-tree pvst
Device# show spanning-tree vlan 200
 
G0:VLAN0200
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     00d0.00b8.14c8
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32768
             Address     00d0.00b8.14c8
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
Interface        Role Sts Cost      Prio.Nbr Status
---------------- ---- --- --------- -------- --------------------------------
Gi1/4            Desg FWD 200000    128.196  P2p 
Gi1/5            Back BLK 200000    128.197  P2p 
Device#

Note
You must have at least one interface that is active in VLAN 200 to create a VLAN 200 spanning tree. In this example, two interfaces are active in VLAN 200.

Configuring Optional STP Features

This section describes how to configure the following optional STP features:

Enabling PortFast


Caution

Use PortFast only when connecting a single end station to a Layer 2 access port. Otherwise, you might create a network loop.

To enable PortFast on a Layer 2 access port, perform this task:

SUMMARY STEPS

  1. Router(config)# interface {type 5 slot/port }
  2. Router(config-if)# spanning-tree portfast
  3. Router(config-if)# spanning-tree portfast default
  4. Router(config-if)# end
  5. Router# show running interface {type 6slot/port }

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# interface {type 5 slot/port }

Selects a port to configure.

Step 2

Router(config-if)# spanning-tree portfast

Enables PortFast on a Layer 2 access port connected to a single workstation or server.

Step 3

Router(config-if)# spanning-tree portfast default

Enables PortFast.

Step 4

Router(config-if)# end

Exits configuration mode.

Step 5

Router# show running interface {type 6slot/port }

Verifies the configuration.

5 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet
6 type = ethernet , fastethernet , gigabitethernet , or tengigabitethernet

Enabling PortFast

This example shows how to enable PortFast on Gigabit Ethernet interface 1: 


Router# configure terminal
 
Router(config)# interface GigabitEthernet 1
Router(config-if)# spanning-tree portfast
 
Router(config-if)# end
 
Router#

This example shows how to verify the configuration: 


Router# show running-config interface fastethernet 5/8
 
Building configuration...
Current configuration:
!
interface GigabitEthernet1
 no ip address
 switchport
 switchport access vlan 200
 switchport mode access
 spanning-tree portfast
end
Router#

To enable the default PortFast configuration, perform this task:

SUMMARY STEPS

  1. Router(config)# spanning-tree portfast default
  2. Router(config)# show spanning-tree summary totals
  3. Router(config)# show spanning-tree interface x detail
  4. Router(config-if)# spanning-tree portfast trunk
  5. Router# show spanning-tree interface fastEthernet x detail

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# spanning-tree portfast default

Configures the PortFast default.

Step 2

Router(config)# show spanning-tree summary totals

Verifies the global configuration.

Step 3

Router(config)# show spanning-tree interface x detail

Verifies the effect on a specific port.

Step 4

Router(config-if)# spanning-tree portfast trunk

Enables the PortFast trunk on a port

Step 5

Router# show spanning-tree interface fastEthernet x detail

Verifies the configuration.

What to do next

This example shows how to enable the default PortFast configuration: 


Router# configure terminal
 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# spanning-tree portfast default
 
Router(config)# ^Z
Root bridge for:VLAN0010
EtherChannel misconfiguration guard is enabled
Extended system ID   is disabled
Portfast             is enabled by default
PortFast BPDU Guard  is disabled by default
Portfast BPDU Filter is disabled by default
Loopguard            is disabled by default
UplinkFast           is disabled
BackboneFast         is disabled
Pathcost method used is long
Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                  0        0         0        1          1      
VLAN0010                  0        0         0        2          2      
---------------------- -------- --------- -------- ---------- ----------
2 vlans                   0        0         0        3          3 
Router#
Router# show spanning-tree interface GigabitEthernet 0/1/0 detail
 
Port 17 (GigabitEthernet0/1/0) of G0:VLAN0020 is forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.17.
   Designated root has priority 32788, address f44e.05da.bb11
   Designated bridge has priority 32788, address f44e.05da.bb11
   Designated port id is 128.17, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 61, received 0
Router(config-if)# spanning-tree portfast trunk
 
%Warning:portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

Configuring PortFast BPDU Filtering

These sections describe how to configure PortFast BPDU filtering.

To enable PortFast BPDU filtering globally, perform this task:

SUMMARY STEPS

  1. Router(config)# spanning-tree portfast bpdufilter default
  2. Router# show spanning-tree summary totals

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# spanning-tree portfast bpdufilter default

Enables BPDU filtering globally on the router.

Step 2

Router# show spanning-tree summary totals

Verifies the configuration.

Enabling PortFast BPDU Filtering

BPDU filtering is set to default on each port. This example shows how to enable PortFast BPDU filtering on the port and verify the configuration in PVST+ mode: 


Router(config)# spanning-tree portfast bpdufilter default
 
Router(config)# ^Z
Router# show spanning-tree summary totals
 
Switch is in pvst mode
Root bridge for: G0:VLAN0013, G0:VLAN0020, G1:VLAN0020
EtherChannel misconfig guard is enabled
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Pathcost method used         is short
Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
3 vlans                      0         0        0          3          3

To enable PortFast BPDU filtering on a nontrunking port, perform this task:

SUMMARY STEPS

  1. Router(config)# interface fastEthernet 4/4
  2. Router(config-if)# spanning-tree bpdufilter enable
  3. Router# show spanning-tree interface fastEthernet 4/4

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# interface fastEthernet 4/4

Selects the interface to configure.

Step 2

Router(config-if)# spanning-tree bpdufilter enable

Enables BPDU filtering.

Step 3

Router# show spanning-tree interface fastEthernet 4/4

Verifies the configuration.

What to do next

This example shows how to enable PortFast BPDU filtering on a nontrunking port: 


Router(config)# interface fastEthernet 4/4
Router(config-if)# spanning-tree bpdufilter enable
 
Router(config-if)# ^Z
Router# show spanning-tree interface fastEthernet 4/4
Vlan             Role Sts Cost      Prio.Nbr Status
---------------- ---- --- --------- -------- --------------------------------
VLAN0010         Desg FWD 1000      160.196  Edge P2p 
Router# show spanning-tree interface fastEthernet 4/4 detail
 
 Port 196 (FastEthernet4/4) of VLAN0010 is forwarding 
   Port path cost 1000, Port priority 160, Port Identifier 160.196.
   Designated root has priority 32768, address 00d0.00b8.140a
   Designated bridge has priority 32768, address 00d0.00b8.140a
   Designated port id is 160.196, designated path cost 0
   Timers:message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state:1
   The port is in the portfast mode by portfast trunk configuration
   Link type is point-to-point by default
   Bpdu filter is enabled
   BPDU:sent 0, received 0
Router#

Enabling BPDU Guard

To enable BPDU Guard globally, perform this task:

SUMMARY STEPS

  1. Router(config)# spanning-tree portfast bpduguard default
  2. Router(config)# end
  3. Router# show spanning-tree summary totals

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# spanning-tree portfast bpduguard default

Example:


Router(config)# no spanning-tree portfast bpduguard  default

Enables BPDU Guard globally.

Disables BPDU Guard globally.

Step 2

Router(config)# end

Exits configuration mode.

Step 3

Router# show spanning-tree summary totals

Verifies the configuration.

What to do next

This example shows how to enable BPDU Guard: 


Router# configure terminal 
Router(config)# spanning-tree portfast bpduguard 
Router(config)# end 
Router#

This example shows how to verify the configuration: 


Router# show spanning-tree summary totals
 default
Root bridge for:VLAN0010
EtherChannel misconfiguration guard is enabled
Extended system ID   is disabled
Portfast             is enabled by default
PortFast BPDU Guard  is disabled by default
Portfast BPDU Filter is enabled by default
Loopguard            is disabled by default
UplinkFast           is disabled
BackboneFast         is disabled
Pathcost method used is long
Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
2 vlans                   0        0         0        3          3      
Router#

Enabling UplinkFast

UplinkFast increases the bridge priority to 49152 and adds 3000 to the STP port cost of all Layer 2 LAN interfaces on the device, decreasing the probability that the router will become the root bridge. The max_update_rate value represents the number of multicast packets transmitted per second (the default is 150 packets per second). UplinkFast cannot be enabled on VLANs that have been configured for bridge priority. To enable UplinkFast on a VLAN with bridge priority configured, restore the bridge priority on the VLAN to the default value by entering a no spanning-tree vlan vlan_ID priority command in global configuration mode.


Note
When you enable UplinkFast, it affects all VLANs on the device. You cannot configure UplinkFast on an individual VLAN.

To enable UplinkFast, perform this task:

SUMMARY STEPS

  1. Router(config)# spanning-tree uplinkfast [max-update-rate max_update_rate ]
  2. Router(config)# no spanning-tree uplinkfast max-update-rate
  3. Router(config)# no spanning-tree uplinkfast
  4. Router(config)# end
  5. Router# show spanning-tree vlan vlan_ID

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# spanning-tree uplinkfast [max-update-rate max_update_rate ]

Enables UplinkFast.

Step 2

Router(config)# no spanning-tree uplinkfast max-update-rate

Reverts to the default rate.

Step 3

Router(config)# no spanning-tree uplinkfast

Disables UplinkFast.

Step 4

Router(config)# end

Exits configuration mode.

Step 5

Router# show spanning-tree vlan vlan_ID

Verifies that UplinkFast is enabled.

What to do next

This example shows how to enable UplinkFast with an update rate of 400 packets per second: 


Router# configure terminal
 
Router(config)# spanning-tree uplinkfast max-update-rate 400
 
Router(config)# exit
 
Router#

This example shows how to verify that UplinkFast is enabled: 


Router# show spanning-tree uplinkfast
 
UplinkFast is enabled
Router#

Enabling BackboneFast


Note
BackboneFast operates correctly only when enabled on all network devices in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party network devices.

To enable BackboneFast, perform this task:

SUMMARY STEPS

  1. Router(config)# spanning-tree backbonefast
  2. Router(config)# no spanning-tree backbonefast
  3. Router(config)# end
  4. Router# show spanning-tree vlan vlan_ID

DETAILED STEPS

  Command or Action Purpose

Step 1

Router(config)# spanning-tree backbonefast

Enables BackboneFast.

Step 2

Router(config)# no spanning-tree backbonefast

Disables BackboneFast.

Step 3

Router(config)# end

Exits configuration mode.

Step 4

Router# show spanning-tree vlan vlan_ID

Verifies that UplinkFast is enabled.

What to do next

This example shows how to enable BackboneFast: 


Router# configure terminal
 
Router(config)# spanning-tree backbonefast
 
Router(config)# end
 
Router#

This example shows how to verify that BackboneFast is enabled: 


Router# show spanning-tree backbonefast
 
BackboneFast is enabled
BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs) : 0
Number of inferior BPDUs received (all VLANs)     : 0
Number of RLQ request PDUs received (all VLANs)   : 0
Number of RLQ response PDUs received (all VLANs)  : 0
Number of RLQ request PDUs sent (all VLANs)       : 0
Number of RLQ response PDUs sent (all VLANs)      : 0

Router#