The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS Ethernet and virtual Ethernet commands that begin with S.
To shut down an Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the shut command. To enable an ERSPAN session, use the no form of this command.
ERSPAN session configuration mode
|
|
This example shows how to shut down an ERSPAN session:
This example shows how to enable an ERSPAN session:
|
|
---|---|
To shut down the local traffic on an interface, use the shutdown command. To return the interface to its default operational state, use the no form of this command.
Interface configuration mode
Subinterface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
You can use this command on the following interfaces:
Note Use the no switchport command to configure an interface as a Layer 3 interface.
This example shows how to shut down, or disable, a Layer 2 interface:
switch(config)#
interface ethernet 1/10
switch(
config-if)#
shutdown
switch(
config-if)#
This example shows how to shut down a Layer 3 Ethernet subinterface:
switch(config)#
interface ethernet 1/5.1
switch(
config-subif)#
shutdown
switch(
config-subif)#
This example shows how to shut down a virtual Ethernet interface:
switch(config)#
interface vethernet 10
switch(
config-if)#
shutdown
switch(
config-if)#
|
|
---|---|
Displays information on traffic about the specified EtherChannel interface. |
|
Displays the virtual Ethernet interface configuration information. |
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
|
|
---|---|
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
After you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
Note If the VLAN is suspended and shut down, you use both the no shutdown and state active commands to return the VLAN to the active state.
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config)#
vlan 2
switch(
config-vlan)#
no shutdown
|
|
---|---|
To enable preprovisioning on a slot in a chassis, use the slot command. To disable the slot for preprovisioning, use the no form of this command.
Global configuration mode
Configuration synchronization mode
|
|
---|---|
Use this command to enable preprovisioning of features or interfaces of a module on a slot in a chassis. Preprovisioning allows you configure features or interfaces (Ethernet, Fibre Channel) on modules before the modules are inserted in the switch chassis.
This example shows how to enable a chassis slot for preprovisioning of a module:
This example shows how to configure a switch profile to enable a chassis slot for preprovisioning of a module:
This example shows how to disable a chassis slot for preprovisioning of a module:
|
|
---|---|
Configures ports as Ethernet, native Fibre Channel or Fibre Channel over Ethernet (FCoE) ports. |
|
Displays the running configuration excluding the preprovisioned features. |
To enable the Simple Network Management Protocol (SNMP) notifications for a VLAN Trunking Protocol (VTP) domain, use the snmp-server enable traps vtp command. To disable SNMP notifications on a VTP domain, use the no form of this command.
no snmp-server enable traps vtp
|
|
---|---|
The snmp-server enable traps command enables both traps and informs, depending on the configured notification host receivers.
This example shows how to enable SNMP notifications on a VTP domain:
This example shows how to disable all SNMP notifications on a VTP domain:
|
|
---|---|
To add an Ethernet Switched Port Analyzer (SPAN) or an Encapsulated Remote Switched Port Analyzer (ERSPAN) source port, use the source command. To remove the source SPAN or ERSPAN port, use the no form of this command.
source { interface { ethernet slot / port | port-channel channel-num | vethernet veth-num } [{ both | rx | tx }] | vlan vlan-num | vsan vsan-num }
no source { interface { ethernet slot / port | port-channel channel-num | vethernet veth-num } | vlan vlan-num | vsan vsan-num }
SPAN session configuration mode
ERSPAN session configuration mode
A source port (also called a monitored port) is a switched port that you monitor for network traffic analysis. In a single local SPAN session, you can monitor source port traffic such as received (Rx), transmitted (Tx), or bidirectional (both).
A source port can be an Ethernet port, port channel, SAN port channel, VLAN, or a VSAN port. It cannot be a destination port.
Note For Cisco NX-OS Release 4.2(1)N2(1) and earlier, the Cisco Nexus 5010 Switch and the Cisco Nexus 5020 Switch supports a maximum of two egress SPAN source ports.
Beginning with Cisco NX-OS Release 5.0(2)N2(1):
For ERSPAN, if you do not specify both, rx, or tx, the source traffic is analyzed for both directions.
This example shows how to configure an Ethernet SPAN source port:
This example shows how to configure a port channel SPAN source:
This example shows how to configure an ERSPAN source port to receive traffic on the port:
|
|
---|---|
Displays the running configuration information of a SPAN session. |
To enable Spanning Tree Protocol (STP) Bridge Assurance on all network ports on the switch, use the spanning-tree bridge assurance command. To disable Bridge Assurance, use the no form of this command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
|
|
---|---|
You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network.
Note Bridge Assurance is supported only by Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST). Legacy 802.1D spanning tree does not support Bridge Assurance.
Bridge Assurance is enabled by default and can only be disabled globally.
Bridge Assurance is enabled globally by default but is disabled on an interface by default. You can enable Bridge Assurance on an interface by using the spanning-tree port type network command.
For more information on Bridge Assurance, see the Cisco Nexus 5000 Series NX-OS Layer 2 Switching Configuration Guide.
This example shows how to enable Bridge Assurance globally on the switch:
|
|
---|---|
Displays the status and configuration of the local Spanning Tree Protocol (STP) bridge. |
|
To enable bridge protocol data unit (BPDU) Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter { enable | disable }
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
|
|
---|---|
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4:
|
|
---|---|
To enable bridge protocol data unit (BPDU) Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard { enable | disable }
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
|
|
---|---|
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See the spanning-tree port type edge bpdufilter default command for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
This example shows how to enable BPDU Guard on this interface:
|
|
---|---|
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] cost { value | auto }
no spanning-tree [ vlan vlan-id ] cost
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094. |
|
Value of the port cost. The available cost range depends on the path-cost calculation method as follows: |
|
Sets the value of the port cost by the media speed of the interface (see Table 1 for the values). |
|
|
---|---|
The STP port path cost default value is determined from the media speed and path cost calculation method of a LAN interface (see Table 1 ). See the spanning-tree pathcost method command for information on setting the path cost calculation method for Rapid per VLAN Spanning Tree Plus (Rapid PVST+).
|
|
|
---|---|---|
When you configure the value, higher values will indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note Use this command to set the port cost for Rapid PVST+. Use the spanning-tree mst cost command to set the port cost for MST.
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
(config)#
interface ethernet 1/4
(config-if)#
spanning-tree cost 250
|
|
---|---|
To configure a Spanning Tree Protocol (STP) domain, use the spanning-tree domain command. To remove an STP domain, use the no form of this command.
spanning-tree domain domain-num
no spanning-tree domain domain-num
|
|
---|---|
This example shows how to configure a spanning-tree domain:
|
|
---|---|
Displays the configuration information of the Spanning Tree Protocol (STP). |
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard { loop | none | root }
|
|
---|---|
You cannot enable Loop Guard if Root Guard is enabled, although the switch accepts the command to enable Loop Guard on spanning tree edge ports.
This example shows how to enable Root Guard:
|
|
---|---|
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type { auto | point-to-point | shared }
Sets the link type based on the duplex setting of the interface. |
|
|
|
---|---|
Fast transition (specified in IEEE 802.1w) functions only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
Note On a Cisco Nexus 5000 Series switch, port duplex is not configurable.
This example shows how to configure the port as a shared link:
|
|
---|---|
To enable Loop Guard as a default on all spanning tree normal and network ports, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
|
|
---|---|
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
Entering the spanning-tree guard loop command for the specified interface overrides this global Loop Guard command.
This example shows how to enable Loop Guard:
|
|
---|---|
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode { rapid-pvst | mst }
|
|
---|---|
You cannot simultaneously run MST and Rapid PVST+ on the switch.
This example shows how to switch to MST mode:
switch(config)#
spanning-tree mode mst
switch(config-mst)#
|
|
---|---|
Displays the information about the spanning tree configuration. |
To enter the Multiple Spanning Tree (MST) configuration mode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
The default value for the MST configuration is the default value for all its parameters:
|
|
---|---|
The MST configuration consists of three main parameters:
The abort and exit commands allow you to exit MST configuration mode. The difference between the two commands depends on whether you want to save your changes or not:
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration mode, the following warning message is displayed:
See the switchport mode private-vlan host command to fix this problem.
Changing an MST configuration mode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST configuration mode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword.
In the unlikely event that two administrators commit a new configuration at exactly the same time, this warning message is displayed:
This example shows how to enter MST-configuration mode:
switch(config)#
spanning-tree mst configuration
switch(
config-mst)#
This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
(config)#
no
spanning-tree mst configuration
|
|
---|---|
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost { cost | auto }
no spanning-tree mst instance-id cost
Port cost for an instance. The range is from 1 to 200,000,000. |
|
Sets the value of the port cost by the media speed of the interface. |
|
|
---|---|
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
This example shows how to set the interface path cost:
(config-if)#
spanning-tree mst 0 cost 17031970
|
|
---|---|
To set the forward-delay timer for all the instances on the switch, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Number of seconds to set the forward-delay timer for all the instances on the switch. The range is from 4 to 30 seconds. |
|
|
---|---|
This example shows how to set the forward-delay timer:
|
|
---|---|
To set the hello-time delay timer for all the instances on the switch, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Number of seconds to set the hello-time delay timer for all the instances on the switch. The range is from 1 to 10 seconds. |
|
|
---|---|
If you do not specify the hello-time value, the value is calculated from the network diameter.
This example shows how to set the hello-time delay timer:
|
|
---|---|
To set the max-age timer for all the instances on the switch, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
Number of seconds to set the max-age timer for all the instances on the switch. The range is from 6 to 40 seconds. |
|
|
---|---|
This example shows how to set the max-age timer:
|
|
---|---|
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
Number of possible hops in the region before a BPDU is discarded. The range is from 1 to 255 hops. |
|
|
---|---|
This example shows how to set the number of possible hops:
|
|
---|---|
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance, including the Common and Internal Spanning Tree (CIST) with instance ID 0, use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
Port priority for an instance. The range is from 0 to 224 in increments of 32. |
|
|
---|---|
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
This example shows how to set the interface priority:
(config-if)#
spanning-tree mst 0 port-priority 64
|
|
---|---|
Configures the port priority for the default STP, which is Rapid PVST+. |
To force a prestandard Multiple Spanning Tree (MST) bridge protocol data unit (BPDU) transmission on an interface port, use the spanning-tree mst pre-standard command. To revert to the defaults, use the no form of this command.
spanning-tree mst pre-standard
no spanning-tree mst pre-standard
|
|
---|---|
This example shows how to force a prestandard MST BPDU transmission on port:
|
|
---|---|
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst instance-id priority priority-value
no spanning-tree mst instance-id priority
Instance identification number. The range is from 0 to 4094. |
|
Bridge priority. See the “Usage Guidelines” section for valid values and additional information. |
|
|
---|---|
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority-value argument to 0 to make the switch root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
This example shows how to set the bridge priority:
|
|
---|---|
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id root { primary | secondary } [ diameter dia [ hello-time hello-time ]]
no spanning-tree mst instance-id root
|
|
---|---|
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
If you do not specify the hello-time argument, the argument is calculated from the network diameter. You must first specify the diameter dia keyword and argument before you can specify the hello-time hello-time keyword and argument.
This example shows how to designate the primary root:
This example shows how to set the priority and timer values for the bridge:
|
|
---|---|
To reenable specific interfaces to automatically interoperate between Multiple Spanning Tree (MST) and Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst command. To prevent specific MST interfaces from automatically interoperating with a connecting device running Rapid PVST+, use the spanning-tree mst simulate pvst disable command. To return specific interfaces to the default settings that are set globally for the switch, use the no form of this command.
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst disable
no spanning-tree mst simulate pvst
Enabled. By default, all interfaces on the switch interoperate seamlessly between MST and Rapid PVST+. See the spanning-tree mst simulate pvst global command to change this setting globally.
|
|
---|---|
MST interoperates with Rapid PVST+ with no need for user configuration. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
Note To block automatic MST and Rapid PVST+ interoperability for the entire switch, use no spanning-tree mst simulate pvst global command.
This command is useful when you want to prevent accidental connection with a device running Rapid PVST+.
To reenable seamless operation between MST and Rapid PVST+ on specific interfaces, use the spanning-tree mst simulate pvst command.
This example shows how to prevent specified ports from automatically interoperating with a connected device running Rapid PVST+:
switch(config-if)#
spanning-tree mst simulate pvst disable
|
|
---|---|
Enables global seamless interoperation between MST and Rapid PVST+. |
To prevent the Multiple Spanning Tree (MST) switch from automatically interoperating with a connecting device running Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst global command. To return to the default settings, which is a seamless operation between MST and Rapid PVST+ on the switch, use the no spanning-tree mst simulate pvst global command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
Enabled. By default, the switch interoperates seamlessly between MST and Rapid PVST+.
|
|
---|---|
MST does not require user configuration to interoperate with Rapid PVST+. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the no spanning-tree mst simulate pvst global command, the switch running in MST mode moves all interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) into the Spanning Tree Protocol (STP) blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
You can also use this command from the interface mode, and the configuration applies to the entire switch.
Note To block automatic MST and Rapid PVST+ interoperability for specific interfaces, see the spanning-tree mst simulate pvst command.
This command is useful when you want to prevent accidental connection with a device not running MST.
To return the switch to seamless operation between MST and Rapid PVST+, use the spanning-tree mst simulate pvst global command.
This example shows how to prevent all ports on the switch from automatically interoperating with a connected device running Rapid PVST+:
switch(config)#
no
spanning-tree mst simulate pvst global
|
|
---|---|
Enables seamless interoperation between MST and Rapid PVST+ by the interface. |
To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.
spanning-tree pathcost method { long | short }
no spanning-tree pathcost method
|
|
---|---|
The long path-cost calculation method uses all 32 bits for path-cost calculations and yields valued in the range of 2 through 2,00,000,000.
The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.
Note This command applies only to the Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default mode. When you are using Multiple Spanning Tree (MST) spanning tree mode, the switch uses only the long method for calculating path cost; this is not user-configurable for MST.
This example shows how to set the default pathcost method to long:
switch(config)#
spanning-tree pathcost method long
|
|
---|---|
To set an interface priority when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] port-priority value
no spanning-tree [ vlan vlan-id ] port-priority
(Optional) Specifies the VLAN identification number. The range is from 0 to 4094. |
|
Port priority. The range is from 1 to 224, in increments of 32. |
|
|
---|---|
Do not use the vlan vlan-id parameter on access ports. The software uses the port priority value for access ports and the VLAN port priority values for trunk ports.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Note Use this command to configure the port priority for Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default STP mode. To configure the port priority for Multiple Spanning Tree (MST) spanning tree mode, use the spacing-tree mst port-priority command.
This example shows how to increase the probability that the spanning tree instance on access port interface 2/0 is chosen as the root bridge by changing the port priority to 32:
(config-if)#
spanning-tree port-priority 32
|
|
---|---|
Displays information on the spanning tree port priority for the interface. |
To configure an interface connected to a host as an edge port, which automatically transitions the port to the spanning tree forwarding state without passing through the blocking or learning states, use the spanning-tree port type edge command. To return the port to a normal spanning tree port, use the no spanning-tree port type command.
spanning-tree port type edge [ trunk ]
(Optional) Configures the trunk port as a spanning tree edge port. |
The default is the global setting for the default port type edge that is configured when you entered the spanning-tree port type edge default command. If you did not configure a global setting, the default spanning tree port type is normal.
|
|
---|---|
You can also use this command to configure a port in trunk mode as a spanning tree edge port.
When a linkup occurs, spanning tree edge ports are moved directly to the spanning tree forwarding state without waiting for the standard forward-time delay.
Note This is the same functionality that was previously provided by the Cisco-proprietary PortFast feature.
When you use this command, the system returns a message similar to the following:
When you use this command without the trunk keyword, the system returns an additional message similar to the following:
To configure trunk interfaces as spanning tree edge ports, use the spanning-tree port type trunk command. To remove the spanning tree edge port type setting, use the no spanning-tree port type command.
This example shows how to configure an interface connected to a host as an edge port, which automatically transitions that interface to the forwarding state on a linkup:
(config-if)#
spanning-tree port type edge
|
|
---|---|
To enable bridge protocol data unit (BPDU) Filtering by default on all spanning tree edge ports, use the spanning-tree port type edge bpdufilter default command. To disable BPDU Filtering by default on all edge ports, use the no form of this command.
spanning-tree port type edge bpdufilter default
no spanning-tree port type edge bpdufilter default
|
|
---|---|
To enable BPDU Filtering by default, you must do the following:
Use this command to enable BPDU Filtering globally on all spanning tree edge ports. BPDU Filtering prevents a port from sending or receiving any BPDUs.
You can override the global effects of this spanning-tree port type edge bpdufilter default command by configuring BPDU Filtering at the interface level. See the spanning-tree bpdufilter command for complete information on using this feature at the interface level.
Note The BPDU Filtering feature’s functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU Filtering is applied only on ports that are operational spanning tree edge ports. Ports send a few BPDUs at a linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, that port immediately becomes a normal spanning tree port with all the normal transitions and BPDU Filtering is disabled. When enabled locally on a port, BPDU Filtering prevents the switch from receiving or sending BPDUs on this port.
This example shows how to enable BPDU Filtering globally on all spanning tree edge operational ports by default:
switch(config)#
spanning-tree port type edge bpdufilter default
|
|
---|---|
Displays the information about the spanning tree configuration. |
|
To enable bridge protocol data unit (BPDU) Guard by default on all spanning tree edge ports, use the spanning-tree port type edge bpduguard default command. To disable BPDU Guard on all edge ports by default, use the no form of this command.
spanning-tree port type edge bpduguard default
no spanning-tree port type edge bpduguard default
|
|
---|---|
To enable BPDU Guard by default, you must do the following:
Use this command to enable BPDU Guard globally on all spanning tree edge ports. BPDU Guard disables a port if it receives a BPDU.
Global BPDU Guard is applied only on spanning tree edge ports.
You can also enable BPDU Guard per interface; see the spanning-tree bpduguard command for more information.
Note We recommend that you enable BPDU Guard on all spanning tree edge ports.
This example shows how to enable BPDU Guard by default on all spanning tree edge ports:
(config)#
spanning-tree port type edge bpduguard default
|
|
---|---|
Displays the information about the spanning tree configuration. |
|
To configure all access ports that are connected to hosts as edge ports by default, use the spanning-tree port type edge default command. To restore all ports connected to hosts as normal spanning tree ports by default, use the no form of this command.
spanning-tree port type edge default
no spanning-tree port type edge default
|
|
---|---|
Use this command to automatically configure all interfaces as spanning tree edge ports by default. This command will not work on trunk ports.
When a linkup occurs, an interface configured as an edge port automatically moves the interface directly to the spanning tree forwarding state without waiting for the standard forward-time delay. (This transition was previously configured as the Cisco-proprietary PortFast feature.)
When you use this command, the system returns a message similar to the following:
You can configure individual interfaces as edge ports using the spanning-tree port type edge command.
This example shows how to globally configure all ports connected to hosts as spanning tree edge ports:
(config)#
spanning-tree port type edge default
|
|
---|---|
To configure the interface that connects to a switch as a network spanning tree port, regardless of the global configuration, use the spanning-tree port type network command. To return the port to a normal spanning tree port, use the use the no form of this command.
spanning-tree port type network
The default is the global setting for the default port type network that is configured when you entered the spanning-tree port type network default command. If you did not configure a global setting, the default spanning tree port type is normal.
|
|
Use this command to configure an interface that connects to a switch as a spanning tree network port. Bridge Assurance runs only on Spanning Tree Protocol (STP) network ports.
Note If you mistakenly configure ports connected to hosts as STP network ports and enable Bridge Assurance, those ports will automatically move into the blocking state.
Note Bridge Assurance is enabled by default, and all interfaces configured as spanning tree network ports have Bridge Assurance enabled.
To configure a port as a spanning tree network port, use the spanning-tree port type network command. To remove this configuration, use the no spanning-tree port type command. When you use the no spanning-tree port type command, the software returns the port to the global default setting for network port types.
You can configure all ports that are connected to switches as spanning tree network ports by default by entering the spanning-tree port type network default command.
This example shows how to configure an interface connected to a switch or bridge as a spanning tree network port:
(config-if)#
spanning-tree port type network
|
|
---|---|
Displays information about the spanning tree configuration per specified interface. |
To configure all ports as spanning tree network ports by default, use the spanning-tree port type network default command. To restore all ports to normal spanning tree ports by default, use the no form of this command.
spanning-tree port type network default
no spanning-tree port type network default
|
|
Use this command to automatically configure all interfaces that are connected to switches as spanning tree network ports by default. You can then use the spanning-tree port type edge command to configure specified ports that are connected to hosts as spanning-tree edge ports.
Note If you mistakenly configure ports connected to hosts as Spanning Tree Protocol (STP) network ports and Bridge Assurance is enabled, those ports will automatically move into the blocking state.
Configure only the ports that connect to other switches as network ports because the Bridge Assurance feature causes network ports that are connected to hosts to move into the spanning tree blocking state.
You can identify individual interfaces as network ports by using the spanning-tree port type network command.
This example shows how to globally configure all ports connected to switches as spanning tree network ports:
(config)#
spanning-tree port type network default
|
|
---|---|
To configure an interface as a normal spanning tree port, use the spanning-tree port type normal command. To revert to the default settings, use the no command.
spanning-tree port type normal
no spanning-tree port type normal
|
|
---|---|
This example shows how to configure an interface as a normal port:
|
|
---|---|
To configure spanning tree pseudo information parameters for two Layer 2 gateway switches, use the spanning-tree pseudo-information command.
spanning-tree pseudo-information
|
|
---|---|
Use this command in a topology with hybrid switches (for example, a virtual port channel [vPC] connected to a non-vPC switch) to configure VLAN-based load balancing.
To meet the VLAN-based load-balancing criteria, you must configure a different Spanning Tree Protocol (STP) bridge priority value for the root bridge and the designated bridge.
This example shows how to enable Bridge Assurance globally on the switch:
To configure Spanning Tree Protocol (STP) parameters on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [ forward-time value | hello-time value | max-age value | priority value | [ root { primary | secondary } [ diameter dia [ hello-time value ]]]]
no spanning-tree vlan vlan-id [ forward-time | hello-time | max-age | priority | root ]
|
|
When setting the max-age seconds, if a bridge does not see BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary alters this switch’s bridge priority to 24576. If you enter the spanning-tree root primary command and the switch does not become the root, then the bridge priority is changed to 4096 less than the bridge priority of the current bridge. The command fails if the value required to be the root bridge is less than 1. If the switch does not become the root, an error results.
If the network devices are set for the default bridge priority of 32768 and you enter the spanning-tree root secondary command, the software alters the bridge priority of the current bridge to 28762. If the root switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on the backbone switches only.
This example shows how to enable spanning tree on VLAN 200:
switch(config)#
spanning-tree vlan 200
This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root primary diameter 4
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
switch(config)#
spanning-tree vlan 10 root secondary diameter 4
|
|
---|---|
To change the spanning tree port path-cost of an interface, use the spanning-tree vlan cost command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id cost { port_path_cost | auto }
no spanning-tree vlan vlan-id cost { port_path_cost | auto }
VLAN identification number. The VLAN ID range is from 0 to 4094. |
|
Determines the cost based on the media speed of this interface. |
|
|
This example shows how to change the spanning tree port path cost of an interface:
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(config-if)#
This example shows how to revert the interface to the default configuration:
|
|
---|---|
To change the spanning tree port priority of an interface, use the spanning-tree vlan port-priority command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id port-priority port_priority_value
no spanning-tree vlan vlan-id port-priority port_priority_value
VLAN identification number. The VLAN ID range is from 0 to 4094. |
|
Port priority. The range is from 0 to 224 in increments of 32. |
|
|
This example shows how to change the spanning tree port priority of an interface to 20:
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(config-if)#
spanning-tree vlan 5 port-priority 20
switch(config-if)#
This example shows how to revert the interface to the default configuration:
|
|
---|---|
To configure the transmit and receive speed for an interface, use the speed command. To reset to the default speed, use the no form of this command.
speed { 100 | 1000 | 10000 | auto }
|
|
Interface speed of 100 Mbps and the auto keyword was introduced. |
The first 8 ports of a Cisco Nexus 5010 switch and the first 16 ports of a Cisco Nexus 5020 switch are switchable 1-Gigabit and 10-Gigabit ports. The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
Note If the interface and transceiver speed is mismatched, the SFP validation failed message is displayed when you enter the show interface ethernet slot/port command. For example, if you insert a 1-Gigabit SFP transceiver into a port without configuring the speed 1000 command, you will get this error.
By default, all ports on a Cisco Nexus 5000 Series switch are 10 Gigabits.
This example shows how to set the speed for a 1-Gigabit Ethernet port:
This example shows how to set the an interface port to automatically negotiate the speed:
|
|
---|---|
To set the operational state for a VLAN, use the state command. To return a VLAN to its default operational state, use the no form of this command.
|
|
---|---|
You cannot suspend the state for VLAN 1 or VLANs 1006 to 4094.
This example shows how to suspend VLAN 2:
switch(config)#
vlan 2
switch(
config-vlan)#
state suspend
|
|
---|---|
To enable the creation of VLAN interfaces, use the svi enable command. To disable the VLAN interface feature, use the no form of this command.
|
|
---|---|
This command was deprecated and replaced with the feature interface-vlan command. For backwards compatibility, it will be maintained for a number of releases. |
You must use the feature interface-vlan command before you can create VLAN interfaces.
This example shows how to enable the interface VLAN feature on the switch:
|
|
---|---|
To enable an SVS connection to connect a vCenter Server to a Cisco Nexus 5000 Series switch, use the svs connection command. To disable an SVS connection, use the no form of this command.
Name of the SVS connection. The name can be a maximum of 64 alphanumeric characters. |
|
|
---|---|
This example shows how to enable an SVS connection:
This example shows how to disable an SVS connection:
|
|
---|---|
To enable the Virtual Supervisor Module (VSM) to automatically delete Distributed virtual ports (dvPorts) no longer used by a virtual NIC (vNIC) or hypervisor port, use the svs veth auto-delete command. To disable this control, use the no form of this command.
|
|
---|---|
When enabled (the default), any virtual Ethernet interfaces that are in the administratively down state will be deleted after confirming with the vCenter server that no corresponding vNICs are in use.
This example shows how to enable the Virtual Supervisor Module (VSM) to automatically delete dvPorts no longer used by a vNIC or hypervisor port:
This example shows how to disable the automatic deletion of dvPorts that are no longer used by a vNIC or hypervisor port:
|
|
---|---|
Enables the VSM to automatically create a virtual Ethernet interface when a new port is activated on a host. |
To enable the Virtual Supervisor Module (VSM) to automatically create a virtual Ethernet interface when a new port is activated on a host, use the svs veth auto-setup command. To remove this control, use the no form of this command.
|
|
---|---|
This example shows how to enable automatic creation and configuration of virtual Ethernet interfaces:
This example shows how to disable automatic creation and configuration of virtual Ethernet interfaces:
|
|
---|---|
Enables the VSM to automatically delete DVPorts no longer used by a vNIC or hypervisor port. |
To set the access VLAN when the interface is in access mode, use the switchport access vlan command. To reset the access-mode VLAN to the appropriate default VLAN for the switch, use the no form of this command.
switchport access vlan vlan-id
VLAN to set when the interface is in access mode. The range is from 1 to 4094, except for the VLANs reserved for internal use. |
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
Use the no form of the switchport access vlan com mand to reset the access-mode VLAN to the appropriate default VLAN for the switch. This action may generate messages on the device to which the port is connected.
This example shows how to configure an Ethernet interface to join VLAN 2:
switch#
configure terminal
switch(config)#
interface ethernet 1/7
switch(config-if)#
switchport access vlan 2
switch(config-if)#
This example shows how to configure a virtual Ethernet interface to join VLAN 5:
switch#
configure terminal
switch(config)#
interface vethernet 1
switch(config-if)#
switchport access vlan 5
switch(config-if)#
|
|
---|---|
Displays the administrative and operational status of a port. |
|
To configure Flex Links, which are two interfaces that provide backup to each other, on a Layer 2 interface, use the switchport backup interface command. To remove the Flex Links configuration, use the no form of this command.
switchport backup interface { ethernet slot / port | port-channel channel-no } [ multicast fast-convergence | preemption { delay delay-time | mode [ bandwidth | forced | off ]}]
no switchport backup interface { ethernet slot / port | port-channel channel-no } [ multicast fast-convergence | preemption { delay delay-time | mode [ bandwidth | forced | off ]}]
|
|
---|---|
Note This command is applicable to the Cisco Nexus 5548 Series switch and the Cisco Nexus 5596 Series switch.
Before you use this command, make sure that you enable Flex Links on the switch by using the feature flexlink command.
Note Make sure the virtual port channel (vPC) is disabled on the switch.
A Flex Links port can be a physical Ethernet port or a port channel.
You cannot configure Flex Links port on the following types of interface:
This example shows how to configure Ethernet 1/1 and Ethernet 1/12 as Flex Links:
This example shows how to configure EtherChannel 100 and EtherChannel 101 as Flex Links:
This example shows how to configure the Ethernet interface to always preempt the backup:
This example shows how to configure the Ethernet interface preemption delay time:
This example shows how to configure fast convergence on the backup interface:
|
|
---|---|
To prevent the unknown multicast or unicast packets from being forwarded, use the switchport block command. To allow the unknown multicast or unicast packets to be forwarded, use the no form of this command.
switchport block { multicast | unicast }
no switchport block { multicast | unicast }
Specifies that the unknown multicast traffic should be blocked. |
|
Specifies that the unknown unicast traffic should be blocked. |
Unknown multicast and unicast traffic are not blocked. All traffic with unknown MAC addresses is sent to all ports.
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
You can block the unknown multicast or unicast traffic on the switch ports.
Blocking the unknown multicast or unicast traffic is not automatically enabled on the switch ports; you must explicitly configure it.
This example shows how to block the unknown multicast traffic on an interface:
This example shows how to block the unknown unicast traffic on a virtual Ethernet interface:
|
|
---|---|
Displays the switch port information for a specified interface or all interfaces. |
|
Displays the virtual Ethernet interface configuration information. |
To configure the interface to be an access host port, use the switchport host command. To remove the host port, use the no form of this command.
|
|
---|---|
Ensure that you are configuring the correct interface. It must be an interface that is connected to an end station.
An access host port handles the Spanning Tree Protocol (STP) like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables EtherChannel on that interface.
This example shows how to set an interface as an Ethernet access host port with EtherChannel disabled:
|
|
---|---|
Displays a summary of the interface configuration information. |
|
Displays information on all interfaces configured as switch ports. |
To configure the interface as a nontrunking nontagged single-VLAN Ethernet or virtual Ethernet interface, use the switchport mode command. To remove the configuration and restore the default, use the no form of this command.
switchport mode { access | trunk | vntag }
no switchport mode { access | trunk | vntag }
Specifies that the interface is in port mode. Note This keyword doe not apply to a virtual Ethernet interface. |
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
An access port can carry traffic in one VLAN only. By default, an access port carries traffic for VLAN 1. To set the access port to carry traffic for a different VLAN, use the switchport access vlan command.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
A virtual network tag (VNTag) port helps to identify the virtual interfaces on that physical port.
For a virtual Ethernet interface, use the no form of the command without the keywords.
This example shows how to set an interface as an Ethernet access port that carries traffic for a specific VLAN only:
This example shows how to set an interface as a VNTag port:
This example shows how to set a virtual Ethernet interface in trunk port mode:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To set the interface type to be a host port for a private VLAN, use the switchport mode private-vlan host command. To remove the configuration, use the no form of this command.
switchport mode private-vlan host
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
When you configure a port as a host private VLAN port and one of the following applies, the port becomes inactive:
If you delete a private VLAN port association or if you configure a private port as a SPAN destination, the deleted private VLAN port association or the private port that is configured as a SPAN destination becomes inactive.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
This example shows how to set a port to host mode for private VLANs:
switch(config-if)#
switchport mode private-vlan host
This example shows how to set a virtual Ethernet interface port to host mode for private VLANs:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To set the interface type to be a promiscuous port for a private VLAN, use the switchport mode private-vlan promiscuous command.
switchport mode private-vlan promiscuous
|
|
When you configure a port as a promiscuous private VLAN port and one of the following applies, the port becomes inactive:
If you delete a private VLAN port mapping or if you configure a private port as a SPAN destination, the deleted private VLAN port mapping or the private port that is configured as a SPAN destination becomes inactive.
See the private-vlan command for more information on promiscuous ports.
This example shows how to set a port to promiscuous mode for private VLANs:
switch(config-if)#
switchport mode private-vlan promiscuous
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To configure the port as a secondary trunk port for a private VLAN, use the switchport mode private-vlan trunk command. To remove the isolated trunk port, use the no form of this command.
switchport mode private-vlan trunk [ promiscous | secondary ]
no switchport mode private-vlan trunk [ promiscous | secondary ]
|
|
---|---|
In a private VLAN domain, isolated trunks are part of a secondary VLAN. Isolated trunk ports can carry multiple isolated VLANs.
This example shows how to configure Ethernet interface 1/1 as a promiscuous trunk port for a private VLAN:
This example shows how to configure Ethernet interface 1/5 as a secondary trunk port for a private VLAN:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Associates the isolated trunk port with the primary and secondary VLANs of a private VLAN. |
To configure a rate limit to monitor traffic on an interface, use the switchport monitor rate-limit command. To remove a rate limit, use the no form of this command.
switchport monitor rate-limit 1G
no switchport monitor rate-limit [ 1G ]
|
|
---|---|
This command is applicable to the following Cisco Nexus 5000 Series switches:
This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Associates the isolated trunk port with the primary and secondary VLANs of a private VLAN. |
To enable port security on an interface, use the switchport port-security command. To disable port security on a port, use the no form of this command.
|
|
---|---|
This example shows how to enable port security on a Layer 2 interface:
This example shows how to disable port security on an interface:
|
|
---|---|
To enable port security aging on a Layer 2 port, use the switchport port-security aging command. To disable port security on a port, use the no form of this command.
switchport port-security aging { time aging-time | type { absolute | inactivity }}
no switchport port-security aging { time aging-time | type { absolute | inactivity }}
Sets the duration for which all addresses are secured; valid values are from 1 to 1440 minutes. |
|
Specifies that the timer starts to run only when there is no traffic. |
|
|
---|---|
This example shows how to configure the secure MAC address aging type on a port:
This example shows how to set the secure MAC address aging time to 2 minutes:
|
|
---|---|
Configures the switchport parameters to establish port security. |
To add a static secure MAC address on a Layer 2 interface or to enable sticky MAC address learning on an interface, use the switchport port-security mac-address command. To revert to the default settings, use the no form of this command.
switchport port-security mac-address { MAC-addr [ vlan vlan-ID ] | sticky }
no switchport port-security mac-address { MAC-addr [ vlan vlan-ID ] | sticky }
(Optional) Specifies the VLAN on which the MAC address should be secured. The range is from 1 to 4094. |
|
Configures the dynamic MAC addresses as sticky on an interface. |
|
|
---|---|
This example shows how to configure a static secure MAC address on a port:
This example shows how to enable port security with sticky MAC addresses on a port:
This example shows how to remove a MAC address from the list of secure MAC addresses:
|
|
---|---|
To set the maximum number of secure MAC addresses on a port, use the switchport port-security maximum command. To revert to the default settings, use the no form of this command.
switchport port-security maximum max-addr [ vlan vlan-ID ]
no switchport port-security maximum max-addr [ vlan vlan-ID ]
Maximum number of secure MAC addresses for the interface; valid values are from 1 to 1025. |
|
(Optional) Specifies the VLAN on which the MAC address should be secured. The range is from 1 to 4094. |
|
|
---|---|
This example shows how to configure the maximum number of secure MAC addresses on a port:
This example shows how to override the maximum number of secure MAC addresses set for a specific VLAN:
This example shows how to set the maximum number of secure MAC addresses on a port to the default value:
|
|
---|---|
To set the action to be taken when a security violation is detected, use the switchport port-security violation command. To revert to the default settings, use the no form of this command.
switchport port-security violation { protect | restrict | shutdown }
no switchport port-security violation { protect | restrict | shutdown }
|
|
---|---|
This example shows how to configure the port security violation mode on a port:
This example shows how to set the port security violation mode on a port to the default value:
|
|
---|---|
To configure the switch to override the priority of frames arriving on the Cisco IP phone port from connected devices, use the switchport priority extende command. To return the port to its default setting, use the no form of this command.
switchport priority extend { cos cos-value | trust }
|
|
---|---|
This example shows how to set the Cisco IP phone port to trust tagged data traffic:
This example shows how to set the Cisco IP phone port to mark data traffic with CoS value:
This example shows how to return to the default settings:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
To associate an isolated trunk port with the primary and secondary VLANs of a private VLAN, use the switchport private-vlan association trunk command. To remove the isolated trunk port association, use the no form of this command.
switchport private-vlan association trunk primary-id secondary-id
no switchport private-vlan association trunk
Primary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
|
Secondary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
|
|
---|---|
The secondary VLAN should be an isolated VLAN. Only one isolated VLAN under a given primary VLAN can be associated to an isolated trunk port.
This example shows how to map the secondary VLANs to the primary VLAN:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association { primary-vlan-id } { secondary-vlan-id }
no switchport private-vlan host-association
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on pr imary VLANs, secondary VLANS, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
This example shows how to configure a Layer 2 host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
switch(config-if)#
switchport private-vlan host-association 18 20
This example shows how to remove the private VLAN association from the port:
switch(config-if)#
no switchport private-vlan host-association
This example shows how to configure a virtual Ethernet interface host private VLAN port with a primary VLAN (VLAN 5) and a secondary VLAN (VLAN 23):
|
|
---|---|
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping { primary-vlan-id | trunk primary-vlan-id } { secondary-vlan-id | { add | remove } secondary-vlan-id }
no switchport private-vlan mapping [ { primary-vlan-id | trunk primary-vlan-id } secondary-vlan-id ]
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on pr imary VLANs, secondary VLANS, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
Note Beginning with Cisco NX-OS Release 5.0(2)N2(1), the number of mappings on a private-vlan trunk port is limited to 16.
This example shows how to configure the associated primary VLAN 18 to secondary isolated VLAN 20 on a private VLAN promiscuous port:
switch#
configure terminal
switch(config)#
interface ethernet 1/1
switch(config-if)#
switchport mode private-vlan promiscous
switch(config-if)#
switchport private-vlan mapping 18 20
This example shows how to add a VLAN to the association on the promiscuous port:
switch#
configure terminal
switch(config)#
interface ethernet 1/2
switch(config-if)#
switchport mode private-vlan promiscous
switch(config-if)#
switchport private-vlan mapping 18 add 21
This example shows how to configure the associated primary VLAN 30 to secondary isolated VLANs 20-32 on a private VLAN promiscuous trunk port:
switch#
configure terminal
switch(config)#
interface ethernet 1/21
switch(config-if)#
switchport mode private-vlan promiscous trunk
switch(config-if)#
switchport private-vlan mapping trunk 30 20-32
This example shows the error message that appears when you configure the associated primary VLAN 30 to secondary isolated VLANs 50-100 (beyond the total permissible limit of 16 secondary VLANs) on a private VLAN promiscuous trunk port:
switch#
configure terminal
switch(config)#
interface ethernet 1/12
switch(config-if)#
switchport mode private-vlan promiscous trunk
switch(config-if)#
switchport private-vlan mapping trunk 30 50-100
This example shows how to remove all private VLAN associations from the port:
switch#
configure terminal
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport private-vlan mapping
switch(config-if)#
This example shows how to configure the primary VLAN 12 to secondary isolated VLAN 20 on a virtual Ethernet interface host:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Displays the information about the private VLAN mapping for VLAN interfaces or SVIs. |
To configure the allowed VLANs for the private trunk interface, use the switchport private-vlan trunk allowed vlan command. To remove the allowed VLANs, sue the no form of this command.
switchport private-vlan trunk allowed vlan { vlan-list | { add | except | remove } vlan-list | all | none }
no switchport private-vlan trunk allowed vlan vlan-list
Allows only associated VLANs on the private VLAN trunk interface.
|
|
---|---|
The primary VLANs do not need to be explicitly added to the allowed VLAN list. They are added automatically once there is a mapping between primary and secondary VLANs.
This example shows how to add VLANs to the list of allowed VLANs on an Ethernet private VLAN trunk port:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
To configure the native VLAN ID for the private VLAN trunk, use the switchport private-vlan trunk native command. To remove the native VLAN ID from the private VLAN trunk, use the no form of this command.
switchport private-vlan trunk native vlan vlan-list
no switchport private-vlan trunk native vlan vlan-list
Specifies the VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
|
|
---|---|
Secondary VLANs cannot be configured with a native VLAN ID on promiscuous trunk ports. Primary VLANs cannot be configured with a native VLAN ID on isolated trunk ports.
This example shows how to map the secondary VLANs to the primary VLAN:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
To configure the allowed VLANs for a virtual Ethernet interface, use the switchport trunk allowed vlan command. To remove the configuration, use the no form of this command.
switchport trunk allowed vlan {{ add | except | remove } vlan_list | all | none }
no switchport trunk allowed vlan
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
This example shows how to add VLANs to the list of allowed VLANs on a virtual Ethernet interface trunk port:
|
|
---|---|
To configure the native VLAN ID for the virtual Ethernet interface, use the switchport trunk native vlan command. To remove the native VLAN ID from the virtual Ethernet interface, use the no form of this command.
switchport trunk native vlan vlan_ID
no switchport trunk native vlan
VLAN ID of the native VLAN when this port is in trunking mode. The range is from 1 to 4094. |
Interface configuration mode
Virtual Ethernet interface configuration mode
|
|
---|---|
This example shows how to set VLAN 3 as the native trunk port:
|
|
---|---|
To configure the voice VLAN on a port, use the switchport voice vlan command. To remove a voice VLAN, use the no form of this command.
switchport voice vlan { vlan-list | dot1p | untagged }
Specifies that the Cisco IP phone uses priority tagging and uses an 802.1P VLAN ID of 0 for voice traffic. |
|
Specifies that the Cisco IP phone does not tag frames for voice traffic. |
|
|
---|---|
This example shows how to configure VLAN 3 as the voice VLAN:
This example shows how to configure an Ethernet port to send CDP packets that configure the Cisco IP phone to transmit voice traffic in 802.1p frames:
This example shows how to configure an Ethernet port to send CDP packets that configure the Cisco IP phone to transmit untagged voice traffic:
This example shows how to stop voice traffic on an Ethernet port:
To configure a PVLAN FEX trunk on port, use the system private-vlan fex trunk command. To remove the PVLAN FEX trunk ports, use the no form of this command.
no system private-vlan fex trunk
|
|
---|---|
This example shows how to configure PVLAN over a FEX trunk port:
|
|
---|---|
To configure a reserved VLAN range, use the system vlan reserve command. To delete the reserved VLAN range configuration, use the no form of this command.
system vlan vlan-start reserve
no system vlan vlan-start reserve
Starting VLAN ID. 80 VLANs are reserved starting from the start VLAN ID. For example, if you specify the starting VLAN ID as 1006, the reserved VLAN range is from 2006 to 1085. |
|
|
---|---|
The user-configured system reserved VLAN range comes in to effect only after a reload.
This example shows how to configure a reserved VLAN range:
This example shows how to remove the reserved VLAN configuration:
|
|
---|---|