- snmp ifindex clear
- snmp ifindex persist
- snmp-server enable traps
- snmp-server ifindex persist
- snmp-server ifindex persist compress
- snmp trap mac-notification change
- source (netflow-lite exporter submode)
- source-interface
- source-ip-address
- spanning-tree backbonefast
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree bridge assurance
- spanning-tree cost
- spanning-tree etherchannel guard misconfig
- spanning-tree extend system-id
- spanning-tree guard
- spanning-tree link-type
- spanning-tree loopguard default
- spanning-tree mode
- spanning-tree mst
- spanning-tree mst configuration
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst max-age
- spanning-tree mst max-hops
- spanning-tree mst simulate pvst global
- spanning-tree mst simulate pvst (interface configuration mode)
- spanning-tree mst root
- spanning-tree pathcost method
- spanning-tree portfast (interface configuration mode)
- spanning-tree portfast edge bpdufilter default
- spanning-tree portfast edge bpduguard default
- spanning-tree portfast
- spanning-tree port-priority
- spanning-tree uplinkfast
- spanning-tree vlan
- speed
- storm-control
- storm-control broadcast include multicast
- subscribe-to-alert-group all
- subscribe-to-alert-group configuration
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory
- subscribe-to-alert-group syslog
- switch (virtual switch)
- switch convert mode (virtual switch)
- switch virtual domain (virtual switch)
- switch virtual link (virtual switch)
- switchport
- switchport access vlan
- switchport autostate exclude
- switchport block
- switchport mode
- switchport port-security
- switchport private-vlan association trunk
- switchport private-vlan host-association
- switchport private-vlan mapping
- switchport private-vlan trunk allowed vlan
- switchport private-vlan trunk native vlan tag
- switchport trunk
- switchport vlan mapping
- system mtu
- tacacs server
- template data timeout (netflow-lite exporter submode)
- test cable-diagnostics tdr
- traceroute mac
- traceroute mac ip
- transport udp (netflow-lite exporter submode)
- transport udp load-share (netflow-lite exporter submode)
- trust
- ttl (netflow-lite exporter submode)
- tx-queue
- udld (global configuration mode)
- udld (interface configuration mode)
- udld reset
- unidirectional
- use-petr
- username
- verify
- vlan (VLAN Database mode)
- vlan access-map
- vlan configuration
- vlan database
- vlan dot1q tag native
- vlan filter
- vlan group
- vlan internal allocation policy
- vmps reconfirm (global configuration)
- vmps reconfirm (privileged EXEC)
- vmps retry
- vmps server
- vrf (netflow-lite exporter submode)
- vslp interval (virtual switch)
- vtp (global configuration mode)
- vtp client
- vtp domain
- vtp password
- vtp pruning
- vtp server
- vtp transparent
- vtp v2-mode
snmp ifindex clear
To clear any previously configured snmp ifindex commands that were entered for a specific interface, use the snmp ifindex clear command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Interface index persistence occurs when ifIndex values in the interface MIB (IF-MIB) persist across reboots and allow for consistent identification of specific interfaces using SNMP.
Use the snmp ifindex clear command on a specific interface when you want that interface to use the global configuration setting for ifIndex persistence. This command clears any ifIndex configuration commands previously entered for that specific interface.
Examples
The following example shows how to enable ifIndex persistence for all interfaces:
The following example shows how to disable IfIndex persistence for FastEthernet 1/1 only:
The following example shows how to clear the ifIndex configuration from the FastEthernet 1/1 configuration:
As a result of this sequence of commands, ifIndex persistence is enabled for all interfaces that are specified by the snmp-server ifindex persist global configuration command.
Related Commands
snmp ifindex persist
To enable ifIndex values in the Interfaces MIB (IF-MIB) that persist across reboots (ifIndex persistence) on a specific interface, use the snmp ifindex persist command. To disable ifIndex persistence only on a specific interface, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.
The snmp ifindex persist interface configuration command enables and disables ifIndex persistence for individual entries (that correspond to individual interfaces) in the ifIndex table of the IF-MIB.
The snmp-server ifindex persist global configuration command enables and disables ifIndex persistence for all interfaces on the routing device. This action applies only to interfaces that have ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.
Examples
The following example shows how to enable ifIndex persistence for interface FastEthernet 1/1 only:
The following example shows how to enable ifIndex persistence for all interfaces, and then disable ifIndex persistence for interface FastEthernet 1/1 only:
Related Commands
snmp-server enable traps
To enable SNMP notifications (traps or informs), use the snmp-server enable traps command. To disable all SNMP notifications, use the no form of this command.
snmp-server enable traps [ flash [ insertion | removal ] | fru-ctrl | port-security [ trap-rate trap-rate ] | removal | stpx | vlancreate | vlandelete | vtp ] [ mac-notification [ change | move | threshold ]
no snmp-server enable traps [ flash [ insertion | removal ] | fru-ctrl | port-security [ trap-rate trap-rate ] | removal | stpx | vlancreate | vlandelete | vtp ] [ mac-notification ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
If you enter this command without an option, all notification types controlled by this command are enabled.
SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [ traps | informs ] command.
The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send notifications, you must configure at least one snmp-server host command.
This list of the MIBs is used for the traps:
–
insertion —Controls the SNMP Flash insertion trap notifications.
– removal —Controls the SNMP Flash removal trap notifications.
- fru-ctrl— Controls the FRU control traps from the CISCO-ENTITY-FRU-CONTROL-MIB.
- port-security— Controls the port-security traps from the CISCO-PORT-SECURITY-MIB.
- stpx— Controls all the traps from the CISCO-STP-EXTENSIONS-MIB.
- vlancreate— Controls SNMP VLAN created trap notifications.
- vlandelete— Controls SNMP VLAN deleted trap notifications.
- vtp— Controls the VTP traps from the CISCO-VTP-MIB.
Examples
The following example shows how to send all traps to the host is specified by the name myhost.cisco.com using the community string defined as public:
The following example shows how to enable the MAC address change MIB notification:
SNMP traps can be enabled with a rate-limit to detect port-security violations due to restrict mode. The following example shows how to enable traps for port-security with a rate of 5 traps per second:
Related Commands
|
|
|
|---|---|
Clears the dynamic address entries from the Layer 2 MAC address table. |
|
Displays the MAC address table notification status and history. |
|
snmp-server ifindex persist
To globally enable ifIndex values that will remain constant across reboots for use by SNMP, use the snmp-server ifindex persist command. To globally disable inIndex persistence, use the no form of this command.
no snmp-server ifindex persist
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.
The snmp-server ifindex persist global configuration command does not override the interface-specific configuration. To override the interface-specific configuration of ifIndex persistence, enter the no snmp ifindex persist and snmp ifindex clear interface configuration commands.
Entering the no snmp-server ifindex persist global configuration command enables and disables ifIndex persistence for all interfaces on the routing device using ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.
Examples
The following example shows how to enable ifIndex persistence for all interfaces:
Related Commands
snmp-server ifindex persist compress
To configure the format of the ifIndex table in a compressed format, use the snmp-server ifindex persist compress command. To place the table in a decompressed format, use the no form of this command.
snmp-server ifindex persist compress
no snmp-server ifindex persist compress
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
This command is hidden because the ifIndex table is always in a compressed format on those supervisor engines.
Examples
The following example shows how to enable compression of the ifIndex table:
The following example shows how to disable compression of the ifIndex table:
Related Commands
snmp trap mac-notification change
To enable SNMP MAC address notifications, use the snmp trap mac-notification command. To return to the default setting, use the no form of this command.
snmp trap mac-notification change { added | removed }
no snmp trap mac-notification change { added | removed }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Even though you enable the change notification trap for a specific interface by using the snmp trap mac-notification change command, the trap is generated only when you enable the snmp-server enable traps mac-notification change and the mac address-table notification change global configuration commands.
Examples
The following example shows how to enable the MAC notification trap when a MAC address is added to a port:
You can verify your settings by entering the show mac address-table notification change interface privileged EXEC command.
Related Commands
|
|
|
|---|---|
Clears the address entries from the Layer 2 MAC address table. |
|
Displays the MAC address table notification status and history. |
|
source (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a source Layer 3 interface of the NetFlow-lite collector, use the source command. To delete a source address, use the no form of this command.
Syntax Description
Specifies a source Layer 3 interface for a NetFlow-lite exporter. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
One of the mandatory parameters for a minimally configured exporter along with the destination address and the UDP destination port of the collector.
Examples
The following example shows how to specify a source Layer 3 interface of the NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
source-interface
To send out call home email messages with specific source interface, use the source-interface command.
source-interface interface name
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You should configure no shut on an interface and provide a valid IP address before specifying it as a source interface for Call Home. Doing this avoids a connection failure when sending Call Home email messages. You should only specify a source interface name under Call Home if source-ip-address is not specified. You can only specify either a source interface or source-ip-address in call-home mode, not simultaneously.
Examples
The following example shows how to configure source interface for Call Home. Generally, the interface should already be configured with a valid IP address as usually configured for an interface.
Note If Call Home is configured to use http or https as the transport method, you must use ip http client source-interface to configure the source interface for all http clients. You cannot specify a source interface for Call Home http messages only.
Related Commands
|
|
|
|---|---|
Sends out Call Home email messages with specific source IP address. |
source-ip-address
To send out Call Home email messages with specific source IP address, use the source-ip-address command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
It is best to configure no shut an interface with this valid IP address before specifying it as source-ip-address for Call Home. Doing this avoids a connection failure when sending Call Home email messages. You should only specify source-ip-address under Call Home if source-interface is not specified. You can only specify either source interface or source-ip-address in Call Home mode, not both simultaneously.
Examples
The following example shows how to configure source-ip-address for Call Home:
Related Commands
|
|
|
|---|---|
Sends out call home email messages with specific source interface. |
spanning-tree backbonefast
To enable BackboneFast on a spanning-tree VLAN, use the s panning-tree backbonefast command. To disable BackboneFast, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
BackboneFast should be enabled on all Catalyst 4506 series switches to allow the detection of indirect link failures. Enabling BackboneFast starts the spanning-tree reconfiguration more quickly.
Examples
The following example shows how to enable BackboneFast on all VLANs:
Related Commands
|
|
|
|---|---|
Prioritizes an interface when two bridges compete for position as the root bridge. |
|
spanning-tree bpdufilter
To enable BPDU filtering on an interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter { enable | disable }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
Use care when entering the
spanning-tree bpdufilter enable command. Enabling BPDU filtering on an interface is approximately equivalent to disabling the spanning tree for this interface. It is possible to create bridging loops if this command is not correctly used.
When configuring Layer 2 protocol tunneling on all the service provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter enable command.
BPDU filtering allows you to prevent a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:
- spanning-tree bpdufilter enable — This state unconditionally enables the BPDU filter feature on the interface.
- spanning-tree bpdufilter disable — This state unconditionally disables the BPDU filter feature on the interface.
- no spanning-tree bpdufilter — This state enables the BPDU filter feature on the interface if the interface is in operational PortFast state and if the spanning-tree portfast edge bpdufilter default command is configured.
Examples
The following example shows how to enable the BPDU filter feature on this interface:
Related Commands
|
|
|
|---|---|
Enables the BPDU filtering by default on all PortFast ports. |
spanning-tree bpduguard
To enable BPDU guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard { enable | disable }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
BPDU guard is a feature that prevents a port from receiving BPDUs. This feature is typically used in a service provider environment where the administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the ErrDisable state as a protective measure. This command has three states:
- spanning-tree bpduguard enable — This state unconditionally enables BPDU guard on the interface.
- spanning-tree bpduguard disable — This state unconditionally disables BPDU guard on the interface.
- no spanning-tree bpduguard —This state enables BPDU guard on the interface if it is in the operational PortFast state and if the spanning-tree portfast edge bpduguard default command is configured.
Examples
The following example shows how to enable BPDU guard on this interface:
Related Commands
|
|
|
|---|---|
Enables the BPDU filtering by default on all PortFast ports. |
spanning-tree bridge assurance
To enable Bridge Assurance on your network, use the spanning-tree bridge assurance command. To disable the feature, use the no form of the command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This feature protects your network from bridging loops. It monitors the receipt of BPDUs on point-to-point links on all network ports. When a port does not receive BPDUs within the alloted hello time period, the port is put into a blocked state (the same as a port inconsistent state, which stops forwarding of frames). When the port resumes receipt of BPDUs, the port resumes normal spanning tree operations.
By default, Bridge Assurance is enabled on all operational network ports, including alternate and backup ports. If you have configured the spanning-tree portfast network command on all the required ports that are connected Layer 2 switches or bridges, Bridge Assurance is automatically effective on all those network ports.
Only Rapid PVST+ and MST spanning tree protocols support Bridge Assurance. PVST+ does not support Bridge Assurance.
For Bridge Assurance to work properly, it must be supported and configured on both ends of a point-to-point link. If the device on one side of the link has Bridge Assurance enabled and the device on the other side does not, then the connecting port is blocked (a Bridge Assurance inconsistent state). We recommend that you enable Bridge Assurance throughout your network.
To enable Bridge Assurance on a port, BPDU filtering and BPDU Guard must be disabled.
You can enable Bridge Assurance in conjunction with Loop Guard.
You can enable Bridge Assurance in conjunction with Root Guard. The latter is designed to provide a way to enforce the root bridge placement in the network.
Disabling Bridge Assurance causes all configured network ports to behave as normal spanning tree ports.
Use the show spanning-tree summary command to see if the feature is enabled on a port.
Examples
The following example shows how to enable Bridge Assurance on all network ports on the switch, and how to configure a network port:
This example show how to display spanning tree information and verify if Bridge Assurance is enabled. Look for these details in the output:
Related Commands
|
|
|
|---|---|
Globally enables a default state for all ports (whether edge, network, or, normal) |
|
Configures a port type on an individual interface ((whether edge, network, or, normal). |
|
spanning-tree cost
To calculate the path cost of STP on an interface, use the spanning-tree cost command. To revert to the default, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When you configure the cost, the higher values indicate higher costs. The range applies regardless of the protocol type that is specified. The path cost is calculated, based on the interface bandwidth.
Examples
The following example shows how to access an interface and set a path cost value of 250 for the spanning-tree VLAN that is associated with that interface:
Switch(config)# interface fastethernet 2/1
Switch(config-if)# spanning-tree cost 250
Related Commands
|
|
|
|---|---|
Prioritizes an interface when two bridges compete for position as the root bridge. |
|
spanning-tree etherchannel guard misconfig
To display an error message when a loop due to a channel misconfiguration is detected, use the spanning-tree etherchannel guard misconfig command. To disable the feature, use the no form of this command.
spanning-tree etherchannel guard misconfig
no spanning-tree etherchannel guard misconfig
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When an EtherChannel guard misconfiguration is detected, this message is displayed:
To determine which local ports are involved in the misconfiguration, enter the show interfaces status err-disabled command. To verify the EtherChannel configuration on the remote device, enter the show etherchannel summary command on the remote device.
After you correct the configuration, enter the shutdown and the no shutdown commands on the associated port-channel interface.
Examples
The following example shows how to enable the EtherChannel guard misconfiguration feature:
Switch(config)# spanning-tree etherchannel guard misconfig
Switch(config)#
Related Commands
|
|
|
|---|---|
Displays the interface status or a list of interfaces in error-disabled state. |
|
spanning-tree extend system-id
To enable the extended system ID feature on a chassis that supports 1024 MAC addresses, use the spanning-tree extend system-id command. To disable the feature, use the no form of this command.
spanning-tree extend system-id
no spanning-tree extend system-id
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Releases 12.1(13)E and later support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, STP uses the extended system ID plus a MAC address to make the bridge ID unique for each VLAN.
You cannot disable the extended system ID on chassis that support 64 MAC addresses.
Enabling or disabling the extended system ID updates the bridge IDs of all active STP instances, which might change the spanning-tree topology.
Examples
The following example shows how to enable the extended system ID:
Related Commands
|
|
|
|---|---|
spanning-tree guard
To enable root guard, use the spanning-tree guard command. To disable root guard, use the no form of this command.
spanning-tree guard { loop | root | none }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Examples
The following example shows how to enable root guard:
Related Commands
|
|
|
|---|---|
spanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type { point-to-point | shared }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
RSTP+ fast transition works only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.
Examples
The following example shows how to configure the port as a shared link:
Related Commands
|
|
|
|---|---|
spanning-tree loopguard default
To enable loop guard as the default on all ports of a specific bridge, use the spanning-tree loopguard default command. To disable loop guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
Loop guard provides an additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port because of a failure leading to a unidirectional link.
Loop guard operates only on ports that are considered point-to-point by the spanning tree.
Individual loop-guard port configuration overrides this global default.
Examples
The following example shows how to enable loop guard:
Switch(config)# spanning-tree loopguard default
Switch(config)#
Related Commands
|
|
|
|---|---|
spanning-tree mode
To switch between PVST+ and MST modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode { pvst | mst | rapid-pvst }
no spanning-tree mode { pvst | mst | rapid-pvst }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch.. |
|
Usage Guidelines
Be careful when using the
spanning-tree mode command to switch between PVST+ and MST modes. When you enter the command, all spanning-tree instances are stopped for the previous mode and restarted in the new mode. Using this command may cause disruption of user traffic.
Examples
The following example shows how to switch to MST mode:
Switch(config)# spanning-tree mode mst
Switch(config)#
The following example shows how to return to the default mode (PVST):
Switch(config)# no spanning-tree mode
Switch(config)#
Related Commands
|
|
|
|---|---|
spanning-tree mst
To set the path cost and port-priority parameters for any MST instance (including the CIST with instance ID 0), use the spanning-tree mst command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id [ cost cost ] | [ port-priority prio ]
no spanning-tree mst instance-id { cost | port-priority }
Syntax Description
(Optional) Specifies the path cost for an instance; valid values are from 1 to 200000000. |
|
(Optional) Specifies the port priority for an instance; valid values are from 0 to 240 in increments of 16. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The higher cost cost values indicate higher costs. When entering the cost value, do not include a comma in the entry; for example, enter 1000, not 1,000.
The higher port-priority prio values indicate smaller priorities.
By default, the cost depends on the port speed; faster interface speeds indicate smaller costs. MST always uses long path costs.
Examples
The following example shows how to set the interface path cost:
Switch(config-if)# spanning-tree mst 0 cost 17031970
Switch(config-if)#
The following example shows how to set the interface priority:
Switch(config-if)# spanning-tree mst 0 port-priority 64
Switch(config-if)#
Related Commands
|
|
|
|---|---|
Enables an interface when two bridges compete for position as the root bridge. |
spanning-tree mst configuration
To enter the MST configuration submode, use the spanning-tree mst configuration command. To return to the default MST configuration, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The MST configuration consists of three main parameters:
- Instance VLAN mapping (see the instance command)
- Region name (see the name command)
- Configuration revision number (see the revision command)
By default, the value for the MST configuration is the default value for all its parameters.
The abort and exit commands allow you to exit the MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.
The exit command commits all the changes before leaving MST configuration submode. If you do not map the secondary VLANs to the same instance as the associated primary VLAN, when you exit the MST configuration submode, a message displays and lists the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The message is as follows:
The abort command leaves the MST configuration submode without committing any changes.
Whenever you change an MST configuration submode parameter, it can cause a loss of connectivity. To reduce the number of service disruptions, when you enter the MST configuration submode, you are changing a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.
In the unlikely event that two users enter a new configuration at exactly at the same time, this message is displayed:
Switch(config-mst)# exit
Switch(config-mst)#
Examples
The following example shows how to enter the MST configuration submode:
Switch(config)# spanning-tree mst configuration
Switch(config-mst)#
The following example shows how to reset the MST configuration to the default settings:
Switch(config)# no spanning-tree mst configuration
Switch(config)#
Related Commands
|
|
|
|---|---|
spanning-tree mst forward-time
To set the forward delay timer for all the instances, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Syntax Description
Number of seconds to set the forward delay timer for all the instances on the Catalyst 4500 series switch; valid values are from 4 to 30 seconds. |
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Examples
The following example shows how to set the forward-delay timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Syntax Description
Number of seconds to set the hello-time delay timer for all the instances on the Catalyst 4500 series switch; valid values are from 1 to 10 seconds. |
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
Examples
The following example shows how to set the hello-time delay timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst max-age
To set the max-age timer for all the instances, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
Syntax Description
Number of seconds to set the max-age timer for all the instances on the Catalyst 4500 series switch; valid values are from 6 to 40 seconds. |
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Examples
The following example shows how to set the max-age timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst max-hops
To specify the number of possible hops in the region before a BPDU is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hopnumber
Syntax Description
Number of possible hops in the region before a BPDU is discarded; valid values are from 1 to 40 hops. |
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch.. |
Examples
The following example shows how to set the number of possible hops in the region before a BPDU is discarded to 25:
Related Commands
|
|
|
|---|---|
spanning-tree mst simulate pvst global
To enable PVST + simulation globally, use the spanning-tree mst simulate pvst global command. This is enabled by default. To disable PVST+ simulation, use the no form of this command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
This feature configures MST switches (in the same region) to seamlessly interact with PVST+ switches.
Use the show spanning-tree summary command to see if the feature is enabled.
To enable PVST+ simulation on a port, see spanning-tree mst simulate pvst (interface configuration mode).
Examples
The following example shows the spanning tree summary when PVST+ simulation is enabled in the MSTP mode:
The following example shows the spanning tree summary when the switch is not in MSTP mode, that is, the switch is in PVST or Rapid-PVST mode. The output string displays the current STP mode:
Related Commands
|
|
|
|---|---|
spanning-tree mst simulate pvst (interface configuration mode) |
|
spanning-tree mst simulate pvst (interface configuration mode)
To enable PVST + simulation on a port, use the spanning-tree mst simulate pvst command in the interface configuration mode. This is enabled by default. To disable PVST+ simulation, use the no form of this command, or enter the spanning-tree mst simulate pvst disable command.
spanning-tree mst simulate pvst [ disable ]
no spanning-tree mst simulate pvst
Syntax Description
Disables the PVST+ simulation feature. This prevents a port from automatically interoperating with a connecting device that is running Rapid PVST+. |
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
This feature configures MST switches (in the same region) to seamlessly interact with PVST+ switches.
Use the show spanning-tree interface interface-id detail command to see if the feature is enabled.
To enable PVST+ simulation globally, see spanning-tree mst simulate pvst global.
Examples
The following example shows the interface details when PVST+ simulation is explicitly enabled on the port:
The following example shows the interface details when the PVST+ simulation feature is disabled and a PVST Peer inconsistency has been detected on the port:
Related Commands
|
|
|
|---|---|
spanning-tree mst root
To designate the primary root, secondary root, bridge priority, and timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id root { primary | secondary } | { priority prio } [ diameter dia [ hello-time hello ]]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
The bridge priority can be set in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority to 0 to make the switch root.
The spanning-tree root secondary bridge priority value is 16384.
The diameter dia and hello-time hello options are available for instance 0 only.
If you do not specify the hello_time value, the value is calculated from the network diameter.
Examples
The following example shows how to set the priority and timer values for the bridge:
Related Commands
|
|
|
|---|---|
spanning-tree pathcost method
To set the path cost calculation method, use the s panning-tree pathcost method command. To revert to the default setting, use the no form of this command.
spanning-tree pathcost method { long | short }
no s panning-tree pathcost method
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
This command applies to all the spanning-tree instances on the switch.
The long path cost calculation method uses all the 32 bits for path cost calculation and yields values in the range of 1 through 200,000,000.
The short path cost calculation method (16 bits) yields values in the range of 1 through 65,535.
Examples
The following example shows how to set the path cost calculation method to long:
Switch(config) spanning-tree pathcost method long
Switch(config)
The following example shows how to set the path cost calculation method to short:
Switch(config) spanning-tree pathcost method short
Switch(config)
Related Commands
|
|
|
|---|---|
spanning-tree portfast (interface configuration mode)
To configure a port type on an individual interface spanning-tree portfast command. To return to the default setting, use the no form of this command.
spanning-tree portfast { disable | edge [ trunk ] | network }
Syntax Description
(Optional) Configures the port as a normal spanning tree port. |
|
Configures the specified interfaces as an edge port. (Optional) trunk —Configures the trunk port as an edge port. |
|
Command Default
Command Modes
Command History
Usage Guidelines
On any given interface, the type of port you can configure depends on the type of device to which the interface is connected:
- A PortFast edge port—is connected to a Layer 2 host, which can be an access port or an edge trunk port. An edge port is moved directly to the spanning-tree forwarding state when linkup occurs, without waiting for the standard forward-time delay.
Set this port type only on interfaces that connect to end stations (hosts or servers); otherwise, an accidental topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network operation.
Set this port type on interfaces where you want to enable Bridge Assurance (Bridge Assurance is enabled on all network ports by default). If you configure a port that is connected to a Layer 2 host as a spanning tree network port, the port will automatically move into the blocking state.
Using the no spanning-tree portfast interface configuration command resets the interface to the port type you have specified in the spanning-tree portfast global configuration command.
Using the spanning-tree portfast disable command resets the interface to the port type you have specified in the spanning-tree portfast global configuration command.
If you have not configured spanning-tree portfast globally, using the no spanning-tree portfast interface configuration command is equivalent to the spanning-tree portfast disable interface configuration command.
Use the show spanning-tree interface type detail command to know what is configured on a given port.
Examples
The following example shows how to enable edge behavior on GigabitEthernet interface 5/7 and verify configuration:
Switch# configure terminal
Switch(config)# interface fastethernet 5/7
Switch(config-if)# spanning-tree portfast edge
Switch(config-if)# end
Switch#
The following example shows how to configure GigabitEthernet interface 5/8 as a network port and verify configuration:
Related Commands
|
|
|
|---|---|
spanning-tree portfast edge bpdufilter default
To enable the BPDU filtering by default on all PortFast edge ports, use the spanning-tree portfast edge bpdufilter default command. To return to the default settings, use the no form of this command.
spanning-tree portfast edge bpdufilter default
no spanning-tree portfast edge bpdufilter default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
The spanning-tree portfast edge bpdufilter default command enables BPDU filtering globally on the Catalyst 4500 series switch. BPDU filtering prevents a port from sending or receiving any BPDUs.
You can override the effects of the spanning-tree portfast edge bpdufilter default command by configuring BPDU filtering at the interface level.
Note Be careful when enabling BPDU filtering. Functionality is different when enabling on a per-port basis or globally. When enabled globally, BPDU filtering is applied only on ports that are in an operational PortFast state. Ports still send a few BPDUs at linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, it immediately loses its operational PortFast status and BPDU filtering is disabled.
When enabled locally on a port, BPDU filtering prevents the Catalyst 4500 series switch from receiving or sending BPDUs on this port.
Be careful when using this command. This command can cause bridging loops if not used correctly.
Examples
The following example shows how to enable BPDU filtering by default:
Switch(config)# spanning-tree portfast edge bpdufilter default
Switch(config)#
Related Commands
|
|
|
|---|---|
spanning-tree portfast edge bpduguard default
To enable BPDU guard by default on all the PortFast ports, use the spanning-tree portfast edge bpduguard default command. To return to the default settings, use the no form of this command.
spanning-tree portfast edge bpduguard default
no spanning-tree por tfast edge bpd uguard default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Use this command only with the interfaces that connect to the end stations; otherwise, an accidental topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network operation.
BPDU guard disables a port if it receives a BPDU. BPDU guard is applied only on ports that are PortFast enabled and are in an operational PortFast state.
Examples
The following example shows how to enable BPDU guard by default:
Switch(config)# spanning-tree portfast edge bpduguard default
Switch(config)#
Related Commands
|
|
|
|---|---|
spanning-tree portfast
To globally enable a default state for all ports, use the spanning-tree portfast command. To return to the default settings, use the no form of this command, or enter the spanning-tree portfast default command.
spanning-tree portfast { edge | network | normal } default
Syntax Description
Sets the port type that you entered (whether edge , network , or normal) as the default port type on all interfaces. |
Command Default
Command Modes
Command History
Usage Guidelines
On any given interface, the type of port you can configure depends on the type of device to which the interface is connected:
- A PortFast edge port—is connected to a Layer 2 host, which can be an access port or an edge trunk port. An edge port is moved directly to the spanning-tree forwarding state when linkup occurs, without waiting for the standard forward-time delay.
Set this port type only on interfaces that connect to end stations (hosts or servers); otherwise, an accidental topology loop could cause a data packet loop and disrupt the Catalyst 4500 series switch and network operation.
Set this port type on interfaces where you want to enable Bridge Assurance (Bridge Assurance is enabled on all network ports by default). For more information, see the spanning-tree bridge assurance global configuration command.
If you configure a port that is connected to a Layer 2 host as a spanning tree network port, the port will automatically move into the blocking state.
You can configure a port type on individual interfaces using the spanning-tree portfast (interface configuration mode) command.
Examples
The following example shows how to globally configure all access and trunk ports connected to hosts as edge ports:
Related Commands
|
|
|
|---|---|
spanning-tree port-priority
To prioritize an interface when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set resolves the conflict. To revert to the default setting, use the no form of this command.
spanning-tree port-priority port_priority
no spanning-tree port-priority
Syntax Description
Port priority; valid values are from 0 to 240 in increments of 16. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Examples
The following example shows how to increase the possibility that the spanning-tree instance 20 will be chosen as the root-bridge on interface FastEthernet 2/1:
Switch(config-if)# spanning-tree port-priority 0
Switch(config-if)#
Related Commands
|
|
|
|---|---|
spanning-tree uplinkfast
To enable the UplinkFast feature, use the spanning-tree uplinkfast command. To disable UplinkFast, use the no form of this command.
spanning-tree uplinkfast [ max-update-rate packets-per-second ]
no spanning-tree uplinkfast [ max-update-rate ]
Syntax Description
(Optional) Specifies the maximum rate (in packets per second) at which update packets are sent; valid values are from 0 to 65535. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
This command should be used only on access switches.
When UplinkFast is configured, the bridge priority is changed to 49,152 so that this switch will not be selected as root. All interface path costs of all spanning-tree interfaces belonging to the specified spanning-tree instances are also increased by 3000.
When spanning tree detects that the root interface has failed, the UplinkFast feature causes an immediate switchover to an alternate root interface, transitioning the new root interface directly to the forwarding state. During this time, a topology change notification is sent. To minimize the disruption caused by the topology change, a multicast packet is sent to 01-00-0C-CD-CD-CD for each station address in the forwarding bridge except for those associated with the old root interface.
Use the spanning-tree uplinkfast max-update-rate command to enable UplinkFast (if not already enabled) and change the rate at which the update packets are sent. Use the no form of this command to return the default rate of 150 packets per second.
Examples
The following example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:
Switch(config)# spanning-tree uplinkfast
Switch(config)# spanning-tree uplinkfast max-update-rate 200
Related Commands
|
|
|
|---|---|
Prioritizes an interface when two bridges compete for position as the root bridge. |
|
spanning-tree vlan
To configure STP on a per-VLAN basis, use the spanning-tree vlan command. To return to the default value, use the no form of this command.
spanning-tree vlan vlan_id [ forward-time seconds | hello-time seconds | max-age seconds | priority priority | protocol protocol | root { primary | secondary } [ diameter net-diameter [ hello-time seconds ]]]
no spanning-tree vlan vlan_id [ forward-time | hello-time | max-age | priority | root ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
When you are setting the max-age seconds value , if a bridge does not hear BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary command alters the switch bridge priority to 8192. If you enter the spanning-tree root primary command and the switch does not become root, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch does not become root, an error will result.
The spanning-tree root secondary command alters the switch bridge priority to 16384. If the root switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on backbone switches only.
Examples
The following example shows how to enable spanning tree on VLAN 200:
Switch(config)# spanning-tree vlan 200
Switch(config)#
The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
Switch(config)# spanning-tree vlan 10 root primary diameter 4
Switch(config)#
The following example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
Switch(config)# spanning-tree vlan 10 root secondary diameter 4
Switch(config)#
Related Commands
|
|
|
|---|---|
Prioritizes an interface when two bridges compete for position as the root bridge. |
|
speed
To configure the interface speed, use the speed command. To disable a speed setting, use the no form of this command.
speed { 10 | 100 | 1000 | auto [ 10 | 100 | 1000 ] | nonegotiate }
Syntax Description
Enables the interface to autonegotiate the speed and specify the exact values to advertise when autonegotiating. |
|
Command Default
The default values are shown in the following table:
|
|
|
|
|---|---|---|
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
Table 2-39 lists the supported command options by interface.
If you configure the interface speed and duplex commands manually and enter a value other than
speed auto (for example, 10 or 100 Mbps), make sure that you configure the connecting interface speed command to a matching speed but do not use the auto param eter.
When manually configuring the interface speed to either 10 or 100 Mbps, the switch prompts you to also configure duplex mode on the interface.
Note Catalyst 4506 switches cannot automatically negotiate the interface speed and the duplex mode if either connecting interface is configured to a value other than auto.
Changing the interface speed and the duplex mode configuration might shut down and reenable the interface during the reconfiguration.
Table 2-40 describes the system’s performance for different combinations of the duplex and speed modes. The specified duplex command that is configured with the specified speed command produces the resulting system action.
|
|
|
|
|---|---|---|
Examples
The following example shows how to set the interface speed to 100 Mbps on the Fast Ethernet interface 5/4:
The following example shows how to allow Fast Ethernet interface 5/4 to autonegotiate the speed and duplex mode:
Note The speed auto 10 100 command is similar to the speed auto command on a Fast Ethernet interface.
The following example shows how to limit the interface speed to 10 and 100 Mbps on the Gigabit Ethernet interface 1/1 in auto-negotiation mode:
The following example shows how to limit the speed negotiation to 100 Mbps on the Gigabit Ethernet interface 1/1:
Related Commands
|
|
|
|---|---|
Configures an interface type and enter interface configuration mode. |
|
storm-control
To enable broadcast storm control on a port and to specify what is to be done when a storm occurs on a port, use the storm-control interface configuration command. To disable storm control for the broadcast traffic and to disable a specified storm control action, use the no form of this command.
storm-control { broadcast { high-level | bps bps [ k | m | g ] | pps pps [ k | m | g ]} | action { shutdown | trap }}
no storm-control { broadcast level | action { shutdown | trap }}
Syntax Description
Command Default
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Enter the storm-control broadcast level command to enable traffic storm control on the interface, configure the traffic storm control level, and apply the traffic storm control level to the broadcast traffic on the interface.
The switch supports broadcast traffic storm control on all LAN ports.
The period is required when you enter the fractional suppression level.
The suppression level is entered as a percentage of the total bandwidth. A threshold value of 100 percent indicates that no limit is placed on traffic. A value of 0.0 means that all specified traffic on that port is blocked.
Enter the show interfaces counters storm-control command to display the discard count.
Enter the show running-config command to display the enabled suppression mode and level setting.
To turn off suppression for the specified traffic type, you can do one of the following:
- Set the high-level value to 100 percent for the specified traffic type.
- Use the no form of this command.
The lower level is ignored for the interfaces that perform storm control in the hardware.
Examples
The following example shows how to enable broadcast storm control in a port with a 75.67 percent rising suppression level:
The following example shows how to disable a port during a storm:
The following example shows how to disable storm control on a port:
The following example shows how to disable storm control by setting the high level to 100 percent:
Related Commands
|
|
|
|---|---|
storm-control broadcast include multicast
To enable multicast storm control on a port, use the storm-control broadcast include multicast command. To disable multicast storm control, use the no form of this command.
storm-control broadcast include multicast
no storm-control broadcast include multicast
Syntax Description
Command Default
Command Modes
Global configuration mode (config)
Interface configuration mode on Catalyst 4900M, Catalyst 4948E, Catalyst 4948E-F, Supervisor Engines 6-E, 6L-E, 7-E, 7L-E, and 8-E.
Command History
Usage Guidelines
This command prompts the hardware to filter multicast packets if it is already filtering broadcast packets.
When you specify threshold levels for traffic as a percentage of the bandwidth or in bps, the traffic that is suppressed is a combined rate of multicast and broadcast traffic that exceeds the threshold (if the action is filtering).
When you specify threshold levels for traffic in pps, the rate at which traffic is suppressed is considered separately for broadcast and multicast traffic, and the storm action (if the action is filtering) is taken separately.
The switch supports per-interface multicas t suppression. When you enable multicast suppression on an interface, you subject incoming (multicast and broadcast) traffic on that interface to suppression.
Examples
The following example shows how to enable multicast storm control globally:
The following example shows how to enable per-port Multicast storm control on a Supervisor Engine 6-E:
Related Commands
|
|
|
|---|---|
Enables broadcast storm control on a port and and specifies what to do when a storm occurs on a port. |
subscribe-to-alert-group all
To subscribe to all available alert groups, use the subscribe-to-alert-group all command.
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
Examples
The following example shows how to subscribe to all available alert groups:
Related Commands
subscribe-to-alert-group configuration
To subscribe a destination profile to the Configuration alert group, use the
subscribe-to-alert-group configuration command.
subscribe-to-alert-group configuration [periodic {daily hh:mm | monthly date hh:mm | weekly day hh:mm}]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
The Configuration alert group can be configured for periodic notification.
Examples
The following example shows how to configure periodic "configuration" alert-group:
Related Commands
subscribe-to-alert-group diagnostic
To subscribe a destination profile to the Diagnostic alert group, use the subscribe-to-alert-group diagnostic command.
subscribe-to-alert-group diagnostic [severity catastrophic | disaster | fatal | critical | major | minor | warning | notification | normal | debugging]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
Examples
The following example shows how to configure the "diagnostic" alert-group with "normal" severity:
Related Commands
subscribe-to-alert-group environment
To subscribe a destination profile to the Environment alert group, use the
subscribe-to-alert-group environment command.
subscribe-to-alert-group environment [severity catastrophic | disaster | fatal | critical | major | minor | warning | notification | normal | debugging]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
The Environment alert group can be configured to filter messages based on severity.
Examples
The following example shows how to configure the "environmental" alert-group with "severity notification":
Related Commands
subscribe-to-alert-group inventory
To subscribe a destination profile to the Inventory alert group, use the
subscribe-to-alert-group inventory command.
subscribe-to-alert-group inventory [periodic {daily hh:mm | monthly date hh:mm |
weekly day hh:mm}]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
The Inventory alert group can be configured for periodic notification.
Examples
The following example shows how to configure the Inventory alert group with periodic daily alert at 21:12":
Related Commands
subscribe-to-alert-group syslog
To subscribe this destination profile to the Syslog alert group, use the
subscribe-to-alert-group syslog command.
subscribe-to-alert-group syslog [severity catastrophic | disaster | fatal | critical | major | minor | warning | notification | normal | debugging | pattern string]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
To enter profile call-home configuration submode, use the profile command in call-home configuration mode.
You can configure the Syslog alert group can be configured to filter messages based on severity by specifying a pattern to be matched in the syslog message. If the pattern contains spaces, you must enclose it in quotes (“”).
Examples
The following example shows how to configure the syslog alert group with severity notification:
Related Commands
switch (virtual switch)
To assign a switch number, use the switch command in virtual switch domain configuration submode.
switch num [preempt delay | priority priority-value]
Syntax Description
Command Default
Command Modes
Virtual switch domain configuration submode (config-vs-domain)
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You must set the virtual domain name and the switch number prior to converting the chassis into a virtual switch. You cannot configure the switch number after the chassis is in virtual switch mode.
When you boot the virtual switch, the role resolution logic validates that the chassis numbers in the two chassis diffe.
When you configure preempt, the switch with the highest priority assumes the active role during role negotiation.
Examples
The following example shows how to assign a switch number and to configure the virtual switch domain:
Related Commands
|
|
|
|---|---|
Configures the virtual switch domain number and enter the virtual switch domain configuration submode. |
switch convert mode (virtual switch)
To select the switch mode, use the switch convert mode command in privileged EXEC mode.
switch convert mode {easy-virtual-switch | stand-alone | virtual}
Syntax Description
Specifies execution on the standalone switch, which will be made the master, and switches to easy-vss mode. |
|
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
You must reboot both switches when you convert a switch to virtual switch mode.
You execute the switch convert mode easy-virtual-switch command on the Catalyst 4500 switch intended as the “master” after the switch boots and comes up as VSS. In the easy-vss sub-exec mode, you specify the local interfaces [of the switch where the command is executed] that you want to select as a VSL interface.
In a VSS, the interface naming convention includes the switch number. For example, you must use switch/module/port to specify a port on a switching module. The switch convert mode virtual command converts the configuration file to use the VSS naming convention, and saves a backup copy of the file in the RP bootflash.
Note After you confirm the command (with yes at the prompt), the switch converts the configuration file and restarts both chassis. Subsequently, the chassis is in virtual switch mode and you must specify interfaces with three identifiers (switch/module/port).
A no form of this command does not exist. You must specify either stand-alone or virtual mode.
You can enter the switch convert mode virtual command only after the standby switch is fully operational (in hot standby mode). If you enter the command before the standby switch is fully operational, a message is displayed telling you to try again later.
Note If you have configured your config-register with a value that would skip file parsing during the bootup process, your change to either a standalone or virtual switch will not take place until you reconfigure your config-register. The config-register must be allowed to parse files to ensure a conversion from either a standalone or virtual switch.
Examples
The following example shows how to converts a switch to the “master” after the switch boots and comes up as VSS. In the easy-vss sub-exec mode, you specify the local interfaces GigabitEthernet3/5 [of the switch where the command is executed] that you want to select as a VSL interface:
The following example shows how to configure a device in the distribution layer as a standalone switch that has a switch number of 1:
switch virtual domain (virtual switch)
To configure the virtual switch domain number and enter the virtual switch domain configuration submode, use the switch virtual domain command in global configuration mode.
Syntax Description
Specifies the virtual switch domain number. Range: 1 to 255. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When you enter the switch virtual domain command, you enter the virtual switch domain configuration submode, and the prompt changes to Router1(config-vs-domain)#. Within the virtual switch domain configuration submode, the following commands are available:
- default—Sets a command to its defaults.
- exit—Exits the virtual-switch-domain-mode and returns to the global configuration mode.
- no—Negates a command or set its defaults.
- switch num—Assigns the switch number. See the switch (virtual switch) command for additional information.
You must configure the same virtual switch domain number on both chassis of the virtual switch. The virtual switch domain is a number between 1 and 255, and must be unique for each virtual switch in your network.
Note The domain identification takes effect only after you enter the switch convert mode virtual command.
Note The switch number is not stored in the startup or running configuration, because both chassis use the same configuration file (but must not have the same switch number).
Examples
The following example shows how to configure the virtual switch number and virtual switch domain on two switches:
Related Commands
|
|
|
|---|---|
Assigns a switch number and enters virtual switch domain configuration submode. |
switch virtual link (virtual switch)
To associate a switch to an interface, use the switch virtual link command in interface configuration mode.
switch virutal link switch-number
Syntax Description
Command Default
Command Modes
Interface configuration (config-if)
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The virtual switch link (VSL) is configured with a unique port channel on each chassis. You must add the VSL physical ports to the port channel. The VSL channel group must contain a minimum of two ports.
Examples
The following example shows how to associate switch 2 to a port channel:
switchport
To modify the switching characteristics of a Layer 2 switch interface, use the switchport command. To return the interface to the routed-interface status and cause all further Layer 2 configuration to be erased, use the no form of this command without parameters.
switchport [ access vlan { vlan_num | name vlan_name }] | [ nonegotiate ] | [ voice vlan { vlan-id | dot1p | name vlan_name | none | untagged }]
no switchport [ access vlan | nonegotiate | voice vlan ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
The no switchport command shuts the port down and then reenables it, which may generate messages on the device to which the port is connected.
The no form of the switchport access command resets the access mode VLAN to the appropriate default VLAN for the device. The no form of the switchport nonegotiate command removes the nonegotiate status.
When you are using the nonegotiate keyword, DISL/DTP negotiation packets will not be sent on the interface. The device will trunk or not trunk according to the mode parameter given: access or trunk. This command will return an error if you attempt to execute it in dynamic (auto or desirable) mode.
The voice VLAN is automatically set to VLAN 1 unless you use one of the optional keywords.
If you use the switchport voice vlan command for an interface, the interface cannot join a port channel.
When you use the switchport voice vlan command, the output for the show running-config command changes to show the voice VLAN set.
Before you configure the switchport voice vlan name command, note the following:
Examples
The following example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:
Switch(config-if)# switchport
Switch(config-if)#
The following example shows how to cause a port interface in access mode, which is configured as a switched interface, to operate in VLAN 2:
Switch(config-if)# switchport access vlan 2
Switch(config-if)#
The following example shows how to cause a port interface, which is configured as a switched interface, to refrain from negotiating in trunking mode and act as a trunk or access port (depending on the mode set):
Switch(config-if)# switchport nonegotiate
Switch(config-if)#
The following example shows how to set the voice VLAN for the interface to VLAN 2:
The following example shows how to set the voice VLAN for the interface to VLAN test.
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
switchport access vlan
To set the VLAN when an interface is in access mode, use the switchport access vlan command. To reset the access mode VLAN to the appropriate default VLAN for the device, use the no form of this command.
switchport access [ vlan { vlan-id | dynamic | name vlan_name }]
Syntax Description
(Optional) Number of the VLAN on the interface in access mode. Valid values are from 1 to 4094. |
|
(Optional) Name of the VLAN on the interface, in access mode. You can enter up to 128 characters. |
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
|
Option to specify an access VLAN name. The name keyword was added. |
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport access vlan command. This action is required only if you have not already entered the switchport command for the interface.
Entering the no switchport command shuts the port down and then reenables it, which could generate messages on the device to which the port is connected.
The no form of the switchport access vlan com mand resets the access mode VLAN to the appropriate default VLAN for the device.
Before you configure the switchport access vlan name command, note the following:
Examples
The following example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:
Switch(config-if)# switchport
Switch(config-if)#
Note This command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.
The following example shows how to cause a port interface that has already been configured as a switched interface to operate in VLAN 2 instead of the platform’s default VLAN when in access mode:
Switch(config-if)# switchport access vlan 2
Switch(config-if)#
The following example shows how to first populate the VLAN database by associating a VLAN ID with a VLAN name, and then setting the VLAN (using the name) on an interface, in the access mode:
Part 1—Making the entry in the VLAN database:
Part 2—Checking the VLAN database
Part 3—Setting the VLAN on the interface, by using the name test.
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
switchport autostate exclude
To exclude a port from the VLAN interface link-up calculation, use the switchport autostate exclude command. To return to the default settings, use the no form of this command.
no switchport autostate exclude
Syntax Description
Command Default
All ports are included in the VLAN interface link-up calculation.
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport autostate exclude command. This action is required only if you have not entered the switchport command for the interface.
Note The switchport command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.
The switchport autostate exclude command marks the port to be excluded from the interface VLAN up calculation when there are multiple ports in the VLAN.
The show interface interface switchport command displays the autostate mode if the mode has been set. If the mode has not been set, the autostate mode is not displayed.
Examples
The following example shows how to exclude a port from the VLAN interface link-up calculation:
Switch(config-if)# switchport autostate exclude
Switch(config-if)#
The following example shows how to include a port in the VLAN interface link-up calculation:
Switch(config-if)# no switchport autostate exclude
Switch(config-if)#
You can verify your settings by entering the show interfaces switchport privileged EXEC command.
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
switchport block
To prevent the unknown multicast or unicast packets from being forwarded, use the switchport block interface configuration command. To allow the unknown multicast or unicast packets to be forwarded, use the no form of this command.
switchport block { multicast | unicast }
no switchport block { multicast | unicast }
Syntax Description
Specifies that the unknown multicast traffic should be blocked. |
|
Specifies that the unknown unicast traffic should be blocked. |
Command Default
Unknown multicast and unicast traffic are not blocked.
All traffic with unknown MAC addresses is sent to all ports.
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You can block the unknown multicast or unicast traffic on the switch ports.
Blocking the unknown multicast or unicast traffic is not automatically enabled on the switch ports; you must explicitly configure it.
Note For more information about blocking the packets, refer to the software configuration guide for this release.
Examples
The following example shows how to block the unknown multicast traffic on an interface:
You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command.
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
switchport mode
To set the interface type, use the switchport mode command. To reset the mode to the appropriate default mode for the device, use the no form of this command.
switchport mode { access | dot1q-tunnel | trunk | dynamic { auto | desirable }}
switchport mode private-vlan { host | promiscuous | trunk promiscuous | trunk [ secondary ]}
no switchport mode dot1q-tunnel
no switchport mode private-vlan
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch.. |
|
Usage Guidelines
If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not approve the change.
If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the link into a trunk link even if the neighboring interface does not approve the change.
If you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode.
If you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
If you specify the dot1q-tunnel keyword, the port is set unconditionally as an 802.1Q tunnel port.
The port becomes inactive if you configure it as a private VLAN trunk port and one of the following applies:
- The port does not have a valid PVLAN association.
- The port does not have valid allowed normal VLANs.
If a private port PVLAN association or mapping is deleted, or if a private port is configured as a SPAN destination, it becomes inactive.
Examples
The following example shows how to set the interface to dynamic desirable mode:
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)#
The following example shows how to set a port to PVLAN host mode:
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)#
The following example shows how to set a port to private VLAN trunk:
Switch(config-if)# switchport mode private-vlan trunk
Switch(config-if)#
The following example shows how to configure a port for an 802.1Q tunnel port:
Switch(config-if)#
The following example shows how to configure a promiscuous trunk port:
The following example shows how to configure an isolated trunk port:
You can verify your settings by entering the show interfaces switchport command and examining information in the Administrative Mode and Operational Mode rows.
The following example shows how to configure interface FastEthernet 5/2 as a PVLAN promiscuous port, map it to a PVLAN, and verify the configuration:
The following example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the configuration:
The following example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify the configuration:
Switch(config-if)#
The following example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to verify the configuration:
Switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
Defines a PVLAN association for an isolated or community port. |
|
switchport port-security
To enable port security on an interface, use the switchport port-security command. To disable port security and set parameters to their default states, use the no form of this command.
switchport port-security [ aging { static | time time | type { absolute | inactivity }} |
limit rate invalid-source-mac [ N | none ] | mac-address mac-address [ vlan { access | voice } | mac-address sticky [ mac-address ] [ vlan access | voice ] | maximum valu e [ vlan { access | voice } | violation { restrict | shutdown | shutdown vlan }]
no switchport port-security [ aging { static | time time | type { absolute | inactivity }} |
limit rate invalid-source-mac [ N | none ] | mac-address mac-address [ vlan { access | voice } | mac-address sticky [ mac-address ] [ vlan access | voice ] | maximum valu e [ vlan { access | voice } | violation { restrict | shutdown | shutdown vlan }]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
After you set the maximum number of secure MAC addresses that are allowed on a port, you can add secure addresses to the address table by manually configuring them, by allowing the port to dynamically configure them, or by configuring some MAC addresses and allowing the rest to be dynamically configured.
The packets are dropped into the hardware when the maximum number of secure MAC addresses are in the address table and a station that does not have a MAC address in the address table attempts to access the interface.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you set the maximum allowed secure addresses on the port to more than 1.
You cannot configure static secure MAC addresses in the voice VLAN.
A secure port has the following limitations:
- A secure port cannot be a dynamic access port or a trunk port.
- A secure port cannot be a routed port.
- A secure port cannot be a protected port.
- A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
- A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
When a secure port is in the error-disabled state, you can remove it from this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. If a port is is disabled, you can also use the clear errdisable command to re-enable the offending VLAN on the port.
To enable secure address aging for a particular port, set the aging time to a value other than 0 for that port.
To allow limited time access to particular secure addresses, set the aging type as absolute. When the aging time lapses, the secure addresses are deleted.
To allow continuous access to a limited number of secure addresses, set the aging type as inactivity. This action removes the secure address when it becomes inactive, and other addresses can become secure.
To allow unlimited access to a secure address, configure it as a secure address, and disable aging for the statically configured secure address by using the no switchport port-security aging static interface configuration command.
If the sticky command is executed without a MAC address specified, all MAC addresses that are learned on that port will be made sticky. You can also specify a specific MAC address to be a sticky address by entering the sticky keyword next to it.
You can configure the sticky feature even when port security is not enabled on the interface. The feature becomes operational when you enable port security on the interface.
You can use the no form of the sticky command only if the sticky feature is already enabled on the interface.
Examples
The following example shows how to set the aging time to 2 hours (120 minutes) for the secure addresses on the Fast Ethernet port 12:
The following example shows how to set the aging timer type to Inactivity for the secure addresses on the Fast Ethernet port 12:
The following example shows how to configure rate limit for invalid source packets on Fast Ethernet port 12:
The following example shows how to configure rate limit for invalid source packets on Fast Ethernet port 12:
You can verify the settings for all secure ports or the specified port by using the show port-security privileged EXEC command.
The following example shows how to remove all sticky and static addresses that are configured on the interface:
The following example shows how to configure a secure MAC address on Fast Ethernet port 12:
The following example shows how to make all MAC addresses learned on Fast Ethernet port 12 sticky:
The following example shows how to make MAC address 1000.2000.3000 sticky on Fast Ethernet port 12:
The following example shows how to disable the sticky feature on Fast Ethernet port 12:
Note This command makes all sticky addresses on this interface normal learned entries. It does not delete the entries from the secure MAC address table.
Note The following examples show how to configure sticky secure MAC addresses in access and voice VLANs on interfaces with voice VLAN configured. If you do not have voice VLAN configured the
vlan [access | voice] keywords are not supported.
The following example shows how to configure sticky MAC addresses for voice and data VLANs on Fast Ethernet interface 5/1 and to verify the configuration:
The following example shows how to designate a maximum of one MAC address for a voice VLAN (for a Cisco IP Phone, let’s say) and one MAC address for the data VLAN (for a PC, let’s say) on Fast Ethernet interface 5/1 and to verify the configuration:
The following example shows how to configure a port to shut down only the VLAN if a violation occurs:
Note Sending traffic to the ports causes the system to configure the port with sticky secure addresses.
You can verify your settings by using the show port-security address privileged EXEC command.
Related Commands
switchport private-vlan association trunk
To configure the association between a secondary VLAN and a VLAN on a private VLAN trunk port, use the switchport private-vlan association trunk command. To remove the private VLAN mapping from the port, use the no form of this command.
switchport private-vlan association trunk { primary-vlan-id } { secondary-vlan-id }
no switchport private-vlan association trunk { primary-vlan-id }
Syntax Description
Number of the primary VLAN of the private VLAN relationship. |
|
Number of the secondary VLAN of the private VLAN relationship. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
Multiple private VLAN pairs can be specified so that a private VLAN trunk port can carry multiple secondary VLANs. If an association is specified for the existing primary VLAN, the existing association is replaced.
Only isolated secondary VLANs can be carried over a private VLAN trunk.
Note Community secondary VLANs on a private VLAN trunk are not supported in this release.
If there is no trunk association, any packets received on the secondary VLANs are dropped.
Examples
The following example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):
The following example shows how to remove the private VLAN association from the port:
Switch(config-if)# no switchport private-vlan association trunk 18
Switch(config-if)#
The following example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify the configuration:
Switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
switchport private-vlan host-association
To define a PVLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the PVLAN mapping from the port, use the no form of this command.
switchport private-vlan host-association { primary-vlan-id } { secondary-vlan-id }
no switchport private-vlan host-association
Syntax Description
Number of the primary VLAN of the PVLAN relationship; valid values are from 1 to 4094. |
|
Number of the secondary VLAN of the private VLAN relationship; valid values are from 1 to 4094. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
There is no runtime effect on the port unless it is in PVLAN host mode. If the port is in PVLAN host mode but all VLANs do not exist, the command is allowed, but the port is made inactive.
Examples
The following example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):
Switch(config-if)# switchport private-vlan host-association 18 20
Switch(config-if)#
The following example shows how to remove the PVLAN association from the port:
Switch(config-if)# no switchport private-vlan host-association
Switch(config-if)#
The following example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the configuration:
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
switchport private-vlan mapping
To define private VLAN mapping for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping { primary-vlan-id } { secondary-vlan-list } | { add secondary-vlan-list } | { remove secondary-vlan-list }
switchport private-vlan mapping trunk { primary-vlan-id } [ add | remove ] secondary-vlan-list
no switchport private-vlan mapping [ trunk ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
There is no run-time effect on the port unless it is in private VLAN promiscuous mode. If the port is in private VLAN promiscuous mode but the VLANs do not exist, the command is allowed, but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
Note The maximum number of unique private VLAN pairs supported by the switchport private-vlan mapping trunk command above is 500. For example, one thousand secondary VLANs could map to one primary VLAN, or one thousand secondary VLANs could map one to one to one thousand primary VLANs.
Examples
The following example shows how to configure the mapping of primary VLAN 18 to the secondary isolated VLAN 20 on a port:
Switch(config-if)# switchport private-vlan mapping 18 20
Switch(config-if)#
The following example shows how to add a VLAN to the mapping:
Switch(config-if)# switchport private-vlan mapping 18 add 21
Switch(config-if)#
The following example shows how to add a range of secondary VLANs to the mapping:
The following example shows how to add a range of secondary VLANs to the trunk mapping:
The following example shows how to configure interface FastEthernet 5/2 as a PVLAN promiscuous port, map it to a PVLAN, and verify the configuration:
The following example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to verify the configuration:
Switch(config-if)#
Related Commands
|
|
|
|---|---|
switchport private-vlan trunk allowed vlan
To configure a list of the allowed normal VLANs on a private VLAN trunk port, use the switchport private-vlan trunk allowed vlan command. To remove all the allowed normal VLANs from a private VLAN trunk port, use the no form of this command.
switchport private-vlan trunk allowed vlan { vlan-list } all | none | [ add | remove | except ] vlan_atom [,vlan_atom... ]
no switchport private-vlan trunk allowed vlan
Syntax Description
Command Default
All allowed normal VLANs are removed from a private VLAN trunk port.
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
By default, no normal VLANs are allowed unless you explicitly configure the VLANs to be allowed.
Use this command only for normal VLANs on a private VLAN trunk port.
Use the switchport private-vlan association trunk command to configure a port that can carry private VLANs on a private VLAN trunk port.
Examples
The following example shows how to configure the private VLAN trunk port that carries normal VLANs 1 to10:
Switch(config-if)# switchport private-vlan trunk allowed vlan 1-10
Switch(config-if)#
The following example shows how to remove all the allowed normal VLANs from a private VLAN trunk port:
Switch(config-if)# no switchport private-vlan trunk allowed vlan
Switch(config-if)#
The following example shows how to configure interface FastEthernet 5/2 as a secondary trunk port, and verify the configuration:
Switch(config-if)#
The following example shows how to configure interface FastEthernet 5/2 as a promiscuous trunk port and to verify the configuration:
Switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
switchport private-vlan trunk native vlan tag
To control the tagging of the native VLAN traffic on 802.1Q private VLAN trunks, use the switchport private-vlan trunk native vlan tag command. To remove the control of tagging (and default to the global setting), use the no form of this command.
switchport private-vlan trunk native vlan tag
no switchport private-vlan trunk native vlan tag
Syntax Description
Command Default
The default setting is global; the settings on the port are determined by the global setting.
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
The configuration created with this command only applies to ports that are configured as private VLAN trunks.
Examples
The following example shows how to enable 802.1Q native VLAN tagging on a PVLAN trunk:
Switch(config-if)# switchport private-vlan trunk native vlan tag
Switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
|
switchport trunk
To set the trunk characteristics when an interface is in trunking mode, use the switchport trunk command. To reset all of the trunking characteristics back to the original defaults, use the no form of this command.
switchport trunk native vlan { tag | vlan_id }
no switchport trunk native vlan { tag | vlan_id }
switchport trunk allowed vlan vlan_list
no switchport trunk allowed vlan vlan_list
switchport trunk pruning vlan vlan_list
no switchport trunk pruning vlan vlan_list
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch.. |
|
Usage Guidelines
The vlan_list format is all | none | [ add | remove | except ] vlan_atom [,vlan_atom... ], where:
- all specifies all VLANs from 1 to 4094. This keyword is not supported on commands that do not permit all VLANs in the list to be set at the same time.
- none indicates an empty list. This keyword is not supported on commands that require certain VLANs to be set or at least one VLAN to be set.
- add adds the defined list of VLANs to those currently set, instead of replacing the list.
- remove removes the defined list of VLANs from those currently set, instead of replacing the list.
- except lists the VLANs that should be calculated by inverting the defined list of VLANs.
- vlan_atom is either a single VLAN number from 1 to 4094 or a continuous range of VLANs described by two VLAN numbers (the lesser one first, separated by a hyphen).
The no form of the native vlan command res ets the native mode VLAN to the appropriate default VLAN for the device.
The no form of the allowed vlan command resets the list to the default list, which allows all VLANs.
The no form of the pruning vlan command resets the list to the default list, which enables all VLANs for VTP pruning.
These configuration guidelines and restrictions apply when using 802.1Q trunks and impose some limitations on the trunking strategy for a network:
- When connecting Cisco switches through an 802.1Q trunk, make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.
- Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree on every VLAN in the network. Make sure that your network is free of physical loops before disabling spanning tree.
- When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree BPDUs on each VLAN that is allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved 802.1d spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved SSTP multicast MAC address (01-00-0c-cc-cc-cd).
- Non-Cisco 802.1Q switches maintain only a single instance of spanning tree (MST) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the MST of the non-Cisco switch and the native VLAN spanning tree of the Cisco switch combine to form a single spanning-tree topology known as the CST.
- Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on the VLANs other than the native VLAN of the trunk, non-Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Cisco switches connected to the non-Cisco 802.1Q network receive these flooded BPDUs. Because Cisco switches receive the flooded BPDUs, the switches can maintain a per-VLAN spanning-tree topology across a network of non-Cisco 802.1Q switches. The non-Cisco 802.1Q network separating the Cisco switches is treated as a single broadcast segment between all switches that are connected to the non-Cisco 802.1Q network through the 802.1Q trunks.
- Ensure that the native VLAN is the same on all of the 802.1Q trunks connecting the Cisco switches to the non-Cisco 802.1Q network.
- If you are connecting multiple Cisco switches to a non-Cisco 802.1Q network, all of the connections must be through the 802.1Q trunks. You cannot connect Cisco switches to a non-Cisco 802.1Q network through the ISL trunks or through the access ports. This action causes the switch to place the ISL trunk port or access port into the spanning-tree “port inconsistent” state and no traffic will pass through the port.
Follow these guidelines for native VLAN tagging:
- The no switchport trunk native vlan tag command disables the native VLAN tagging operation on a port. This overrides the global tagging configuration.
- The switchport trunk native vlan tag command can be used to reenable tagging on a disabled port.
- The no option is saved to NVRAM so that the user does not have to manually select the ports to disable the tagging operation each time that the switch reboots.
- When the switchport trunk native vlan tag command is enabled and active, all packets on the native VLAN are tagged, and incoming untagged data packets are dropped. Untagged control packets are accepted.
Examples
The following example shows how to cause a port interface that is configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)#
The following example shows how to enable 802.1Q tagging on a port:
Switch(config-if)# switchport trunk native vlan tag
Switch(config-if)#
The following example shows how to configure a secure MAC-address and a maximum limit of secure MAC addresses on Gigabit Ethernet port 1 for all VLANs:
The following example shows how to configure a secure MAC-address on Gigabit Ethernet port 1 in a specific VLAN or range of VLANs:
The following example shows how to configure a secure MAC-address in a VLAN on Gigabit Ethernet port 1:
You can verify your settings by using the show port-security interface vlan privileged EXEC command.
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
switchport vlan mapping
To configure VLAN mapping on a trunk port, including one-to-one VLAN mapping, traditional IEEE 802.1Q tunneling (Q-in-Q) mapping, and selective Q-in-Q mapping, use the switchport vlan mapping interface configuration command. To disable configuration, use the no form of the command.
switchport vlan mapping original-vlan -id { translated-id | dot1q tunnel outer vlan-id } | default { dot1q tunnel outer vlan-id | drop }
no switchport vlan mapping original-vlan -id { translated-id | dot1q tunnel outer vlan-id } | default { dot1q tunnel outer vlan-id | drop }
no switchport vlan mapping all
Syntax Description
Command Default
Command Modes
Interface configuration (config-if)
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 Series switch. |
|
The no switchport vlan mapping default drop command was added. |
Usage Guidelines
Before configuring VLAN mapping on an interface, enter the switchport mode trunk interface configuration command to configure the interface as a trunk port.
You can configure VLAN mapping on a physical interface or on a port channel of multiple interfaces with the same configuration.
To configure one-to-one VLAN mapping, use the switchport vlan mapping original-vlan-id translated-id command.
Note To avoid mixing customer traffic, when you configure traditional Q-in-Q on a trunk port, use the switchport trunk allowed vlan vlan-id interface configuration command to configure the outer VLAN ID (S-VLAN) as an allowed VLAN on the trunk port.
Note You cannot configure one-to-one mapping and selective Q-in-Q on the same interface.
The no form of the switchport vlan mapping command clears the specified mapping configuration.
The no switchport vlan mapping all command clears all mapping configurations on the interface.
You cannot configure encapsulation replicate on a SPAN destination port if the source port is configured as a tunnel port or has a 1-to-2 mapping configured. Encapsulation replicate is supported with 1-to-1 VLAN mapping.
The no switchport vlan mapping default drop command ensures that packets that do not match, are not dropped. If this is not configured, by default, the packets that do not match are dropped.
Examples
The following example shows how to use one-to-one mapping to map VLAN IDs 1 and 2 in a customer network to VLANs 1001 and 1002 in the service provider network and drop traffic from other VLAN IDs:
The following example shows how to configure selective Q-in-Q mapping on a port so that traffic with a C-VLAN ID of 5, 7, or 8 enters the switch with an S-VLAN ID of 100. The traffic of other VLAN IDs is dropped.
The following example shows how to configure selective Q-in-Q mapping on a port so that traffic with a C-VLAN ID of 1 to 5 enters the switch with an S-VLAN ID of 100. The traffic of other VLAN IDs is allowed.
Related Commands
|
|
|
|---|---|
system mtu
To set the maximum Layer 2 or Layer 3 payload size, use the system mtu command. To revert to the default MTU setting, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The datagram-size parameter specifies the Ethernet payload size, not the total Ethernet frame size, and the Layer 3 MTU is changed as a result of changing the system mtu command.
For ports from 3 to18 on model WS-X4418-GB and ports from 1 to 12 on model WS-X4412-2GB-TX, only the standard IEEE Ethernet payload size of 1500 bytes is supported.
For other modules, an Ethernet payload size of up to 1552 bytes is supported with a total Ethernet frame size of up to 1600 bytes.
Examples
The following example shows how to set the MTU size to 1550 bytes:
The following example shows how to revert to the default MTU setting:
Related Commands
|
|
|
|---|---|
tacacs server
To configure the TACACS server for IPv6 or IPv4 and enter the TACACS server configuration mode, use the tacacs server command in global configuration mode. To remove the configuration, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
The legacy command tacacs-server is deprecated. Use the tacacs server command. |
Usage Guidelines
The tacacs server command configures the TACACS server using the name argument and enters TACACS server subconfiguration mode. The configuration is applied once you have finished the configuration steps and exited TACACS server configuration mode.
You can perform the following configurations in the TACACS server subconfiguration mode:
Examples
The following example shows how to configure the TACACS server using the name server1 and enter TACACS+ server configuration mode to perform further configuration of an encryption key on the TACACS server:
template data timeout (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a template data timeout for the NetFlow-lite collector, use the template data timeout command. To delete the value, use the no form of this command.
Syntax Description
Specifies a template data timeout value for the NetFlow-lite collector. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches. |
Usage Guidelines
Default timeout value is 1800 seconds or 30 minutes. The timeout value configured really depends on the collector and how often it needs the templates to be refreshed.
Examples
The following example shows how to specify a template data timeout for the NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
test cable-diagnostics tdr
To test the condition of copper cables on 48-port 10/100/1000 BASE-T modules, use the
test cable-diagnostics tdr command.
test cable-diagnostics tdr { interface { interface interface-number }
Note This command will be deprecated in future Cisco IOS releases. Use the diagnostic start command instead.
Syntax Description
Interface type; valid values are fastethernet and gigabitethernet. |
|
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
The TDR test is supported on Catalyst 4500 series switch running Cisco IOS Release 12.2(25)SG for the following line cards only:
The valid values for interface interface are fastethernet and gigabitethernet.
Do not start the test at the same time on both ends of the cable. Starting the test at both ends of the cable at the same time can lead to false test results.
Do not change the port configuration during any cable diagnostics test. This action may result in incorrect test results.
The interface must be operating before starting the TDR test. If the port is down, the results of the test will be invalid. Issue the no shutdown command on the port.
Examples
The following example shows how to start the TDR test on port 1 on module 2:
The following example shows the message that displays when the TDR test is not supported on a module:
Note The show cable-diagnostic tdr command is used to display the results of a TDR test. The test results will not be available until approximately 1 minute after the test starts. If you enter the show cable-diagnostic tdr command within 1 minute of the test starting, you may see a “TDR test is in progress on interface...” message.
Related Commands
|
|
|
|---|---|
traceroute mac
To display the Layer 2 path taken by the packets from the specified source MAC address to the specified destination MAC address, use the traceroute mac command.
traceroute mac [ interface interface-id ] { source-mac-address } [ interface interface-id ] { destination-mac-address } [ vlan vlan-id ] [ detail ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Do not use leading zeros when entering a VLAN ID.
The Layer 2 traceroute feature is available on these switches:
- Catalyst 2950 switches running Release 12.1(12c)EA1 or later
- Catalyst 3550 switches running Release 12.1(12c)EA1 or later
- Catalyst 4500 series switch running Catalyst operating system Release 6.2 or later for the supervisor engine
- Catalyst 4500 series switch running Release 12.1(15)EW or later
- Catalyst 5000 family switches running Catalyst operating system Release 6.1 or later for the supervisor engine
- Catalyst 6500 series switches running Catalyst operating system Release 6.1 or later for the supervisor engine
For Layer 2 traceroute to functional properly, Cisco Discovery Protocol (CDP) must be enabled on all of the switches in the network. Do not disable CDP.
When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
The maximum number of hops identified in the path is ten.
Layer 2 traceroute supports only unicast traffic. If you specify a multicast source or destination MAC address, the physical path is not identified, and a message appears.
The traceroute mac command output shows the Layer 2 path when the specified source and destination addresses belong to the same VLAN. If you specify source and destination addresses that belong to different VLANs, the Layer 2 path is not identified, and a message appears.
If the source or destination MAC address belongs to multiple VLANs, you must specify the VLAN to which both the source and destination MAC addresses belong. If the VLAN is not specified, the path is not identified, and a message appears.
Layer 2 traceroute is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and a message appears.
Examples
The following example shows how to display the Layer 2 path by specifying the source and destination MAC addresses:
The following example shows how to display the detailed Layer 2 path:
The following example shows the Layer 2 path when the switch is not connected to the source switch:
The following example shows the Layer 2 path when the switch cannot find the destination port for the source MAC address:
The following example shows the Layer 2 path when the source and destination devices are in different VLANs:
The following example shows the Layer 2 path when the destination MAC address is a multicast address:
The following example shows the Layer 2 path when the source and destination switches belong to multiple VLANs:
The following example shows how to display the Layer 2 path by specifying the interfaces on the source and destination switches:
Related Commands
|
|
|
|---|---|
Displays the Layer 2 path that is taken by the packets from the specified source IP address or hostname to the specified destination IP address or hostname. |
traceroute mac ip
To display the Layer 2 path that is taken by the packets from the specified source IP address or hostname to the specified destination IP address or hostname, use the traceroute mac command.
traceroute mac ip { source-ip-address | source-hostname } { destination-ip-address | destination-hostname } [ detail ]
Syntax Description
IP address of the source switch as a 32-bit quantity in dotted-decimal format. |
|
IP address of the destination switch as a 32-bit quantity in dotted-decimal format. |
|
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The Layer 2 traceroute feature is available on these switches:
- Catalyst 2950 switches running Release 12.1(12c)EA1 or later
- Catalyst 3550 switches running Release 12.1(12c)EA1 or later
- Catalyst 4500 series switch running Catalyst operating system Release 6.2 or later for the supervisor engine
- Catalyst 4500 series switch running Release 12.1(15)EW or later
- Catalyst 5000 family switches running Catalyst operating system Release 6.1 or later for the supervisor engine
- Catalyst 6500 series switches running Catalyst operating system Release 6.1 or later for the supervisor engine
For Layer 2 traceroute to functional properly, Cisco Discovery Protocol (CDP) must be enabled on all the switches in the network. Do not disable CDP.
When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
The maximum number of hops identified in the path is ten.
The traceroute mac ip command output shows the Layer 2 path when the specified source and destination IP addresses are in the same subnet. When you specify the IP addresses, the switch uses Address Resolution Protocol (ARP) to associate the IP addresses with the corresponding MAC addresses and the VLAN IDs.
- If an ARP entry exists for the specified IP address, the switch uses the associated MAC address and identifies the physical path.
- If an ARP entry does not exist, the switch sends an ARP query and tries to resolve the IP address. The IP addresses must be in the same subnet. If the IP address is not resolved, the path is not identified, and a message appears.
Layer 2 traceroute is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.
Examples
The following example shows how to display the Layer 2 path by specifying the source and destination IP addresses and by using the detail keyword:
The following example shows how to display the Layer 2 path by specifying the source and destination hostnames:
The following example shows the Layer 2 path when Address Resolution Protocol (ARP) cannot associate the source IP address with the corresponding MAC address:
Related Commands
|
|
|
|---|---|
Displays the Layer 2 path taken by the packets from the specified source MAC address to the specified destination MAC address. |
transport udp (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a UDP transport destination port for a NetFlow-lite collector, use the transport udp command. To delete a transport UDP, use the no form of this command.
transport udp destination-port
no transport udp destination-port
Syntax Description
Specifies a UDP transport destination port for a NetFlow-lite collector. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches. |
Usage Guidelines
One of the mandatory parameters for a minimally configured exporter along with the destination address and UDP destination port of the NetFlow-lite collector.
Examples
The following example shows how to specify a UDP transport destination port for a NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
transport udp load-share (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify the number of destination ports to load balance on for a NetFlow-lite collector, use the transport udp load-share command. To delete a transport UDP, use the no form of this command.
transport udp load-share destination-port
no transport udp load-share destination-port
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches. |
Usage Guidelines
The CLI for UDP destination port load sharing allows you leverage multiple receive packet queues in current server NICs, where the collector is running. This is an optional parameter. When number >= 2 is configured, a switch exports datagrams with a UDP destination port number that “round robins” between a set of consecutive destination UDP port numbers starting with the base udp port number and ending with base udp port number + num ports-1. Typically, netflow templates are sent on the base UDP port number and the packet sample netflow records are sent on the remaining UDP ports. So, the collector provides optimized processing for templates or metadata and packet sample records on a socket.
Examples
The following example shows how to specify a UDP transport destination port for a NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
trust
To define a trust state for traffic classified through the class policy-map configuration command, use the trust policy-map class configuration command. To return to the default setting, use the no form of this command.
Syntax Description
Command Default
Command Modes
Policy-map class configuration
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
This command is not supported on the Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M Catalyst 4948E, and Catalyst 4948E-F.
Use this command to distinguish the quality of service (QoS) trust behavior for certain traffic from other traffic. For example, inbound traffic with certain DSCP values can be trusted. You can configure a class map to match and trust the DSCP values in the inbound traffic.
Trust values set with this command supersede trust values set with the qos trust interface configuration command.
If you specify trust cos, QoS uses the received or default port CoS value and the CoS-to-DSCP map to generate a DSCP value for the packet.
If you specify trust dscp, QoS uses the DSCP value from the ingress packet. For non-IP packets that are tagged, QoS uses the received CoS value; for non-IP packets that are untagged, QoS uses the default port CoS value. In either case, the DSCP value for the packet is derived from the CoS-to-DSCP map.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
Examples
The following example shows how to define a port trust state to trust inbound DSCP values for traffic classified with “class1 ” :
You can verify your settings by entering the show policy-map privileged EXEC command.
Related Commands
ttl (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a ttl value for the NetFlow-lite collector, use the ttl command. To delete the value, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches. |
Usage Guidelines
The ttl limit takes effect only when the export packets are based on IPv4. It has no effect on IPv6.
Examples
The following example shows how to specify a ttl value for the NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
tx-queue
To configure the transmit queue parameters for an interface, use the tx- queue command. To return to the default value, use the no form of this command.
tx-queue [ queue-id ] { bandwidth bandwidth-rate | priority high | shape shape-rate }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
This command is not supported on Supervisor Engine 6-E, Supervsor Engine 6L-E, Catalyst 4900M, Catalyst 4948E, and Catalyst 4948E-F.
The bandwidth and shape rates cannot exceed the maximum speed of the interface.
The bandwidth can be configured only on the following:
- Ports on the WS-X4306-GB module
- The two 1000BASE-X ports on the WS-X4232-GB-RJ module
- The first two ports on the WS-X4418-GB module
- The two 1000BASE-X ports on the WS-X4412-2GB-TX module
Only transmit queue 3 can be configured to be a high-priority transmit queue.
Examples
The following example shows how to allocate bandwidth on queue 1 to 100 Mbps:
The following example shows how to configure transmit queue 3 to the high priority:
The following example shows how to configure the traffic shaping rate of 64 kbps to transmit queue 1:
Related Commands
|
|
|
|---|---|
udld (global configuration mode)
To enable aggressive or normal mode in the UDLD protocol and to set the configurable message timer time, use the udld global configuration command. You can also use this command to set the error reporting mode for Fast UDLD.
Use the no form of this command to do the following:
- Disable normal mode UDLD on all the fiber ports by default
- Disable aggressive mode UDLD on all the fiber ports by default
- Disable the message timer
- Disable Fast UDLD error reporting mode
udld message time message-timer-time
udld fast-hello error-reporting
no udld fast-hello error-reporting
Syntax Description
Command Default
All fiber-optic interfaces are disabled and the message timer for UDLD is set to 15 seconds.
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
If you enable aggressive mode, once all the switch port’s neighbors have aged out either in the advertisement or in the detection phase, UDLD and Fast UDLD restart the linkup sequence. They can resynchronize with any potentially out-of-sync neighbor and shut down the port if the UDLD messages from the neighbor indicate that the link state is still undetermined.
This command affects fiber interfaces only. Use the udld (interface configuration mode) command to enable UDLD on other interface types.
Examples
The following example shows how to enable UDLD on all the fiber interfaces:
Switch (config)# udld enable
Switch (config)#
Related Commands
|
|
|
|---|---|
Enables UDLD and Fast UDLD on an individual interface or prevents a fiber interface from being enabled by the udld (global configuration mode) command. |
udld (interface configuration mode)
To enable UDLD and Fast UDLD on an individual interface or to prevent a fiber-optic interface from being enabled by the udld (global configuration mode) command, use the udld interface level command. Use the no form of this command to disable UDLD, or to return a nonfiber port to the setting specified with the udld (global configuration mode) command.
udld port { aggressive | disable }
no udld port { aggressive | disable }
Syntax Description
Command Default
The fiber-optic interfaces are enabled with the state of the global udld (enable or aggressive) command. The nonfiber interfaces are enabled with UDLD disabled.
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
|
Usage Guidelines
If you enable aggressive mode, once all the switch port’s neighbors have aged out either in the advertisement or in the detection phase, UDLD and Fast UDLD restart the linkup sequence. They can resynchronize with any potentially out-of-sync neighbor and shut down the port if the UDLD messages from the neighbor indicate that the link state is still undetermined
Use the udld port aggressive command on fiber-optic ports to override the setting of the global udld (enable or aggressive) command. Use the no form of the command on fiber-optic ports to restore the UDLD state as configured by the global udld command.
If udld enable is configured globally, UDLD is enabled on all fiber-optic interfaces in nonaggressive mode. You can configure udld port aggressive on a fiber-optic interface to override the udld enable command setting and to enter aggressive mode. If you enter the
no udld port aggresive command, the settings of the previous global state are reestablished and the aggressive mode is removed.
The disable keyword is supported on fiber-optic ports only. Use the no form of the udld command to reset UDLD to the value specified by the udld (global configuration mode) command.
If the port changes from fiber-optic to nonfiber-optic or vice versa, all configurations are maintained.
Examples
The following example shows how to enable UDLD on any port interface for any global udld (global configuration mode) setting:
Switch (config-if)# udld port
Switch (config-if)#
The following example shows how to enable UDLD in aggressive mode on any port interface for any global udld (enable or aggressive) setting:
Switch (config-if)# udld port aggressive
Switch (config-if)#
The following example shows how to disable UDLD on a fiber port interface for any global udld (global configuration mode) setting:
Switch (config-if)# udld disable
Switch (config-if)#
The following example shows how to enable Fast UDLD on a port interface with a timer value of 200 ms. To enable Fast UDLD on a port, you must first enable UDLD in normal or aggressive mode:
Related Commands
|
|
|
|---|---|
Displays the administrative and operational UDLD and Fast UDLD status. |
|
Enables aggressive or normal mode in the UDLD protocol and sets the configurable message timer time. |
udld reset
To reset all the UDLD ports in the shutdown state (that is, errdisabled by UDLD), use the udld reset priviledged EXEC command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
If the interface configuration is still enabled for UDLD, those ports will begin to run UDLD again and may shut down if the reason for the shutdown has not been resolved.
The udld reset command permits the traffic to flow on the ports again. Other features, operate normally if enabled, such as STP, PAgP, and DTP.
Examples
The following example shows how to reset all the ports that are shut down by UDLD:
Switch# udld reset
Switch#
Related Commands
|
|
|
|---|---|
unidirectional
To configure the nonblocking Gigabit Ethernet ports to unidirectionally send or receive traffic on an interface, use the unidirectional command. To disable unidirectional communication, use the no form of this command.
unidirectional { receive-only | send-only }
no unidirectional { receive-only | send-only }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Enabling port unidirectional mode automatically disables port UDLD. You must manually ensure that the unidirectional link does not create a spanning-tree loop in the network.
Examples
The following example shows how to set Gigabit Ethernet interface 1/1 to receive traffic unidirectionally:
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
use-petr
To configure a router to use an IPv4 or IPv6 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the use-petr command in LISP Instance configuration mode or LISP Instance Service configuration mode. To remove the use of a LISP PETR, use the no form of this command.
[ no ] use-petr locator-address [ priority priority weight weight ]
Syntax Description
Command Default
Command Modes
LISP Instance (config-router-lisp-instance)
LISP Instance-Service (config-router-lisp-instance-service)
Command History
|
|
|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Use the use-petr command to enable an Ingress Tunnel Router (ITR) or Proxy Ingress Tunnel Router (PITR) to use IPv4 Proxy Egress Tunnel Router (PETR) services. When the use of PETR services is enabled, instead of natively forwarding LISP endpoint identifier (EID) (source) packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR. Upon receiving these packets, the PETR decapsulates them and then forwards them natively toward the non-LISP destination.
Examples
The following example shows how to configure an ITR to use the PETR with the IPv4 locator of 10.1.1.1. In this case, LISP site IPv4 EIDs destined to non-LISP IPv4 sites are encapsulated in an IPv4 LISP header destined to the PETR located at 10.1.1.1::
The following example configures an ITR to use two PETRs: one has an IPv4 locator of 10.1.1.1 and is configured as the primary PETR (priority 1 weight 100), and the other has an IPv4 locator of 10.1.2.1 and is configured as the secondary PETR (priority 2 weight 100). In this case, LISP site IPv4 EIDs destined to non-LISP IPv4 sites will be encapsulated in an IPv4 LISP header to the primary PETR located at 10.1.1.1 unless it fails, in which case the secondary will be used.
username
To establish a username-based authentication system, use the username command.
username name secret { 0 | 5 } password
Syntax Description
Specifies the authentication system for the user; valid values are 0 (text immediately following is not encrypted) and 5 (text immediately following is encrypted using an MD5-type encryption method). |
|
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Use this command to enable enhanced password security for the specified username. This command enables MD5 encryption on the password. MD5 encryption is a strong encryption method that is not retrievable. You cannot use MD5 encryption with protocols that require clear-text passwords, such as CHAP.
You can use this command for defining usernames that get special treatment. For example, you can define an “info” username that does not require a password but that connects the user to a general-purpose information service.
The username command provides both username and secret authentication for login purposes only.
The name argument can be only one word. White spaces and quotation marks are not allowed.
You can use multiple username commands to specify options for a single user.
For information about additional username commands, refer to the Cisco IOS Command Reference.
Examples
The following example shows how to specify an MD5 encryption on a password (warrior) for a username (xena):
Switch(config)# username xena secret 5 warrior
Switch(config)#
Related Commands
|
|
|
|---|---|
Sets a local password to control access to various privilege levels. |
|
Specifies an additional layer of security over the enable password command. |
|
verify
To verify the checksum of a file on a flash memory file system, use the verify command.
verify [ /md5 ] [ flash-filesystem : ] [ filename ] [ expected-md5-signature ]
Syntax Description
(Optional) Device where the fash resides; valid values are bootflash:, slot0:, flash:, or sup-bootflash:. |
|
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
Each software image that is distributed on the disk uses a single checksum for the entire image. This checksum is displayed only when the image is copied into the flash memory.
The Readme file, which is included with the image on the disk, lists the name, file size, and checksum of the image. Review the contents of the Readme file before loading or duplicating the new image so that you can verify the checksum when you copy it into the flash memory or on to a server.
Use the verify /md5 command to verify the MD5 signature of a file before using it. This command validates the integrity of a copied file by comparing a precomputed MD5 signature with the signature that is computed by this command. If the two MD5 signatures match, the copied file is identical to the original file.
You can find the MD5 signature posted on the Cisco.com page with the image.
You can use the verify /md5 command in one of the following ways:
Check the displayed signature against the MD5 signature posted on the Cisco.com page.
- Allow the system to compare the MD5 signatures by entering the verify /md5 { flash-filesystem : filename } { expected-md5-signature } command.
After completing the comparison, the system returns with a verified message. If an error is detected, the output is similar to the following:
To display the contents of the flash memory, enter the show flash command. The flash contents listing does not include the checksum of the individual files. To recompute and verify the image checksum after the image has been copied into the flash memory, enter the verify command.
Examples
The following example shows how to use the verify command:
The following example shows how to manually verify the MD5 signature:
The following example shows how to allow the system to compare the MD5 signatures:
Related Commands
|
|
|
|---|---|
show file system (Flash file system) (refer to Cisco IOS documentation) |
|
vlan (VLAN Database mode)
To configure a specific VLAN, use the vlan command. To delete a VLAN, use the no form of this command.
vlan vlan_id [ are hops ] [ backupcrf mode ] [ bridge type | bridge-num ] [ media type ] [ mtu mtu-size ] [ name vlan-name ] [ parent parent-vlan-id ] [ ring ring-number ] [ said said-value ] [ state { suspend | active }] [ stp type type ] [ tb-vlan1 tb-vlan1-id ] [ tb-vlan2 tb-vlan2-id ]
Syntax Description
Command Default
- The vlan-name is “VLANxxxx” where “xxxx” represents four numeric digits (including leading zeroes) equal to the VLAN ID number.
- The media type is Fast Ethernet.
- The state is active.
- The said-value is 100,000 plus the VLAN ID number.
- The mtu-size default is dependent upon the VLAN type:
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
VLAN 1 parameters are factory configured and cannot be changed.
When you define vlan-name, the name must be unique within the administrative domain.
The SAID is documented in 802.10. When the no form is used, the VLANs SAID is returned to the default.
When you define the said-value, the name must be unique within the administrative domain.
The bridge bridge-number argument is used on ly for Token Ring-net and FDDI-net VLANs and is ignored in other types of VLANs. When the no form is used, the VLANs source-route bridging number returns to the default.
The parent VLAN resets to the default if the parent VLAN is deleted or the media keyword changes the VLAN type or the VLAN type of the parent VLAN.
The tb-vlan1 and tb-vlan2 are used to configure translational bridge VLANs of a specified type of VLAN and are not allowed in other types of VLANs. The translational bridge VLANs must be a different VLAN type than the affected VLAN; if two VLANs are specified, the two must be different VLAN types.
A translational bridge VLAN will reset to the default if the translational bridge VLAN is deleted or the media keyword changes the VLAN type or the VLAN type of the corresponding translational bridge VLAN.
Examples
The following example shows how to add a new VLAN with all the default parameters to the new VLAN database:
Switch(vlan)# vlan 2
Note If the VLAN already exists, no action occurs.
The following example shows how to cause the device to add a new VLAN, specify the media type and parent VLAN ID number 3, and set all the other parameters to the defaults:
Switch(vlan)# vlan 2 media fastethernet parent 3
VLAN 2 modified:
Media type FASTETHERNET
Parent VLAN 3
The following example shows how to delete VLAN 2:
Switch(vlan)#
The following example shows how to return the MTU to the default for its type and the translational bridging VLANs to the default:
Switch(vlan)# no vlan 2 mtu tb-vlan1 tb-vlan2
Switch(vlan)#
Related Commands
|
|
|
|---|---|
vlan access-map
To enter VLAN access-map command mode to create a VLAN access map, use the vlan access-map command. To remove a mapping sequence or the entire map, use the no form of this command.
no vlan access-map name [ seq# ]
Syntax Description
(Optional) Map sequence number; valid values are from 0 to 65535. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
If you enter the sequence number of an existing map sequence, you enter VLAN access-map mode. If you do not specify a sequence number, a number is automatically assigned. You can enter one match clause and one action clause per map sequence. If you enter the no vlan access-map name [ seq# ] command without entering a sequence number, the whole map is removed. Once you enter VLAN access-map mode, the following commands are available:
- action — Sets the action to be taken (forward or drop).
- default — Returns a command to its default settings.
- end — Exits from configuration mode.
- exit — Exits from VLAN access-map configuration mode.
- match — Sets the values to match (IP address or MAC address).
- no — Negates a command or reset its defaults.
Examples
The following example shows how to enter VLAN access-map mode:
Related Commands
|
|
|
|---|---|
Specifies a match clause by selecting one or more ACLs for a VLAN access-map sequence. |
|
vlan configuration
To configure a service-policy on a VLAN, use the vlan configuration command to enter the VLAN feature configuration mode.
Syntax Description
Specifies a list of VLANs. “,” “-” operators can be used; such as, 1-10,20. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on Catalyst 4900M and Supervisor Engine 6E. |
Usage Guidelines
Even though an SVI is not needed in all cases, such as when you use your Catalyst 4500 series switch as a pure Layer 2 switch, you are required to create an SVI.
VLAN configuration mode has been inroduced to remove the requirement of creating an SVI. With this command you can specify lists of VLANs and the input and output policies that are applied. To configure your system in this mode there is no requirement for you to create SVIs, or create VLAN or VTP mode interactions. Once the VLAN becomes active the configuration becomes active on that VLAN. You can use “-” or “,” extensions to specifying VLAN list.
Examples
The following example shows how to configure a service policy while in VLAN configuration mode and display the new service policy:
The following example shows how to display the new service policy:
Related Commands
|
|
|
|---|---|
Creates a policy map that can be attached to multiple ports to specify a service policy and to enter policy-map configuration mode. |
vlan database
To enter VLAN configuration mode, use the vlan database command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
From VLAN configuration mode, you can access the VLAN database editing buffer manipulation commands, including:
- abort —Exits mode without applying the changes.
- apply —Applies the current changes and bumps the revision number.
- exit —Applies the changes, bumps the revision number, and exits VLAN configuration mode.
- no —Negates a command or sets its defaults; valid values are vlan and vtp.
- reset —Abandons the current changes and rereads the current database.
- show —Displays the database information.
- vlan —Accesses the subcommands to add, delete, or modify values that are associated with a single VLAN. For information about the vlan subcommands, see the vlan (VLAN Database mode) command.
- vtp —Accesses the subcommands to perform VTP administrative functions. For information about the vtp subcommands, see the vtp client command.
Examples
The following example shows how to enter VLAN configuration mode:
Switch# vlan database
Switch(vlan)#
The following example shows how to exit VLAN configuration mode without applying changes after you are in VLAN configuration mode:
The following example shows how to delete a VLAN after you are in VLAN configuration mode:
The following example shows how to turn off pruning after you are in VLAN configuration mode:
Related Commands
|
|
|
|---|---|
vlan dot1q tag native
To enable tagging of the native VLAN frames on all 802.1Q trunk ports, use the vlan dot1q tag native command. To disable tagging of native VLAN frames, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was first introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When enabled, the native VLAN packets exiting all 802.1Q trunk ports are tagged unless the port is explicitly configured to disable native VLAN tagging.
When disabled, the native VLAN packets exiting all 802.1Q trunk ports are not tagged.
You can use this command with 802.1Q tunneling. This feature operates on an edge switch of a service-provider network and expands VLAN space by using a VLAN-in-VLAN hierarchy and by tagging the tagged packets. You must use the 802.1Q trunk ports for sending out the packets to the service-provider network. However, the packets going through the core of the service-provider network might also be carried on the 802.1Q trunks. If the native VLANs of an 802.1Q trunk match the native VLAN of a tunneling port on the same switch, the traffic on the native VLAN is not tagged on the sending trunk port. This command ensures that the native VLAN packets on all 802.1Q trunk ports are tagged.
Examples
The following example shows how to enable 802.1Q tagging on the native VLAN frames and verify the configuration:
Related Commands
|
|
|
|---|---|
Configures the tagging of the native VLAN traffic on 802.1Q private VLAN trunks. |
|
Sets the trunk characteristics when an interface is in trunking mode. |
vlan filter
To apply a VLAN access map, use the vlan filter command. To clear the VLAN access maps from VLANs or interfaces, use the no form of this command.
vlan filter map-name { vlan-list vlan-list }
no vlan filter map-name { vlan-list [ vlan-list ]}
Syntax Description
Specifies the VLAN list; see the “Usage Guidelines” section for valid values. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When configuring an action clause in a VLAN access map, note the following:
- You can apply the VLAN access map to one or more VLANs.
- The vlan-list parameter can be a single VLAN ID, a list of VLAN IDs, or VLAN ID ranges ( vlan-id - vlan-id). Multiple entries are separated by (-), (hyphen), or (,) (comma).
- You can apply only one VLAN access map to each VLAN.
When entering the no form of this command, the vlan-list parameter is optional (but the keyword vlan-list is required). If you do not enter the vlan-list parameter, the VACL is removed from all the VLANs where the map-name is applied.
Examples
The following example shows how to apply a VLAN access map on VLANs 7 through 9:
vlan group
To create or modify a VLAN group, use the vlan group command in global configuration mode. Use the no form of this command to remove a VLAN list from the VLAN group.
vlan group group-name vlan-list vlan-list
no vlan group group-name vlan-list vlan-list
Syntax Description
Specifies a VLAN list name. See the Usage Guidelines section below for additional information about this argument. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was modified to support user distribution on the Catalyst 4500 series switch. |
Usage Guidelines
The VLAN group name can contain up to 31 characters and must begin with a letter.
The vlan-list argument can be a single VLAN ID, a list of VLAN IDs, or VLAN ID ranges ( vlan-id - vlan-id). Multiple entries are separated by a hyphen (-) or a comma (,).
If the named VLAN group does not exist, the vlan group command creates the group and maps the specified VLAN list to the group. If the named VLAN group exists, the specified VLAN list is mapped to the group.
The no form of the vlan group command removes the specified VLAN list from the VLAN group. When you remove the last VLAN from the VLAN group, you delete the VLAN group.
You can configure a maximum of 100 VLAN groups, and map a maximum of 4094 VLANs to a VLAN group.
Examples
The following example shows how to map VLANs 7 through 9 and 11 to a VLAN group:
The following example shows how to remove VLAN 7 from the VLAN group:
Related Commands
|
|
|
|---|---|
vlan internal allocation policy
To configure the internal VLAN allocation scheme, use the vlan internal allocation policy command. To return to the default setting, use the no form of this command.
vlan internal allocation policy { ascending | descending }
no vlan internal allocation policy
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You can configure internal VLAN allocation to be from 1006 and up or from 4094 and down.
The internal VLANs and user-configured VLANs share the 1006 to 4094 VLAN spaces. A “first come, first served” policy is used in allocating these spaces.
The vlan internal allocation policy command allows you to configure the allocation direction of the internal VLAN.
During system bootup, the internal VLANs that are required for features in the startup-config file are allocated first. The user-configured VLANs in the startup-config file are configured next. If you configure a VLAN that conflicts with an existing internal VLAN, the VLAN that you configured is put into a nonoperational status until the internal VLAN is freed and becomes available.
After you enter the write mem command and the system reloads, the reconfigured allocation scheme is used by the port manager.
Examples
The following example shows how to configure the VLANs in a descending order as the internal VLAN allocation policy:
Related Commands
|
|
|
|---|---|
vmps reconfirm (global configuration)
To change the reconfirmation interval for the VLAN Query Protocol (VQP) client, use the vmps reconfirm command. To return to the default setting, use the no form of this command.
Syntax Description
Queries to the VLAN Membership Policy Server (VMPS) to reconfirm dynamic VLAN assignments; valid values are from 1 to 120 minutes. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Examples
The following example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:
You can verify your setting by entering the show vmps command and examining information in the Reconfirm Interval row.
Related Commands
vmps reconfirm (privileged EXEC)
To immediately send VLAN Query Protocol (VQP) queries to reconfirm all the dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS), use the vmps reconfirm command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch.. |
Usage Guidelines
You can verify your setting by entering the show vmps command and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time that the assignments were reconfirmed either because the reconfirmation timer expired or because the vmps reconfirm command was entered.
Examples
The following example shows how to immediately send VQP queries to the VMPS:
Related Commands
vmps retry
To configure the per-server retry count for the VLAN Query Protocol (VQP) client, use the vmps retry command. To return to the default setting, use the no form of this command.
Syntax Description
Number of attempts to contact the VLAN Membership Policy Server (VMPS) by the client before querying the next server in the list; valid values are from 1 to 10. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You can verify your setting by entering the show vmps command and examining information in the Server Retry Count row.
Examples
The following example shows how to set the retry count to 7:
Related Commands
|
|
|
|---|---|
Displays the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN Membership Policy Server (VMPS) IP addresses, current servers, and primary servers. |
vmps server
To configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers, use the vmps server command. To remove a VMPS server, use the no form of this command.
vmps server ipaddress [ primary ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The first server that you entered is automatically selected as the primary server whether or not primary is entered. You can override the first server address by using primary in a subsequent command.
If a member switch in a cluster configuration does not have an IP address, the cluster does not use the VMPS server that is configured for that member switch. Instead, the cluster uses the VMPS server on the command switch, and the command switch proxies the VMPS requests. The VMPS server treats the cluster as a single switch and uses the IP address of the command switch to respond to requests.
When using the no form without specifying the ipaddress, all configured servers are deleted. If you delete all servers when dynamic-access ports are present, the switch cannot forward the packets from the new sources on these ports because it cannot query the VMPS.
You can verify your setting by entering the show vmps command and examining information in the VMPS Domain Server row.
Examples
The following example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS server. The servers with IP addresses 191.10.49.21 and 191.10.49.22 are configured as secondary servers:
The following example shows how to delete the server with IP address 191.10.49.21:
Related Commands
|
|
|
|---|---|
Displays the VLAN Query Protocol (VQP) version, reconfirmation interval, retry count, VLAN Membership Policy Server (VMPS) IP addresses, current servers, and primary servers. |
vrf (netflow-lite exporter submode)
Note NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches.
To specify a VRF label for the NetFlow-lite collector, use the vrf command. To delete a VRF label, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches. |
Usage Guidelines
By default when no vrf label is specified the global vrf is used for routing. The vrf label is ignored if the collector's address is IPv6. Default global routing table is used to route the IPv6 export packets to the collector.
Note Support for VRF with IPv6 will be provided in a later release.
Examples
The following example shows how to specify a VRF label for the NetFlow-lite collector:
You can verify your settings with the show netflow-lite exporter privileged EXEC command.
Related Commands
vslp interval (virtual switch)
To configure the virtual switch link protocol (VSLP) hello packet interval, use the vslp interval command in interface configuration mode. To return to the default settings, use the no form of this command.
vslp interval interval min_rx min-interval multiplier factor
Syntax Description
Command Default
Command Modes
Interface configuration (config-if)
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When you specify a factor, the formula is if no hello packets are received in (min_rx * multiplier) milliseconds, the link is flagged as non-operational.
Examples
The following example shows how to configure the virtual switch link protocol (VSLP) hello packet interval:
vtp (global configuration mode)
To modify the name of a VTP configuration storage file, use the vtp command. To clear a filename, use the no form of this command.
vtp {{ file filename } | { if-id name }}
no vtp {{ file filename } | { if-id name }}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
You cannot use the vtp file command to load a new database. You can use it only to rename the file in which the existing database is stored.
You can use the vtp if-id command to specify the name of the interface providing the VTP updater ID for this device. The VTP updater is the device that adds, deletes, or modifies VLANs to a network, and triggers a VTP updater to inform the rest of the system of the changes.
Examples
The following example shows how to specify the IFS file system file where VTP configuration is stored:
Switch(config)# vtp file vtpconfig
Switch(config)#
The following example shows how to specify the name of the interface providing the VTP updater ID:
Switch(config)# vtp if-id fastethernet
Switch(config)#
Related Commands
|
|
|
|---|---|
vtp client
To place a device in VTP client mode, use the vtp client command. To return to VTP server mode, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the configuration of the server. If you have switches in client mode, make sure to make all VTP or VLAN configuration changes on a switch in server mode.
The vtp server command is the functional equivalent of no vtp client except that it does not return an error if the device is not in client mode.
Examples
The following example shows how to place the device in VTP client mode:
Switch(vlan-config)# vtp client
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
vtp domain
To configure the administrative domain name for a device, use the vtp domain command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
When you define the domain-name, the domain name is case sensitive and can be from 1 to 32 characters.
You must set a domain name before you can transmit any VTP advertisements.
Even if you do not set a domain name, the device will leave the no-management-domain state upon receiving the first VTP summary packet on any port that is currently trunking.
If the device receives its domain from a summary packet, it resets its configuration revision number to zero. Once the device leaves the no-management-domain state, it can never be configured to reenter the number except by cleaning NVRAM and reloading.
Examples
The following example shows how to set the devices administrative domain:
Switch(vlan-config)# vtp domain DomainChandon
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
vtp password
To create a VTP domain password, use the vtp password command. To delete the password, use the no form of this command.
Syntax Description
A n ASCII string, from 1 to 32 characters, identifying the administrative domain for the device. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Examples
The following example shows how to create a VTP domain password:
Switch(vlan-config)# vtp password DomainChandon
Switch(vlan-config)#
The following example shows how to delete the VTP domain password:
vlan-config)# no vtp password
vlan-config)#
Related Commands
|
|
|
|---|---|
vtp pruning
To enable pruning in the VLAN database, use the vtp pruning command. To disable pruning in the VLAN database, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN.
Examples
The following example shows how to enable pruning in the VLAN database:
Switch(vlan-config)# vtp pruning
Pruning switched ON
Switch(vlan-config)#
The following example shows how to disable pruning in the VLAN database:
Switch(vlan-config)# no vtp pruning
Pruning switched OFF
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
vtp server
To place the device in VTP server mode, use the vtp server command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
If you make a change to the VTP or VLAN configuration on a switch in server mode, that change is propagated to all the switches in the same VTP domain.
You can set VTP to either server or client mode only when you disable dynamic VLAN creation.
If the receiving switch is in server mode, the configuration is not changed.
The vtp server command is the functional equivalent of no vtp client, except that it does not return an error if the device is not in client mode.
Examples
The following example shows how to place the device in VTP server mode:
Switch(vlan-config)# vtp server
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
vtp transparent
To place a device in VTP transparent mode, use the vtp transparent command. To return to VTP server mode, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
The vtp transparent command disables VTP from the domain but does not remove the domain from the switch.
If the receiving switch is in transparent mode, the configuration is not changed. The switches in transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on a switch in transparent mode, the changes are not propagated to the other switches in the network.
The vtp server command is similar to the no vtp transparent command, except that it does not return an error if the device is not in transparent mode.
Examples
The following example shows how to place the device in VTP transparent mode:
Switch(vlan-config)# vtp transparent
Switch(vlan-config)#
The following example shows how to return the device to VTP server mode:
Switch(vlan-config)# no vtp transparent
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
vtp v2-mode
To enable version 2 mode, use the vtp v2-mode command. To disable version 2 mode, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was introduced on the Catalyst 4500 series switch. |
Usage Guidelines
All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2 do not operate on switches in the same VTP domain.
If all switches in a domain are VTP version 2-capable, you only need to enable VTP version 2 on one switch; the version number is then propagated to the other version 2-capable switches in the VTP domain.
If you toggle the version 2 mode, the parameters of certain default VLANs will be modified.
Examples
The following example shows how to enable version 2 mode in the VLAN database:
Switch(vlan-config)# vtp v2-mode
Switch(vlan-config)#
The following example shows how to disable version 2 mode in the VLAN database:
Switch(vlan-config)# no vtp v2-mode
Switch(vlan-config)#
Related Commands
|
|
|
|---|---|
Feedback