- shut (ERSPAN)
- shutdown
- shutdown (VLAN configuration)
- slot
- snmp-server enable traps vtp
- source (SPAN, ERSPAN)
- spanning-tree bridge assurance
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree cost
- spanning-tree domain
- spanning-tree guard
- spanning-tree link-type
- spanning-tree loopguard default
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree mst cost
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst max-age
- spanning-tree mst max-hops
- spanning-tree mst port-priority
- spanning-tree mst pre-standard
- spanning-tree mst priority
- spanning-tree mst root
- spanning-tree mst simulate pvst
- spanning-tree mst simulate pvst global
- spanning-tree pathcost method
- spanning-tree port-priority
- spanning-tree port type edge
- spanning-tree port type edge bpdufilter default
- spanning-tree port type edge bpduguard default
- spanning-tree port type edge default
- spanning-tree port type network
- spanning-tree port type network default
- spanning-tree port type normal
- spanning-tree pseudo-information
- spanning-tree vlan
- spanning-tree vlan cost
- spanning-tree vlan port-priority
- speed (interface)
- state
- svi enable
- svs connection
- svs veth auto-delete
- svs veth auto-setup
- switchport access vlan
- switchport backup interface
- switchport block
- switchport host
- switchport mode
- switchport mode private-vlan host
- switchport mode private-vlan promiscuous
- switchport mode private-vlan trunk
- switchport monitor rate-limit
- switchport port-security
- switchport port-security aging
- switchport port-security mac-address
- switchport port-security maximum
- switchport port-security violation
- switchport priority extend
- switchport private-vlan association trunk
- switchport private-vlan host-association
- switchport private-vlan mapping
- switchport private-vlan trunk allowed vlan
- switchport private-vlan trunk native
- switchport trunk allowed vlan
- switchport trunk native vlan
- switchport voice vlan
- system private-vlan fex trunk
- system vlan reserve
S Commands
This chapter describes the Cisco NX-OS Ethernet and virtual Ethernet commands that begin with S.
shut (ERSPAN)
To shut down an Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the shut command. To enable an ERSPAN session, use the no form of this command.
Syntax Description
Command Default
Command Modes
ERSPAN session configuration mode
Command History
|
|
|
Usage Guidelines
Examples
This example shows how to shut down an ERSPAN session:
This example shows how to enable an ERSPAN session:
Related Commands
|
|
|
|---|---|
shutdown
To shut down the local traffic on an interface, use the shutdown command. To return the interface to its default operational state, use the no form of this command.
Syntax Description
Command Default
Command Modes
Interface configuration mode
Subinterface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
You can use this command on the following interfaces:
Note
Use the no switchport command to configure an interface as a Layer 3 interface.
Examples
This example shows how to shut down, or disable, a Layer 2 interface:
switch(config)# interface ethernet 1/10
switch(config-if)# shutdown
switch(config-if)#
This example shows how to shut down a Layer 3 Ethernet subinterface:
switch(config)# interface ethernet 1/5.1
switch(config-subif)# shutdown
switch(config-subif)#
This example shows how to shut down a virtual Ethernet interface:
switch(config)# interface vethernet 10
switch(config-if)# shutdown
switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays information on traffic about the specified EtherChannel interface. |
|
Displays the virtual Ethernet interface configuration information. |
shutdown (VLAN configuration)
To shut down the local traffic on a VLAN, use the shutdown command. To return a VLAN to its default operational state, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You cannot shut down, or disable, VLAN 1 or VLANs 1006 to 4094.
After you shut down a VLAN, the traffic ceases to flow on that VLAN. Access ports on that VLAN are also brought down; trunk ports continue to carry traffic for the other VLANs allowed on that port. However, the interface associations for the specified VLAN remain, and when you reenable, or recreate, that specified VLAN, the switch automatically reinstates all the original ports to that VLAN.
To find out if a VLAN has been shut down internally, check the Status field in the show vlan command output. If a VLAN is shut down internally, one of these values appears in the Status field:
- act/lshut—VLAN status is active and shut down internally.
- sus/lshut—VLAN status is suspended and shut down internally.
Note If the VLAN is suspended and shut down, you use both the no shutdown and state active commands to return the VLAN to the active state.
Examples
This example shows how to restore local traffic on VLAN 2 after you have shut down, or disabled, the VLAN:
switch(config)# vlan 2
switch(config-vlan)# no shutdown
Related Commands
|
|
|
|---|---|
slot
To enable preprovisioning on a slot in a chassis, use the slot command. To disable the slot for preprovisioning, use the no form of this command.
Syntax Description
Command Default
Command Modes
Global configuration mode
Configuration synchronization mode
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to enable preprovisioning of features or interfaces of a module on a slot in a chassis. Preprovisioning allows you configure features or interfaces (Ethernet, Fibre Channel) on modules before the modules are inserted in the switch chassis.
Examples
This example shows how to enable a chassis slot for preprovisioning of a module:
This example shows how to configure a switch profile to enable a chassis slot for preprovisioning of a module:
This example shows how to disable a chassis slot for preprovisioning of a module:
Related Commands
|
|
|
|---|---|
Configures ports as Ethernet, native Fibre Channel or Fibre Channel over Ethernet (FCoE) ports. |
|
Displays the running configuration excluding the preprovisioned features. |
snmp-server enable traps vtp
To enable the Simple Network Management Protocol (SNMP) notifications for a VLAN Trunking Protocol (VTP) domain, use the snmp-server enable traps vtp command. To disable SNMP notifications on a VTP domain, use the no form of this command.
no snmp-server enable traps vtp
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The snmp-server enable traps command enables both traps and informs, depending on the configured notification host receivers.
Examples
This example shows how to enable SNMP notifications on a VTP domain:
This example shows how to disable all SNMP notifications on a VTP domain:
Related Commands
|
|
|
|---|---|
source (SPAN, ERSPAN)
To add an Ethernet Switched Port Analyzer (SPAN) or an Encapsulated Remote Switched Port Analyzer (ERSPAN) source port, use the source command. To remove the source SPAN or ERSPAN port, use the no form of this command.
source { interface { ethernet slot / port | port-channel channel-num | vethernet veth-num } [{ both | rx | tx }] | vlan vlan-num | vsan vsan-num }
no source { interface { ethernet slot / port | port-channel channel-num | vethernet veth-num } | vlan vlan-num | vsan vsan-num }
Syntax Description
Command Default
Command Modes
SPAN session configuration mode
ERSPAN session configuration mode
Command History
Usage Guidelines
A source port (also called a monitored port) is a switched port that you monitor for network traffic analysis. In a single local SPAN session, you can monitor source port traffic such as received (Rx), transmitted (Tx), or bidirectional (both).
A source port can be an Ethernet port, port channel, SAN port channel, VLAN, or a VSAN port. It cannot be a destination port.
Note For Cisco NX-OS Release 4.2(1)N2(1) and earlier, the Cisco Nexus 5010 Switch and the Cisco Nexus 5020 Switch supports a maximum of two egress SPAN source ports.
Beginning with Cisco NX-OS Release 5.0(2)N2(1):
- There is no limit to the number of egress SPAN source ports.
- SAN Port Channel interfaces can be configured as ingress or egress source ports.
- The limit on the number of egress (TX) sources in a monitor session has been lifted.
- Port-channel interfaces can be configured as egress sources.
For ERSPAN, if you do not specify both, rx, or tx, the source traffic is analyzed for both directions.
Examples
This example shows how to configure an Ethernet SPAN source port:
This example shows how to configure a port channel SPAN source:
This example shows how to configure an ERSPAN source port to receive traffic on the port:
Related Commands
|
|
|
|---|---|
Displays the running configuration information of a SPAN session. |
spanning-tree bridge assurance
To enable Spanning Tree Protocol (STP) Bridge Assurance on all network ports on the switch, use the spanning-tree bridge assurance command. To disable Bridge Assurance, use the no form of this command.
spanning-tree bridge assurance
no spanning-tree bridge assurance
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network.
Note Bridge Assurance is supported only by Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST). Legacy 802.1D spanning tree does not support Bridge Assurance.
Bridge Assurance is enabled by default and can only be disabled globally.
Bridge Assurance is enabled globally by default but is disabled on an interface by default. You can enable Bridge Assurance on an interface by using the spanning-tree port type network command.
For more information on Bridge Assurance, see the Cisco Nexus 5000 Series NX-OS Layer 2 Switching Configuration Guide.
Examples
This example shows how to enable Bridge Assurance globally on the switch:
Related Commands
|
|
|
|---|---|
Displays the status and configuration of the local Spanning Tree Protocol (STP) bridge. |
|
spanning-tree bpdufilter
To enable bridge protocol data unit (BPDU) Filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter { enable | disable }
Syntax Description
Command Default
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Entering the spanning-tree bpdufilter enable command to enable BPDU Filtering overrides the spanning tree edge port configuration. That port then returns to the normal spanning tree port type and moves through the normal spanning tree transitions.
Be careful when you enter the
spanning-tree bpdufilter enable command on specified interfaces. Explicitly configuring BPDU Filtering on a port this is not connected to a host can cause a bridging loop because the port will ignore any BPDU that it receives, and the port moves to the STP forwarding state.
Use the spanning-tree port type edge bpdufilter default command to enable BPDU Filtering on all spanning tree edge ports.
Examples
This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4:
Related Commands
|
|
|
|---|---|
spanning-tree bpduguard
To enable bridge protocol data unit (BPDU) Guard on an interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.
spanning-tree bpduguard { enable | disable }
Syntax Description
Command Default
The setting that is already configured when you enter the spanning-tree port type edge bpdufilter default command.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.
Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.
When you enable this BPDU Guard command globally, the command applies only to spanning tree edge ports. See the spanning-tree port type edge bpdufilter default command for more information on the global command for BPDU Guard. However, when you enable this feature on an interface, it applies to that interface regardless of the spanning tree port type.
This command has three states:
- spanning-tree bpduguard enable — Unconditionally enables BPDU Guard on the interface.
- spanning-tree bpduguard disable — Unconditionally disables BPDU Guard on the interface.
- no spanning-tree bpduguard —E nables BPDU Guard on the interface if it is an operational spanning tree edge port and if the spanning-tree port type edge bpdufilter default command is configured.
Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree.
Examples
This example shows how to enable BPDU Guard on this interface:
Related Commands
|
|
|
|---|---|
spanning-tree cost
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] cost { value | auto }
no spanning-tree [ vlan vlan-id ] cost
Syntax Description
(Optional) Lists the VLANs on this trunk interface for which you want to assign the path cost. You do not use this parameter on access ports. The range is from 1 to 4094. |
|
Value of the port cost. The available cost range depends on the path-cost calculation method as follows: |
|
Sets the value of the port cost by the media speed of the interface (see Table 1 for the values). |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The STP port path cost default value is determined from the media speed and path cost calculation method of a LAN interface (see Table 1 ). See the spanning-tree pathcost method command for information on setting the path cost calculation method for Rapid per VLAN Spanning Tree Plus (Rapid PVST+).
|
|
|
|
|---|---|---|
When you configure the value, higher values will indicate higher costs.
On access ports, assign the port cost by port. On trunk ports, assign the port cost by VLAN; you can configure all the VLANs on a trunk port as the same port cost.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Note Use this command to set the port cost for Rapid PVST+. Use the spanning-tree mst cost command to set the port cost for MST.
Examples
This example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN that is associated with that interface:
(config)# interface ethernet 1/4
(config-if)# spanning-tree cost 250
Related Commands
|
|
|
|---|---|
spanning-tree domain
To configure a Spanning Tree Protocol (STP) domain, use the spanning-tree domain command. To remove an STP domain, use the no form of this command.
spanning-tree domain domain-num
no spanning-tree domain domain-num
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure a spanning-tree domain:
Related Commands
|
|
|
|---|---|
Displays the configuration information of the Spanning Tree Protocol (STP). |
spanning-tree guard
To enable or disable Loop Guard or Root Guard, use the spanning-tree guard command. To return to the default settings, use the no form of this command.
spanning-tree guard { loop | none | root }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You cannot enable Loop Guard if Root Guard is enabled, although the switch accepts the command to enable Loop Guard on spanning tree edge ports.
Examples
This example shows how to enable Root Guard:
Related Commands
|
|
|
|---|---|
spanning-tree link-type
To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.
spanning-tree link-type { auto | point-to-point | shared }
Syntax Description
Sets the link type based on the duplex setting of the interface. |
|
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Fast transition (specified in IEEE 802.1w) functions only on point-to-point links between two bridges.
By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.
Note On a Cisco Nexus 5000 Series switch, port duplex is not configurable.
Examples
This example shows how to configure the port as a shared link:
Related Commands
|
|
|
|---|---|
spanning-tree loopguard default
To enable Loop Guard as a default on all spanning tree normal and network ports, use the spanning-tree loopguard default command. To disable Loop Guard, use the no form of this command.
spanning-tree loopguard default
no spanning-tree loopguard default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Loop Guard provides additional security in the bridge network. Loop Guard prevents alternate or root ports from becoming the designated port because of a failure that could lead to a unidirectional link.
Loop Guard operates only on ports that are considered point-to-point links by the spanning tree, and it does not run on spanning tree edge ports.
Entering the spanning-tree guard loop command for the specified interface overrides this global Loop Guard command.
Examples
This example shows how to enable Loop Guard:
Related Commands
|
|
|
|---|---|
spanning-tree mode
To switch between Rapid per VLAN Spanning Tree Plus (Rapid PVST+) and Multiple Spanning Tree (MST) Spanning Tree Protocol (STP) modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode { rapid-pvst | mst }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You cannot simultaneously run MST and Rapid PVST+ on the switch.
Be careful when using the
spanning-tree mode command to switch between Rapid PVST+ and MST modes. When you enter the command, all STP instances are stopped for the previous mode and are restarted in the new mode. Using this command may cause the user traffic to be disrupted.
Examples
This example shows how to switch to MST mode:
switch(config)# spanning-tree mode mst
switch(config-mst)#
Related Commands
|
|
|
|---|---|
Displays the information about the spanning tree configuration. |
spanning-tree mst configuration
To enter the Multiple Spanning Tree (MST) configuration mode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.
spanning-tree mst configuration
no spanning-tree mst configuration
Syntax Description
Command Default
The default value for the MST configuration is the default value for all its parameters:
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The MST configuration consists of three main parameters:
- Instance VLAN mapping—See the instance vlan command.
- Region name—See the name (MST configuration) command.
- Configuration revision number—See the revision command.
The abort and exit commands allow you to exit MST configuration mode. The difference between the two commands depends on whether you want to save your changes or not:
- The exit command commits all the changes before leaving MST configuration mode.
- The abort command leaves MST configuration mode without committing any changes.
If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST configuration mode, the following warning message is displayed:
See the switchport mode private-vlan host command to fix this problem.
Changing an MST configuration mode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST configuration mode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword.
In the unlikely event that two administrators commit a new configuration at exactly the same time, this warning message is displayed:
Examples
This example shows how to enter MST-configuration mode:
switch(config)# spanning-tree mst configuration
switch(config-mst)#
This example shows how to reset the MST configuration (name, instance mapping, and revision number) to the default settings:
(config)# no spanning-tree mst configuration
Related Commands
|
|
|
|---|---|
spanning-tree mst cost
To set the path-cost parameter for any Multiple Spanning Tree (MST) instance (including the Common and Internal Spanning Tree [CIST] with instance ID 0), use the spanning-tree mst cost command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id cost { cost | auto }
no spanning-tree mst instance-id cost
Syntax Description
Port cost for an instance. The range is from 1 to 200,000,000. |
|
Sets the value of the port cost by the media speed of the interface. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The port cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.
Higher cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.
The EtherChannel bundle is considered as a single port. The port cost is the aggregation of all the configured port costs assigned to that channel.
Examples
This example shows how to set the interface path cost:
(config-if)# spanning-tree mst 0 cost 17031970
Related Commands
|
|
|
|---|---|
spanning-tree mst forward-time
To set the forward-delay timer for all the instances on the switch, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.
spanning-tree mst forward-time seconds
no spanning-tree mst forward-time
Syntax Description
Number of seconds to set the forward-delay timer for all the instances on the switch. The range is from 4 to 30 seconds. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the forward-delay timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst hello-time
To set the hello-time delay timer for all the instances on the switch, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.
spanning-tree mst hello-time seconds
no spanning-tree mst hello-time
Syntax Description
Number of seconds to set the hello-time delay timer for all the instances on the switch. The range is from 1 to 10 seconds. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
If you do not specify the hello-time value, the value is calculated from the network diameter.
Examples
This example shows how to set the hello-time delay timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst max-age
To set the max-age timer for all the instances on the switch, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.
spanning-tree mst max-age seconds
Syntax Description
Number of seconds to set the max-age timer for all the instances on the switch. The range is from 6 to 40 seconds. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to set the max-age timer:
Related Commands
|
|
|
|---|---|
spanning-tree mst max-hops
To specify the number of possible hops in the region before a bridge protocol data unit (BPDU) is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.
spanning-tree mst max-hops hop-count
Syntax Description
Number of possible hops in the region before a BPDU is discarded. The range is from 1 to 255 hops. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the number of possible hops:
Related Commands
|
|
|
|---|---|
spanning-tree mst port-priority
To set the port-priority parameters for any Multiple Spanning Tree (MST) instance, including the Common and Internal Spanning Tree (CIST) with instance ID 0, use the spanning-tree mst port-priority command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority
Syntax Description
Port priority for an instance. The range is from 0 to 224 in increments of 32. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Higher port-priority priority values indicate smaller priorities.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Examples
This example shows how to set the interface priority:
(config-if)# spanning-tree mst 0 port-priority 64
Related Commands
|
|
|
|---|---|
Configures the port priority for the default STP, which is Rapid PVST+. |
spanning-tree mst pre-standard
To force a prestandard Multiple Spanning Tree (MST) bridge protocol data unit (BPDU) transmission on an interface port, use the spanning-tree mst pre-standard command. To revert to the defaults, use the no form of this command.
spanning-tree mst pre-standard
no spanning-tree mst pre-standard
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to force a prestandard MST BPDU transmission on port:
Related Commands
|
|
|
|---|---|
spanning-tree mst priority
To set the bridge priority, use the spanning-tree mst priority command. To return to the default setting, use the no form of this command.
spanning-tree mst instance-id priority priority-value
no spanning-tree mst instance-id priority
Syntax Description
Instance identification number. The range is from 0 to 4094. |
|
Bridge priority. See the “Usage Guidelines” section for valid values and additional information. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
You can set the priority-value argument to 0 to make the switch root.
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
Examples
This example shows how to set the bridge priority:
Related Commands
|
|
|
|---|---|
spanning-tree mst root
To designate the primary and secondary root and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.
spanning-tree mst instance-id root { primary | secondary } [ diameter dia [ hello-time hello-time ]]
no spanning-tree mst instance-id root
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can enter the instance-id argument as a single instance or a range of instances, for example, 0-3,5,7-9.
If you do not specify the hello-time argument, the argument is calculated from the network diameter. You must first specify the diameter dia keyword and argument before you can specify the hello-time hello-time keyword and argument.
Examples
This example shows how to designate the primary root:
This example shows how to set the priority and timer values for the bridge:
Related Commands
|
|
|
|---|---|
spanning-tree mst simulate pvst
To reenable specific interfaces to automatically interoperate between Multiple Spanning Tree (MST) and Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst command. To prevent specific MST interfaces from automatically interoperating with a connecting device running Rapid PVST+, use the spanning-tree mst simulate pvst disable command. To return specific interfaces to the default settings that are set globally for the switch, use the no form of this command.
spanning-tree mst simulate pvst
spanning-tree mst simulate pvst disable
no spanning-tree mst simulate pvst
Syntax Description
Command Default
Enabled. By default, all interfaces on the switch interoperate seamlessly between MST and Rapid PVST+. See the spanning-tree mst simulate pvst global command to change this setting globally.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
MST interoperates with Rapid PVST+ with no need for user configuration. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
Note To block automatic MST and Rapid PVST+ interoperability for the entire switch, use no spanning-tree mst simulate pvst global command.
This command is useful when you want to prevent accidental connection with a device running Rapid PVST+.
To reenable seamless operation between MST and Rapid PVST+ on specific interfaces, use the spanning-tree mst simulate pvst command.
Examples
This example shows how to prevent specified ports from automatically interoperating with a connected device running Rapid PVST+:
switch(config-if)# spanning-tree mst simulate pvst disable
Related Commands
|
|
|
|---|---|
Enables global seamless interoperation between MST and Rapid PVST+. |
spanning-tree mst simulate pvst global
To prevent the Multiple Spanning Tree (MST) switch from automatically interoperating with a connecting device running Rapid per VLAN Spanning Tree Plus (Rapid PVST+), use the spanning-tree mst simulate pvst global command. To return to the default settings, which is a seamless operation between MST and Rapid PVST+ on the switch, use the no spanning-tree mst simulate pvst global command.
spanning-tree mst simulate pvst global
no spanning-tree mst simulate pvst global
Syntax Description
Command Default
Enabled. By default, the switch interoperates seamlessly between MST and Rapid PVST+.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
MST does not require user configuration to interoperate with Rapid PVST+. The PVST+ simulation feature enables this seamless interoperability. However, you may want to control the connection between MST and Rapid PVST+ to protect against accidentally connecting an MST-enabled port to a Rapid PVST+-enabled port.
When you use the no spanning-tree mst simulate pvst global command, the switch running in MST mode moves all interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) into the Spanning Tree Protocol (STP) blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
You can also use this command from the interface mode, and the configuration applies to the entire switch.
Note To block automatic MST and Rapid PVST+ interoperability for specific interfaces, see the spanning-tree mst simulate pvst command.
This command is useful when you want to prevent accidental connection with a device not running MST.
To return the switch to seamless operation between MST and Rapid PVST+, use the spanning-tree mst simulate pvst global command.
Examples
This example shows how to prevent all ports on the switch from automatically interoperating with a connected device running Rapid PVST+:
switch(config)# no spanning-tree mst simulate pvst global
Related Commands
|
|
|
|---|---|
Enables seamless interoperation between MST and Rapid PVST+ by the interface. |
spanning-tree pathcost method
To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.
spanning-tree pathcost method { long | short }
no spanning-tree pathcost method
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The long path-cost calculation method uses all 32 bits for path-cost calculations and yields valued in the range of 2 through 2,00,000,000.
The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.
Note This command applies only to the Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default mode. When you are using Multiple Spanning Tree (MST) spanning tree mode, the switch uses only the long method for calculating path cost; this is not user-configurable for MST.
Examples
This example shows how to set the default pathcost method to long:
switch(config)# spanning-tree pathcost method long
Related Commands
|
|
|
|---|---|
spanning-tree port-priority
To set an interface priority when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.
spanning-tree [ vlan vlan-id ] port-priority value
no spanning-tree [ vlan vlan-id ] port-priority
Syntax Description
(Optional) Specifies the VLAN identification number. The range is from 0 to 4094. |
|
Port priority. The range is from 1 to 224, in increments of 32. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Do not use the vlan vlan-id parameter on access ports. The software uses the port priority value for access ports and the VLAN port priority values for trunk ports.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
Note Use this command to configure the port priority for Rapid per VLAN Spanning Tree Plus (Rapid PVST+) spanning tree mode, which is the default STP mode. To configure the port priority for Multiple Spanning Tree (MST) spanning tree mode, use the spacing-tree mst port-priority command.
Examples
This example shows how to increase the probability that the spanning tree instance on access port interface 2/0 is chosen as the root bridge by changing the port priority to 32:
(config-if)# spanning-tree port-priority 32
Related Commands
|
|
|
|---|---|
Displays information on the spanning tree port priority for the interface. |
spanning-tree port type edge
To configure an interface connected to a host as an edge port, which automatically transitions the port to the spanning tree forwarding state without passing through the blocking or learning states, use the spanning-tree port type edge command. To return the port to a normal spanning tree port, use the no spanning-tree port type command.
spanning-tree port type edge [ trunk ]
Syntax Description
(Optional) Configures the trunk port as a spanning tree edge port. |
Command Default
The default is the global setting for the default port type edge that is configured when you entered the spanning-tree port type edge default command. If you did not configure a global setting, the default spanning tree port type is normal.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can also use this command to configure a port in trunk mode as a spanning tree edge port.
You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.
When a linkup occurs, spanning tree edge ports are moved directly to the spanning tree forwarding state without waiting for the standard forward-time delay.
Note This is the same functionality that was previously provided by the Cisco-proprietary PortFast feature.
When you use this command, the system returns a message similar to the following:
When you use this command without the trunk keyword, the system returns an additional message similar to the following:
To configure trunk interfaces as spanning tree edge ports, use the spanning-tree port type trunk command. To remove the spanning tree edge port type setting, use the no spanning-tree port type command.
Examples
This example shows how to configure an interface connected to a host as an edge port, which automatically transitions that interface to the forwarding state on a linkup:
(config-if)# spanning-tree port type edge
Related Commands
|
|
|
|---|---|
spanning-tree port type edge bpdufilter default
To enable bridge protocol data unit (BPDU) Filtering by default on all spanning tree edge ports, use the spanning-tree port type edge bpdufilter default command. To disable BPDU Filtering by default on all edge ports, use the no form of this command.
spanning-tree port type edge bpdufilter default
no spanning-tree port type edge bpdufilter default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
To enable BPDU Filtering by default, you must do the following:
- Configure the interface as a spanning tree edge port, using the spanning-tree port type edge or the spanning-tree port type edge default command.
- Enable BPDU Filtering.
Use this command to enable BPDU Filtering globally on all spanning tree edge ports. BPDU Filtering prevents a port from sending or receiving any BPDUs.
Be cautious when using this command; incorrect usage can cause bridging loops.
You can override the global effects of this spanning-tree port type edge bpdufilter default command by configuring BPDU Filtering at the interface level. See the spanning-tree bpdufilter command for complete information on using this feature at the interface level.
Note The BPDU Filtering feature’s functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU Filtering is applied only on ports that are operational spanning tree edge ports. Ports send a few BPDUs at a linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, that port immediately becomes a normal spanning tree port with all the normal transitions and BPDU Filtering is disabled. When enabled locally on a port, BPDU Filtering prevents the switch from receiving or sending BPDUs on this port.
Examples
This example shows how to enable BPDU Filtering globally on all spanning tree edge operational ports by default:
switch(config)# spanning-tree port type edge bpdufilter default
Related Commands
|
|
|
|---|---|
Displays the information about the spanning tree configuration. |
|
spanning-tree port type edge bpduguard default
To enable bridge protocol data unit (BPDU) Guard by default on all spanning tree edge ports, use the spanning-tree port type edge bpduguard default command. To disable BPDU Guard on all edge ports by default, use the no form of this command.
spanning-tree port type edge bpduguard default
no spanning-tree port type edge bpduguard default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
To enable BPDU Guard by default, you must do the following:
- Configure the interface as spanning tree edge ports by entering the spanning-tree port type edge or the spanning-tree port type edge default command.
- Enable BPDU Guard.
Use this command to enable BPDU Guard globally on all spanning tree edge ports. BPDU Guard disables a port if it receives a BPDU.
Global BPDU Guard is applied only on spanning tree edge ports.
You can also enable BPDU Guard per interface; see the spanning-tree bpduguard command for more information.
Note We recommend that you enable BPDU Guard on all spanning tree edge ports.
Examples
This example shows how to enable BPDU Guard by default on all spanning tree edge ports:
(config)# spanning-tree port type edge bpduguard default
Related Commands
|
|
|
|---|---|
Displays the information about the spanning tree configuration. |
|
spanning-tree port type edge default
To configure all access ports that are connected to hosts as edge ports by default, use the spanning-tree port type edge default command. To restore all ports connected to hosts as normal spanning tree ports by default, use the no form of this command.
spanning-tree port type edge default
no spanning-tree port type edge default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to automatically configure all interfaces as spanning tree edge ports by default. This command will not work on trunk ports.
Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.
When a linkup occurs, an interface configured as an edge port automatically moves the interface directly to the spanning tree forwarding state without waiting for the standard forward-time delay. (This transition was previously configured as the Cisco-proprietary PortFast feature.)
When you use this command, the system returns a message similar to the following:
You can configure individual interfaces as edge ports using the spanning-tree port type edge command.
Examples
This example shows how to globally configure all ports connected to hosts as spanning tree edge ports:
(config)# spanning-tree port type edge default
Related Commands
|
|
|
|---|---|
spanning-tree port type network
To configure the interface that connects to a switch as a network spanning tree port, regardless of the global configuration, use the spanning-tree port type network command. To return the port to a normal spanning tree port, use the use the no form of this command.
spanning-tree port type network
Syntax Description
Command Default
The default is the global setting for the default port type network that is configured when you entered the spanning-tree port type network default command. If you did not configure a global setting, the default spanning tree port type is normal.
Command Modes
Command History
|
|
|
Usage Guidelines
Use this command to configure an interface that connects to a switch as a spanning tree network port. Bridge Assurance runs only on Spanning Tree Protocol (STP) network ports.
Note If you mistakenly configure ports connected to hosts as STP network ports and enable Bridge Assurance, those ports will automatically move into the blocking state.
Note Bridge Assurance is enabled by default, and all interfaces configured as spanning tree network ports have Bridge Assurance enabled.
To configure a port as a spanning tree network port, use the spanning-tree port type network command. To remove this configuration, use the no spanning-tree port type command. When you use the no spanning-tree port type command, the software returns the port to the global default setting for network port types.
You can configure all ports that are connected to switches as spanning tree network ports by default by entering the spanning-tree port type network default command.
Examples
This example shows how to configure an interface connected to a switch or bridge as a spanning tree network port:
(config-if)# spanning-tree port type network
Related Commands
|
|
|
|---|---|
Displays information about the spanning tree configuration per specified interface. |
spanning-tree port type network default
To configure all ports as spanning tree network ports by default, use the spanning-tree port type network default command. To restore all ports to normal spanning tree ports by default, use the no form of this command.
spanning-tree port type network default
no spanning-tree port type network default
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
Use this command to automatically configure all interfaces that are connected to switches as spanning tree network ports by default. You can then use the spanning-tree port type edge command to configure specified ports that are connected to hosts as spanning-tree edge ports.
Note If you mistakenly configure ports connected to hosts as Spanning Tree Protocol (STP) network ports and Bridge Assurance is enabled, those ports will automatically move into the blocking state.
Configure only the ports that connect to other switches as network ports because the Bridge Assurance feature causes network ports that are connected to hosts to move into the spanning tree blocking state.
You can identify individual interfaces as network ports by using the spanning-tree port type network command.
Examples
This example shows how to globally configure all ports connected to switches as spanning tree network ports:
(config)# spanning-tree port type network default
Related Commands
|
|
|
|---|---|
spanning-tree port type normal
To configure an interface as a normal spanning tree port, use the spanning-tree port type normal command. To revert to the default settings, use the no command.
spanning-tree port type normal
no spanning-tree port type normal
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure an interface as a normal port:
Related Commands
|
|
|
|---|---|
spanning-tree pseudo-information
To configure spanning tree pseudo information parameters for two Layer 2 gateway switches, use the spanning-tree pseudo-information command.
spanning-tree pseudo-information
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command in a topology with hybrid switches (for example, a virtual port channel [vPC] connected to a non-vPC switch) to configure VLAN-based load balancing.
To meet the VLAN-based load-balancing criteria, you must configure a different Spanning Tree Protocol (STP) bridge priority value for the root bridge and the designated bridge.
Examples
This example shows how to enable Bridge Assurance globally on the switch:
Related Commands
spanning-tree vlan
To configure Spanning Tree Protocol (STP) parameters on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id [ forward-time value | hello-time value | max-age value | priority value | [ root { primary | secondary } [ diameter dia [ hello-time value ]]]]
no spanning-tree vlan vlan-id [ forward-time | hello-time | max-age | priority | root ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
When disabling spanning tree on a VLAN using the
no spanning-tree vlan
vlan-id co
mmand, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.
We do not recommend disabling spanning tree even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.
When setting the max-age seconds, if a bridge does not see BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.
The spanning-tree root primary alters this switch’s bridge priority to 24576. If you enter the spanning-tree root primary command and the switch does not become the root, then the bridge priority is changed to 4096 less than the bridge priority of the current bridge. The command fails if the value required to be the root bridge is less than 1. If the switch does not become the root, an error results.
If the network devices are set for the default bridge priority of 32768 and you enter the spanning-tree root secondary command, the software alters the bridge priority of the current bridge to 28762. If the root switch fails, this switch becomes the next root switch.
Use the spanning-tree root commands on the backbone switches only.
Examples
This example shows how to enable spanning tree on VLAN 200:
switch(config)# spanning-tree vlan 200
This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:
switch(config)# spanning-tree vlan 10 root primary diameter 4
This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:
switch(config)# spanning-tree vlan 10 root secondary diameter 4
Related Commands
|
|
|
|---|---|
spanning-tree vlan cost
To change the spanning tree port path-cost of an interface, use the spanning-tree vlan cost command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id cost { port_path_cost | auto }
no spanning-tree vlan vlan-id cost { port_path_cost | auto }
Syntax Description
VLAN identification number. The VLAN ID range is from 0 to 4094. |
|
Determines the cost based on the media speed of this interface. |
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
Examples
This example shows how to change the spanning tree port path cost of an interface:
switch# configure terminal
switch(config)# interface ethernet 1/5
switch(config-if)#
This example shows how to revert the interface to the default configuration:
Related Commands
|
|
|
|---|---|
spanning-tree vlan port-priority
To change the spanning tree port priority of an interface, use the spanning-tree vlan port-priority command. To return to the default settings, use the no form of this command.
spanning-tree vlan vlan-id port-priority port_priority_value
no spanning-tree vlan vlan-id port-priority port_priority_value
Syntax Description
VLAN identification number. The VLAN ID range is from 0 to 4094. |
|
Port priority. The range is from 0 to 224 in increments of 32. |
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
Examples
This example shows how to change the spanning tree port priority of an interface to 20:
switch# configure terminal
switch(config)# interface ethernet 1/5
switch(config-if)# spanning-tree vlan 5 port-priority 20
switch(config-if)#
This example shows how to revert the interface to the default configuration:
Related Commands
|
|
|
|---|---|
speed (interface)
To configure the transmit and receive speed for an interface, use the speed command. To reset to the default speed, use the no form of this command.
speed { 100 | 1000 | 10000 | auto }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Interface speed of 100 Mbps and the auto keyword was introduced. |
Usage Guidelines
The first 8 ports of a Cisco Nexus 5010 switch and the first 16 ports of a Cisco Nexus 5020 switch are switchable 1-Gigabit and 10-Gigabit ports. The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
Note If the interface and transceiver speed is mismatched, the SFP validation failed message is displayed when you enter the show interface ethernet slot/port command. For example, if you insert a 1-Gigabit SFP transceiver into a port without configuring the speed 1000 command, you will get this error.
By default, all ports on a Cisco Nexus 5000 Series switch are 10 Gigabits.
Examples
This example shows how to set the speed for a 1-Gigabit Ethernet port:
This example shows how to set the an interface port to automatically negotiate the speed:
Related Commands
|
|
|
|---|---|
state
To set the operational state for a VLAN, use the state command. To return a VLAN to its default operational state, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You cannot suspend the state for VLAN 1 or VLANs 1006 to 4094.
Examples
This example shows how to suspend VLAN 2:
switch(config)# vlan 2
switch(config-vlan)# state suspend
Related Commands
|
|
|
|---|---|
svi enable
To enable the creation of VLAN interfaces, use the svi enable command. To disable the VLAN interface feature, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
This command was deprecated and replaced with the feature interface-vlan command. For backwards compatibility, it will be maintained for a number of releases. |
Usage Guidelines
You must use the feature interface-vlan command before you can create VLAN interfaces.
Examples
This example shows how to enable the interface VLAN feature on the switch:
Related Commands
|
|
|
|---|---|
svs connection
To enable an SVS connection to connect a vCenter Server to a Cisco Nexus 5000 Series switch, use the svs connection command. To disable an SVS connection, use the no form of this command.
Syntax Description
Name of the SVS connection. The name can be a maximum of 64 alphanumeric characters. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable an SVS connection:
This example shows how to disable an SVS connection:
Related Commands
|
|
|
|---|---|
svs veth auto-delete
To enable the Virtual Supervisor Module (VSM) to automatically delete Distributed virtual ports (dvPorts) no longer used by a virtual NIC (vNIC) or hypervisor port, use the svs veth auto-delete command. To disable this control, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
When enabled (the default), any virtual Ethernet interfaces that are in the administratively down state will be deleted after confirming with the vCenter server that no corresponding vNICs are in use.
Examples
This example shows how to enable the Virtual Supervisor Module (VSM) to automatically delete dvPorts no longer used by a vNIC or hypervisor port:
This example shows how to disable the automatic deletion of dvPorts that are no longer used by a vNIC or hypervisor port:
Related Commands
|
|
|
|---|---|
Enables the VSM to automatically create a virtual Ethernet interface when a new port is activated on a host. |
svs veth auto-setup
To enable the Virtual Supervisor Module (VSM) to automatically create a virtual Ethernet interface when a new port is activated on a host, use the svs veth auto-setup command. To remove this control, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable automatic creation and configuration of virtual Ethernet interfaces:
This example shows how to disable automatic creation and configuration of virtual Ethernet interfaces:
Related Commands
|
|
|
|---|---|
Enables the VSM to automatically delete DVPorts no longer used by a vNIC or hypervisor port. |
switchport access vlan
To set the access VLAN when the interface is in access mode, use the switchport access vlan command. To reset the access-mode VLAN to the appropriate default VLAN for the switch, use the no form of this command.
switchport access vlan vlan-id
Syntax Description
VLAN to set when the interface is in access mode. The range is from 1 to 4094, except for the VLANs reserved for internal use. |
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
Usage Guidelines
Use the no form of the switchport access vlan com mand to reset the access-mode VLAN to the appropriate default VLAN for the switch. This action may generate messages on the device to which the port is connected.
Examples
This example shows how to configure an Ethernet interface to join VLAN 2:
switch# configure terminal
switch(config)# interface ethernet 1/7
switch(config-if)# switchport access vlan 2
switch(config-if)#
This example shows how to configure a virtual Ethernet interface to join VLAN 5:
switch# configure terminal
switch(config)# interface vethernet 1
switch(config-if)# switchport access vlan 5
switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a port. |
|
switchport backup interface
To configure Flex Links, which are two interfaces that provide backup to each other, on a Layer 2 interface, use the switchport backup interface command. To remove the Flex Links configuration, use the no form of this command.
switchport backup interface { ethernet slot / port | port-channel channel-no } [ multicast fast-convergence | preemption { delay delay-time | mode [ bandwidth | forced | off ]}]
no switchport backup interface { ethernet slot / port | port-channel channel-no } [ multicast fast-convergence | preemption { delay delay-time | mode [ bandwidth | forced | off ]}]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Note This command is applicable to the Cisco Nexus 5548 Series switch and the Cisco Nexus 5596 Series switch.
Before you use this command, make sure that you enable Flex Links on the switch by using the feature flexlink command.
Note Make sure the virtual port channel (vPC) is disabled on the switch.
A Flex Links port can be a physical Ethernet port or a port channel.
You cannot configure Flex Links port on the following types of interface:
- Fabric Extender (FEX) fabric port and FEX host port
- Virtual Fibre Channel interface
- Virtual network tag (VNTag)
- Interface with port security enabled
- Layer 3 interface
- Switched Port Analyzer (SPAN) destination
- Port channel member
- Interface configured with private VLAN
- Endnode mode
- Fabric path core interface (Layer 2 multipath)
Examples
This example shows how to configure Ethernet 1/1 and Ethernet 1/12 as Flex Links:
This example shows how to configure EtherChannel 100 and EtherChannel 101 as Flex Links:
This example shows how to configure the Ethernet interface to always preempt the backup:
This example shows how to configure the Ethernet interface preemption delay time:
This example shows how to configure fast convergence on the backup interface:
Related Commands
|
|
|
|---|---|
switchport block
To prevent the unknown multicast or unicast packets from being forwarded, use the switchport block command. To allow the unknown multicast or unicast packets to be forwarded, use the no form of this command.
switchport block { multicast | unicast }
no switchport block { multicast | unicast }
Syntax Description
Specifies that the unknown multicast traffic should be blocked. |
|
Specifies that the unknown unicast traffic should be blocked. |
Command Default
Unknown multicast and unicast traffic are not blocked. All traffic with unknown MAC addresses is sent to all ports.
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
You can block the unknown multicast or unicast traffic on the switch ports.
Blocking the unknown multicast or unicast traffic is not automatically enabled on the switch ports; you must explicitly configure it.
Examples
This example shows how to block the unknown multicast traffic on an interface:
This example shows how to block the unknown unicast traffic on a virtual Ethernet interface:
Related Commands
|
|
|
|---|---|
Displays the switch port information for a specified interface or all interfaces. |
|
Displays the virtual Ethernet interface configuration information. |
switchport host
To configure the interface to be an access host port, use the switchport host command. To remove the host port, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Ensure that you are configuring the correct interface. It must be an interface that is connected to an end station.
An access host port handles the Spanning Tree Protocol (STP) like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables EtherChannel on that interface.
Examples
This example shows how to set an interface as an Ethernet access host port with EtherChannel disabled:
Related Commands
|
|
|
|---|---|
Displays a summary of the interface configuration information. |
|
Displays information on all interfaces configured as switch ports. |
switchport mode
To configure the interface as a nontrunking nontagged single-VLAN Ethernet or virtual Ethernet interface, use the switchport mode command. To remove the configuration and restore the default, use the no form of this command.
switchport mode { access | trunk | vntag }
no switchport mode { access | trunk | vntag }
Syntax Description
Specifies that the interface is in port mode. Note This keyword doe not apply to a virtual Ethernet interface. |
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
An access port can carry traffic in one VLAN only. By default, an access port carries traffic for VLAN 1. To set the access port to carry traffic for a different VLAN, use the switchport access vlan command.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
A virtual network tag (VNTag) port helps to identify the virtual interfaces on that physical port.
For a virtual Ethernet interface, use the no form of the command without the keywords.
Examples
This example shows how to set an interface as an Ethernet access port that carries traffic for a specific VLAN only:
This example shows how to set an interface as a VNTag port:
This example shows how to set a virtual Ethernet interface in trunk port mode:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
switchport mode private-vlan host
To set the interface type to be a host port for a private VLAN, use the switchport mode private-vlan host command. To remove the configuration, use the no form of this command.
switchport mode private-vlan host
Syntax Description
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
Usage Guidelines
When you configure a port as a host private VLAN port and one of the following applies, the port becomes inactive:
- The port does not have a valid private VLAN association configured.
- The port is a Switched Port Analyzer (SPAN) destination.
- The private VLAN association is suspended.
If you delete a private VLAN port association or if you configure a private port as a SPAN destination, the deleted private VLAN port association or the private port that is configured as a SPAN destination becomes inactive.
Note We recommend that you enable spanning tree BPDU Guard on all private VLAN host ports.
Examples
This example shows how to set a port to host mode for private VLANs:
switch(config-if)# switchport mode private-vlan host
This example shows how to set a virtual Ethernet interface port to host mode for private VLANs:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
switchport mode private-vlan promiscuous
To set the interface type to be a promiscuous port for a private VLAN, use the switchport mode private-vlan promiscuous command.
switchport mode private-vlan promiscuous
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
When you configure a port as a promiscuous private VLAN port and one of the following applies, the port becomes inactive:
- The port does not have a valid private VLAN mapping configured.
- The port is a Switched Port Analyzer (SPAN) destination.
If you delete a private VLAN port mapping or if you configure a private port as a SPAN destination, the deleted private VLAN port mapping or the private port that is configured as a SPAN destination becomes inactive.
See the private-vlan command for more information on promiscuous ports.
Examples
This example shows how to set a port to promiscuous mode for private VLANs:
switch(config-if)# switchport mode private-vlan promiscuous
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
switchport mode private-vlan trunk
To configure the port as a secondary trunk port for a private VLAN, use the switchport mode private-vlan trunk command. To remove the isolated trunk port, use the no form of this command.
switchport mode private-vlan trunk [ promiscous | secondary ]
no switchport mode private-vlan trunk [ promiscous | secondary ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
In a private VLAN domain, isolated trunks are part of a secondary VLAN. Isolated trunk ports can carry multiple isolated VLANs.
Examples
This example shows how to configure Ethernet interface 1/1 as a promiscuous trunk port for a private VLAN:
This example shows how to configure Ethernet interface 1/5 as a secondary trunk port for a private VLAN:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Associates the isolated trunk port with the primary and secondary VLANs of a private VLAN. |
switchport monitor rate-limit
To configure a rate limit to monitor traffic on an interface, use the switchport monitor rate-limit command. To remove a rate limit, use the no form of this command.
switchport monitor rate-limit 1G
no switchport monitor rate-limit [ 1G ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
This command is applicable to the following Cisco Nexus 5000 Series switches:
Examples
This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Associates the isolated trunk port with the primary and secondary VLANs of a private VLAN. |
switchport port-security
To enable port security on an interface, use the switchport port-security command. To disable port security on a port, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to enable port security on a Layer 2 interface:
This example shows how to disable port security on an interface:
Related Commands
|
|
|
|---|---|
switchport port-security aging
To enable port security aging on a Layer 2 port, use the switchport port-security aging command. To disable port security on a port, use the no form of this command.
switchport port-security aging { time aging-time | type { absolute | inactivity }}
no switchport port-security aging { time aging-time | type { absolute | inactivity }}
Syntax Description
Sets the duration for which all addresses are secured; valid values are from 1 to 1440 minutes. |
|
Specifies that the timer starts to run only when there is no traffic. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the secure MAC address aging type on a port:
This example shows how to set the secure MAC address aging time to 2 minutes:
Related Commands
|
|
|
|---|---|
Configures the switchport parameters to establish port security. |
switchport port-security mac-address
To add a static secure MAC address on a Layer 2 interface or to enable sticky MAC address learning on an interface, use the switchport port-security mac-address command. To revert to the default settings, use the no form of this command.
switchport port-security mac-address { MAC-addr [ vlan vlan-ID ] | sticky }
no switchport port-security mac-address { MAC-addr [ vlan vlan-ID ] | sticky }
Syntax Description
(Optional) Specifies the VLAN on which the MAC address should be secured. The range is from 1 to 4094. |
|
Configures the dynamic MAC addresses as sticky on an interface. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure a static secure MAC address on a port:
This example shows how to enable port security with sticky MAC addresses on a port:
This example shows how to remove a MAC address from the list of secure MAC addresses:
Related Commands
|
|
|
|---|---|
switchport port-security maximum
To set the maximum number of secure MAC addresses on a port, use the switchport port-security maximum command. To revert to the default settings, use the no form of this command.
switchport port-security maximum max-addr [ vlan vlan-ID ]
no switchport port-security maximum max-addr [ vlan vlan-ID ]
Syntax Description
Maximum number of secure MAC addresses for the interface; valid values are from 1 to 1025. |
|
(Optional) Specifies the VLAN on which the MAC address should be secured. The range is from 1 to 4094. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the maximum number of secure MAC addresses on a port:
This example shows how to override the maximum number of secure MAC addresses set for a specific VLAN:
This example shows how to set the maximum number of secure MAC addresses on a port to the default value:
Related Commands
|
|
|
|---|---|
switchport port-security violation
To set the action to be taken when a security violation is detected, use the switchport port-security violation command. To revert to the default settings, use the no form of this command.
switchport port-security violation { protect | restrict | shutdown }
no switchport port-security violation { protect | restrict | shutdown }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the port security violation mode on a port:
This example shows how to set the port security violation mode on a port to the default value:
Related Commands
|
|
|
|---|---|
switchport priority extend
To configure the switch to override the priority of frames arriving on the Cisco IP phone port from connected devices, use the switchport priority extende command. To return the port to its default setting, use the no form of this command.
switchport priority extend { cos cos-value | trust }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to set the Cisco IP phone port to trust tagged data traffic:
This example shows how to set the Cisco IP phone port to mark data traffic with CoS value:
This example shows how to return to the default settings:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
switchport private-vlan association trunk
To associate an isolated trunk port with the primary and secondary VLANs of a private VLAN, use the switchport private-vlan association trunk command. To remove the isolated trunk port association, use the no form of this command.
switchport private-vlan association trunk primary-id secondary-id
no switchport private-vlan association trunk
Syntax Description
Primary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
|
Secondary VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The secondary VLAN should be an isolated VLAN. Only one isolated VLAN under a given primary VLAN can be associated to an isolated trunk port.
Examples
This example shows how to map the secondary VLANs to the primary VLAN:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
switchport private-vlan host-association
To define a private VLAN association for an isolated or community port, use the switchport private-vlan host-association command. To remove the private VLAN association from the port, use the no form of this command.
switchport private-vlan host-association { primary-vlan-id } { secondary-vlan-id }
no switchport private-vlan host-association
Syntax Description
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
Usage Guidelines
There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive. The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on pr imary VLANs, secondary VLANS, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
Examples
This example shows how to configure a Layer 2 host private VLAN port with a primary VLAN (VLAN 18) and a secondary VLAN (VLAN 20):
switch(config-if)# switchport private-vlan host-association 18 20
This example shows how to remove the private VLAN association from the port:
switch(config-if)# no switchport private-vlan host-association
This example shows how to configure a virtual Ethernet interface host private VLAN port with a primary VLAN (VLAN 5) and a secondary VLAN (VLAN 23):
Related Commands
|
|
|
|---|---|
switchport private-vlan mapping
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping { primary-vlan-id | trunk primary-vlan-id } { secondary-vlan-id | { add | remove } secondary-vlan-id }
no switchport private-vlan mapping [ { primary-vlan-id | trunk primary-vlan-id } secondary-vlan-id ]
Syntax Description
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
Usage Guidelines
There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
See the private-vlan command for more information on pr imary VLANs, secondary VLANS, and isolated or community ports.
Note A private VLAN-isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1Q encapsulation and cannot be used as a trunk port.
Note Beginning with Cisco NX-OS Release 5.0(2)N2(1), the number of mappings on a private-vlan trunk port is limited to 16.
Examples
This example shows how to configure the associated primary VLAN 18 to secondary isolated VLAN 20 on a private VLAN promiscuous port:
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# switchport mode private-vlan promiscous
switch(config-if)# switchport private-vlan mapping 18 20
This example shows how to add a VLAN to the association on the promiscuous port:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# switchport mode private-vlan promiscous
switch(config-if)# switchport private-vlan mapping 18 add 21
This example shows how to configure the associated primary VLAN 30 to secondary isolated VLANs 20-32 on a private VLAN promiscuous trunk port:
switch# configure terminal
switch(config)# interface ethernet 1/21
switch(config-if)# switchport mode private-vlan promiscous trunk
switch(config-if)# switchport private-vlan mapping trunk 30 20-32
This example shows the error message that appears when you configure the associated primary VLAN 30 to secondary isolated VLANs 50-100 (beyond the total permissible limit of 16 secondary VLANs) on a private VLAN promiscuous trunk port:
switch# configure terminal
switch(config)# interface ethernet 1/12
switch(config-if)# switchport mode private-vlan promiscous trunk
switch(config-if)# switchport private-vlan mapping trunk 30 50-100
This example shows how to remove all private VLAN associations from the port:
switch# configure terminal
switch(config)# interface ethernet 1/5
switch(config-if)# no switchport private-vlan mapping
switch(config-if)#
This example shows how to configure the primary VLAN 12 to secondary isolated VLAN 20 on a virtual Ethernet interface host:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Displays the information about the private VLAN mapping for VLAN interfaces or SVIs. |
switchport private-vlan trunk allowed vlan
To configure the allowed VLANs for the private trunk interface, use the switchport private-vlan trunk allowed vlan command. To remove the allowed VLANs, sue the no form of this command.
switchport private-vlan trunk allowed vlan { vlan-list | { add | except | remove } vlan-list | all | none }
no switchport private-vlan trunk allowed vlan vlan-list
Syntax Description
Command Default
Allows only associated VLANs on the private VLAN trunk interface.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The primary VLANs do not need to be explicitly added to the allowed VLAN list. They are added automatically once there is a mapping between primary and secondary VLANs.
Examples
This example shows how to add VLANs to the list of allowed VLANs on an Ethernet private VLAN trunk port:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
switchport private-vlan trunk native
To configure the native VLAN ID for the private VLAN trunk, use the switchport private-vlan trunk native command. To remove the native VLAN ID from the private VLAN trunk, use the no form of this command.
switchport private-vlan trunk native vlan vlan-list
no switchport private-vlan trunk native vlan vlan-list
Syntax Description
Specifies the VLAN ID. The range is from 1 to 3967 and from 4048 to 4093. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Secondary VLANs cannot be configured with a native VLAN ID on promiscuous trunk ports. Primary VLANs cannot be configured with a native VLAN ID on isolated trunk ports.
Examples
This example shows how to map the secondary VLANs to the primary VLAN:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
Configures the port as a secondary trunk port for a private VLAN. |
|
switchport trunk allowed vlan
To configure the allowed VLANs for a virtual Ethernet interface, use the switchport trunk allowed vlan command. To remove the configuration, use the no form of this command.
switchport trunk allowed vlan {{ add | except | remove } vlan_list | all | none }
no switchport trunk allowed vlan
Syntax Description
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to add VLANs to the list of allowed VLANs on a virtual Ethernet interface trunk port:
Related Commands
|
|
|
|---|---|
switchport trunk native vlan
To configure the native VLAN ID for the virtual Ethernet interface, use the switchport trunk native vlan command. To remove the native VLAN ID from the virtual Ethernet interface, use the no form of this command.
switchport trunk native vlan vlan_ID
no switchport trunk native vlan
Syntax Description
VLAN ID of the native VLAN when this port is in trunking mode. The range is from 1 to 4094. |
Command Default
Command Modes
Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to set VLAN 3 as the native trunk port:
Related Commands
|
|
|
|---|---|
switchport voice vlan
To configure the voice VLAN on a port, use the switchport voice vlan command. To remove a voice VLAN, use the no form of this command.
switchport voice vlan { vlan-list | dot1p | untagged }
Syntax Description
Specifies that the Cisco IP phone uses priority tagging and uses an 802.1P VLAN ID of 0 for voice traffic. |
|
Specifies that the Cisco IP phone does not tag frames for voice traffic. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure VLAN 3 as the voice VLAN:
This example shows how to configure an Ethernet port to send CDP packets that configure the Cisco IP phone to transmit voice traffic in 802.1p frames:
This example shows how to configure an Ethernet port to send CDP packets that configure the Cisco IP phone to transmit untagged voice traffic:
This example shows how to stop voice traffic on an Ethernet port:
system private-vlan fex trunk
To configure a PVLAN FEX trunk on port, use the system private-vlan fex trunk command. To remove the PVLAN FEX trunk ports, use the no form of this command.
no system private-vlan fex trunk
You must disable all the FEX Isolated trunk ports before configuring PVLANs on the FEX trunk ports. If the FEX Isolated trunk ports and the FEX trunk ports are both enabled, unwanted traffic might occur.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure PVLAN over a FEX trunk port:
Related Commands
|
|
|
|---|---|
system vlan reserve
To configure a reserved VLAN range, use the system vlan reserve command. To delete the reserved VLAN range configuration, use the no form of this command.
system vlan vlan-start reserve
no system vlan vlan-start reserve
Syntax Description
Starting VLAN ID. 80 VLANs are reserved starting from the start VLAN ID. For example, if you specify the starting VLAN ID as 1006, the reserved VLAN range is from 2006 to 1085. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The user-configured system reserved VLAN range comes in to effect only after a reload.
Examples
This example shows how to configure a reserved VLAN range:
This example shows how to remove the reserved VLAN configuration:
Related Commands
|
|
|
|---|---|
Feedback