Catalyst Supervisor Engine 32 PISA IOS Command Reference, 12.2ZY

shutdown vlan

To shut down local traffic on a specified VLAN, use the shutdown vlan command. To restart local traffic on the VLAN, use the no form of this command.

shutdown vlan vlan-id

no shutdown vlan vlan-id

Syntax Description

Command Default

This command has no default settings.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

This command does not support extended-range VLANs.

Examples

This example shows how to shut down traffic on VLAN 2:

Router(config)# shutdown vlan 2

Router(config)# 

snmp ifindex clear

To clear any previously configured snmp ifindex commands that were issued for a specific interface, use the snmp ifindex clear command.

snmp ifindex clear

Syntax Description

This command has no arguments or keywords.

Command Default

This command has no default settings.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Interface-index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.

Use the snmp ifindex clear command on a specific interface when you want that interface to use the global configuration setting for ifIndex persistence. This command clears any ifIndex-configuration commands that were previously entered for that specific interface.

When you clear the ifIndex configuration, the ifIndex persistence is enabled for all interfaces as specified by the snmp-server ifindex persist command in global configuration mode.

Examples

This example shows how to enable ifIndex persistence for all interfaces:

Router(config)# snmp ifindex persist

This example shows how to disable IfIndex persistence for Ethernet 0/1 only:

Router(config)# interface ethernet 0/1

Router(config-if)# no snmp ifindex persist

Router(config-if)# exit

This example shows how to clear the ifIndex configuration from the Ethernet 0/1 configuration:

Router(config)# interface ethernet 0/1

Router(config-if)# snmp ifindex clear

Router(config-if)# exit

Related Commands

snmp ifindex persist

To enable ifIndex values in the Interfaces MIB (IF-MIB) that persist across reboots (ifIndex persistence) only on a specific interface, use the snmp ifindex persist command. To disable ifIndex persistence only on a specific interface, use the no form of this command.

snmp ifindex persist

no snmp ifindex persist

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Interface index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.

The snmp ifindex persist command in interface configuration mode enables and disables ifIndex persistence for individual entries (that correspond to individual interfaces) in the ifIndex table of the IF-MIB.

The snmp-server ifindex persist command in global configuration mode enables and disables ifIndex persistence for all interfaces on the routing device. This action applies only to interfaces that have ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.

IfIndex commands that you configure for an interface apply to all subinterfaces on that interface.

Examples

This example shows how to enable ifIndex persistence for interface Ethernet 0/1 only:

Router(config)# interface ethernet 0/1

Router(config-if)# snmp ifindex persist

Router(config-if)# exit

This example shows how to enable ifIndex persistence for all interfaces and then disable ifIndex persistence for interface Ethernet 0/1 only:

Router(config)# snmp ifindex persist

Router(config)# interface ethernet 0/1

Router(config-if)# no snmp ifindex persist

Router(config-if)# exit

Related Commands

snmp-server enable traps

To enable the SNMP notifications (traps or informs) that are available on your system, use the snmp-server enable traps command. To disable all available SNMP notifications, use the no form of this command.

snmp-server enable traps [notification-type]

no snmp-server enable traps [notification-type]

Syntax Description

Command Default

This command is disabled by default. Most notification types are disabled. However, some notification types cannot be controlled with this command.

If you enter this command without a notification-type, all notification types that are controlled by this command are enabled.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

For additional notification types, refer to the Cisco IOS Release 12.2 Command Reference.

SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [traps | informs] command.

If you do not enter an snmp-server enable traps command, no notifications that are controlled by this command are sent. To configure the router to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type that is related to that keyword is enabled. To enable multiple types of notifications, you must issue a separate snmp-server enable traps command for each notification type and notification option.

The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send notifications, you must configure at least one snmp-server host command.

The following list of MIBs are used for the traps:

•chassis—Controls the chassisAlarm traps from the CISCO-STACK-MIB

•flash—Controls SNMP flash traps from the CISCO-FLASH-MIB

–insertion—Controls the SNMP flash insertion-trap notifications

–removal—Controls the SNMP flash removal-trap notifications

•fru-ctrl—Controls the FRU-control traps from the CISCO-ENTITY-FRU-CONTROL-MIB

•module—Controls the SNMP-module traps from the CISCO-STACK-MIB

•stpx—Controls all the traps from the CISCO-STP-EXTENSIONS-MIB

•vlancreate—Controls the SNMP VLAN-created trap notifications

•vlandelete—Controls the SNMP VLAN-deleted trap notifications

•vtp—Controls the VTP traps from the CISCO-VTP-MIB

The following SNMP-server enable traps are supported:

•bridge—Controls the STP Bridge MIB traps

•c6kxbar—Controls the c6kxbar intbus-crcexcd intbus-crcrcvrd swbus trap

•csg—Controls the CSG agent quota database traps

•flex-links—Controls the flex-links status traps

•mac-notification—Controls the MAC-Notification move threshold traps

•stpx—Controls the STPX inconsistency root-inconsistency loop-inconsistency traps

•vlan-mac-limit—Controls the Layer 2 control VLAN MAC limit notifications traps

Examples

This example shows how to send all traps to the host that are specified by the name myhost.cisco.com, using the community string that is defined as public:

Router(config)# snmp-server enable traps 

Router(config)# snmp-server host myhost.cisco.com public

snmp-server enable traps transceiver type all

To enable all supported SNMP transceiver traps for all transceiver types, use the snmp-server enable traps transceiver type all command. To disable the transceiver SNMP trap notifications, use the no form of this command.

snmp-server enable traps transceiver type all

no snmp-server enable traps transceiver type all

Syntax Description

The command has no arguments or keywords.

Command Default

Disabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send notifications, you must configure at least one snmp-server host command.

Examples

This example shows how to enable all supported SNMP transceiver traps for all transceiver types:

Router(config)# snmp-server enable traps transceiver type all

Router(config)# 

Related Commands

snmp-server ifindex persist

To enable ifIndex values globally so that they will remain constant across reboots for use by SNMP, use the snmp-server ifindex persist command. To disable ifIndex persistence globally, use the no form of this command.

snmp-server ifindex persist

no snmp-server ifindex persist

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Interface-index persistence occurs when ifIndex values in the IF-MIB persist across reboots and allow for consistent identification of specific interfaces using SNMP.

The snmp-server ifindex persist command in global configuration mode does not override interface-specific configurations. To override the interface-specific configuration of ifIndex persistence, enter the [no] snmp ifindex persist and snmp ifindex clear commands in interface configuration mode.

Entering the [no] snmp-server ifindex persist command in global configuration mode enables and disables ifIndex persistence for all interfaces on the routing device using ifDescr and ifIndex entries in the ifIndex table of the IF-MIB.

Examples

This example shows how to enable ifIndex persistence for all interfaces:

Router(config)# snmp-server ifindex persist

Router(config)# 

Note This example shows that if ifIndex persistence was previously disabled for a specific interface using the no snmp ifindex persist command in interface configuration mode, ifIndex persistence remains disabled for that interface. The global ifIndex command does not override the interface-specific commands.

Related Commands

snmp-server source-interface

To specify the interface from which a SNMP trap originates the informs or traps, use the snmp-server source-interface command. To remove the source designation, use the no form of the comman

snmp-server source-interface {traps | informs} interface

no snmp-server source-interface {traps | informs} [interface]

Syntax Description

Command Default

No interface is designated.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

The source interface must have an IP address.

Enter the interface argument in the following format: interface-type/module/port.

An SNMP trap or inform sent from a Cisco SNMP server has a notification IP address of the interface it went out of at that time. Use this command to monitor notifications from a particular interface.

Examples

This example shows how to specify that the interface gigabitethernet5/2 is the source for all informs:

Router(config)# snmp-server source-interface informs gigabitethernet5/2

Router(config)# 

This example shows how to specify that the interface gigabitethernet5/3 is the source for all traps:

Router(config)# snmp-server source-interface traps gigabitethernet5/3

Router(config)# 

This example shows how to remove the source designation for all traps for a specific interface:

Router(config)# no snmp-server source-interface traps gigabitethernet5/3

Router(config)# 

Related Commands

snmp-server trap authentication unknown-context

To enable the authorization failure traps during an unknown context error, use the snmp-server trap authentication unknown-context command. To disable the the authorization failure traps, use the no form of this command.

snmp-server trap authentication unknown-context

no snmp-server trap authentication unknown-context

Syntax Description

This command has no arguments or keywords.

Command Default

No authFail traps are generated.

Command Modes

Global configuration (config)

Command History

Examples

This example shows how to enable the authorization failure traps during an unknown context error:

Router(config)# snmp-server trap authentication unknown-context

Router(config)#

This example shows how to disable the authorization failure traps during an unknown context error:

Router(config)# no snmp-server trap authentication unknown-context

Router(config)#

snmp-server trap link switchover

To enable sending a linkdown trap followed by a linkup trap for every interface in the switch during a switch failover, use the snmp-server trap link switchover command. To disable linkdown during a switch failover, use the no form of this command.

snmp-server trap link switchover

no snmp-server trap link switchover

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

By default, no link traps are generated during a switchover.

Examples

This example shows how to return to the default setting:

Router(config)# snmp-server trap link switchover 

Router(config)#

This example shows how to disable linkdown followed by a linkup trap for every interface in the switch during a switch failover:

Router(config)# no snmp-server trap link switchover 

Router(config)#

spanning-tree backbonefast

To enable BackboneFast on all Ethernet VLANs, use the spanning-tree backbonefast command. To disable BackboneFast, use the no form of this command.

spanning-tree backbonefast

no spanning-tree backbonefast

Syntax Description

This command has no arguments or keywords.

Command Default

BackboneFast is disabled.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Enable BackboneFast on all Catalyst 6500 series switches to allow the detection of indirect link failures to start spanning-tree reconfiguration sooner.

Examples

This example shows how to enable BackboneFast on all Ethernet VLANs:

Router(config)# spanning-tree backbonefast

Router(config)#

Related Commands

spanning-tree bpdufilter

To enable BPDU filtering on the interface, use the spanning-tree bpdufilter command. To return to the default settings, use the no form of this command.

spanning-tree bpdufilter {enable | disable}

no spanning-tree bpdufilter

Syntax Description

Command Default

The setting that is already configured when you enter the spanning-tree portfast bpdufilter default command.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Caution Be careful when you enter the spanning-tree bpdufilter enable command. Enabling BPDU filtering on an interface is similar to disabling the spanning tree for this interface. If you do not use this command correctly, you might create bridging loops.

Entering the spanning-tree bpdufilter enable command to enable BPDU filtering overrides the PortFast configuration.

When configuring Layer 2-protocol tunneling on all the service-provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter enable command.

BPDU filtering prevents a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:

•spanning-tree bpdufilter enable—Unconditionally enables BPDU filtering on the interface.

•spanning-tree bpdufilter disable—Unconditionally disables BPDU filtering on the interface.

•no spanning-tree bpdufilter—Enables BPDU filtering on the interface if the interface is in operational PortFast state and if you configure the spanning-tree portfast bpdufilter default command.

Use the spanning-tree portfast bpdufilter default command to enable BPDU filtering on all ports that are already configured for PortFast.

Examples

This example shows how to enable BPDU filtering on this interface:

Router(config-if)# spanning-tree bpdufilter enable

Router(config-if)# 

Related Commands

spanning-tree bpduguard

To enable BPDU guard on the interface, use the spanning-tree bpduguard command. To return to the default settings, use the no form of this command.

spanning-tree bpduguard {enable | disable}

no spanning-tree bpduguard

Syntax Description

Command Default

The setting that is already configured when you enter the spanning-tree portfast bpduguard default command.

Command Default

Interface configuration (config-if)

Command History

Usage Guidelines

BPDU guard prevents a port from receiving BPDUs. Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure. This command has three states:

•spanning-tree bpduguard enable—Unconditionally enables BPDU guard on the interface.

•spanning-tree bpduguard disable—Unconditionally disables BPDU guard on the interface.

•no spanning-tree bpduguard—Enables BPDU guard on the interface if it is in the operational PortFast state and if the spanning-tree portfast bpduguard default command is configured.

Examples

This example shows how to enable BPDU guard on this interface:

Router(config-if)# spanning-tree bpduguard enable

Router(config-if)# 

Related Commands

spanning-tree cost

To set the path cost of the interface for STP calculations, use the spanning-tree cost command. To return to the default settings, use the no form of this command.

spanning-tree cost cost

no spanning-tree cost

Syntax Description

Command Default

The default path cost is computed from the interface's bandwidth setting; the default path costs are as follows:

•Ethernet—100

•16-Mb Token Ring—62

•FDDI—10

•FastEthernet—10

•ATM 155—6

•GigabitEthernet—1

•10-Gigabit Ethernet—2

•HSSI—647

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

When you configure the cost, note that higher values indicate higher costs. This range applies regardless of the protocol type that is specified.

Examples

This example shows how to access an interface and set a path cost value of 250 for the spanning-tree VLAN that is associated with that interface:

Router(config)# interface ethernet 2/0

Router(config-if)# spanning-tree cost 250

Router(config-if)#

Related Commands

spanning-tree etherchannel guard misconfig

To display an error message when a loop due to a channel misconfiguration is detected, use the spanning-tree etherchannel guard misconfig command. To disable the error message, use the no form of this command.

spanning-tree etherchannel guard misconfig

no spanning-tree etherchannel guard misconfig

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

EtherChannel uses either PAgP or LACP and does not work if the EtherChannel mode of the interface has been enabled using the channel-group group-number mode on command.

When an EtherChannel-guard misconfiguration is detected, this error message displays:

msgdef(CHNL_MISCFG, SPANTREE, LOG_CRIT, 0, "Detected loop due to etherchannel 
misconfiguration of %s %s")

To determine which local ports are involved in the misconfiguration, enter the show interfaces status err-disabled command. To check the EtherChannel configuration on the remote device, enter the show etherchannel summary command on the remote device.

After you correct the configuration, enter the shutdown and the no shutdown commands on the associated port-channel interface.

Examples

This example shows how to enable the EtherChannel-guard misconfiguration:

Router(config)# spanning-tree etherchannel guard misconfig

Router(config)#

Related Commands

spanning-tree extend system-id

To enable the extended-system ID feature on chassis that support 1024 MAC addresses, use the spanning-tree extend system-id command. To disable the extended system identification, use the no form of this command.

spanning-tree extend system-id

no spanning-tree extend system-id

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled on systems that do not provide 1024 MAC addresses.

Command Default

Global configuration (config)

Command History

Usage Guidelines

The Catalyst 6500 series switch can support 64 or up to 1024 MAC addresses. For a Catalyst 6500 series switch with 64 MAC addresses, STP uses the extended-system ID and a MAC address to make the bridge ID unique for each VLAN.

You cannot disable the extended-system ID on a Catalyst 6500 series switch that supports 64 MAC addresses.

Enabling or disabling the extended-system ID updates the bridge IDs of all active STP instances, which might change the spanning-tree topology.

Examples

This example shows how to enable the extended-system ID:

Router(config)# spanning-tree extend system-id 

Router(config)#

Related Commands

spanning-tree guard

To enable or disable the guard mode, use the spanning-tree guard command. To return to the default settings, use the no form of this command.

spanning-tree guard {loop | root | none}

no spanning-tree guard

Syntax Description

Command Default

Guard mode is disabled.

Command Modes

Interface configuration (config-if)

Command History

Examples

This example shows how to enable root guard:

Router(config-if)# spanning-tree guard root

Router(config-if)#

Related Commands

spanning-tree link-type

To configure a link type for a port, use the spanning-tree link-type command. To return to the default settings, use the no form of this command.

spanning-tree link-type {point-to-point | shared}

no spanning-tree link-type

Syntax Description

Command Default

Link type is automatically derived from the duplex setting unless you explicitly configure the link type.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

RSTP+ fast transition works only on point-to-point links between two bridges.

By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.

If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.

Examples

This example shows how to configure the port as a shared link:

Router(config-if)# spanning-tree link-type shared

Router(config-if)# 

Related Commands

spanning-tree loopguard default

To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command. To disable loop guard, use the no form of this command.

spanning-tree loopguard default

no spanning-tree loopguard default

Syntax Description

This command has no keywords or arguments.

Command Default

Loop guard is disabled.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Loop guard provides additional security in the bridge network. Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link.

Loop guard operates only on ports that are considered point to point by the spanning tree.

The individual loop-guard port configuration overrides this command.

Examples

This example shows how to enable loop guard:

Router(config)# spanning-tree loopguard default

Router(config)#

Related Commands

spanning-tree mode

To switch between PVST+, Rapid-PVST+, and MST modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.

spanning-tree mode [pvst | mst | rapid-pvst]

no spanning-tree mode

Syntax Description

Command Default

pvst

Command Default

Global configuration (config)

Command History

Usage Guidelines

Caution Be careful when using the spanning-tree mode command to switch between PVST+, Rapid-PVST+, and MST modes. When you enter the command, all spanning-tree instances are stopped for the previous mode and are restarted in the new mode. Using this command may cause the user traffic to be disrupted.

Examples

This example shows how to switch to MST mode:

Router(config)# spanning-tree mode mst

Router(config)#

This example shows how to return to the default mode (PVST+):

Router(config)# no spanning-tree mode

Router(config)#

Related Commands

spanning-tree mst

To set the path cost and port-priority parameters for any MST instance (including the CIST with instance ID 0), use the spanning-tree mst command. To return to the default settings, use the no form of this command.

spanning-tree mst instance-id {cost cost} | {port-priority prio}

no spanning-tree mst instance-id {cost | port-priority}

Syntax Description

Command Default

The defaults are as follows:

•cost depends on the port speed; the faster interface speeds indicate smaller costs. MST always uses long path costs.

•prio is 128.

Command Default

Interface configuration (config-if)

Command History

Usage Guidelines

Higher cost cost values indicate higher costs. When entering the cost, do not include a comma in the entry; for example, enter 1000, not 1,000.

Higher port-priority prio values indicate smaller priorities.

Examples

This example shows how to set the interface path cost:

Router(config-if)# spanning-tree mst 0 cost 17031970

Router(config-if)# 

This example shows how to set the interface priority:

Router(config-if)# spanning-tree mst 0 port-priority 64

Router(config-if)# 

Related Commands

spanning-tree mst configuration

To enter MST-configuration submode, use the spanning-tree mst configuration command. To return to the default settings, use the no form of this command.

spanning-tree mst configuration

no spanning-tree mst configuration

Syntax Description

This command has no keywords or arguments.

Command Default

The default value for the MST configuration is the default value for all its parameters:

•No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).

•The region name is an empty string.

•The revision number is 0.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

The MST configuration consists of three main parameters:

•Instance VLAN mapping—See the instance command

•Region name—See the name (MST configuration submode) command

•Configuration revision number—See the revision command

The abort and exit commands allow you to exit MST configuration submode. The difference between the two commands depends on whether you want to save your changes or not.

The exit command commits all the changes before leaving MST configuration submode. If you do not map secondary VLANs to the same instance as the associated primary VLAN, when you exit MST-configuration submode, a warning message displays and lists the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The warning message is as follows:

These secondary vlans are not mapped to the same instance as their primary:

-> 3

The abort command leaves MST-configuration submode without committing any changes.

Changing an MST-configuration submode parameter can cause connectivity loss. To reduce service disruptions, when you enter MST-configuration submode, make changes to a copy of the current MST configuration. When you are done editing the configuration, you can apply all the changes at once by using the exit keyword, or you can exit the submode without committing any change to the configuration by using the abort keyword.

In the unlikely event that two users commit a new configuration at exactly at the same time, this warning message displays:

% MST CFG:Configuration change lost because of concurrent access

Examples

This example shows how to enter MST-configuration submode:

Router(config)# spanning-tree mst configuration

Router(config-mst)# 

This example shows how to reset the MST configuration to the default settings:

Router(config)# no spanning-tree mst configuration

Router(config)# 

Related Commands

spanning-tree mst forward-time

To set the forward-delay timer for all the instances on the Catalyst 6500 series switch, use the spanning-tree mst forward-time command. To return to the default settings, use the no form of this command.

spanning-tree mst forward-time seconds

no spanning-tree mst forward-time

Syntax Description

Command Default

seconds is 15.

Command Modes

Global configuration (config)

Command History

Examples

This example shows how to set the forward-delay timer:

Router(config)# spanning-tree mst forward-time 20

Router(config)#

Related Commands

spanning-tree mst hello-time

To set the hello-time delay timer for all the instances on the Catalyst 6500 series switch, use the spanning-tree mst hello-time command. To return to the default settings, use the no form of this command.

spanning-tree mst hello-time seconds

no spanning-tree mst hello-time

Syntax Description

Command Default

2 seconds

Command Default

Global configuration (config)

Command History

Usage Guidelines

If you do not specify the hello-time value, the value is calculated from the network diameter.

Examples

This example shows how to set the hello-time delay timer:

Router(config)# spanning-tree mst hello-time 3

Router(config)#

Related Commands

spanning-tree mst max-age

To set the max-age timer for all the instances on the Catalyst 6500 series switch, use the spanning-tree mst max-age command. To return to the default settings, use the no form of this command.

spanning-tree mst max-age seconds

no spanning-tree mst max-age

Syntax Description

Command Default

20 seconds

Command Modes

Global configuration (config)

Command History

Examples

This example shows how to set the max-age timer:

Router(config)# spanning-tree mst max-age 40

Router(config)#

Related Commands

spanning-tree mst max-hops

To specify the number of possible hops in the region before a BPDU is discarded, use the spanning-tree mst max-hops command. To return to the default settings, use the no form of this command.

spanning-tree mst max-hops hopnumber

no spanning-tree mst max-hops

Syntax Description

Command Default

20 hops

Command Default

Global configuration (config)

Command History

Examples

This example shows how to set the number of possible hops:

Router(config)# spanning-tree mst max-hops 25

Router(config)#

Related Commands

spanning-tree mst pre-standard

To configure a port to transmit only prestandard BPDUs, use the spanning-tree mst pre-standard command. To return to the default settings, use the no form of this command.

spanning-tree mst pre-standard

no spanning-tree mst pre-standard

Syntax Description

This command has no arguments or keywords.

Command Default

The default is to automatically detect prestandard neighbors.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Even with the default configuration, the port can receive both prestandard and standard BPDUs.

Prestandard BPDUs are based on the Cisco IOS MST implementation that was created before the IEEE standard was finalized. Standard BPDUs are based on the finalized IEEE standard.

If you configure a port to transmit prestandard BPDUs only, the prestandard flag displays in the show spanning-tree commands. The variations of the prestandard flag are as follows:

•Pre-STD (or prestandard in long format)—This flag displays if the port is configured to transmit prestandard BPDUs and if a prestandard neighbor bridge has been detected on this interface.

•Pre-STD-Cf (or prestandard (config) in long format)—This flag displays if the port is configured to transmit prestandard BPDUs but a prestandard BPDU has not been received on the port, the autodetection mechanism has failed, or a misconfiguration, if there is no prestandard neighbor, has occurred.

•Pre-STD-Rx (or prestandard (rcvd) in long format)—This flag displays when a prestandard BPDU has been received on the port but it has not been configured to send prestandard BPDUs. The port will send prestandard BPDUs, but we recommend that you change the port configuration so that the interaction with the prestandard neighbor does not rely only on the autodetection mechanism.

If the MST configuration is not compatible with the prestandard (if it includes an instance ID greater than 15), only standard MST BPDUs are transmitted, regardless of the STP configuration on the port.

Examples

This example shows how to configure a port to transmit only prestandard BPDUs:

Router(config-if)# spanning-tree mst pre-standard

Router(config-if)#

Related Commands

spanning-tree mst root

To designate the primary and secondary root, set the bridge priority, and set the timer value for an instance, use the spanning-tree mst root command. To return to the default settings, use the no form of this command.

spanning-tree mst instance-id root {{primary | secondary} | {priority prio}} [diameter dia [hello-time hello-time]]

no spanning-tree mst root

Syntax Description

Command Default

The defaults are as follows:

•spanning-tree mst root has no default settings.

•prio is 32768.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

You can set the prio to 0 to make the switch root.

You can enter the instance-id as a single instance or a range of instances, for example, 0-3,5,7-9.

The spanning-tree root secondary bridge priority value is 16384.

The diameter dia and hello-time hello-time keywords and arguments are available for instance 0 only.

If you do not specify the hello-time argument, the argument is calculated from the network diameter.

Examples

This example shows how to set the bridge priority:

Router(config)# spanning-tree mst 0 root priority 4096

Router(config)# 

This example shows how to set the priority and timer values for the bridge:

Router(config)# spanning-tree mst 0 root primary diameter 7 hello-time 2

Router(config)# spanning-tree mst 5 root primary

Router(config)# 

Related Commands

spanning-tree pathcost method

To set the default path-cost calculation method, use the spanning-tree pathcost method command. To return to the default settings, use the no form of this command.

spanning-tree pathcost method {long | short}

no spanning-tree pathcost method

Syntax Description

Command Default

short

Command Default

Global configuration (config)

Command History

Usage Guidelines

This command applies to all the spanning-tree instances on the Catalyst 6500 series switch.

The long path-cost calculation method utilizes all 32 bits for path-cost calculation and yields values in the range of 1 through 200,000,000.

The short path-cost calculation method (16 bits) yields values in the range of 1 through 65535.

Examples

This example shows how to set the default path-cost calculation method to long:

Router(config#) spanning-tree pathcost method long

Router(config#)

This example shows how to set the default path-cost calculation method to short:

Router(config#) spanning-tree pathcost method short

Router(config#)

Related Commands

spanning-tree portfast (interface configuration mode)

To enable PortFast mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-tree portfast command. To return to the default settings, use the no form of this command.

spanning-tree portfast

spanning-tree portfast {disable | trunk}

no spanning-tree portfast

Syntax Description

Command Default

The settings that are configured by the spanning-tree portfast default command.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the Catalyst 6500 series switch and network operation.

An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-time delay.

Be careful when using the no spanning-tree portfast command. This command does not disable PortFast if the spanning-tree portfast default command is enabled.

This command has four states:

•spanning-tree portfast—This command enables PortFast unconditionally on the given port.

•spanning-tree portfast disable—This command explicitly disables PortFast for the given port. The configuration line shows up in the running configuration because it is not the default.

•spanning-tree portfast trunk—This command allows you to configure PortFast on trunk ports.

Note If you enter the spanning-tree portfast trunk command, the port is configured for PortFast even in the access mode.

•no spanning-tree portfast—This command implicitly enables PortFast if you define the spanning-tree portfast default command in global configuration mode and if the port is not a trunk port. If you do not configure PortFast globally, the no spanning-tree portfast command is equivalent to the spanning-tree portfast disable command.

Examples

This example shows how to enable PortFast mode:

Router(config-if)# spanning-tree portfast

Router(config-if)#

Related Commands

spanning-tree portfast bpdufilter default

To enable BPDU filtering by default on all PortFast ports, use the spanning-tree portfast bpdufilter default command. To return to the default settings, use the no form of this command.

spanning-tree portfast bpdufilter default

no spanning-tree portfast bpdufilter default

Syntax Description

This command has no keywords or arguments.

Command Default

Disabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

The spanning-tree portfast bpdufilter command enables BPDU filtering globally on PortFast ports. BPDU filtering prevents a port from sending or receiving any BPDUs.

You can override the effects of the portfast bpdufilter default command by configuring BPDU filtering at the interface level.

Note Be careful when enabling BPDU filtering. The feature's functionality is different when you enable it on a per-port basis or globally. When enabled globally, BPDU filtering is applied only on ports that are in an operational PortFast state. Ports send a few BPDUs at linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, it immediately loses its operational PortFast status and BPDU filtering is disabled.

When enabled locally on a port, BPDU filtering prevents the Catalyst 6500 series switch from receiving or sending BPDUs on this port.

Caution Be careful when using this command. Using this command incorrectly can cause bridging loops.

This example shows how to enable BPDU filtering by default:

Router(config)# spanning-tree portfast bpdufilter default

Router(config)#

Related Commands

spanning-tree portfast bpduguard default

To enable BPDU guard by default on all PortFast ports, use the spanning-tree portfast bpduguard default command. To return to the default settings, use the no form of this command.

spanning-tree portfast bpduguard default

no spanning-tree portfast bpduguard default

Syntax Description

This command has no keywords or arguments.

Command Default

Disabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Caution Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the Catalyst 6500 series switch and network operation.

BPDU guard disables a port if it receives a BPDU. BPDU guard is applied only on ports that are PortFast enabled and are in an operational PortFast state.

Examples

This example shows how to enable BPDU guard by default:

Router(config)# spanning-tree portfast bpduguard default

Router(config)#

Related Commands

spanning-tree portfast default

To enable PortFast by default on all access ports, use the spanning-tree portfast default command. To disable PortFast by default on all access ports, use the no form of this command.

spanning-tree portfast default

no spanning-tree portfast default

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Caution Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the Catalyst 6500 series switch and network operation.

An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-time delay.

You can enable PortFast mode on individual interfaces using the spanning-tree portfast (interface configuration mode) command.

Examples

This example shows how to enable PortFast by default on all access ports:

Router(config)# spanning-tree portfast default

Router(config)# 

Related Commands

spanning-tree port-priority

To set an interface priority when two bridges vie for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To return to the default settings, use the no form of this command.

spanning-tree port-priority port-priority

no spanning-tree port-priority

Syntax Description

Command Default

port-priority is 128.

Command Modes

Interface configuration (config-if)

Command History

Examples

This example shows how to increase the likelihood that the spanning-tree instance 20 is chosen as the root bridge on Ethernet interface 2/0:

Router(config-if)# spanning-tree port-priority 0

Router(config-if)#

Related Commands

spanning-tree transmit hold-count

To specify the transmit hold count, use the spanning-tree transmit hold-count command. To return to the default settings, use the no form of this command.

spanning-tree transmit hold-count value

no spanning-tree transmit hold-count

Syntax Description

Command Default

value is 6.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

This command is supported on all spanning-tree modes.

The transmit hold count determines the number of BPDUs that can be sent before pausing for 1 second.

Note Changing this parameter to a higher value may have a significant impact on CPU utilization, especially in rapid-PVST mode. Lowering this parameter could slow convergence in some scenarios. We recommend that you do not change the value from the default setting.

If you change the value setting, enter the show running-config command to verify the change.

If you delete the command, use the show spanning-tree mst command to verify the deletion.

Examples

This example shows how to specify the transmit hold count:

Router(config)# spanning-tree transmit hold-count 8

Router(config)# 

Related Commands

spanning-tree uplinkfast

To enable UplinkFast, use the spanning-tree uplinkfast command. To disable UplinkFast, use the no form of this command.

spanning-tree uplinkfast [max-update-rate packets-per-second]

no spanning-tree uplinkfast [max-update-rate]

Syntax Description

Command Default

The defaults are as follows:

•UplinkFast is disabled.

•packets-per-second is 150 packets per second.

Command Default

Global configuration (config)

Command History

Usage Guidelines

Use this command only on access switches.

When you configure UplinkFast, the bridge priority is changed to 49152 so that this switch is not selected as root. All interface path costs of all spanning-tree interfaces that belong to the specified spanning-tree instances also increase by 3000.

When spanning tree detects that the root interface has failed, UplinkFast causes an immediate switchover to an alternate root interface, transitioning the new root interface directly to the forwarding state. During this time, a topology change notification is sent. To minimize the disruption that is caused by the topology change, a multicast packet is sent to 01-00-0C-CD-CD-CD for each station address in the forwarding bridge except for those associated with the old root interface.

Use the spanning-tree uplinkfast max-update-rate command to enable UplinkFast (if it is not already enabled) and change the rate at which update packets are sent. Use the no form of this command to return to the default rate.

Examples

This example shows how to enable UplinkFast and set the maximum rate to 200 packets per second:

Router(config)# spanning-tree uplinkfast max-update-rate 200

Router(config)# 

Related Commands

spanning-tree vlan

To configure STP on a per-VLAN basis, use the spanning-tree vlan command. To return to the default settings, use the no form of this command.

spanning-tree vlan vlan-id [forward-time seconds | hello-time hello-time | max-age seconds | priority priority | protocol protocol | {root {primary | secondary} [diameter net-diameter [hello-time hello-time]]}]

no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | protocol | root]

Syntax Description

Command Default

The defaults are as follows:

•forward-time—15 seconds

•hello-time—2 seconds

•max-age—20 seconds

•priority—The default with IEEE STP enabled is 32768; the default with STP enabled is 128

•protocol—IEEE

•root—No STP root

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Caution When disabling spanning tree on a VLAN using the no spanning-tree vlan vlan-id command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.

Caution We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.

When setting the max-age seconds, if a bridge does not hear BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

Valid values for protocol are dec—Digital STP, ibm—IBM STP, ieee—IEEE Ethernet STP, and vlan-bridge—VLAN Bridge STP.

The spanning-tree root primary alters this switch's bridge priority to 8192. If you enter the spanning-tree root primary command and the switch does not become root, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch does not become root, an error results.

The spanning-tree root secondary alters this switch's bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.

Use the spanning-tree root commands on the backbone switches only.

Examples

This example shows how to enable spanning tree on VLAN 200:

Router(config)# spanning-tree vlan 200 

Router(config)# 

This example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root primary diameter 4

Router(config)# 

This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root secondary diameter 4 

Router(config)#

Related Commands

speed

To set the port speed for an Ethernet interface, use the speed command. To disable a speed setting, use the no form of this command.

speed {10 | 100 | 1000}

speed auto [speed-list]

speed [1000 | nonegotiate]

no speed

Syntax Description

Command Default

See Table 2-93 for a list of default settings.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Use the speed [10 | 100] command for 10/100 ports, the speed auto [10 100 [1000]] command for 10/100/1000 ports, and the speed [1000 | nonegotiate] command for Gigabit Ethernet ports.

Separate the speed-list entries with a space.

The following speed-list configurations are supported:

•speed auto—Negotiate all speeds.

•speed auto 10 100—Negotiate 10 and 100 speeds only.

•speed auto 10 100 1000—Negotiate all speeds.

When you enable link negotiation, the speed, duplex, flow control, and clocking negotiations between two Gigabit Ethernet ports are automatically enabled.

Table 2-93 lists the supported command options by interface.

If you decide to configure the interface speed and duplex commands manually, and enter a value other than speed auto (for example, 10 or 100 Mbps), ensure that you configure the connecting interface speed command to a matching speed but do not use the auto keyword.

If you set the Ethernet interface speed to auto on a 10/100-Mbps or 10/100/1000-Mbps Ethernet interface, both speed and duplex are autonegotiated.

The Gigabit Ethernet interfaces are full duplex only. You cannot change the duplex mode on the Gigabit Ethernet interfaces or on a 10/100/1000-Mbps interface that is configured for Gigabit Ethernet.

When manually configuring the interface speed to either 10 or 100 Mbps, the switch prompts you to configure duplex mode on the interface.

Note Catalyst 6500 series switches cannot automatically negotiate interface speed and duplex mode if either connecting interface is configured to a value other than auto.

Caution Changing the interface speed and duplex mode might shut down and reenable the interface during the reconfiguration.

You cannot set the duplex mode to half when the port speed is set at 1000 and similarly, you cannot set the port speed to 1000 when the mode is set to half duplex. In addition, if the port speed is set to auto, the duplex command is rejected.

Table 2-94 describes the relationship between the duplex and speed commands.

Examples

This example shows how to configure the interface to transmit at 100 Mbps:

Router(config-if)# speed 100

Router(config-if)#

Related Commands

squeeze

To delete flash files permanently by squeezing a flash file system, use the squeeze command.

squeeze filesystem:

Syntax Description

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

When flash memory is full, you might need to rearrange the files so that the space that is used by the files that are marked "deleted" can be reclaimed.

When you enter the squeeze command, the router copies all valid files to the beginning of flash memory and erases all files that are marked "deleted." You cannot recover "deleted" files and you can write to the reclaimed flash-memory space.

In addition to removing deleted files, use the squeeze command to remove any files that the system has marked as "error." An error file is created when a file write fails (for example, the device is full). To remove error files, you must use the squeeze command. The squeeze operation might take as long as several minutes because it can involve erasing and rewriting almost an entire flash-memory space.

The colon is required when entering the filesystem.

Examples

This example shows how to permanently erase the files that are marked "deleted" from the flash memory:

Router # squeeze flash:

Router # 

Related Commands

stack-mib portname

To specify a name string for a port, use the stack-mib portname command.

stack-mib portname portname

Syntax Description

Command Default

This command has no default settings.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Using the stack-mib command to set a name string to a port corresponds to the portName MIB object in the portTable of CISCO-STACK-MIB. portName is the MIB object in the portTable of CISCO-STACK-MIB. You can set this object to be descriptive text describing the function of the interface.

Examples

This example shows how to set a name to a port:

Router(config-if)# stack-mib portname portal_to_paradise

Router(config-if)#

standby delay minimum reload

To configure the delay period before the initialization of HSRP groups, use the standby delay minimum reload command. To disable the delay period, use the no form of this command.

standby delay minimum [min-delay] reload [reload-delay]

no standby delay minimum [min-delay] reload [reload-delay]

Syntax Description

Command Default

The defaults are as follows:

•min-delay is 1 second.

•reload-delay is 5 seconds.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

If the active router fails or is removed from the network, the standby router automatically becomes the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.

However, even if the standby preempt command is not configured, the former active router resumes the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP-group initialization. This command allows time for the packets to get through before the router resumes the active role.

We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.

In most configurations, the default values provide sufficient time for the packets to get through, and it is not necessary to configure longer delay values.

The delay is canceled if an HSRP packet is received on an interface.

Examples

This example shows how to set the minimum delay to 30 seconds and the delay after the first reload to 120 seconds:

Router(config-if) # standby delay minimum 30 reload 120

Router(config-if) #

Related Commands

standby track

To configure an interface so that the Hot Standby-priority changes are based on the availability of other interfaces, use the standby track command. To delete all tracking configuration for a group, use the no form of this command.

standby [group-number] track {interface-type interface-number | designated-router} [priority-decrement]

no standby group-number track

Syntax Description

Command Default

The defaults are as follows:

•The group is 0.

•The priority-decrement is 10.

•The designated-router keyword is disabled.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Prior to entering the designated-router keyword, you must ensure that the new designated router has a higher HSRP priority than the current designated router to take over.

When a tracked interface goes down, the Hot Standby priority decreases by the number that is specified by the priority-decrement argument. If an interface is not tracked, its state changes do not affect the Hot Standby priority. For each interface that is configured for Hot Standby, you can configure a separate list of interfaces to be tracked.

When multiple tracked interfaces are down, the decrements are cumulative whether they are configured with priority-decrement values or not.

A tracked interface is considered down if the IP address is disabled on that interface.

You must enter the group-number when using the no form of this command.

If you configure HSRP to track an interface, and that interface is physically removed as in the case of an OIR operation, then HSRP regards the interface as always down. You cannot remove the HSRP interface-tracking configuration. To prevent this situation, use the no standby track interface-type interface-number command before you physically remove the interface.

When you enter a group-number 0, no group number is written to NVRAM, providing backward compatibility.

Examples

This example shows how to enable HSRP tracking for group 1 on an interface:

Router(config-if)# standby 1 track Ethernet0/2

Router(config-if)# 

This example shows how to specify that if the designated router becomes nondesignated, the active HSRP router becomes the designated router:

Router(config-if)# standby 1 track designated-router 15

Router(config-if)# 

Related Commands

standby use-bia

To configure the HSRP to use the burned-in address of the interface as its virtual MAC address instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command. To return to the default virtual MAC address, use the no form of this command.

standby use-bia [scope interface]

no standby use-bia

Syntax Description

Command Default

HSRP uses the preassigned MAC address on Ethernet and FDDI or the functional address on Token Ring.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

This command is not supported on Catalyst 6500 series switches that are configured with a PFC2.

The PFC2 supports a maximum of 16 unique HSRP-group numbers. You can use the same HSRP-group numbers in different VLANs. If you configure more than 16 HSRP groups, this restriction prevents use of the VLAN number as the HSRP-group number.

Note Identically numbered HSRP groups use the same virtual MAC address, which might cause errors if you configure bridge groups.

Hardware Layer 3 switching supports the following ingress and egress encapsulations:

•Ethernet V2.0 (ARPA)

•802.3 with 802.2 with 1 byte control (SAP1)

•802.3 with 802.2 and SNAP

Hardware Layer 3 switching is permanently enabled. No configuration is required.

Examples

This example shows how to configure the HSRP to use the burned-in address of the interface as the virtual MAC address that is mapped to the virtual IP address:

Router(config-if) # standby use-bia

Router(config-if) #

storm-control level

To set the suppression level, use the storm-control level command. To turn off the suppression mode, use the no form of this command.

storm-control {broadcast | multicast | unicast} level level[.level]

no storm-control {broadcast | multicast | unicast} level

Syntax Description

Command Default

All packets are passed.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You can enter this command on switch ports and router ports.

Enter the storm-control level command to enable traffic storm control on the interface, configure the traffic storm-control level, and apply the traffic storm-control level to all traffic storm-control modes that are enabled on the interface.

Only one suppression level is shared by all three suppression modes. For example, if you set the broadcast level to 30 and set the multicast level to 40, both levels are enabled and set to 40.

The Catalyst 6500 series switch supports storm control for multicast and unicast traffic only on Gigabit and 10-Gigabit Ethernet LAN ports. The switch supports storm control for broadcast traffic on all LAN ports.

The multicast and unicast keywords are supported on Gigabit and 10-Gigabit Ethernet LAN ports only. Unicast and multicast suppression is also supported on the WS-X6148A-RJ-45 and the WS-X6148-SFP modules.

The period is required when you enter the fractional-suppression level.

The suppression level is entered as a percentage of the total bandwidth. A threshold value of 100 percent means that no limit is placed on traffic. A threshold value of 0 or 0.0 (fractional) percent means that all specified traffic is blocked on a port, with the following guidelines:

•A fractional level value of 0.33 or lower is the same as 0.0 on the following modules:

–WS-X6704-10GE

–WS-X6748-SFP

–WS-X6724-SFP

–WS-X6748-GE-TX

•Enter 0 on all other modules to block all specified traffic on a port.

Enter the show interfaces counters broadcast command to display the discard count.

Enter the show running-config command to display the enabled suppression mode and level setting.

To turn off suppression for the specified traffic type, you can do one of the following:

•Set the level to 100 percent for the specified traffic type.

•Use the no form of this command.

Examples

This example shows how to enable and set the suppression level:

Router(config-if)# storm-control broadcast level 30

Router(config-if)#

This example shows how to disable the suppression mode:

Router(config-if)# no storm-control multicast level

Router(config-if)#

Related Commands

switchport

To modify the switching characteristics of the Layer 2-switched interface, use the switchport command (without parameters).To return the interface to the routed-interface status and cause all further Layer 2 configuration to be erased, use the no form of this command (without parameters). Use the switchport commands (with parameters) to configure the switching characteristics.

switchport

switchport {host | nonegotiate}

no switchport

no switchport nonegotiate

Syntax Description

Command Default

The default access VLAN and trunk-interface native VLAN are default VLANs that correspond to the platform or interface hardware.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command for the interface.

Entering the no switchport command shuts down the port and then reenables it. This action may generate messages on the device to which the port is connected.

To optimize the port configuration, entering the switchport host command sets the switch port mode to access, enables spanning tree PortFast, and disables channel grouping. Only an end station can accept this configuration.

Because spanning-tree PortFast is enabled, you should enter the switchport host command only on ports that are connected to a single host. Connecting other Catalyst 6500 series switches, hubs, concentrators, switches, and bridges to a fast-start port can cause temporary spanning-tree loops.

Enable the switchport host command to decrease the time that it takes to start up packet forwarding.

The no form of the switchport nonegotiate command removes nonegotiate status.

When using the nonegotiate keyword, DISL/DTP-negotiation packets are not sent on the interface. The device trunks or does not trunk according to the mode parameter given: access or trunk. This command returns an error if you attempt to execute it in dynamic (auto or desirable) mode.

You must force a port to trunk before you can configure it as a SPAN-destination port. Use the switchport nonegotiate command to force the port to trunk.

Examples

This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:

Router(config-if)# switchport

Router(config-if)#

Note The switchport command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.

This example shows how to optimize the port configuration for a host connection:

Router(config-if)# switchport host

switchport mode will be set to access

spanning-tree portfast will be enabled

channel group will be disabled

Router(config-if)#

This example shows how to cause a port interface that has already been configured as a switched interface to refrain from negotiating trunking mode and act as a trunk or access port (depending on the mode set):

Router(config-if)# switchport nonegotiate

Router(config-if)#

Related Commands

switchport access vlan

To set the VLAN when the interface is in access mode, use the switchport access vlan command. To reset the access-mode VLAN to the appropriate default VLAN for the device, use the no form of this command.

switchport access vlan vlan-id

no switchport access vlan

Syntax Description

Command Default

The defaults are as follows:

•Access VLAN and trunk-interface native VLAN are default VLANs that correspond to the platform or interface hardware.

•All VLAN lists include all VLANs.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport access vlan command. This action is required only if you have not entered the switchport command for the interface.

Entering the no switchport command shuts down the port and then reenables it. This action may generate messages on the device to which the port is connected.

The no form of the switchport access vlan command resets the access-mode VLAN to the appropriate default VLAN for the device.

Examples

This example shows how to cause the port interface to stop operating as a Cisco-routed port and convert to a Layer 2-switched interface:

Router(config-if)# switchport

Router(config-if)#

Note The switchport command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.

This example shows how to cause a port interface that has already been configured as a switched interface to operate in VLAN 2 instead of the platform's default VLAN in the interface-configuration mode:

Router(config-if)# switchport access vlan 2

Router(config-if)#

Related Commands

switchport autostate exclude

To exclude a port from the VLAN interface link-up calculation, use the switchport autostate exclude command. To return to the default settings, use the no form of this command.

switchport autostate exclude

no switchport autostate exclude

Syntax Description

This command has no keywords or arguments.

Command Default

All ports are included in the VLAN interface link-up calculation.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport autostate exclude command. This action is required only if you have not entered the switchport command for the interface.

Note The switchport command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.

A VLAN interface configured on the PISA is considered up if there are ports forwarding in the associated VLAN. When all ports on a VLAN are down or blocking, the VLAN interface on the PISA is considered down. For the VLAN interface to be considered up, all the ports in the VLAN need to be up and forwarding. You can enter the switchport autostate exclude command to exclude a port from the VLAN interface link-up calculation.

The switchport autostate exclude command marks the port to be excluded from the interface VLAN up calculation when there are multiple ports in the VLAN.

The show interface interface switchport command displays the autostate mode if the mode has been set. If the mode has not been set, the autostate mode is not displayed.

Examples

This example shows how to exclude a port from the VLAN interface link-up calculation:

Router(config-if)# switchport autostate exclude

Router(config-if)#

This example shows how to include a port in the VLAN interface link-up calculation:

Router(config-if)# no switchport autostate exclude

Router(config-if)#

Related Commands

switchport backup

To configure an interface as a Flexlink backup interface, use the switchport backup command. To disable Flexlink, use the no form of this command.

switchport backup interface interface-type interface-number

no switchport backup interface interface-type interface-number

Syntax Description

Command Default

Disabled

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

When you enable Flexlink, both the active and the standby links are up physically and mutual backup is provided.

Flexlink is supported on Layer 2 interfaces only and does not support routed ports.

Flexlink does not switch back to the original active interface after recovery.

The interface-number designates the module and port number. Valid values depend on the chassis and module that are used. For example, if you have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the slot number are from 1 to 13 and valid values for the port number are from 1 to 48.

Flexlink is designed for simple access topologies (two uplinks from a leaf node). You must ensure that there are no loops from the wiring closet to the distribution/core network to enable Flexlink to perform correctly.

Flexlink converges faster for directly connected link failures only. Any other network failure has no improvement with Flexlink fast convergence.

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport autostate exclude command. This action is required only if you have not entered the switchport command for the interface.

Note The switchport command is not used on platforms that do not support Cisco-routed ports. All physical ports on such platforms are assumed to be Layer 2-switched interfaces.

Examples

This example shows how to enable Flexlink on an interface:

Router(config-if)# switchport backup interface fastethernet 4/1

Router(config-if)# 

This example shows how to disable Flexlink on an interface:

Router(config-if)# switchport backup interface fastethernet 4/1

Router(config-if)#

Related Commands

switchport block unicast

To prevent the unknown unicast packets from being forwarded, use the switchport block unicast command. To allow the unknown unicast packets to be forwarded, use the no form of this command.

switchport block unicast

no switchport block unicast

Syntax Description

This command has no arguments or keywords.

Command Default

The default settings are as follows:

•Unknown unicast traffic is not blocked.

•All traffic with unknown MAC addresses is sent to all ports.

Command Default

Interface configuration (config-if)

Command History

Usage Guidelines

You can block the unknown unicast traffic on the switch ports.

Blocking the unknown unicast traffic is not automatically enabled on the switch ports; you must explicitly configure it.

Note For more information about blocking the packets, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.

You can verify your setting by entering the show interfaces interface-id switchport command.

Examples

This example shows how to block the unknown unicast traffic on an interface:

Router(config-if)# switchport block unicast

Router(config-if)#

Related Commands

switchport capture

To configure the port to capture VACL-filtered traffic, use the switchport capture command. To disable the capture mode on the port, use the no form of this command.

switchport capture

no switchport capture

Syntax Description

This command has no keywords or arguments.

Command Default

Disabled

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2-switched interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command for the interface.

The VACL capture function for the NAM is supported on the Supervisor Engine 720 but is not supported with the IDSM-2.

The switchport capture command applies only to Layer 2-switched interfaces.

WAN interfaces support only the capture functionality of VACLs.

Entering the no switchport command shuts down the port and then reenables it. This action may generate messages on the device to which the port is connected.

Entering the switchport capture command sets the capture function on the interface so that the packets with the capture bit set are received by the interface.

There is no restriction on the order that you enter the switchport capture and switchport capture allowed vlan commands. The port does not become a capture port until you enter the switchport capture (with no arguments) command.

The capture port must allow the destination VLANs of the captured packets. Once you enable a capture port, the packets are allowed from all VLANs by default, the capture port is on longer in the originally configured mode, and the capture mode enters monitor mode. In monitor mode, the capture port does the following:

•Does not belong to any VLANs that it was in previously.

•Does not allow incoming traffic.

•Preserves the encapsulation on the capture port if you enable the capture port from a trunk port and the trunking encapsulation was ISL or 802.1Q. The captured packets are encapsulated with the corresponding encapsulation type. If you enable the capture port from an access port, the captured packets are not encapsulated.

•When you enter the no switchport capture command to disable the capture function, the port returns to the previously configured mode (access or trunk).

•Packets are captured only if the destination VLAN is allowed on the capture port.

Examples

This example shows how to configure an interface to capture VACL-filtered traffic:

Router(config-if)# switchport capture 

Router(config-if)#

Related Commands

switchport capture allowed vlan

To specify the destination VLANs of the VACL-filtered traffic, use the switchport capture allowed vlan command. To clear the configured-destination VLAN list and return to the default settings, use the no form of this command.

switchport capture allowed vlan {add | all | except | remove} vlan-id [,vlan-id[,vlan-id[,...]]

no switchport capture allowed vlan

Syntax Description

Command Default

all

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2-switched interface before you can enter additional switchport commands with keywords. This action is required only if you have not entered the switchport command for the interface.

The switchport capture allowed vlan command applies only to Layer 2-switched interfaces.

Entering the no switchport command shuts down the port and then reenables it. This action may generate messages on the device to which the port is connected.

You can enter the vlan-id as a single VLAN, a group of VLANs, or both. For example, you would enter switchport capture allowed vlan 1-1000, 2000, 3000-3100.

There is no restriction on the order that you enter the switchport capture and switchport capture allowed vlan commands. The port does not become a capture port until you enter the switchport capture (with no arguments) command.

WAN interfaces support only the capture functionality of VACLs.

Examples

This example shows how to add the specified VLAN to capture VACL-filtered traffic:

Router(config-if)# switchport capture allowed vlan add 100

Router(config-if)#

Related Commands

switchport dot1q ethertype

To specify the EtherType value to be programmed on the interface, use the switchport dot1q ethertype command. To return to the default settings, use the no form of this command.

switchport dot1q ethertype value

Syntax Description

Command Default

The value is 0x8100.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

You can configure a custom EtherType-field value on trunk ports and on access ports.

Each port supports only one EtherType-field value. A port that is configured with a custom EtherType-field value does not recognize frames that have any other EtherType-field value as tagged frames.

Caution A port that is configured with a custom EtherType-field value considers frames that have any other EtherType-field value to be untagged frames. A trunk port that is configured with a custom EtherType-field value puts frames that are tagged with any other EtherType-field value into the native VLAN. An access port or tunnel port that is configured with a custom EtherType-field value puts frames that are tagged with any other EtherType-field value into the access VLAN.

You can configure a custom EtherType-field value on the following modules:

•Supervisor engines

•WS-X6516A-GBIC

•WS-X6516-GBIC

Note The WS-X6516A-GBIC and WS-X6516-GBIC modules apply a configured custom EtherType-field value to all ports that are supported by each port ASIC (1 through 8 and 9 through 16).

•WS-X6516-GE-TX

You cannot configure a custom EtherType-field value on the ports in an EtherChannel.

You cannot form an EtherChannel from ports that are configured with custom EtherType-field values.

Examples

This example shows how to set the EtherType value to be programmed on the interface:

Router (config-if)# switchport dot1q ethertype 1234

Router (config-if)#

Related Commands

switchport mode

To set the interface type, use the switchport mode command. To reset the mode to the appropriate default mode for the device, use the no form of this command.

switchport mode {access | trunk | {dynamic {auto | desirable}} | dot1q-tunnel}

switchport mode private-vlan {host | promiscuous}

no switchport mode

no switchport mode private-vlan

Syntax Description

Command Default

The defaults are as follows:

•The mode is dependent on the platform; it should either be dynamic auto for platforms that are intended for wiring closets or dynamic desirable for platforms that are intended as backbone switches.

•No mode is set for PVLAN ports.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.

If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the link into a trunk link even if the neighboring interface does not agree to the change.

If you enter dynamic auto mode, the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode.

If you enter dynamic desirable mode, the interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.

If you configure a port as a promiscuous or host-PVLAN port and one of the following applies, the port becomes inactive:

•The port does not have a valid PVLAN association or mapping configured.

•The port is a SPAN destination.

If you delete a private-port PVLAN association or mapping, or if you configure a private port as a SPAN destination, the deleted private-port PVLAN association or mapping or the private port that is configured as a SPAN destination becomes inactive.

If you enter dot1q-tunnel mode, BPDU filtering is enabled and CDP is disabled on protocol-tunneled interfaces.

Examples

This example shows how to set the interface to dynamic desirable mode:

Router(config-if)# switchport mode dynamic desirable

Router(config-if)#

This example shows how to set a port to PVLAN-host mode:

Router(config-if)# switchport mode private-vlan host

Router(config-if)# 

This example shows how to set a port to PVLAN-promiscuous mode:

Router(config-if)# switchport mode private-vlan promiscuous

Router(config-if)# 

Related Commands

switchport port-security

To enable port security on an interface, use the switchport port-security command. To disable port security, use the no form of this command.

switchport port-security

no switchport port-security

Syntax Description

This command has no keywords or arguments.

Command Default

Disabled

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

Follow these guidelines when configuring port security:

•Port security is supported on trunks.

•Port security is supported on 802.1Q tunnel ports.

•A secure port cannot be a destination port for a Switch Port Analyzer (SPAN).

•A secure port cannot belong to an EtherChannel.

•A secure port cannot be a trunk port.

•A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.

Examples

This example shows how to enable port security:

Router(config-if)# switchport port-security

Router(config-if)#