Layer 2/3 Commands

channel-group

To assign an Ethernet port to an EtherChannel group, or to enable an EtherChannel mode, or both, use the channel-group command in interface configuration mode. To remove an Ethernet port from an EtherChannel group, use the no form of this command.

channel-group channel-group-number mode {active | auto [non-silent] | desirable [non-silent] | on | passive}

no channel-group

Syntax Description

channel-group-number

Channel group number.

The range is 1 to 252.

mode

Specifies the EtherChannel mode.

active

Unconditionally enables Link Aggregation Control Protocol (LACP).

auto

Enables the Port Aggregation Protocol (PAgP) only if a PAgP device is detected.

non-silent

(Optional) Configures the interface for nonsilent operation when connected to a partner that is PAgP-capable. Use in PAgP mode with the auto or desirable keyword when traffic is expected from the other device.

desirable

Unconditionally enables PAgP.

on

Enables the on mode.

passive

Enables LACP only if a LACP device is detected.

Command Default

No channel groups are assigned.

No mode is configured.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

For Layer 2 EtherChannels, the channel-group command automatically creates the port-channel interface when the channel group gets its first physical port. You do not have to use the interface port-channel command in global configuration mode to manually create a port-channel interface. If you create the port-channel interface first, the channel-group-number can be the same as the port-channel-number , or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.

Although it is not necessary to disable the IP address that is assigned to a physical port that is part of a channel group, we strongly recommend that you do so.

You create Layer 3 port channels by using the interface port-channel command followed by the no switchport interface configuration command. Manually configure the port-channel logical interface before putting the interface into the channel group.

After you configure an EtherChannel, configuration changes that you make on the port-channel interface apply to all the physical ports assigned to the port-channel interface. Configuration changes applied to the physical port affect only the port where you apply the configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk.

Active mode places a port into a negotiating state in which the port initiates negotiations with other ports by sending LACP packets. A channel is formed with another port group in either the active or passive mode.

Auto mode places a port into a passive negotiating state in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. A channel is formed only with another port group in desirable mode. When auto is enabled, silent operation is the default.

Desirable mode places a port into an active negotiating state in which the port starts negotiations with other ports by sending PAgP packets. An EtherChannel is formed with another port group that is in the desirable or auto mode. When desirable is enabled, silent operation is the default.

If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent mode is used when the switch is connected to a device that is not PAgP-capable and rarely, if ever, sends packets. An example of a silent partner is a file server or a packet analyzer that is not generating traffic. In this case, running PAgP on a physical port prevents that port from ever becoming operational. However, it allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. Both ends of the link cannot be set to silent.

In on mode, a usable EtherChannel exists only when both connected port groups are in the on mode.


Caution


Use care when using the on mode. This is a manual configuration, and ports on both ends of the EtherChannel must have the same configuration. If the group is misconfigured, packet loss or spanning-tree loops can occur.


Passive mode places a port into a negotiating state in which the port responds to received LACP packets but does not initiate LACP packet negotiation. A channel is formed only with another port group in active mode.

Do not configure an EtherChannel in both the PAgP and LACP modes. EtherChannel groups running PAgP and LACP can coexist on the same switch or on different switches in the stack (but not in a cross-stack configuration). Individual EtherChannel groups can run either PAgP or LACP, but they cannot interoperate.

If you set the protocol by using the channel-protocol interface configuration command, the setting is not overridden by the channel-group interface configuration command.

Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x authentication on an EtherChannel port, an error message appears, and IEEE 802.1x authentication is not enabled.

Do not configure a secure port as part of an EtherChannel or configure an EtherChannel port as a secure port.

For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.


Caution


Do not enable Layer 3 addresses on the physical EtherChannel ports. Do not assign bridge groups on the physical EtherChannel ports because it creates loops.


Examples

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/1 - 2
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode desirable
Device(config-if-range)# end

This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two static-access ports in VLAN 10 to channel 5 with the LACP mode active:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/1 - 2
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode active
Device(config-if-range)# end

This example shows how to configure a cross-stack EtherChannel in a switch stack. It uses LACP passive mode and assigns two ports on stack member 2 and one port on stack member 3 as static-access ports in VLAN 10 to channel 5:

Device# configure terminal
Device(config)# interface range GigabitEthernet 2/0/4 - 5
Device(config-if-range)# switchport mode access
Device(config-if-range)# switchport access vlan 10
Device(config-if-range)# channel-group 5 mode passive
Device(config-if-range)# exit
Device(config)# interface GigabitEthernet 3/0/3
Device(config-if)# switchport mode access
Device(config-if)# switchport access vlan 10
Device(config-if)# channel-group 5 mode passive
Device(config-if)# exit

You can verify your settings by entering the show running-config privileged EXEC command.

channel-protocol

To restrict the protocol used on a port to manage channeling, use the channel-protocol command in interface configuration mode. To return to the default setting, use the no form of this command.

channel-protocol {lacp | pagp}

no channel-protocol

Syntax Description

lacp

Configures an EtherChannel with the Link Aggregation Control Protocol (LACP).

pagp

Configures an EtherChannel with the Port Aggregation Protocol (PAgP).

Command Default

No protocol is assigned to the EtherChannel.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the channel-protocol command only to restrict a channel to LACP or PAgP. If you set the protocol by using the channel-protocol command, the setting is not overridden by the channel-group command in interface configuration mode.

You must use the channel-group command in interface configuration mode to configure the EtherChannel parameters. The channel-group command also can set the mode for the EtherChannel.

You cannot enable both the PAgP and LACP modes on an EtherChannel group.

PAgP and LACP are not compatible; both ends of a channel must use the same protocol.

You cannot configure PAgP on cross-stack configurations.

Examples

This example shows how to specify LACP as the protocol that manages the EtherChannel:

Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet2/0/1
Device(config-if)# channel-protocol lacp

You can verify your settings by entering the show etherchannel [channel-group-number] protocol command in privileged EXEC mode.

clear l2protocol-tunnel counters

To clear the protocol counters in protocol tunnel ports, use the clear l2protocol-tunnel counters command in privileged EXEC mode.

clear l2protocol-tunnel counters [interface-id]

Syntax Description

interface-id

(Optional) The interface (physical interface or port channel) for which protocol counters are to be cleared.

Command Default

None

Command Modes

Privileged EXEC

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Usage Guidelines

Use this command to clear protocol tunnel counters on the switch or on the specified interface.

Examples

This example shows how to clear Layer 2 protocol tunnel counters on an interface:

Device# clear l2protocol-tunnel counters gigabitethernet1/0/3

clear lacp

To clear Link Aggregation Control Protocol (LACP) channel-group counters, use the clear lacp command in privileged EXEC mode.

clear lacp [channel-group-number] counters

Syntax Description

channel-group-number

(Optional) Channel group number.

The range is 1 to 252.

counters

Clears traffic counters.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command.

Examples

This example shows how to clear all channel-group information:

Device> enable
Device# clear lacp counters

This example shows how to clear LACP traffic counters for group 4:

Device> enable
Device# clear lacp 4 counters

You can verify that the information was deleted by entering the show lacp counters or the show lacp channel-group-number counters command in privileged EXEC mode.

clear pagp

To clear the Port Aggregation Protocol (PAgP) channel-group information, use the clear pagp command in privileged EXEC mode.

clear pagp [channel-group-number] counters

Syntax Description

channel-group-number

(Optional) Channel group number.

The range is 1 to 252.

counters

Clears traffic counters.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command.

Examples

This example shows how to clear all channel-group information:

Device> enable
Device# clear pagp counters

This example shows how to clear PAgP traffic counters for group 10:

Device> enable
Device# clear pagp 10 counters

You can verify that the information was deleted by entering the show pagp command in privileged EXEC mode.

clear spanning-tree counters

To clear the spanning-tree counters, use the clear spanning-tree counters command in privileged EXEC mode.

clear spanning-tree counters [ interface interface-id]

Syntax Description

interface interface-id

(Optional) Clears all spanning-tree counters on the specified interface. Valid interfaces include physical ports, VLANs, and port channels.

The VLAN range is 1 to 4094.

The port channel range is 1 to 252.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

If the interface-id value is not specified, spanning-tree counters are cleared for all interfaces.

Examples

This example shows how to clear spanning-tree counters for all interfaces:

Device> enable
Device# clear spanning-tree counters

clear spanning-tree detected-protocols

To restart the protocol migration process and force renegotiation with neighboring devices on the interface, use the clear spanning-tree detected-protocols command in privileged EXEC mode.

clear spanning-tree detected-protocols [interface interface-id]

Syntax Description

interface interface-id

(Optional) Restarts the protocol migration process on the specified interface. Valid interfaces include physical ports, VLANs, and port channels.

The VLAN range is 1 to 4094.

The port channel range is 1 to 252.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

A device running the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol or the Multiple Spanning Tree Protocol (MSTP) supports a built-in protocol migration method that enables it to interoperate with legacy IEEE 802.1D devices. If a rapid-PVST+ or an MSTP device receives a legacy IEEE 802.1D configuration bridge protocol data unit (BPDU) with the protocol version set to 0, the device sends only IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) device can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).

The device does not automatically revert to the rapid-PVST+ or the MSTP mode if it no longer receives IEEE 802.1D BPDUs because it cannot learn whether the legacy switch has been removed from the link unless the legacy switch is the designated switch. Use the clear spanning-tree detected-protocols command in this situation.

Examples

This example shows how to restart the protocol migration process on a port:

Device> enable
Device# clear spanning-tree detected-protocols interface gigabitethernet2/0/1

debug etherchannel

To enable debugging of EtherChannels, use the debug etherchannel command in privileged EXEC mode. To disable debugging, use the no form of the command.

debug etherchannel [all | detail | error | event | idb ]

no debug etherchannel [all | detail | error | event | idb ]

Syntax Description

all

(Optional) Displays all EtherChannel debug messages.

detail

(Optional) Displays detailed EtherChannel debug messages.

error

(Optional) Displays EtherChannel error debug messages.

event

(Optional) Displays EtherChannel event messages.

idb

(Optional) Displays PAgP interface descriptor block debug messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug etherchannel command is the same as the no debug etherchannel command.


Note


Although the linecard keyword is displayed in the command-line help, it is not supported.


Examples

This example shows how to display all EtherChannel debug messages:

Device> enable
Device# debug etherchannel all 

This example shows how to display debug messages related to EtherChannel events:

Device> enable
Device# debug etherchannel event

debug lacp

To enable debugging of Link Aggregation Control Protocol (LACP) activity, use the debug lacp command in privileged EXEC mode. To disable LACP debugging, use the no form of this command.

debug lacp [all | event | fsm | misc | packet]

no debug lacp [all | event | fsm | misc | packet]

Syntax Description

all

(Optional) Displays all LACP debug messages.

event

(Optional) Displays LACP event debug messages.

fsm

(Optional) Displays messages about changes within the LACP finite state machine.

misc

(Optional) Displays miscellaneous LACP debug messages.

packet

(Optional) Displays the receiving and transmitting LACP control packets.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug etherchannel command is the same as the no debug etherchannel command.

Examples

This example shows how to display all LACP debug messages:

Device> enable
Device# debug LACP all 

This example shows how to display debug messages related to LACP events:

Device> enable
Device# debug LACP event

debug pagp

To enable debugging of Port Aggregation Protocol (PAgP) activity, use the debug pagp command in privileged EXEC mode. To disable PAgP debugging, use the no form of this command.

debug pagp [all | dual-active | event | fsm | misc | packet]

no debug pagp [all | dual-active | event | fsm | misc | packet]

Syntax Description

all

(Optional) Displays all PAgP debug messages.

dual-active

(Optional) Displays dual-active detection messages.

event

(Optional) Displays PAgP event debug messages.

fsm

(Optional) Displays messages about changes within the PAgP finite state machine.

misc

(Optional) Displays miscellaneous PAgP debug messages.

packet

(Optional) Displays the receiving and transmitting PAgP control packets.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug pagp command is the same as the no debug pagp command.

Examples

This example shows how to display all PAgP debug messages:

Device> enable
Device# debug pagp all 

This example shows how to display debug messages related to PAgP events:

Device> enable
Device# debug pagp event

debug platform pm

To enable debugging of the platform-dependent port manager software module, use the debug platform pm command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug platform pm {all | counters | errdisable | fec | if-numbers | l2-control | link-status | platform | pm-vectors [detail] | ses | vlans}

no debug platform pm {all | counters | errdisable | fec | if-numbers | l2-control | link-status | platform | pm-vectors [detail] | ses | vlans}

Syntax Description

all

Displays all port manager debug messages.

counters

Displays counters for remote procedure call (RPC) debug messages.

errdisable

Displays error-disabled-related events debug messages.

fec

Displays forwarding equivalence class (FEC) platform-related events debug messages.

if-numbers

Displays interface-number translation event debug messages.

l2-control

Displays Layer 2 control infra debug messages.

link-status

Displays interface link-detection event debug messages.

platform

Displays port manager function event debug messages.

pm-vectors

Displays port manager vector-related event debug messages.

detail

(Optional) Displays vector-function details.

ses

Displays service expansion shelf (SES) related event debug messages.

vlans

Displays VLAN creation and deletion event debug messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug platform pm command is the same as the no debug platform pm command.

Examples

This example shows how to display debug messages related to the creation and deletion of VLANs:

Device> enable
Device# debug platform pm vlans 

debug platform udld

To enable debugging of the platform-dependent UniDirectional Link Detection (UDLD) software, use the debug platform udld command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug platform udld [error | event] [switch switch-number]

no debug platform udld [error | event] [switch switch-number]

Syntax Description

error

(Optional) Displays error condition debug messages.

event

(Optional) Displays UDLD-related platform event debug messages.

switch switch-number

(Optional) Displays UDLD debug messages for the specified stack member.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug platform udld command is the same as the no debug platform udld command.

When you enable debugging on a switch stack, it is enabled only on the active switch. To enable debugging on a stack member, you can start a session from the active switch by using the session switch-number command in privileged EXEC mode. Then enter the debug command at the command-line prompt of the stack member.

debug spanning-tree

To enable debugging of spanning-tree activities, use the debug spanning-tree command in EXEC mode. To disable debugging, use the no form of this command.

debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | etherchannel | events | exceptions | general | ha | mstp | pvst+ | root | snmp | synchronization | switch | uplinkfast}

no debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | synchronization | switch | uplinkfast}

Syntax Description

all

Displays all spanning-tree debug messages.

backbonefast

Displays BackboneFast-event debug messages.

bpdu

Displays spanning-tree bridge protocol data unit (BPDU) debug messages.

bpdu-opt

Displays optimized BPDU handling debug messages.

config

Displays spanning-tree configuration change debug messages.

etherchannel

Displays EtherChannel-support debug messages.

events

Displays spanning-tree topology event debug messages.

exceptions

Displays spanning-tree exception debug messages.

general

Displays general spanning-tree activity debug messages.

ha

Displays high-availability spanning-tree debug messages.

mstp

Debugs Multiple Spanning Tree Protocol (MSTP) events.

pvst+

Displays per-VLAN spanning-tree plus (PVST+) event debug messages.

root

Displays spanning-tree root-event debug messages.

snmp

Displays spanning-tree Simple Network Management Protocol (SNMP) handling debug messages.

switch

Displays switch shim command debug messages. This shim is the software module that is the interface between the generic Spanning Tree Protocol (STP) code and the platform-specific code of various device platforms.

synchronization

Displays the spanning-tree synchronization event debug messages.

uplinkfast

Displays UplinkFast-event debug messages.

Command Default

Debugging is disabled.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The undebug spanning-tree command is the same as the no debug spanning-tree command.

When you enable debugging on a stack, it is enabled only on the active switch. To enable debugging on the standby switch, start a session from the active switch by using the session switch-number command in privileged EXEC mode. Enter the debug command at the command-line prompt of the standby switch.

To enable debugging on the standby switch without first starting a session on the active switch, use the remote command switch-number LINE command in privileged EXEC mode.

Examples

This example shows how to display all spanning-tree debug messages:

Device> enable
Device# debug spanning-tree all 

instance (VLAN)

To map a VLAN or a group of VLANs to a multiple spanning tree (MST) instance, use the instance command in MST configuration mode. To return the VLANs to the default internal spanning tree (CIST) instance, use the no form of this command.

instance instance-id vlans vlan-range

no instance instance-id

Syntax Description

instance-id

Instance to which the specified VLANs are mapped. The range is from 0 to 4094.

vlans vlan-range

Specifies the number of the VLANs to be mapped to the specified instance. The range is from 1 to 4094.

Command Default

No VLANs are mapped to any MST instance (all VLANs are mapped to the CIST instance).

Command Modes

MST configuration mode (config-mst)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The vlans vlan-range is entered as a single value or a range.

The mapping is incremental, not absolute. When you enter a range of VLANs, this range is added or removed to the existing instances.

Any unmapped VLAN is mapped to the CIST instance.

Examples

The following example shows how to map a range of VLANs to instance 2:

Device(config)# spanning-tree mst configuration
Device(config-mst)# instance 2 vlans 1-100
Device(config-mst)# 

The following example shows how to map a VLAN to instance 5:

Device(config)# spanning-tree mst configuration
Device(config-mst)# instance 5 vlans 1100
Device(config-mst)# 

The following example shows how to move a range of VLANs from instance 2 to the CIST instance:

Device(config)# spanning-tree mst configuration
Device(config-mst)# no instance 2 vlans 40-60
Device(config-mst)# 

The following example shows how to move all the VLANs that are mapped to instance 2 back to the CIST instance:

Device(config)# spanning-tree mst configuration
Device(config-mst)# no instance 2
Device(config-mst)# 

interface port-channel

To access or create a port channel, use the interface port-channel command in global configuration mode. Use the no form of this command to remove the port channel.

interface port-channel port-channel-number

no interface port-channel

Syntax Description

port-channel-number

Channel group number.

The range is 1 to 252.

Command Default

No port channel logical interfaces are defined.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

For Layer 2 EtherChannels, you do not have to create a port-channel interface before assigning physical ports to a channel group. Instead, you can use the channel-group command in interface configuration mode, which automatically creates the port-channel interface when the channel group obtains its first physical port. If you create the port-channel interface first, the channel-group-number can be the same as the port-channel-number , or you can use a new number. If you use a new number, the channel-group command dynamically creates a new port channel.

You create Layer 3 port channels by using the interface port-channel command followed by the no switchport command in interface configuration mode. You should manually configure the port-channel logical interface before putting the interface into the channel group.

Only one port channel in a channel group is allowed.


Caution


When using a port-channel interface as a routed port, do not assign Layer 3 addresses on the physical ports that are assigned to the channel group.



Caution


Do not assign bridge groups on the physical ports in a channel group used as a Layer 3 port channel interface because it creates loops. You must also disable spanning tree.


Follow these guidelines when you use the interface port-channel command:

  • If you want to use the Cisco Discovery Protocol (CDP), you must configure it on the physical port and not on the port channel interface.

  • Do not configure a port that is an active member of an EtherChannel as an IEEE 802.1x port. If IEEE 802.1x is enabled on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.

For a complete list of configuration guidelines, see the “Configuring EtherChannels” chapter in the software configuration guide for this release.

Examples

This example shows how to create a port channel interface with a port channel number of 5:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 5

You can verify your setting by entering either the show running-config in privileged EXEC mode or the show etherchannel channel-group-number detail command in privileged EXEC mode.

l2protocol-tunnel

To enable tunneling of Layer 2 protocols on an access port, IEEE 802.1Q tunnel port, or a port channel, use the l2protocol-tunnel command in interface configuration mode on the switch stack or on a standalone switch. Use the no form of this command to disable tunneling on the interface.

l2protocol-tunnel [drop-threshold | shutdown-threshold] [value] [cdp | stp | vtp ] [lldp] [point-to-point | [pagp | lacp | udld]]

no l2protocol-tunnel [drop-threshold | shutdown-threshold] [value] [cdp | stp | vtp ] [lldp] [point-to-point | [pagp | lacp | udld]]

Syntax Description

drop-threshold

(Optional) Sets a drop threshold for the maximum rate of Layer 2 protocol packets per second to be received before an interface drops packets.

shutdown-threshold

(Optional) Sets a shutdown threshold for the maximum rate of Layer 2 protocol packets per second to be received before an interface is shut down.

value

A threshold in packets per second to be received for encapsulation before the interface shuts down, or the threshold before the interface drops packets. The range is 1 to 4096. The default is no threshold.

cdp

(Optional) Enables tunneling of CDP, specifies a shutdown threshold for CDP, or specifies a drop threshold for CDP.

stp

(Optional) Enables tunneling of STP, specifies a shutdown threshold for STP, or specifies a drop threshold for STP.

vtp

(Optional) Enables tunneling or VTP, specifies a shutdown threshold for VTP, or specifies a drop threshold for VTP.

lldp

(Optional) Enables tunneling of LLDP packets.

point-to-point

(Optional) Enables point-to point tunneling of PAgP, LACP, and UDLD packets.

pagp

(Optional) Enables point-to-point tunneling of PAgP, specifies a shutdown threshold for PAgP, or specifies a drop threshold for PAgP.

lacp

(Optional) Enables point-to-point tunneling of LACP, specifies a shutdown threshold for LACP, or specifis a drop threshold for LACP.

udld

(Optional) Enables point-to-point tunneling of UDLD, specifies a shutdown threshold for UDLD, or specifies a drop threshold for UDLD.

Command Default

The default is that no Layer 2 protocol packets are tunneled.

The default is no shutdown threshold for the number of Layer 2 protocol packets.

The default is no drop threshold for the number of Layer 2 protocol packets.

Command Modes

Interface configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Usage Guidelines

You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets. You can also enable point-to-point tunneling for Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), or UniDirectional Link Detection (UDLD) packets.

You must enter this command, with or without protocol types, to tunnel Layer 2 packets.

If you enter this command for a port channel, all ports in the channel must have the same configuration.

Layer 2 protocol tunneling across a service-provider network ensures that Layer 2 information is propagated across the network to all customer locations. When protocol tunneling is enabled, protocol packets are encapsulated with a well-known Cisco multicast address for transmission across the network. When the packets reach their destination, the well-known MAC address is replaced by the Layer 2 protocol MAC address.

You can enable Layer 2 protocol tunneling for CDP, STP, and VTP individually or for all three protocols.

In a service-provider network, you can use Layer 2 protocol tunneling to enhance the creation of EtherChannels by emulating a point-to-point network topology. When protocol tunneling is enabled on the service-provider switch for PAgP or LACP, remote customer switches receive the protocol data units (PDUs) and can negotiate automatic creation of EtherChannels.

To enable tunneling of PAgP, LACP, and UDLD packets, you must have a point-to-point network topology. To decrease the link-down detection time, you should also enable UDLD on the interface when you enable tunneling of PAgP or LACP packets.

You can enable point-to-point protocol tunneling for PAgP, LACP, and UDLD individually or for all three protocols.


Caution


PAgP, LACP, and UDLD tunneling is only intended to emulate a point-to-point topology. An erroneous configuration that sends tunneled packets to many ports could lead to a network failure.


Enter the shutdown-threshold keyword to control the number of protocol packets per second that are received on an interface before it shuts down. When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.

When the shutdown threshold is reached, the interface is error-disabled. If you enable error recovery by entering the errdisable recovery cause l2ptguard global configuration command, the interface is brought out of the error-disabled state and allowed to retry the operation again when all the causes have timed out. If the error recovery function is not enabled for l2ptguard , the interface stays in the error-disabled state until you enter the shutdown and no shutdown interface configuration commands.

Enter the drop-threshold keyword to control the number of protocol packets per second that are received on an interface before it drops packets. When no protocol option is specified with a keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a shutdown threshold on the interface, the drop-threshold value must be less than or equal to the shutdown-threshold value.

When the drop threshold is reached, the interface drops Layer 2 protocol packets until the rate at which they are received is below the drop threshold.

The configuration is saved in NVRAM.

For more information about Layer 2 protocol tunneling, see the software configuration guide for this release.

Examples

This example shows how to enable protocol tunneling for CDP packets and to configure the shutdown threshold as 50 packets per second:

Device(config-if)# l2protocol-tunnel cdp
Device(config-if)# l2protocol-tunnel shutdown-threshold cdp 50

This example shows how to enable protocol tunneling for STP packets and to configure the drop threshold as 400 packets per second:


Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet1/0/11
Device(config-if)# l2protocol-tunnel stp
Device(config-if)# l2protocol-tunnel drop-threshold stp 400

This example shows how to enable point-to-point protocol tunneling for PAgP and UDLD packets and to configure the PAgP drop threshold as 1000 packets per second:

Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# switchport access vlan 19
Device(config-if)# switchport mode dot1q-tunnel
Device(config-if)# l2protocol-tunnel point-to-point pagp
Device(config-if)# l2protocol-tunnel point-to-point udld
Device(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000
		

lacp fast-switchover

To enable Link Aggregation Control Protocol (LACP) 1:1 link redundancy, use the lacp fast-switchover command in interface configuration mode. To disable LACP 1:1 link redundancy, use the no form of this command.

lacp fast-switchover [ dampening time]

no lacp fast-switchover[ dampening time]

Syntax Description

dampening time

Enables LACP 1:1 hot-standby dampening. The range is 30 to 180 seconds.

Command Default

LACP 1:1 link redundancy is disabled by default.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Prior to entering the lacp fast-switchover command, you must ensure the following:

  • The port channel protocol type is LACP.

  • The lacp max-bundle 1 command has been entered on the port channel. Note that the lacp fast-switchover command will not affect the lacp max-bundle command.

Prior to entering the lacp fast-switchover dampening command, you must ensure the following:

  • The port channel protocol type is LACP.

  • The lacp max-bundle 1 and lacp fast-switchover commands have been entered on the port channel.

When you enable LACP 1:1 link redundancy, based on the system priority and port priority, the port with the higher system priority chooses one link as the active link and the other link as the standby link (lower the LACP port priority, higher the preference, and lower the LACP system priority, higher the preference). In the case of the LACP 1:1 Redundancy feature, when the active link fails, the standby link is selected as the new active link without taking down the port channel. When the original active link recovers, it reverts to its active link status. During this changeover, the port channel is also up.

In the case of LACP 1:1 Hot Standby Dampening feature, a timer is configured that delays the switchover back to the higher priority port after it becomes active.


Note


  • We recommend that you configure only two ports (one active and one hot standby) in the bundle, for optimum performance.

  • LACP 1:1 redundancy must be enabled at both ends of the LACP EtherChannel.

  • LACP 1:1 redundancy and dampening work only on LACP port channels.


Examples

The following example shows how to enable LACP 1:1 link redundancy:


Device> enable
Device# configure terminal
Device(config)# interface port-channel 40
Device(config-if)# lacp fast-switchover
Device(config-if)# lacp max-bundle 1

The following example shows how to enable LACP 1:1 hot standby dampening:


Device> enable
Device# configure terminal
Device(config)# interface port-channel 40
Device(config-if)# lacp fast-switchover
Device(config-if)# lacp max-bundle 1
Device(config-if)# lacp fast-switchover dampening 70

lacp max-bundle

To define the maximum number of active LACP ports allowed in a port channel, use the lacp max-bundle command in interface configuration mode. To return to the default setting, use the no form of this command.

lacp max-bundle max_bundle_number

no lacp max-bundle

Syntax Description

max_bundle_number

The maximum number of active LACP ports in the port channel. The range is 1 to 8. The default is 8.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in hot-standby mode. When there are more than eight ports in an LACP channel group, the device on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode. Port priorities on the other device (the noncontrolling end of the link) are ignored.

The lacp max-bundle command must specify a number greater than the number specified by the port-channel min-links command.

Use the show etherchannel summary command in privileged EXEC mode to see which ports are in the hot-standby mode (denoted with an H port-state flag in the output display).

Examples

This example shows how to specify a maximum of five active LACP ports in port channel 2:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 2 
Device(config-if)# lacp max-bundle 5

lacp port-priority

To configure the port priority for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command in interface configuration mode. To return to the default setting, use the no form of this command.

lacp port-priority priority

no lacp port-priority

Syntax Description

priority

Port priority for LACP. The range is 1 to 65535.

Command Default

The default is 32768.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The lacp port-priority command in interface configuration mode determines which ports are bundled and which ports are put in hot-standby mode when there are more than eight ports in an LACP channel group.

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode.

In port-priority comparisons, a numerically lower value has a higher priority: When there are more than eight ports in an LACP channel group, the eight ports with the numerically lowest values (highest priority values) for LACP port priority are bundled into the channel group, and the lower-priority ports are put in hot-standby mode. If two or more ports have the same LACP port priority (for example, they are configured with the default setting of 65535), then an internal value for the port number determines the priority.


Note


The LACP port priorities are only effective if the ports are on the device that controls the LACP link. See the lacp system-priority command in global configuration mode for determining which device controls the link.


Use the show lacp internal command in privileged EXEC mode to display LACP port priorities and internal port number values.

For information about configuring LACP on physical ports, see the configuration guide for this release.

Examples

This example shows how to configure the LACP port priority on a port:

Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet2/0/1
Device(config-if)# lacp port-priority 1000

You can verify your settings by entering the show lacp [channel-group-number] internal command in privileged EXEC mode.

lacp rate

To set the rate at which Link Aggregation Control Protocol (LACP) control packets are ingressed to an LACP-supported interface, use the lacp rate command in interface configuration mode. To return to the default settings, use the no form of this command

lacp rate {normal | fast}

no lacp rate

Syntax Description

normal

Specifies that LACP control packets are ingressed at the normal rate, every 30 seconds after the link is bundled.

fast

Specifies that LACP control packets are ingressed at the fast rate, once every 1 second.

Command Default

The default ingress rate for control packets is 30 seconds after the link is bundled.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use this command to modify the duration of LACP timeout. The LACP timeout value on Cisco switch is three times the LACP rate that is configured on the interface. Using the lacp ratecommand, you can select the LACP timeout value for a switch to be either 90 seconds or 3 seconds.

This command is supported only on LACP-enabled interfaces.

Examples

This example shows how to specify the fast (1 second) ingress rate on interface GigabitEthernet 0/0:

Device> enable
Device# configure terminall
Device(config)# interface gigabitEthernet 0/0 
Device(config-if)# lacp rate fast

lacp system-priority

To configure the system priority for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command in global configuration mode on the device. To return to the default setting, use the no form of this command.

lacp system-priority priority

no lacp system-priority

Syntax Description

priority

System priority for LACP. The range is 1 to 65535.

Command Default

The default is 32768.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The lacp system-priority command determines which device in an LACP link controls port priorities.

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel group, the device on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode. Port priorities on the other device (the noncontrolling end of the link) are ignored.

In priority comparisons, numerically lower values have a higher priority. Therefore, the system with the numerically lower value (higher priority value) for LACP system priority becomes the controlling system. If both devices have the same LACP system priority (for example, they are both configured with the default setting of 32768), the LACP system ID (the device MAC address) determines which device is in control.

The lacp system-priority command applies to all LACP EtherChannels on the device.

Use the show etherchannel summary command in privileged EXEC mode to see which ports are in the hot-standby mode (denoted with an H port-state flag in the output display).

Examples

This example shows how to set the LACP system priority:

Device> enable
Device# configure terminal
Device(config)# lacp system-priority 20000

You can verify your settings by entering the show lacp sys-id command in privileged EXEC mode.

loopdetect

To detect network loops, use the loopdetect command in interface configuration mode. To disable loop-detection guard use the no form of this command.

loopdetect [ time | action syslog | source-port ]

no loopdetect [ time | action syslog | source-port ]

Syntax Description

time

(Optional) Time interval at which loop-detect frames are sent, in seconds. Range: 0 to 10. Default: 5.

action syslog

(Optional) Displays a system message when a loop is detected.

source-port

(Optional) Error-disables the source port.

Command Default

Loop-detection guard is not enabled.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Amsterdam 17.2.1

This command was introduced.

Usage Guidelines

You can error-disable either the source port or the destination port depending on your requirement. When the loopdetect command is configured without any of the keywords or variables, the feature is enabled and the destination port is error-disabled when a loop is detected.We recommend that you error-disable the source port to better control traffic flow to and from your network.

The loopdetect action syslog command displays only a system message and does not error-disable the configured port. The no loopdetect action syslog command reverts the system to the last configured option.

Examples

The following example shows how to enable loop-detection guard. In this example, the destination port is error-disabled by default and loop-detect frames are sent at the default time interval of five seconds:

Device# enable
Device# configure terminal
Device(config)# interface tengigabitethernet 1/0/18
Device(config-if)# loopdetect

Examples

The following example shows how to configure the time interval to send loop-detect frames. In this example, loop-detect frames are sent every 7 seconds and destination port is error-disabled when a loop is detected:

Device# enable
Device# configure terminal
Device(config)# interface tengigabitethernet 1/0/18
Device(config-if)# loopdetect 7

Examples

The following example shows how to enable the feature and only display a system message. There is no action taken on either the destination port or the source port:

Device# enable
Device# configure terminal
Device(config)# interface tengigabitethernet 1/0/18
Device(config-if)# loopdetect action syslog

Examples

The following example shows how to enable the feature and error-disable the source port:

Device# enable
Device# configure terminal
Device(config)# interface tengigabitethernet 1/0/18
Device(config-if)# loopdetect source-port

Examples

The following example shows how the no loopdetect action syslog command works. In the first part of the example, the feature has been configured to error disable the source port (loopdetect source-port ). The feature is then reconfigured to display a system message and not error-disable a port (loopdetect action syslog ). In the last part of the example, the no form of the loopdetect action syslog command is configured, which causes the system to revert to the last configured option, that is, to error disable the source port.

Part 1: Error-disabling the source port:
Device# enable
Device# configure terminal
Device(config)# interface twentyfivegigabitethernet 1/0/20
Device(config-if)# loopdetect source-port
Part 2: Reconfiguring to display a system message and not error-disable a port:
Device(config-if)# loopdetect action syslog
Part 3: Using the no form of loopdetect action syslog (see Twe1/0/20 ):
Device(config-if)# no loopdetect action syslog
Device(config-if)# end

Device# show loopdetect
Interface Interval Elapsed-Time Port-to-Errdisbale     ACTION
--------- -------- ------------ ---------------------  ---------
Twe1/0/1      5        3        errdisable Source Port  SYSLOG    
Twe1/0/20     5        0        errdisable Source Port  ERRDISABLE
Twe2/0/3      5        2        errdisable Dest Port    ERRDISABLE
Loopdetect is ENABLED

name (MST)

To set the name of a Multiple Spanning Tree (MST) region, use the name command in MST configuration submode. To return to the default name, use the no form of this command.

name name

no name name

Syntax Description

name

Name to give the MST region. It can be any string with a maximum length of 32 characters.

Command Modes

MST configuration (config-mst)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Two or more devices with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.


Note


Be careful when using the name command to set the name of an MST region. If you make a mistake, you can put the device in a different region. The configuration name is a case-sensitive parameter.


Examples

This example shows how to name a region:

Device(config)# spanning-tree mst configuration
Device(config-mst)# name Cisco
Device(config-mst)# 

pagp learn-method

To learn the source address of incoming packets received from an EtherChannel port, use the pagp learn-method command in interface configuration mode. To return to the default setting, use the no form of this command.

pagp learn-method {aggregation-port | physical-port}

no pagp learn-method

Syntax Description

aggregation-port

Specifies address learning on the logical port channel. The device sends packets to the source using any port in the EtherChannel. This setting is the default. With aggregation-port learning, it is not important on which physical port the packet arrives.

physical-port

Specifies address learning on the physical port within the EtherChannel. The device sends packets to the source using the same port in the EtherChannel from which it learned the source address. The other end of the channel uses the same port in the channel for a particular destination MAC or IP address.

Command Default

The default is aggregation-port (logical port channel).

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The learn method must be configured the same at both ends of the link.

The device supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority commands in interface configuration mode have no effect on the device hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports.

When the link partner to the device is a physical learner, we recommend that you configure the device as a physical-port learner by using the pagp learn-method physical-port command in interface configuration mode. We also recommend that you set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac command in global configuration mode. Use the pagp learn-method command in interface configuration mode only in this situation.

Examples

This example shows how to set the learning method to learn the address on the physical port within the EtherChannel:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 2 
Device(config-if)# pagp learn-method physical-port

This example shows how to set the learning method to learn the address on the port channel within the EtherChannel:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 2 
Device(config-if)# pagp learn-method aggregation-port

You can verify your settings by entering either the show running-config command in privileged EXEC mode or the show pagp channel-group-number internal command in privileged EXEC mode.

pagp port-priority

To select a port over which all Port Aggregation Protocol (PAgP) traffic through the EtherChannel is sent, use the pagp port-priority command in interface configuration mode. If all unused ports in the EtherChannel are in hot-standby mode, they can be placed into operation if the currently selected port and link fails. To return to the default setting, use the no form of this command.

pagp port-priority priority

no pagp port-priority

Syntax Description

priority

Priority number. The range is from 0 to 255.

Command Default

The default is 128.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The physical port with the highest priority that is operational and has membership in the same EtherChannel is the one selected for PAgP transmission.

The device supports address learning only on aggregate ports even though the physical-port keyword is provided in the command-line interface (CLI). The pagp learn-method and the pagp port-priority commands in interface configuration mode have no effect on the device hardware, but they are required for PAgP interoperability with devices that only support address learning by physical ports, such as the Catalyst 1900 switch.

When the link partner to the device is a physical learner, we recommend that you configure the device as a physical-port learner by using the pagp learn-method physical-port command in interface configuration mode. We also recommend that you set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac command in global configuration mode. Use the pagp learn-method command in interface configuration mode only in this situation.

Examples

This example shows how to set the port priority to 200:

Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet2/0/1
Device(config-if)# pagp port-priority 200

You can verify your setting by entering the show running-config command in privileged EXEC mode or the show pagp channel-group-number internal command in privileged EXEC mode.

peer (PTP)

To connect to a peer Precision Time Protocol-aware (PTP-aware) device, use the peer command in property transport sub-configuration mode.

peer { ip ip_address | vrf word ip ip_address }

Syntax Description

ip ip_address

IP address of a peer PTP device.

vrf word

Default virtual routing and forwarding (VRF) or user-defined VRF.

Command Default

None

Command Modes

Property transport configuration (config-property-transport)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Usage Guidelines

You must configure the PTP-property name using the ptp property command and configure a unicast IPv4 connection from a loopback interface using the transport unicast ipv4 local loopback command before connecting to a peer PTP-aware device.

Examples

The following example shows how to connect to a peer PTP-aware device:

Device> enable
Device# configure terminal
Device(config)# ptp property cisco1
Device(config-property)# transport unicast ipv4 local loopback 0
Device(config-property-transport)# peer ip 192.0.2.1
Device(config-property-transport)# end


port-channel

To convert the auto created EtherChannel into a manual channel and adding configuration on the EtherChannel, use the port-channel command in privileged EXEC mode.

port-channel { channel-group-number persistent | persistent }

Syntax Description

channel-group-number

Channel group number.

The range is 1 to 252.

persistent

Converts the auto created EtherChannel into a manual channel and allows you to add configuration on the EtherChannel.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can use the show etherchannel summary command in privileged EXEC mode to display the EtherChannel information.

Examples

This example shows how to convert the auto created EtherChannel into a manual channel:

Device> enable
Device# port-channel 1 persistent

port-channel auto

To enable the auto-LAG feature on a switch globally, use the port-channel auto command in global configuration mode. To disable the auto-LAG feature on the switch globally, use no form of this command.

port-channel auto

no port-channel auto

Command Default

By default, the auto-LAG feature is disabled globally and is enabled on all port interfaces.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can use the show etherchannel auto command in privileged EXEC mode to verify if the EtherChannel was created automatically.

Examples

This example shows how to enable the auto-LAG feature on the switch:

Device> enable
Device# configure terminal
Device(config)# port-channel auto

port-channel load-balance

To set the load-distribution method among the ports in the EtherChannel, use the port-channel load-balance command in global configuration mode. To reset the load-balancing mechanism to the default setting, use the no form of this command.

port-channel load-balance {dst-ip | dst-mac | dst-mixed-ip-port | dst-port | extended | src-dst-ip | src-dst-mac | src-dst-mixed-ip-port | src-dst-port | src-ip | src-mac | src-mixed-ip-port | src-port}

no port-channel load-balance

Syntax Description

dst-ip

Specifies load distribution based on the destination host IP address.

dst-mac

Specifies load distribution based on the destination host MAC address. Packets to the same destination are sent on the same port, but packets to different destinations are sent on different ports in the channel.

dst-mixed-ip-port

Specifies load distribution based on the destination IPv4 or IPv6 address and the TCP/UDP (Layer 4) port number.

dst-port

Specifies load distribution based on the destination TCP/UDP (Layer 4) port number for both IPv4 and IPv6.

extended

Sets extended load balance methods among the ports in the EtherChannel.

src-dst-ip

Specifies load distribution based on the source and destination host IP address.

src-dst-mac

Specifies load distribution based on the source and destination host MAC address.

src-dst-mixed-ip-port

Specifies load distribution based on the source and destination host IP address and TCP/UDP (layer 4) port number.

src-dst-port

Specifies load distribution based on the source and destination TCP/UDP (Layer 4) port number.

src-ip

Specifies load distribution based on the source host IP address.

src-mac

Specifies load distribution based on the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port.

src-mixed-ip-port

Specifies load distribution based on the source host IP address and TCP/UDP (Layer 4) port number.

src-port

Specifies load distribution based on the TCP/UDP (Layer 4) port number.

Command Default

The default value is src-mac .

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can verify your setting by entering either the show running-config command in privileged EXEC mode or the show etherchannel load-balance command in privileged EXEC mode.

Examples

The following example shows how to set the load-distribution method to dst-mac:

Device> enable
Device# configure terminal
Device(config)# port-channel load-balance dst-mac

port-channel load-balance extended

To set combinations of load-distribution methods among the ports in the EtherChannel, use the port-channel load-balance extended command in global configuration mode. To reset the extended load-balancing mechanism to the default setting, use the no form of this command.

port-channel load-balance extended {dst-ip | dst-mac | dst-port | ipv6-label | l3-proto | src-ip | src-mac | src-port}

no port-channel load-balance extended

Syntax Description

dst-ip

Specifies load distribution based on the destination host IP address.

dst-mac

Specifies load distribution based on the destination host MAC address. Packets to the same destination are sent on the same port, but packets to different destinations are sent on different ports in the channel.

dst-port

Specifies load distribution based on the destination TCP/UDP (Layer 4) port number for both IPv4 and IPv6.

ipv6-label

Specifies load distribution based on the source MAC address and IPv6 flow label.

l3-proto

Specifies load distribution based on the source MAC address and Layer 3 protocols.

src-ip

Specifies load distribution based on the source host IP address.

src-mac

Specifies load distribution based on the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port.

src-port

Specifies load distribution based on the TCP/UDP (Layer 4) port number.

Command Default

The default is src-mac.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Cisco IOS XE Amsterdam 17.3.x

The command was modified. You have to mandatorily configure atleast one of the keywords for the port-channel load-balance extended command.

Usage Guidelines

You can verify your setting by entering either the show running-config command in privileged EXEC mode or the show etherchannel load-balance command in privileged EXEC mode.

Examples

This example shows how to set the extended load-distribution method:

Device> enable
Device# configure terminal
Device(config)# port-channel load-balance extended dst-ip dst-mac src-ip

port-channel min-links

To define the minimum number of LACP ports that must be bundled in the link-up state and bundled in the EtherChannel in order that a port channel becomes active, use the port-channel min-links command in interface configuration mode. To return to the default setting, use the no form of this command.

port-channel min-links min_links_number

no port-channel min-links

Syntax Description

min_links_number

The minimum number of active LACP ports in the port channel.

The range is 2 to 8 if the port channel number is 128 or lesser and the range is 2 to 4 if the port channel number is 129 or greater.

The default is 1.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in hot-standby mode. When there are more than eight ports in an LACP channel group, the device on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode. Port priorities on the other device (the noncontrolling end of the link) are ignored.

The port-channel min-links command must specify a number a less than the number specified by the lacp max-bundle command.

Use the show etherchannel summary command in privileged EXEC mode to see which ports are in the hot-standby mode (denoted with an H port-state flag in the output display).

Examples

This example shows how to specify a minimum of three active LACP ports before port channel 2 becomes active:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 2 
Device(config-if)# port-channel min-links 3

ptp dot1as extend property

To extend IEEE 802.1AS profile to a Precision Time Protocol-property (PTP-property) name, use the ptp dot1as extend property command in global configuration mode.

ptp dot1as extend property word

Syntax Description

word

PTP property name

Command Default

None

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following example shows how to extend IEEE 802.1AS profile to a PTP-property name:

Device> enable
Device# configure terminal
Device(config)# ptp property cisco1
Device(config-property)# transport unicast ipv4 local loopback 0
Device(config-property-transport)# peer ip 192.0.2.1
Device(config-property-transport)# end
Device# configure terminal
Device(config)# ptp dot1as extend property cisco1
Device(config)# end


ptp ip dscp

To configure IP DSCP value for PTP messages, use the ptp ip dscp command in global configuration mode. To remove the configuration, use the no form of this command.

ptp ip dscp value message { event | general } no ptp ip dscp value message { event | general }

Syntax Description

value

IP DSCP value. The range is from 0 to 63.

event

Configures IP DSCP value for PTP event messages.

general

Configures IP DSCP value for PTP general messages.

Command Default

PTP uses 0x2f for general messages and 0x3b for event messages

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.6.1

This command was introduced.

Usage Guidelines

Use this command for IEEE 1588 PTP profiles in IPv4 UDP transport mode only.

Examples

The following example shows how to configure IP DSCP value for PTP messages:


Device> enable
Device# configure terminal
Device(config)# ptp transport-protocol ipv4 udp
Device(config)# ptp mode boundary delay-req
Device(config)# interface range gigabitethernet1/0/1-gigabitethernet1/0/2
Device(config-if-range)# ptp sync interval -3
Device(config-if-range)# ptp delay-req interval -3
Device(config-if-range)# exit
Device(config)# ptp ip dscp 46 message general
Device(config)# ptp ip dscp 46 message event
Device(config)# end

ptp property

To set the Precision Time Protocol-property (PTP-property) name, use the ptp property command in global configuration mode. To remove the PTP property name, use the no form of this command.

ptp property word no ptp property word

Syntax Description

word

PTP-property name.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Usage Guidelines

You can configure more than one IPv4 unicast connection that connects to a different boundary clock under the same property name.

Examples

The following example shows how to set the PTP-property name:

Device> enable
Device# configure terminal
Device(config)# ptp property cisco1
Device(config-property)# 


ptp role primary

To set an interface permanently as primary (master), use the ptp role primary command in interface configuration mode. To remove an interface as primary (master), use the no ptp role primary command.

ptp role primary no ptp role primary

Command Default

Interface is set as either primary (master) or secondary (slave) based on Best Master Clock Algorithm (BMCA)

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Usage Guidelines

Setting a port permanently ensures that the port remain as a primary (master) even if a clock connected to the port can be elected as grandmaster clock.


Note


The command ptp role primary must be used only on ports that are used as end nodes on a network that are connected to devices requiring synchronization.


Use the show ptp port interface_id command to verify if the port is set as primary (master).

Examples

The following example shows how to set an interface permanently as primary (master):

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet1/0/1
Device(config-if)# ptp role primary
         

rep admin vlan

To configure a Resilient Ethernet Protocol (REP) administrative VLAN for the REP to transmit hardware flood layer (HFL) messages, use the rep admin vlan command in global configuration mode. To return to the default configuration with VLAN 1 as the administrative VLAN, use the no form of this command.

rep admin vlan vlan-id segment segment-id

no rep admin vlan vlan-id segment segment-id

Syntax Description

vlan-id

48-bit static MAC address.

segment

configures administrative VLAN for an REP segment.

segment-id

specifies the segment for which the admin VLAN has been assigned. Segment id number ranges from 1-1024

Command Default

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Cisco IOS XE Amsterdam 17.2.1

The segment keyword was introduced.

rep block port

To configure Resilient Ethernet Protocol (REP) VLAN load balancing on a REP primary edge port, use the rep block port command in interface configuration mode. To return to the default configuration with VLAN 1 as the administrative VLAN, use the no form of this command.

rep block port {id port-id | neighbor-offset | preferred} vlan {vlan-list | all}

no rep block port {id port-id | neighbor-offset | preferred}

Syntax Description

id port-id

Specifies the VLAN blocking alternate port by entering the unique port ID, which is automatically generated when REP is enabled. The REP port ID is a 16-character hexadecimal value.

neighbor-offset

VLAN blocking alternate port by entering the offset number of a neighbor. The range is from -256 to +256. A value of 0 is invalid.

preferred

Selects the regular segment port previously identified as the preferred alternate port for VLAN load balancing.

vlan

Identifies the VLANs to be blocked.

vlan-list

VLAN ID or range of VLAN IDs to be displayed. Enter a VLAN ID from 1 to 4094, or a range or sequence of VLANs (such as 1-3, 22, and 41-44) to be blocked.

all

Blocks all the VLANs.

Command Default

The default behavior after you enter the rep preempt segment command in privileged EXEC (for manual preemption) is to block all the VLANs at the primary edge port. This behavior remains until you configure the rep block port command.

If the primary edge port cannot determine which port is to be the alternate port, the default action is no preemption and no VLAN load balancing.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When you select an alternate port by entering an offset number, this number identifies the downstream neighbor port of an edge port. The primary edge port has an offset number of 1; positive numbers above 1 identify downstream neighbors of the primary edge port. Negative numbers identify the secondary edge port (offset number -1) and its downstream neighbors.


Note


Do not enter an offset value of 1 because that is the offset number of the primary edge port itself.

If you have configured a preempt delay time by entering the rep preempt delay seconds command in interface configuration mode and a link failure and recovery occurs, VLAN load balancing begins after the configured preemption time period elapses without another link failure. The alternate port specified in the load-balancing configuration blocks the configured VLANs and unblocks all the other segment ports. If the primary edge port cannot determine the alternate port for VLAN balancing, the default action is no preemption.

Each port in a segment has a unique port ID. To determine the port ID of a port, enter the show interfaces interface-id rep detail command in privileged EXEC mode.

Examples

The following example shows how to configure REP VLAN load balancing:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep block port id 0009001818D68700 vlan 1-100

rep lsl-age-timer

To configure the Resilient Ethernet Protocol (REP) link status layer (LSL) age-out timer value, use the rep lsl-age-timer command in interface configuration mode. To restore the default age-out timer value, use the no form of this command.

rep lsl-age-timer milliseconds

no rep lsl-age-timer milliseconds

Syntax Description

milliseconds

REP LSL age-out timer value, in milliseconds (ms). The range is from 120 to 10000 in multiples of 40.

Command Default

The default LSL age-out timer value is 5 ms.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

While configuring REP configurable timers, we recommend that you configure the REP LSL number of retries first and then configure the REP LSL age-out timer value.

Examples

The following example shows how to configure a REP LSL age-out timer value:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 1 edge primary
Device(config-if)# rep lsl-age-timer 2000

rep lsl-retries

To configure the REP link status layer (LSL) number of retries, use the rep lsl-retries command in interface configuration mode. To restore the default number of retries, use the no form of this command.

rep lsl-retries number-of-retries

no rep lsl-retries number-of-retries

Syntax Description

number-of-retries

Number of LSL retries. The range of retries is from 3 to 10.

Command Default

The default number of LSL retries is 5.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced

Usage Guidelines

The rep lsl-retries command is used to configure the number of retries before the REP link is disabled. While configuring REP configurable timers, we recommend that you configure the REP LSL number of retries first and then configure the REP LSL age-out timer value.

Examples

The following example shows how to configure REP LSL retries.

Device> enable
Device# configure terminal
Device(config)#  interface TenGigabitEthernet 4/1
Device(config-if)#  rep segment 2 edge primary

rep preempt delay

To configure a waiting period after a segment port failure and recovery before Resilient Ethernet Protocol (REP) VLAN load balancing is triggered, use the rep preempt delay command in interface configuration mode. To remove the configured delay, use the no form of this command.

rep preempt delay seconds

no rep preempt delay

Syntax Description

seconds

Number of seconds to delay REP preemption. The range is from 15 to 300 seconds. The default is manual preemption without delay.

Command Default

REP preemption delay is not set. The default is manual preemption without delay.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Enter this command on the REP primary edge port.

Enter this command and configure a preempt time delay for VLAN load balancing to be automatically triggered after a link failure and recovery.

If VLAN load balancing is configured after a segment port failure and recovery, the REP primary edge port starts a delay timer before VLAN load balancing occurs. Note that the timer restarts after each link failure. When the timer expires, the REP primary edge port alerts the alternate port to perform VLAN load balancing (configured by using the rep block port command in interface configuration mode) and prepares the segment for the new topology. The configured VLAN list is blocked at the alternate port, and all other VLANs are blocked at the primary edge port.

You can verify your settings by entering the show interfaces rep command.

Examples

The following example shows how to configure a REP preemption time delay of 100 seconds on the primary edge port:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep preempt delay 100

rep preempt segment

To manually start Resilient Ethernet Protocol (REP) VLAN load balancing on a segment, use the rep preempt segment command in privileged EXEC mode.

rep preempt segment segment-id

Syntax Description

segment-id

ID of the REP segment. The range is from 1 to 1024.

Command Default

Manual preemption is the default behavior.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Enter this command on the segment, which has the primary edge port on the device.

Ensure that all the other segment configuratios are completed before setting preemption for VLAN load balancing. When you enter the rep preempt segment segment-id command, a confirmation message appears before the command is executed because preemption for VLAN load balancing can disrupt the network.

If you do not enter the rep preempt delay seconds command in interface configuration mode on the primary edge port to configure a preemption time delay, the default configuration is to manually trigger VLAN load balancing on the segment.

Enter the show rep topology command in privileged EXEC mode to see which port in the segment is the primary edge port.

If you do not configure VLAN load balancing, entering the rep preempt segment segment-id command results in the default behavior, that is, the primary edge port blocks all the VLANs.

You can configure VLAN load balancing by entering the rep block port command in interface configuration mode on the REP primary edge port before you manually start preemption.

Examples

The following example shows how to manually trigger REP preemption on segment 100:

Device> enable
Device# rep preempt segment 100

rep segment

To enable Resilient Ethernet Protocol (REP) on an interface and to assign a segment ID to the interface, use the rep segment command in interface configuration mode. To disable REP on the interface, use the no form of this command.

rep segment segment-id [edge [no-neighbor] [primary] ] [preferred]

no rep segment

Syntax Description

segment-id

Segment for which REP is enabled. Assign a segment ID to the interface. The range is from 1 to 1024.

edge

(Optional) Configures the port as an edge port. Each segment has only two edge ports.

no-neighbor

(Optional) Specifies the segment edge as one with no external REP neighbor.

primary

(Optional) Specifies that the port is the primary edge port where you can configure VLAN load balancing. A segment has only one primary edge port.

preferred

(Optional) Specifies that the port is the preferred alternate port or the preferred port for VLAN load balancing.

Note

 

Configuring a port as a preferred port does not guarantee that it becomes the alternate port; it merely gives it a slight edge among equal contenders. The alternate port is usually a previously failed port.

Command Default

REP is disabled on the interface.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

REP ports must be a Layer 2 IEEE 802.1Q port or a 802.1AD port. You must configure two edge ports on each REP segment, a primary edge port and a secondary edge port.

If REP is enabled on two ports on a device, both the ports must be either regular segment ports or edge ports. REP ports follow these rules:

  • If only one port on a device is configured in a segment, that port should be an edge port.

  • If two ports on a device belong to the same segment, both the ports must be regular segment ports.

  • If two ports on a device belong to the same segment, and one is configured as an edge port and one as a regular segment port (a misconfiguration), the edge port is treated as a regular segment port.


Caution


REP interfaces come up in a blocked state and remain in a blocked state until notified that it is safe to unblock. Be aware of this to avoid sudden connection losses.

When REP is enabled on an interface, the default is for that port to be a regular segment port.

Examples

The following example shows how to enable REP on a regular (nonedge) segment port:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100

The following example shows how to enable REP on a port and identify the port as the REP primary edge port:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100 edge primary

The following example shows how to enable REP on a port and identify the port as the REP secondary edge port:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 100 edge

The following example shows how to enable REP as an edge no-neighbor port:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep segment 1 edge no-neighbor primary

rep stcn

To configure a Resilient Ethernet Protocol (REP) edge port to send segment topology change notifications (STCNs) to another interface or to other segments, use the rep stcn command in interface configuration mode. To disable the task of sending STCNs to the interface or to the segment, use the no form of this command.

rep stcn {interface interface-id | segment segment-id-list}

no rep stcn {interface | segment}

Syntax Description

interface interface-id

Specifies a physical interface or port channel to receive STCNs.

segment segment-id-list

Specifies one REP segment or a list of REP segments to receive STCNs. The segment range is from 1 to 1024. You can also configure a sequence of segments, for example, 3 to 5, 77, 100.

Command Default

Transmission of STCNs to other interfaces or segments is disabled.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can verify your settings by entering the show interfaces rep detail command in privileged EXEC mode.

Examples

The following example shows how to configure a REP edge port to send STCNs to segments 25 to 50:

Device> enable
Device# configure terminal
Device(config)# interface TenGigabitEthernet 4/1
Device(config-if)# rep stcn segment 25-50

revision

To set the revision number for the Multiple Spanning Tree (802.1s) (MST) configuration, use the revision command in MST configuration submode. To return to the default settings, use the no form of this command.

revision version

no revision

Syntax Description

version

Revision number for the configuration; valid values are from 0 to 65535.

Command Default

version is 0

Command Modes

MST configuration (config-mst)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Devices that have the same configuration but different revision numbers are considered to be part of two different regions.


Note


Be careful when using the revision command to set the revision number of the MST configuration because a mistake can put the switch in a different region.


Examples

This example shows how to set the revision number of the MST configuration:

Device(config)# spanning-tree mst configuration
Device(config-mst)# revision 5
Device(config-mst)# 

show dot1q-tunnel

To display information about IEEE 802.1Q tunnel ports, use the show dot1q-tunnel in EXEC mode.

show dot1q-tunnel [interface interface-id]

Syntax Description

interface interface-id

(Optional) Specifies the interface for which to display IEEE 802.1Q tunneling information. Valid interfaces include physical ports and port channels.

Command Default

None

Command Modes

User EXEC

Privileged EXEC

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following are examples of output from the show dot1q-tunnel command:

Device# show dot1q-tunnel

dot1q-tunnel mode LAN Port(s)
-----------------------------
Gi1/0/1
Gi1/0/2
Gi1/0/3
Gi1/0/6
Po2
		
Device# show dot1q-tunnel interface gigabitethernet1/0/1 

dot1q-tunnel mode LAN Port(s)
-----------------------------
Gi1/0/1

show etherchannel

To display EtherChannel information for a channel, use the show etherchannel command in user EXEC mode.

show etherchannel [channel-group-number | {detail | port | port-channel | protocol | summary }] | [detail | load-balance | port | port-channel | protocol | summary]

Syntax Description

channel-group-number

(Optional) Channel group number.

The range is 1 to 252.

detail

(Optional) Displays detailed EtherChannel information.

load-balance

(Optional) Displays the load-balance or frame-distribution scheme among ports in the port channel.

port

(Optional) Displays EtherChannel port information.

port-channel

(Optional) Displays port-channel information.

protocol

(Optional) Displays the protocol that is being used in the channel.

summary

(Optional) Displays a one-line summary per channel group.

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

If you do not specify a channel group number, all channel groups are displayed.

In the output, the passive port list field is displayed only for Layer 3 port channels. This field means that the physical port, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).

Examples

This is an example of output from the show etherchannel channel-group-number detail command:

Device> show etherchannel 1 detail
Group state = L2
Ports: 2   Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol:      LACP
                   Ports in the group:
                   -------------------
Port: Gi1/0/1
------------
Port state    = Up Mstr In-Bndl
Channel group = 1        Mode  = Active        Gcchange = -
Port-channel  =          Po1GC = -             Pseudo port-channel = Po1
Port index    =          0Load = 0x00          Protocol = LACP

Flags: S - Device is sending Slow LACPDUs   F - Device is sending fast LACPDU
       A - Device is in active mode.        P - Device is in passive mode.

Local information:
                         LACP port   Admin   Oper   Port   Port
Port     Flags   State   Priority    Key     Key    Number State
Gi1/0/1   SA      bndl     32768      0x1     0x1    0x101  0x3D
Gi1/0/2    A      bndl     32768      0x0     0x1    0x0    0x3D

Age of the port in the current state: 01d:20h:06m:04s

                   Port-channels in the group:
                   ----------------------

Port-channel: Po1   (Primary Aggregator)

Age of the Port-channel = 01d:20h:20m:26s
Logical slot/port = 10/1          Number of ports = 2
HotStandBy port   = null
Port state        = Port-channel Ag-Inuse
Protocol          = LACP

Ports in the Port-channel:

Index  Load   Port      EC state        No of bits
------+------+------+------------------+-----------
 0      00    Gi1/0/1    Active           0
 0      00    Gi1/0/2    Active           0

Time since last port bundled:   01d:20h:24m:44s   Gi1/0/2

This is an example of output from the show etherchannel channel-group-number summary command:

Device> show etherchannel 1 summary
Flags: D - down P - in port-channel
       I - stand-alone s - suspended
       H - Hot-standby (LACP only)
       R - Layer3 S - Layer2
       u - unsuitable for bundling
       U - in use f - failed to allocate aggregator
       d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------
 1     Po1(SU)       LACP        Gi1/0/1(P) Gi1/0/2(P)

This is an example of output from the show etherchannel channel-group-number port-channel command:

Device> show etherchannel 1 port-channel
Port-channels in the group:
----------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 01d:20h:24m:50s
Logical slot/port = 10/1 Number of ports = 2
Logical slot/port = 10/1 Number of ports = 2
Port state = Port-channel Ag-Inuse
Protocol = LACP

Ports in the Port-channel:

Index  Load   Port   EC state           No of bits
------+------+------+------------------+-----------
 0      00    Gi1/0/1 Active             0
 0      00    Gi1/0/2 Active             0

Time since last port bundled: 01d:20h:24m:44s Gi1/0/2

This is an example of output from show etherchannel protocol command:

Device# show etherchannel protocol
Channel-group listing:
-----------------------
Group: 1
----------
Protocol: LACP
Group: 2
----------
Protocol: PAgP

show interfaces rep detail

To display detailed Resilient Ethernet Protocol (REP) configuration and status for all interfaces or a specified interface, including the administrative VLAN, use the show interfaces rep detail command in privileged EXEC mode.

show interfaces [interface-id] rep detail

Syntax Description

interface-id

(Optional) Physical interface used to display the port ID.

Command Modes

  Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Enter this command on a segment edge port to send STCNs to one or more segments or to an interface.

You can verify your settings by entering the show interfaces rep detail command in privileged EXEC mode.

Examples

The following example shows how to display the REP configuration and status for a specified interface;

Device> enable
Device# show interfaces TenGigabitEthernet4/1 rep detail

TenGigabitEthernet4/1 REP enabled
Segment-id: 3 (Primary Edge)
PortID: 03010015FA66FF80
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 02040015FA66FF804050
Port Role: Open
Blocked VLAN: <empty>
Admin-vlan: 1
Preempt Delay Timer: disabled
Configured Load-balancing Block Port: none
Configured Load-balancing Block VLAN: none
STCN Propagate to: none
LSL PDU rx: 999, tx: 652
HFL PDU rx: 0, tx: 0
BPA TLV rx: 500, tx: 4
BPA (STCN, LSL) TLV rx: 0, tx: 0
BPA (STCN, HFL) TLV rx: 0, tx: 0
EPA-ELECTION TLV rx: 6, tx: 5
EPA-COMMAND TLV rx: 0, tx: 0
EPA-INFO TLV rx: 135, tx: 136

show l2protocol-tunnel

To display information about Layer 2 protocol tunnel ports, use the show l2protocol-tunnel in EXEC mode.

show l2protocol-tunnel [interface interface-id] summary

Syntax Description

interface interface-id

(Optional) Specifies the interface for which protocol tunneling information appears. Valid interfaces are physical ports and port channels.

The port-channel range is 1 to 252.

summary

(Optional) Displays only Layer 2 protocol summary information.

Command Default

None

Command Modes

User EXEC

Privileged EXEC

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Usage Guidelines

After enabling Layer 2 protocol tunneling on an access or IEEE 802.1Q tunnel port by using the l2protocol-tunnel interface configuration command, you can configure some or all of these parameters:

  • Protocol type to be tunneled

  • Shutdown threshold

  • Drop threshold

If you enter the show l2protocol-tunnel interface command, only information about the active ports on which all the parameters are configured appears.

If you enter the show l2protocol-tunnel summary command, only information about the active ports on which some or all of the parameters are configured appears.

Examples

This is an example of output from the show l2protocol-tunnel command:

Device> show l2protocol-tunnel

COS for Encapsulated Packets: 5
Drop Threshold for Encapsulated Packets: 0
		
Port       Protocol Shutdown  Drop      Encapsulation Decapsulation Drop
		                  Threshold Threshold Counter       Counter       Counter
---------- -------- --------- --------- ------------- ------------- -------------
Gi3/0/3    ---           ----      ----          ----          ----          ----
		         ---           ----      ----          ----          ----          ----
		         ---           ----      ----          ----          ----          ----
		         pagp          ----      ----             0         242500
		         lacp          ----      ----         24268         242640
		         udld          ----      ----             0         897960
Gi3/0/4    ---           ----      ----          ----          ----          ----
		         ---           ----      ----          ----          ----          ----
		         ---           ----      ----          ----          ----          ----
		         pagp          1000      ----         24249         242700
		         lacp          ----      ----         24256         242660
		         udld          ----      ----             0         897960
Gi6/0/1    cdp           ----      ----        134482        1344820
		         ---           ----      ----          ----          ----          ----
	          ---           ----      ----          ----          ----          ----
		         pagp          1000      ----             0         242500
		         lacp           500      ----             0         485320
		         udld           300      ----         44899         448980
Gi6/0/2     cdp           ----      ----        134482        1344820
		         ---           ----      ----          ----          ----          ----
		         ---           ----      ----          ----          ----          ----
		         pagp          ----      1000             0         242700
		         lacp          ----      ----             0         485220
		         udld           300      ----         44899         448980
		

This is an example of output from the show l2protocol-tunnel summary command:

Device> show l2protocol-tunnel summary

COS for Encapsulated Packets: 5
Drop Threshold for Encapsulated Packets: 0
		
Port    Protocol       Shutdown         Drop             Status
		                     Threshold        Threshold
		                     (cdp/stp/vtp)    (cdp/stp/vtp)
		                     (pagp/lacp/udld) (pagp/lacp/udld)
------- -------------   ---------------- ---------------- ----------
Gi3/0/2 pagp lacp udld  ----/----/----   ----/----/----   up
Gi4/0/3 pagp lacp udld  1000/ 500/----   ----/----/----   up
Gi9/0/1 pagp ---- ----  ----/----/----   1000/----/----   down
Gi9/0/2 pagp ---- ----  ----/----/----   1000/----/----   down
		

show lacp

To display Link Aggregation Control Protocol (LACP) channel-group information, use the show lacp command in user EXEC mode.

show lacp [channel-group-number] {counters | internal | neighbor | sys-id}

Syntax Description

channel-group-number

(Optional) Channel group number.

The range is 1 to 252.

counters

Displays traffic information.

internal

Displays internal information.

neighbor

Displays neighbor information.

sys-id

Displays the system identifier that is being used by LACP. The system identifier consists of the LACP system priority and the device MAC address.

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can enter any show lacp command to display the active channel-group information. To display specific channel information, enter the show lacp command with a channel-group number.

If you do not specify a channel group, information for all channel groups appears.

You can enter the channel-group-number to specify a channel group for all keywords except sys-id .

Examples

This is an example of output from the show lacp counters user EXEC command. The table that follows describes the fields in the display.

Device> show lacp counters
              LACPDUs        Marker     Marker Response   LACPDUs
Port        Sent  Recv     Sent  Recv     Sent  Recv     Pkts  Err
---------------------------------------------------------------------
Channel group:1
Gi2/0/1      19    10        0    0         0    0        0
Gi2/0/2      14    6         0    0         0    0        0
Table 1. show lacp counters Field Descriptions

Field

Description

LACPDUs Sent and Recv

The number of LACP packets sent and received by a port.

Marker Sent and Recv

The number of LACP marker packets sent and received by a port.

Marker Response Sent and Recv

The number of LACP marker response packets sent and received by a port.

LACPDUs Pkts and Err

The number of unknown and illegal packets received by LACP for a port.

This is an example of output from the show lacp internal command:

Device> show lacp 1 internal
Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode

Channel group 1
                           LACP port    Admin    Oper    Port     Port
Port      Flags   State    Priority     Key      Key     Number   State
Gi2/0/1    SA      bndl     32768         0x3     0x3       0x4    0x3D
Gi2/0/2    SA      bndl     32768         0x3     0x3       0x5    0x3D

The following table describes the fields in the display:

Table 2. show lacp internal Field Descriptions

Field

Description

State

State of the specific port. These are the allowed values:

  • —Port is in an unknown state.

  • bndl—Port is attached to an aggregator and bundled with other ports.

  • susp—Port is in a suspended state; it is not attached to any aggregator.

  • hot-sby—Port is in a hot-standby state.

  • indiv—Port is incapable of bundling with any other port.

  • indep—Port is in an independent state (not bundled but able to handle data traffic. In this case, LACP is not running on the partner port).

  • down—Port is down.

LACP Port Priority

Port priority setting. LACP uses the port priority to put ports in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.

Admin Key

Administrative key assigned to this port. LACP automatically generates an administrative key value as a hexadecimal number. The administrative key defines the ability of a port to aggregate with other ports. A port’s ability to aggregate with other ports is determined by the port physical characteristics (for example, data rate and duplex capability) and configuration restrictions that you establish.

Oper Key

Runtime operational key that is being used by this port. LACP automatically generates this value as a hexadecimal number.

Port Number

Port number.

Port State

State variables for the port, encoded as individual bits within a single octet with these meanings:

  • bit0: LACP_Activity

  • bit1: LACP_Timeout

  • bit2: Aggregation

  • bit3: Synchronization

  • bit4: Collecting

  • bit5: Distributing

  • bit6: Defaulted

  • bit7: Expired

Note

 

In the list above, bit7 is the MSB and bit0 is the LSB.

This is an example of output from the show lacp neighbor command:

Device> show lacp neighbor
Flags: S - Device is sending Slow LACPDUs  F - Device is sending Fast LACPDUs
       A - Device is in Active mode        P - Device is in Passive mode

Channel group 3 neighbors

Partner’s information:

          Partner                Partner               Partner
Port      System ID              Port Number   Age     Flags
Gi2/0/1   32768,0007.eb49.5e80   0xC             19s    SP

          LACP Partner           Partner       Partner
          Port Priority          Oper Key      Port State
          32768                  0x3           0x3C

Partner’s information:

          Partner                Partner               Partner
Port      System ID              Port Number   Age     Flags
Gi2/0/2   32768,0007.eb49.5e80   0xD             15s    SP

          LACP Partner           Partner       Partner
          Port Priority          Oper Key      Port State
          32768                  0x3           0x3C

This is an example of output from the show lacp sys-id command:

Device> show lacp sys-id
32765,0002.4b29.3a00

The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.

show loopdetect

To display the details of all the interfaces where loop-detection guard is enabled, use the show loopdetect command in user EXEC or privileged EXEC mode.

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

User EXEC (>)

Privileged EXEC(#)

Command History

Release Modification

Cisco IOS XE Amsterdam 17.2.1

This command was introduced.

Examples

The following is a sample output of the show loopdetect command:


Device# show loopdetect
Interface Interval Elapsed-Time Port-to-Errdisbale     ACTION
--------- -------- ------------ ---------------------  ---------
Twe1/0/1      5        3        errdisable Source Port  SYSLOG    
Twe1/0/20     5        0        errdisable Source Port  ERRDISABLE
Twe2/0/3      5        2        errdisable Dest Port    ERRDISABLE
Loopdetect is ENABLED

The table below describes the significant fields shown in the display.

Table 3. show loopdetect Field Descriptions

Field

Description

Interface

Displays the interfaces that have loop-detection guard enabled.

Interval

Displays the time interval set to send the loop-detect frames in seconds.

Elapsed-Time

Displays the time elapsed within the set time interval to send loop-detect frames.

Port-to-Errdisbale

Displays the port that is configured to be error-disabled.

Action

Displays the action the system will take when it detects a network loop.

show pagp

To display Port Aggregation Protocol (PAgP) channel-group information, use the show pagp command in EXEC mode.

show pagp [channel-group-number] {counters | dual-active | internal | neighbor}

Syntax Description

channel-group-number

(Optional) Channel group number.

The range is 1 to 252.

counters

Displays traffic information.

dual-active

Displays the dual-active status.

internal

Displays internal information.

neighbor

Displays neighbor information.

Command Modes

User EXEC

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number.

Examples

This is an example of output from the show pagp 1 counters command:

Device> show pagp 1 counters
             Information        Flush
Port         Sent   Recv     Sent   Recv
----------------------------------------
Channel group: 1
  Gi1/0/1    45     42       0      0 
  Gi1/0/2    45     41       0      0 

This is an example of output from the show pagp dual-active command:

Device> show pagp dual-active
PAgP dual-active detection enabled: Yes
PAgP dual-active version: 1.1
		
Channel group 1
          Dual-Active     Partner              Partner   Partner
Port      Detect Capable  Name                 Port      Version
Gi1/0/1   No              -p2                 Gi3/0/3    N/A
Gi1/0/2   No              -p2                 Gi3/0/4    N/A
		
<output truncated>

This is an example of output from the show pagp 1 internal command:

Device> show pagp 1 internal
Flags:  S - Device is sending Slow hello.  C - Device is in Consistent state.
        A - Device is in Auto mode.
Timers: H - Hello timer is running.        Q - Quit timer is running.
        S - Switching timer is running.    I - Interface timer is running.
		
Channel group 1
                                  Hello    Partner  PAgP     Learning  Group
Port        Flags State   Timers  Interval Count   Priority   Method  Ifindex
Gi1/0/1     SC    U6/S7   H       30s      1        128        Any      16
Gi1/0/2     SC    U6/S7   H       30s      1        128        Any      16

This is an example of output from the show pagp 1 neighbor command:

Device> show pagp 1 neighbor
		
Flags:  S - Device is sending Slow hello.  C - Device is in Consistent state.
        A - Device is in Auto mode.        P - Device learns on physical port.
		
Channel group 1 neighbors
            Partner              Partner          Partner           Partner Group
Port        Name                 Device ID        Port         Age  Flags   Cap.
Gi1/0/1     -p2            0002.4b29.4600   Gi01//1        9s SC      10001 
Gi1/0/2     -p2            0002.4b29.4600   Gi1/0/2       24s SC      10001

show platform etherchannel

To display platform-dependent EtherChannel information, use the show platform etherchannel command in privileged EXEC mode.

show platform etherchannel channel-group-number {group-mask | load-balance mac src-mac dst-mac [ip src-ip dst-ip [port src-port dst-port]]} [switch switch-number]

Syntax Description

channel-group-number

Channel group number.

The range is 1 to 252.

group-mask

Displays EtherChannel group mask.

load-balance

Tests EtherChannel load-balance hash algorithm.

mac src-mac dst-mac

Specifies the source and destination MAC addresses.

ip src-ip dst-ip

(Optional) Specifies the source and destination IP addresses.

port src-port dst-port

(Optional) Specifies the source and destination layer port numbers.

switch switch-number

(Optional) Specifies the stack member.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use this command only when you are working directly with a technical support representative while troubleshooting a problem.

Do not use this command unless a technical support representative asks you to do so.

show platform pm

To display platform-dependent port manager information, use the show platform pm command in privileged EXEC mode.

show platform pm {etherchannel channel-group-number group-mask | interface-numbers | port-data interface-id | port-state}

Syntax Description

etherchannel channel-group-number group-mask

Displays the EtherChannel group-mask table for the specified channel group.

The range is 1 to 252.

interface-numbers

Displays interface numbers information.

port-data interface-id

Displays port data information for the specified interface.

port-state

Displays port state information.

Command Modes

Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use this command only when you are working directly with your technical support representative while troubleshooting a problem.

Do not use this command unless your technical support representative asks you to do so.

show platform software fed (ifm mappings)

To display the number of VLAN mappings on each ASIC, use the show platform software fed command in privileged EXEC mode.

This topic provides information about only the number of VLAN mappings configured on each ASIC with the show platform software fed command.

show platform software fed{ active| standby} ifm mappings [ etherchannel| gpn| l3if-le| lpn| port-le]

Syntax Description

{ active| standby}

Selects the state of the switch for which you want to display information. You have the following options:

  • active —Displays information related to the active switch.

  • standby —Displays information relating to standby switch, if available.

ifm

Displays port information for a given interface ID.

mappings

Displays brief summary of all the interfaces.

etherchannel

Displays EtherChannel mapping information.

gpn

Displays global port number mapping information.

l3if-le

Displays Layer 3 interface logical entity mapping information.

lpn

Displays local port number mapping information.

port-le

Displays physical interface logical entity mapping information.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Amsterdam 17.2.1

This command was introduced.

Usage Guidelines

The number of VLAN mappings configured on each ASIC can be derived by summing up the total number of interfaces on each ASIC. The output of the show platform software fed active ifm mappings command displays the ASIC number and the interface that is configured in separate columns.

Examples

The following is sample output from the show platform software fed active ifm mappings command. Here, a total of 20 VLAN mappings have been configured. The number of VLAN mappings in ASIC 0, ASIC 1, ASIC 2 are 8, 8 and 4 respectively:

Device> enable
Device# show platform software fed active ifm mappings
Interface                 IF_ID    Inst Asic Core Port SubPort Mac  Cntx LPN  GPN Type Active
FortyGigabitEthernet1/0/1 0x9        0   0   0    0      0      0    0    1   101  NIF  Y
FortyGigabitEthernet1/0/2 0xa        0   0   0    8      0      2    1    2   102  NIF  Y
FortyGigabitEthernet1/0/3 0xb        0   0   0    16     0      16   0    3   103  NIF  Y
FortyGigabitEthernet1/0/4 0xc        0   0   0    24     0      18   1    4   104  NIF  Y
FortyGigabitEthernet1/0/5 0xd        1   0   1    8      0      14   1    5   105  NIF  Y
FortyGigabitEthernet1/0/6 0xe        1   0   1    0      0      12   0    6   106  NIF  Y
FortyGigabitEthernet1/0/7 0xf        1   0   1    24     0      30   1    7   107  NIF  Y
FortyGigabitEthernet1/0/8 0x10       1   0   1    16     0      28   0    8   108  NIF  Y
FortyGigabitEthernet1/0/9 0x11       2   1   0    0      0      0    0    9   109  NIF  Y
FortyGigabitEthernet1/0/10 0x12      2   1   0    8      0      2    1    10  110  NIF  Y
FortyGigabitEthernet1/0/11 0x13      2   1   0    16     0      16   0    11  111  NIF  Y
FortyGigabitEthernet1/0/12 0x14      2   1   0    24     0      18   1    12  112  NIF  Y
FortyGigabitEthernet1/0/13 0x15      3   1   1    8      0      14   1    13  113  NIF  Y
FortyGigabitEthernet1/0/14 0x16      3   1   1    0      0      12   0    14  114  NIF  Y
FortyGigabitEthernet1/0/15 0x17      3   1   1    24     0      30   1    15  115  NIF  Y
FortyGigabitEthernet1/0/16 0x18      3   1   1    16     0      28   0    16  116  NIF  Y
FortyGigabitEthernet1/0/17 0x19      4   2   0    0      0      0    0    17  117  NIF  Y
FortyGigabitEthernet1/0/18 0x1a      4   2   0    8      0      2    1    18  118  NIF  Y
FortyGigabitEthernet1/0/19 0x1b      4   2   0    16     0      16   0    19  119  NIF  Y
FortyGigabitEthernet1/0/20 0x1c      4   2   0    24     0      18   1    20  120  NIF  Y

show platform software fed active ptp interface loopback

To display the Precision Time Protocol (PTP) connection details and events of the specified loopback interface, use the show platform software fed active ptp interface loopback command in privileged EXEC mode.

show platform software fed active php interface value

Syntax Description

value

Loopback interface number. The maximum number of sessions supported is 127.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following is a sample output of the show platform software fed active ptp interface loopback command:

Device> enable
Device# show platform software fed active ptp interface loopback 0


show ptp port loopback

To display Precision Time Protocol (PTP) configurations of a loopback interface, use the show ptp port loopback command in privileged EXEC mode.

show ptp port loopback value

Syntax Description

value

Loopback interface number. The maximum number of sessions supported is 127.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following is a sample output of the show ptp port loopback command:

Device> enable
Device# show ptp port loopback
PTP PORT DATASET: Loopback0
  Port identity: clock identity: 0xF8:F:6F:FF:FE:CB:4D:C0
  Port identity: port number: 34818
  PTP version: 2
  PTP port number: 2
  PTP slot number: 17
  Port state: SLAVE
  Delay request interval(log mean): 0
  Announce receipt time out: 3
  Neighbor prop delay(ns): 0
  Announce interval(log mean): 0
  Sync interval(log mean): -2
  Delay Mechanism: End to End
  Peer delay request interval(log mean): 0
  Sync fault limit: 500000000
ptp role primary : Disabled


show ptp transport properties

To display a Precision Time Protocol (PTP) profile and its properties, use the show ptp transport properties command in privileged EXEC mode.

show ptp transport properties

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following is a sample output of the show ptp transport properties command:

Device> enable
Device# show ptp transport properties 
Profile Property flow1 extended to : Dot1as
S.No Transport       Interface        SourceIP        Vrf          PeerIp       Ptp State
---- --------- --------------- --------------- ---------- --------------- ---------------
   1 IPv4            Loopback0         4.4.4.4                    192.168.2.2      SLAVE


show rep topology

To display Resilient Ethernet Protocol (REP) topology information for a segment or for all the segments, including the primary and secondary edge ports in the segment, use the show rep topology command in privileged EXEC mode.

show rep topology [segment segment-id] [archive] [detail]

Syntax Description

segment segment-id

(Optional) Specifies the segment for which to display the REP topology information. The segment-id range is from 1 to 1024.

archive

(Optional) Displays the previous topology of the segment. This keyword is useful for troubleshooting a link failure.

detail

(Optional) Displays detailed REP topology information.

Command Modes

  Privileged EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

The following is a sample output from the show rep topology command:

Device# show rep topology

REP Segment 1
BridgeName       PortName   Edge Role
---------------- ---------- ---- ----
10.64.106.63     Te5/4      Pri  Open
10.64.106.228    Te3/4           Open
10.64.106.228    Te3/3           Open
10.64.106.67     Te4/3           Open
10.64.106.67     Te4/4           Alt 
10.64.106.63     Te4/4      Sec  Open

REP Segment 3
BridgeName       PortName   Edge Role
---------------- ---------- ---- ----
10.64.106.63     Gi50/1     Pri  Open
SVT_3400_2       Gi0/3           Open
SVT_3400_2       Gi0/4           Open
10.64.106.68     Gi40/2          Open
10.64.106.68     Gi40/1          Open
10.64.106.63     Gi50/2     Sec  Alt

The following is a sample output from the show rep topology detail command:

Device# show rep topology detail

REP Segment 1
10.64.106.63, Te5/4 (Primary Edge)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1700
  Port Number: 010
  Port Priority: 000
  Neighbor Number: 1 / [-6]
10.64.106.228, Te3/4 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b1b.1f20
  Port Number: 010
  Port Priority: 000
  Neighbor Number: 2 / [-5]
10.64.106.228, Te3/3 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b1b.1f20
  Port Number: 00E
  Port Priority: 000
  Neighbor Number: 3 / [-4]
10.64.106.67, Te4/3 (Intermediate)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1800
  Port Number: 008
  Port Priority: 000
  Neighbor Number: 4 / [-3]
10.64.106.67, Te4/4 (Intermediate)
  Alternate Port, some vlans blocked
  Bridge MAC: 0005.9b2e.1800
  Port Number: 00A
  Port Priority: 000
  Neighbor Number: 5 / [-2]
10.64.106.63, Te4/4 (Secondary Edge)
  Open Port, all vlans forwarding
  Bridge MAC: 0005.9b2e.1700
  Port Number: 00A
  Port Priority: 000
  Neighbor Number: 6 / [-1]

show spanning-tree

To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command in privileged EXEC mode.

show spanning-tree [bridge-group] [ active | backbonefast | blockedports | bridge [id] | detail | inconsistentports | instances | interface interface-type interface-number | mst [ list | configuration [digest] ] | pathcost method | root | summary [totals] | uplinkfast | vlan vlan-id ]

Syntax Description

bridge-group

(Optional) Specifies the bridge group number. The range is 1 to 255.

active

(Optional) Displays spanning-tree information on active interfaces only.

backbonefast

(Optional) Displays spanning-tree BackboneFast status.

blockedports

(Optional) Displays blocked port information.

bridge

(Optional) Displays status and configuration of this switch.

detail

(Optional) Shows status and configuration details.

inconsistentports

(Optional) Displays information about inconsistent ports.

instances

(Optional) Displays information about maximum STP instances.

interface interface-type interface-number

(Optional) Specifies the type and number of the interface. Enter each interface designator, using a space to separate it from the one before and the one after. Ranges are not supported. Valid interfaces include physical ports and virtual LANs (VLANs). See the “Usage Guidelines” for valid values.

mst

(Optional) Specifies multiple spanning-tree.

list

(Optional) Specifies a multiple spanning-tree instance list.

configuration digest

(Optional) Displays the multiple spanning-tree current region configuration.

pathcost method

(Optional) Displays the default path-cost calculation method that is used. See the “Usage Guidelines” section for the valid values.

root

(Optional) Displays root-switch status and configuration.

summary

(Optional) Specifies a summary of port states.

totals

(Optional) Displays the total lines of the spanning-tree state section.

uplinkfast

(Optional) Displays spanning-tree UplinkFast status.

vlan vlan-id

(Optional) Specifies the VLAN ID. The range is 1 to 4094.

If the vlan-id value is omitted, the command applies to the spanning-tree instance for all VLANs.

id

(Optional) Identifies the spanning tree bridge.

port-channel number

(Optional) Identifies the Ethernet channel associated with the interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The keywords and arguments that are available with the show spanning-tree command vary depending on the platform you are using and the network modules that are installed and operational.

The port-channel number values from 257 to 282 are supported on the Content Switching Module (CSM) and the Firewal Services Module (FWSM) only.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.

When checking spanning tree-active states and you have a large number of VLANs, you can enter the show spanning-tree summary total command. You can display the total number of VLANs without having to scroll through the list of VLANs.

The valid values for keyword pathcoast method are:

  • append : Appends the redirected output to a URL (supporting the append operation).

  • begin : Begins with the matching line.

  • exclude : Excludes matching lines.

  • include : Includes matching lines.

  • redirect : Redirects output to a URL.

  • tee : Copies output to a URL.

When you run the show spanning-tree command for a VLAN or an interface the switch router will display the different port states for the VLAN or interface. The valid spanning-tree port states are listening, learning, forwarding, blocking, disabled, and loopback.


Device# 
show spanning-tree
VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     5c71.0dfe.8380
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     5c71.0dfe.8380
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1             Desg FWD 20000     128.1    P2p
Gi1/0/18            Desg FWD 20000     128.18   P2p
Gi1/0/21            Desg FWD 20000     128.21   P2p
Te1/0/25            Desg FWD 20000     128.25   P2p
Te1/0/37            Desg FWD 2000      128.37   P2p
Te1/0/38            Desg FWD 2000      128.38   P2p
Te1/0/45            Desg FWD 20000     128.45   P2p
Te1/0/48            Desg FWD 20000     128.48   P2p

See the table below for definitions of the port states:

Table 4. show spanning-tree vlan Command Port States

Field

Definition

BLK

Blocked is when the port is still sending and listening to BPDU packets but is not forwarding traffic.

DIS

Disabled is when the port is not sending or listening to BPDU packets and is not forwarding traffic.

FWD

Forwarding is when the port is sending and listening to BPDU packets and forwarding traffic.

LBK

Loopback is when the port recieves its own BPDU packet back.

LIS

Listening is when the port spanning tree initially starts to listen for BPDU packets for the root bridge.

LRN

Learning is when the port sets the proposal bit on the BPDU packets it sends out

Examples

This example shows how to display a summary of interface information:


Device# 
show spanning-tree
VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     6cb2.ae4a.4fc0
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     6cb2.ae4a.4fc0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fif1/0/17           Desg FWD 2000      128.17   P2p
Fif1/0/19           Desg FWD 800       128.19   P2p
Fif1/0/21           Desg FWD 2000      128.21   P2p
Fif1/0/23           Desg FWD 2000      128.23   P2p
TwoH1/0/42          Desg FWD 500       128.42   P2p
Fou1/0/44           Desg FWD 50        128.44   P2p
Fif2/0/17           Back BLK 2000      128.185  P2p
Fif2/0/19           Back BLK 800       128.187  P2p
Fif2/0/21           Back BLK 2000      128.189  P2p
Fif2/0/23           Back BLK 2000      128.191  P2p
Fou2/0/43           Desg FWD 50        128.211  P2p
Fou2/0/44           Back BLK 50        128.212  P2p
Hu5/0/13            Desg FWD 500       128.685  P2p
Hu5/0/15            Desg FWD 500       128.687  P2p
Hu5/0/21            Back BLK 500       128.693  P2p
Hu5/0/23            Back BLK 500       128.695  P2p
Fou6/0/27           Back BLK 50        128.867  P2p
Hu6/0/29            Desg FWD 200       128.869  P2p
Hu6/0/30            Back BLK 200       128.870  P2p

The table below describes the fields that are shown in the example.

Table 5. show spanning-tree Command Output Fields

Field

Definition

Port ID Prio.Nbr

Port ID and priority number.

Cost

Port cost.

Sts

Status information.

This example shows how to display information about the spanning tree for this bridge only:


Device# show spanning-tree bridge

                                                   Hello  Max  Fwd
Vlan                         Bridge ID              Time  Age  Dly  Protocol
---------------- --------------------------------- -----  ---  ---  --------
VLAN0001         32769 (32768,   1) 5c71.0dfe.8380    2    20   15  rstp

This example shows how to display detailed information about the interface:


Device# 
show spanning-tree detail
 VLAN0001 is executing the rstp compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, sysid 1, address 5c71.0dfe.8380
  Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Number of topology changes 27 last change occurred 4d19h ago
          from TenGigabitEthernet1/0/48
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0, aging 300

 Port 1 (GigabitEthernet1/0/1) of VLAN0001 is designated forwarding
   Port path cost 20000, Port priority 128, Port Identifier 128.1.
   Designated root has priority 32769, address 5c71.0dfe.8380
   Designated bridge has priority 32769, address 5c71.0dfe.8380
   Designated port id is 128.1, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 208695, received 1

 Port 18 (GigabitEthernet1/0/18) of VLAN0001 is designated forwarding
!
!
<<output truncated>>

This example shows how to display a summary of port states:


Device# 
show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001
Extended system ID                      is enabled
Portfast Default                        is disabled
PortFast BPDU Guard Default            is disabled
Portfast BPDU Filter Default           is disabled
Loopguard Default                      is disabled
EtherChannel misconfig guard            is enabled
UplinkFast                              is disabled
BackboneFast                            is enabled but inactive in rapid-pvst mode
Configured Pathcost method used is long

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                     1         0        0         26         27
---------------------- -------- --------- -------- ---------- ----------
1 vlan                       1         0        0         26         27

This example shows how to display the total lines of the spanning-tree state section:


Device#  
show spanning-tree summary total Switch is in rapid-pvst mode
Root bridge for: VLAN0001
Extended system ID                      is enabled
Portfast Default                        is disabled
PortFast BPDU Guard Default            is disabled
Portfast BPDU Filter Default           is disabled
Loopguard Default                      is disabled
EtherChannel misconfig guard            is enabled
UplinkFast                              is disabled
BackboneFast                            is enabled but inactive in rapid-pvst mode
Configured Pathcost method used is long

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
1 vlan                       1         0        0         26         27

This example shows how to display information about the spanning tree for a specific VLAN:


Device# 
show spanning-tree vlan 200
VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     5c71.0dfe.8380
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     5c71.0dfe.8380
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1             Desg FWD 20000     128.1    P2p
Gi1/0/18            Desg FWD 20000     128.18   P2p
Gi1/0/21            Desg FWD 20000     128.21   P2p
Te1/0/25            Desg FWD 20000     128.25   P2p
Te1/0/37            Desg FWD 2000      128.37   P2p
Te1/0/38            Desg FWD 2000      128.38   P2p
Te1/0/45            Desg FWD 20000     128.45   P2p
Te1/0/48            Desg FWD 20000     128.48   P2p
!
!
<<output truncated>>

The table below describes the fields that are shown in the example.

Table 6. show spanning-tree vlan Command Output Fields

Field

Definition

Role

Current 802.1w role; valid values are Boun (boundary), Desg (designated), Root, Altn (alternate), and Back (backup).

Sts

Spanning-tree states; valid values are BKN* (broken)1, BLK (blocking), DWN (down), LTN (listening), LBK (loopback), LRN (learning), and FWD (forwarding).

Cost

Port cost.

Prio.Nbr

Port ID that consists of the port priority and the port number.

Status

Status information; valid values are as follows:

  • P2p/Shr: The interface is considered as a point-to-point (resp. shared) interface by the spanning tree.

  • Edge: PortFast has been configured (either globally using the default command or directly on the interface) and no BPDU has been received.

  • *ROOT_Inc, *LOOP_Inc, *PVID_Inc and *TYPE_Inc: The port is in a broken state (BKN*) for an inconsistency. The port would be (respectively) Root inconsistent, Loopguard inconsistent, PVID inconsistent, or Type inconsistent.

  • Bound(type): When in MST mode, identifies the boundary ports and specifies the type of the neighbor (STP, RSTP, or PVST).

  • Peer(STP): When in PVRST rapid-pvst mode, identifies the port connected to a previous version of the 802.1D bridge.

1 For information on the *, see the definition for the Status field.

show spanning-tree mst

To display the information about the Multiple Spanning Tree (MST) protocol, use the show spanning-tree mst command in privileged EXEC mode.

show spanning-tree mst [ configuration [digest] | instance-id-number ] [ interface interface ] [ detail ] [ service instance ]

Syntax Description

instance-id-number

(Optional) Instance identification number. The range is from 0 to 4094.

detail

(Optional) Displays detailed information about the MST protocol.

interface

(Optional) Displays the information about the interfaces. See the "Usage Guidelines" section for valid number values.

configuration

(Optional) Displays information about the region configuration.

digest

(Optional) Displays information about the message digest 5 (MD5) algorithm included in the current MST configuration identifier (MSTCI).

interface

(Optional) Displays information about the interface type.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The valid values for the interface argument depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.

The number of valid values for port-channel number are a maximum of 64 values ranging from 1 to 282. The port-channel number values from 257 to 282 are supported on the Content Switching Module (CSM) and the Firewall Services Module (FWSM) only.

The number of valid values for vlan are from 1 to 4094.

In the output display of the show spanning-tree mst configuration command, a warning message may be displayed. This message appears if you do not map secondary VLANs to the same instance as the associated primary VLAN. The display includes a list of the secondary VLANs that are not mapped to the same instance as the associated primary VLAN. The warning message is as follows:


These secondary vlans are not mapped to the same instance as their primary:
-> 3

In the output display of the show spanning-tree mst configuration digest command, if the output applies to both standard and prestandard bridges at the same time on a per-port basis, two different digests are displayed.

If you configure a port to transmit prestandard PortFast bridge protocol data units (BPDUs) only, the prestandard flag displays in the show spanning-tree commands. The variations of the prestandard flag are as follows:

  • Pre-STD (or pre-standard in long format): This flag is displayed if the port is configured to transmit prestandard BPDUs and if a prestandard neighbor bridge has been detected on this interface.

  • Pre-STD-Cf (or pre-standard (config) in long format): This flag is displayed if the port is configured to transmit prestandard BPDUs but a prestandard BPDU has not been received on the port, the autodetection mechanism has failed, or a misconfiguration, if there is no prestandard neighbor, has occurred.

  • Pre-STD-Rx (or prestandard (rcvd) in long format): This flag is displayed when a prestandard BPDU has been received on the port, but it has not been configured to send prestandard BPDUs. The port will send prestandard BPDUs, but Cisco recommends that you change the port configuration so that the interaction with the prestandard neighbor does not rely only on the autodetection mechanism.

If the configuration is not prestandard compliant (for example, a single MST instance has an ID that is greater than or equal to 16,) the prestandard digest is not computed and the following output is displayed:

Device# show spanning-tree mst configuration digest 

Name      [region1]
Revision  2     Instances configured 3
Digest          0x3C60DBF24B03EBF09C5922F456D18A03
Pre-std Digest  N/A, configuration not pre-standard compatible

MST BPDUs include an MSTCI that consists of the region name, region revision, and an MD5 digest of the VLAN-to-instance mapping of the MST configuration.

See the show spanning-tree mst command field description table for output descriptions.

Examples

The following example shows how to display information about the region configuration:

Device# show spanning-tree mst configuration
 
Name      [train]
Revision  2702
Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-9,11-19,21-29,31-39,41-4094
1         10,20,30,40
-------------------------------------------------------------------------------

The following example shows how to display additional MST-protocol values:

Device# show spanning-tree mst 3 detail 

###### MST03 vlans mapped: 3,3000-3999 
Bridge address 0002.172c.f400 priority 32771 (32768 sysid 3) 
Root this switch for MST03
GigabitEthernet1/1 of MST03 is boundary forwarding 
Port info port id 128.1 priority 128 
cost 20000 
Designated root address 0002.172c.f400 priority 32771 
cost 0 
Designated bridge address 0002.172c.f400 priority 32771 port 
id 128.1 
Timers: message expires in 0 sec, forward delay 0, forward transitions 1 
Bpdus (MRecords) sent 4, received 0
FastEthernet4/1 of MST03 is designated forwarding 
Port info port id 128.193 priority 128 cost 
200000 
Designated root address 0002.172c.f400 priority 32771 
cost 0 
Designated bridge address 0002.172c.f400 priority 32771 port id 
128.193 
Timers: message expires in 0 sec, forward delay 0, forward transitions 1 
Bpdus (MRecords) sent 254, received 1
FastEthernet4/2 of MST03 is backup blocking 
Port info port id 128.194 priority 128 cost 
200000 
Designated root address 0002.172c.f400 priority 32771 
cost 0 
Designated bridge address 0002.172c.f400 priority 32771 port id 
128.193 
Timers: message expires in 2 sec, forward delay 0, forward transitions 1 
Bpdus (MRecords) sent 3, received 252

The following example shows how to display the MD5 digest included in the current MSTCI:

Device# show spanning-tree mst configuration digest
 
Name      [mst-config]
Revision  10    Instances configured 25
Digest          0x40D5ECA178C657835C83BBCB16723192
Pre-std Digest  0x27BF112A75B72781ED928D9EC5BB4251

show udld

To display UniDirectional Link Detection (UDLD) administrative and operational status for all ports or the specified port, use the show udld command in user EXEC mode.

show udld [ Auto-Template | Capwap | GigabitEthernet | GroupVI | InternalInterface | Loopback | Null | Port-channel | TenGigabitEthernet | Tunnel | Vlan] interface_number

show udld neighbors

Syntax Description

Auto-Template

(Optional) Displays UDLD operational status of the auto-template interface. The range is from 1 to 999.

Capwap

(Optional) Displays UDLD operational status of the CAPWAP interface. The range is from 0 to 2147483647.

GigabitEthernet

(Optional) Displays UDLD operational status of the GigabitEthernet interface. The range is from 0 to 9.

GroupVI

(Optional) Displays UDLD operational status of the group virtual interface. The range is from 1 to 255.

InternalInterface

(Optional) Displays UDLD operational status of the internal interface. The range is from 0 to 9.

Loopback

(Optional) Displays UDLD operational status of the loopback interface. The range is from 0 to 2147483647.

Null

(Optional) Displays UDLD operational status of the null interface.

Port-channel

(Optional) Displays UDLD operational status of the Ethernet channel interfaces.

The range is 1 to 252.

TenGigabitEthernet

(Optional) Displays UDLD operational status of the Ten Gigabit Ethernet interface. The range is from 0 to 9.

Tunnel

(Optional) Displays UDLD operational status of the tunnel interface. The range is from 0 to 2147483647.

Vlan

(Optional) Displays UDLD operational status of the VLAN interface. The range is from 1 to 4095.

interface-id

(Optional) ID of the interface and port number. Valid interfaces include physical ports, VLANs, and port channels.

neighbors

(Optional) Displays neighbor information only.

Command Modes

User EXEC

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

If you do not enter an interface ID, administrative and operational UDLD status for all interfaces appear.

Examples

This is an example of output from the show udld interface-id command. For this display, UDLD is enabled on both ends of the link, and UDLD detects that the link is bidirectional. The table that follows describes the fields in this display.

Device> show udld gigabitethernet2/0/1
Interface gi2/0/1
---
Port enable administrative configuration setting: Follows device default
Port enable operational state: Enabled
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single Neighbor detected
Message interval: 60
Time out interval: 5
Entry 1
Expiration time: 146
Device ID: 1
Current neighbor state: Bidirectional
Device name: Switch-A
Port ID: Gi2/0/1
Neighbor echo 1 device: Switch-B
Neighbor echo 1 port: Gi2/0/2
Message interval: 5
CDP Device name: Switch-A

Table 7. show udld Field Descriptions

Field

Description

Interface

The interface on the local device configured for UDLD.

Port enable administrative configuration setting

How UDLD is configured on the port. If UDLD is enabled or disabled, the port enable configuration setting is the same as the operational enable state. Otherwise, the enable operational setting depends on the global enable setting.

Port enable operational state

Operational state that shows whether UDLD is actually running on this port.

Current bidirectional state

The bidirectional state of the link. An unknown state appears if the link is down or if it is connected to an UDLD-incapable device. A bidirectional state appears if the link is a normal two-way connection to a UDLD-capable device. All other values mean miswiring.

Current operational state

The current phase of the UDLD state machine. For a normal bidirectional link, the state machine is most often in the Advertisement phase.

Message interval

How often advertisement messages are sent from the local device. Measured in seconds.

Time out interval

The time period, in seconds, that UDLD waits for echoes from a neighbor device during the detection window.

Entry 1

Information from the first cache entry, which contains a copy of echo information received from the neighbor.

Expiration time

The amount of time in seconds remaining before this cache entry is aged out.

Device ID

The neighbor device identification.

Current neighbor state

The neighbor’s current state. If both the local and neighbor devices are running UDLD normally, the neighbor state and local state should be bidirectional. If the link is down or the neighbor is not UDLD-capable, no cache entries appear.

Device name

The device name or the system serial number of the neighbor. The system serial number appears if the device name is not set or is set to the default (Switch).

Port ID

The neighbor port ID enabled for UDLD.

Neighbor echo 1 device

The device name of the neighbors’ neighbor from which the echo originated.

Neighbor echo 1 port

The port number ID of the neighbor from which the echo originated.

Message interval

The rate, in seconds, at which the neighbor is sending advertisement messages.

CDP device name

The CDP device name or the system serial number. The system serial number appears if the device name is not set or is set to the default (Switch).

This is an example of output from the show udld neighbors command:

Device> enable
Device# show udld neighbors
Port     Device Name          Device ID  Port-ID  OperState
-------- -------------------- ---------- -------- --------------
Gi2/0/1  Switch-A             1          Gi2/0/1  Bidirectional
Gi3/0/1  Switch-A             2          Gi3/0/1  Bidirectional 

source ip interface

To configure the source IP address, use the source ip interface command in property transport sub-configuration mode.

source ip interface interface_id

Syntax Description

interface_id

Source IP address.

Command Default

None

Command Modes

Property transport (config-property-transport)

Command History

Release

Modification

Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Usage Guidelines

This command is optional. Use this command as an alternative to the peer command.

Examples

The following example shows how to configure the source IP address:

Device> enable
Device# configure terminal
Device(config)# ptp property cisco1
Device(config-property)# transport unicast ipv4 local loopback 0
Device(config-property-transport)# source ip interface GigabitEthernet 1/0/1
Device(config-property-transport)# end


spanning-tree backbonefast

To enable BackboneFast to allow a blocked port on a switch to change immediately to a listening mode, use the spanning-tree backbonefast command in global configuration mode. To return to the default setting, use the no form of this command.

spanning-tree backbonefast

no spanning-tree backbonefast

Syntax Description

This command has no arguments or keywords.

Command Default

BackboneFast is disabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

BackboneFast should be enabled on all of the Cisco devices containing an Ethernet switch network module. BackboneFast provides for fast convergence in the network backbone after a spanning-tree topology change. It enables the switch to detect an indirect link failure and to start the spanning-tree reconfiguration sooner than it would under normal spanning-tree rules.

Use the show spanning-tree privileged EXEC command to verify your settings.

Examples

The following example shows how to enable BackboneFast on the device:


Device(config)# spanning-tree backbonefast

spanning-tree bpdufilter

To enable bridge protocol data unit (BPDU) filtering on the interface, use the spanning-tree bpdufilter command in interface configuration or template configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpdufilter { enable | disable }

no spanning-tree bpdufilter

Syntax Description

enable

Enables BPDU filtering on this interface.

disable

Disables BPDU filtering on this interface.

Command Default

The setting that is already configured when you enter the spanning-tree portfast edge bpdufilter default command .

Command Modes

Interface configuration (config-if)

Template configuration (config-template)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines


Caution


Be careful when you enter the spanning-tree bpdufilter enable command. Enabling BPDU filtering on an interface is similar to disabling the spanning tree for this interface. If you do not use this command correctly, you might create bridging loops.


Entering the spanning-tree bpdufilter enable command to enable BPDU filtering overrides the PortFast configuration.

When configuring Layer 2-protocol tunneling on all the service-provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter enable command.

BPDU filtering prevents a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:

  • spanning-tree bpdufilter enable : Unconditionally enables BPDU filtering on the interface.

  • spanning-tree bpdufilter disable : Unconditionally disables BPDU filtering on the interface.

  • no spanning-tree bpdufilter : Enables BPDU filtering on the interface if the interface is in operational PortFast state and if you configure the spanning-tree portfast bpdufilter default command.

Use the spanning-tree portfast bpdufilter default command to enable BPDU filtering on all ports that are already configured for PortFast.

Examples

This example shows how to enable BPDU filtering on this interface:


Device(config-if)# spanning-tree bpdufilter enable
Device(config-if)# 

The following example shows how to enable BPDU filtering on an interface using interface template:


Device# configure terminal
Device(config)# template user-template1
Device(config-template)# spanning-tree bpdufilter enable 
Device(config-template)# end
 

spanning-tree bpduguard

To enable bridge protocol data unit (BPDU) guard on the interface, use the spanning-tree bpduguard command in interface configuration and template configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpduguard { enable | disable }

no spanning-tree bpduguard

Syntax Description

enable

Enables BPDU guard on this interface.

disable

Disables BPDU guard on this interface.

Command Modes

Interface configuration (config-if)

Template configuration (config-template)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

BPDU guard prevents a port from receiving BPDUs. Typically, this feature is used in a service-provider environment where the network administrator wants to prevent an access port from participating in the spanning tree. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure. This command has three states:

  • spanning-tree bpduguard enable : Unconditionally enables BPDU guard on the interface.

  • spanning-tree bpduguard disable : Unconditionally disables BPDU guard on the interface.

  • no spanning-tree bpduguard : E nables BPDU guard on the interface if it is in the operational PortFast state and if the spanning-tree portfast bpduguard default command is configured.

Examples

This example shows how to enable BPDU guard on this interface:


Device(config-if)# spanning-tree bpduguard enable
Device(config-if)# 

The following example shows how to enable BPDU guard on an interface using interface template:


Device# configure terminal
Device(config)# template user-template1
Device(config-template)# spanning-tree bpduguard enable 
Device(config-template)# end
 

spanning-tree bridge assurance

To enable bridge assurance on all network ports on the device, use the spanning-tree bridge assurance command in global configuration mode. To disable bridge assurance, use the no form of this command.

spanning-tree bridge assurance

no spanning-tree bridge assurance

Syntax Description

This command has no arguments or keywords.

Command Default

Bridge assurance is enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Bridge assurance protects against a unidirectional link failure or other software failure and a device that continues to forward data traffic when it is no longer running the spanning tree algorithm.

Bridge assurance is enabled only on spanning tree network ports that are point-to-point links. Both ends of the link must have bridge assurance enabled. If the device on one side of the link has bridge assurance enabled and the device on the other side either does not support bridge assurance or does not have this feature enabled, the connecting port is blocked.

Disabling bridge assurance causes all configured network ports to behave as normal spanning tree ports.

Examples

This example shows how to enable bridge assurance on all network ports on the switch:


Device(config)# 
spanning-tree bridge assurance
Device(config)# 

This example shows how to disable bridge assurance on all network ports on the switch:


Device(config)# 
no spanning-tree bridge assurance
Device(config)# 

spanning-tree cost

To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command in interface configuration or template configuration mode. To revert to the default value, use the no form of this command.

spanning-tree cost cost

no spanning-tree cost

Syntax Description

cost

Path cost. The range is from 1 to 200000000.

Command Modes

Interface configuration (config-if)

Template configuration (config-template)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When you specify a value for the cost argument, higher values indicate higher costs. This range applies regardless of the protocol type specified.

If a loop occurs, spanning tree uses the path cost when selecting an interface to place into the forwarding state. A lower path cost represents higher-speed transmission.

Examples

The following example shows how to access an interface and set a path cost value of 250 for the spanning tree VLAN associated with that interface:


Router(config)# interface ethernet 2/0
Router(config-if)# spanning-tree cost 250

The following example shows how to set a path cost value of 250 for the spanning tree VLAN associated with an interface using an interface template:


Device# configure terminal
Device(config)# template user-template1
Device(config-template)# spanning-tree cost 250 
Device(config-template)# end
 

spanning-tree etherchannel guard misconfig

To display an error message when a loop due to a channel misconfiguration is detected, use the spanning-tree etherchannel guard misconfig command in global configuration mode. To disable the error message, use the no form of this command.

spanning-tree etherchannel guard misconfig

no spanning-tree etherchannel guard misconfig

Syntax Description

This command has no arguments or keywords.

Command Default

Error messages are displayed.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

EtherChannel uses either Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) and does not work if the EtherChannel mode of the interface is enabled using the channel-group group-number mode on command.

The spanning-tree etherchannel guard misconfig command detects two types of errors: misconfiguration and misconnection errors. A misconfiguration error is an error between the port-channel and an individual port. A misconnection error is an error between a device that is channeling more ports and a device that is not using enough Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) to detect the error. In this case, the device will only error disable an EtherChannel if the switch is a nonroot device.

When an EtherChannel-guard misconfiguration is detected, this error message displays:


msgdef(CHNL_MISCFG, SPANTREE, LOG_CRIT, 0, “Detected loop due to etherchannel misconfiguration of %s %s”)

To determine which local ports are involved in the misconfiguration, enter the show interfaces status err-disabled command. To check the EtherChannel configuration on the remote device, enter the show etherchannel summary command on the remote device.

After you correct the configuration, enter the shutdown and the no shutdown commands on the associated port-channel interface.

Examples

This example shows how to enable the EtherChannel-guard misconfiguration:

Device(config)# spanning-tree etherchannel guard misconfig 
 Device(config)# 

spanning-tree extend system-id

To enable the extended-system ID feature on chassis that support 1024 MAC addresses, use the spanning-tree extend system-id command in global configuration mode. To disable the extended system identification, use the no form of this command.

spanning-tree extend system-id

no spanning-tree extend system-id

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled on systems that do not provide 1024 MAC addresses.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Enabling or disabling the extended-system ID updates the bridge IDs of all active Spanning Tree Protocol (STP) instances, which might change the spanning-tree topology.

Examples

This example shows how to enable the extended-system ID:


Device(config)# spanning-tree extend system-id 
Device(config)#

spanning-tree guard

To enable or disable the guard mode, use the spanning-tree guard command in interface configuration and template configuration mode. To return to the default settings, use the no form of this command.

spanning-tree guard { loop | root | none }

no spanning-tree guard

Syntax Description

loop

Enables the loop-guard mode on the interface.

root

Enables root-guard mode on the interface.

none

Sets the guard mode to none.

Command Default

Guard mode is disabled.

Command Modes

Interface configuration (config-if)

Template configuration (config-template)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

This example shows how to enable root guard:


Device(config-if)# spanning-tree guard root
Device(config-if)#

The following example shows how to enable root guard on an interface using an interface template:


Device# configure terminal
Device(config)# template user-template1
Device(config-template)# spanning-tree guard root 
Device(config-template)# end
 

spanning-tree link-type

To configure a link type for a port, use the spanning-tree link-type command in the interface configuration and template configuration mode. To return to the default settings, use the no form of this command.

spanning-tree link-type { point-to-point | shared }

no spanning-tree link-type

Syntax Description

point-to-point

Specifies that the interface is a point-to-point link.

shared

Specifies that the interface is a shared medium.

Command Default

Link type is automatically derived from the duplex setting unless you explicitly configure the link type.

Command Modes

Interface configuration (config-if)

Template configuration (config-template)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Rapid Spanning Tree Protocol Plus (RSTP+) fast transition works only on point-to-point links between two bridges.

By default, the switch derives the link type of a port from the duplex mode. A full-duplex port is considered as a point-to-point link while a half-duplex configuration is assumed to be on a shared link.

If you designate a port as a shared link, RSTP+ fast transition is forbidden, regardless of the duplex setting.

If you connect a port (local port) to a remote port through a point-to-point link and the local port becomes a designated port, the device negotiates with the remote port and rapidly changes the local port to the forwarding state

Examples

This example shows how to configure the port as a shared link:


Device(config-if)# spanning-tree link-type shared
Device(config-if)# 

The following example shows how to configure the port as a shared link using an interface template:


Device# configure terminal
Device(config)# template user-template1
Device(config-template)# spanning-tree link-type shared 
Device(config-template)# end
 

spanning-tree loopguard default

To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command in global configuration mode. To disab