Cisco IOS Software Releases 12.4 T

Table Of Contents

Extended VLAN ID

Contents

Prerequisites for Extended VLAN ID

Restrictions for Extended VLAN ID

Information About Extended VLAN ID

VLAN Number Space Management

Default Ethernet VLAN Configuration

VLAN Trunking Protocol Guidelines

Other Extended VLAN ID Guidelines

How to Configure an Extended VLAN ID

Configuring an Extended VLAN

Prerequisites

Restrictions

Troubleshooting Tips

Configuring an Extended-Range VLAN Using an Internal VLAN ID

Deleting an Extended VLAN

Prerequisites

Configuration Examples for Extended VLAN ID

Configuring an Extended VLAN ID: Example

Deleting an Extended VLAN ID: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

monitor session

show mac-address-table

show spanning-tree

spanning-tree vlan

switchport trunk

vlan (global configuration mode)

Feature Information for Extended VLAN ID

Extended VLAN ID

---

First Published: June 28, 2007

Last Updated: June 28, 2007

The IEEE 802.1Q standard provides for support of up to 4096 VLANs. Beginning with Cisco IOS Release 12.4(15)T, you can configure VLAN IDs in the range from 1006 to 4094 on specified routers.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Extended VLAN ID" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Prerequisites for Extended VLAN ID

•Restrictions for Extended VLAN ID

•Information About Extended VLAN ID

•How to Configure an Extended VLAN ID

•Configuration Examples for Extended VLAN ID

•Additional References

•Command Reference

•Feature Information for Extended VLAN ID

Prerequisites for Extended VLAN ID

These are the prerequisites for configuring extended VLAN ID:

•You should understand how to configure VLANs. For information on configuring VLANs, see the "Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.

•The reduced MAC address feature is required to support 4000 VLANs. Cisco IOS Release 12.1(14)E1 and later releases support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, Spanning Tree Protocol (STP) uses the extended system ID (which is the VLAN ID) plus a MAC address to make the bridge ID unique for each VLAN. (Without the reduced MAC address support, 4096 VLANs would require 4096 MAC addresses on the switch.)

•The spanning-tree extended system-ID feature must be enabled. For information on enabling the extended system ID, see the "Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.

---

Note The spanning-tree extended system ID is enabled permanently on chassis that support 64 MAC addresses.

---

The following Cisco routers support the Extended VLAN ID feature:

•Cisco 800 series routers, including models 851, 857, 871, 876, 877, 878

•Cisco 1700 series routers, including models 1711, 1712, 1751, 1751V, 1760

•Cisco 1800 series routers, including models 1801, 1802, 1803, 1811, 1812, 1841

•Cisco 2600 series routers, including models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691

•Cisco 2800 series routers, including models 2801, 2811, 2821, 2851

•Cisco 3600 series routers, including models 3620, 3640, 3640A, 3660

•Cisco 3700 series routers, including models 3725, 3745

•Cisco 3800 series routers, including models 3825, 3845

Restrictions for Extended VLAN ID

These are the restrictions for configuring normal and extended VLANs:

•VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.

•VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them. These VLANs are not displayed.

•You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.

•You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.

•The vlan database mode does not support extended VLAN configuration.

Information About Extended VLAN ID

Before you configure an extended VLAN ID, you should understand the following concepts:

•VLAN Number Space Management

•Default Ethernet VLAN Configuration

•VLAN Trunking Protocol Guidelines

•Other Extended VLAN ID Guidelines

VLAN Number Space Management

Before Cisco IOS Release 12.4(15)T, users were permitted to configure VLANs numbered from 2 to 1001. The remaining VLANs (numbered from 1006 to 4094) were reserved for use as internal VLANs configured by applications. Beginning with Cisco IOS Release 12.4(15)T, all VLAN numbers except those reserved for default and reserved VLANs are available for user configuration. The result is that users and applications share the VLAN number space from 1006 to 4094. To manage this number space effectively, follow these guidelines:

•Internal VLAN numbers begin with 1006 and use the next higher number for each additional VLAN.

•Users should configure extended VLAN ID numbers beginning with 4094 and use the next lower number for each additional VLAN.

•A first-come, first-served policy governs the allocation of numbers to internal VLANs and user-configured VLANs in the extended VLAN number space.

---

Note During system bootup, internal VLANs required for the features in the startup-configuration file are allocated numbers first, followed by user-configured VLANs in the startup configuration.

---

•Before configuring extended-range VLANs, enter the show vlan internal usage privileged EXEC command to see which VLANs have been allocated as internal VLANs.

•If you configure a VLAN number that matches the number of an existing internal VLAN, an error message appears and the extended VLAN configuration is denied.

•To configure an extended VLAN with a number that is assigned to an internal VLAN, follow these steps:

–Shut down the port assigned to the internal VLAN, freeing up the assigned VLAN number.

–Create the extended-range VLAN with the desired VLAN number.

–Reenable the port, which then uses a different VLAN number for its internal VLAN. See the "Configuring an Extended-Range VLAN Using an Internal VLAN ID" section for details.

Default Ethernet VLAN Configuration

Table 1 shows the default configuration for Ethernet VLANs.

---

Note The router supports Ethernet interfaces exclusively. Because Fiber Distributed Data Interface (FDDI) and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other devices.

---

Table 1 Ethernet VLAN Defaults and Ranges 

Parameter	Default	Range
IEEE 802.10 SAID	100001 (100000 plus the VLAN ID)	1 to 4294967294
MTU size	1500	1500 to 18190
Private VLANs	none configured	2 to 1001, 1006 to 4094.
Remote SPAN	disabled	enabled, disabled
Translational bridge 1	0	0 to 1005
Translational bridge 2	0	0 to 1005
VLAN ID	1	1 to 4094. Note Extended-range VLANs (VLAN IDs 1006 to 4094) are not saved in the VLAN database.
VLAN name	VLANxxxx, where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number	No range
VLAN state	active	active, suspend

VLAN Trunking Protocol Guidelines

These are the guidelines for using extended VLAN ID with VLAN Trunking Protocol (VTP):

•Extended range VLANs are not controlled by VTP.

•VLANs in the extended range cannot be pruned. The VLAN range for the switchport trunk pruning vlan command remains 1-1005.

•The VTP supported VLAN configuration (VLANs 1-1005) is included in the Cisco IOS configuration file only when the device is in VTP transparent mode.

•VTP learns only normal-range VLANs, with VLAN IDs 1 to 1005; extended-range VLANs are not stored in the VLAN database. The router must be in VTP transparent mode when you create extended-range VLANs.

Other Extended VLAN ID Guidelines

Follow these guidelines when configuring extended VLAN IDs:

•ISL-1Q mapping has been modified to accept extended range VLANs and normal range VLANs when specifying the ISL VLAN.

•During system bootup, internal VLANs from the extended VLAN space are allocated after the VLAN and mapping commands from the startup configuration file have been parsed and executed.

---

Note Mapping a VLAN to a reserved or internal VLAN is not allowed.

---

•Extended-range VLANs are not saved in the VLAN database; they are saved in the switch that runs the configuration file. You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command.

How to Configure an Extended VLAN ID

Extended VLANs have VLAN IDs in the range from 1006 to 4094. You can create or delete extended VLANs using the command-line interface (CLI) in the config-vlan submode. All extended VLANs are created with the primary type (for example, Ethernet) appropriate for the device. Configurable VLAN parameters include maximum transmission unit (MTU) size, private VLAN, and remote switched port analyzer (RSPAN). All other extended VLAN parameters use the default values.

For detailed information on default values for extended VLAN parameters, see the "VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.

For detailed information on VLANs and configuring VLAN IDs see the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.

This section contains instructions for the following tasks:

•Configuring an Extended VLAN

•Configuring an Extended-Range VLAN Using an Internal VLAN ID

•Deleting an Extended VLAN

Configuring an Extended VLAN

When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094). The extended-range VLAN IDs are allowed for any commands that allow VLAN IDs. You always use config-vlan mode (accessed by entering the vlan vlan-id global configuration command) to configure extended-range VLANs. The extended range is not supported in VLAN database configuration mode (accessed by entering the vlan database privileged EXEC command).

Extended-range VLAN configurations are not stored in the VLAN database, but because VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command.

To configure a new extended VLAN, follow the steps below.

Prerequisites

•Extended VLANs can be configured only in the global configuration mode.

•The router must be in VTP transparent mode to configure an extended VLAN.

Restrictions

These are the restrictions for configuring extended VLANs:

•You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.

•You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.

•The vlan database mode does not support extended VLAN configuration.

•The extended-range VLAN has the default Ethernet VLAN characteristics (see Table 1), and the MTU size, private VLAN, and RSPAN configuration are the only parameters you can change.

SUMMARY STEPS

1. enable

2. configure terminal

3. vtp mode transparent

4. vlan {vlan-id | vlan-range}

5. mtu mtu-size

6. remote-span

7. end

8. copy running-config startup config

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	vtp mode transparent Example: Router(config)# vtp mode transparent	Disables VTP.
Step 4	vlan {vlan-id | vlan-range) Example: Router(config)# vlan 4025	Creates or modifies an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list. The range for the extended VLAN_ID argument is from 1006 to 4094. Note Do not enter space characters.
Step 5	mtu mtu-size Example: Router(config)# mtu 1600	(Optional) Modifies the VLAN by changing the MTU size. Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.
Step 6	remote-span Example: Router(config)# remote-span	(Optional) Configures the VLAN as the RSPAN VLAN. Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs. See the "Configuring a VLAN as an RSPAN VLAN" section of the "Configuring SPAN and RSPAN" chapter in the Catalyst 3750 Switch Software Configuration Guide, Release 12.2(35)SE.
Step 7	Router(config-vlan)# end Example: Router(config-vlan)# end	Returns to privileged EXEC mode.
Step 8	copy running-config startup config Example: Router# copy running-config startup config	Saves your entries in the startup configuration file. To save extended-range VLAN configurations, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.

Troubleshooting Tips

To verify your VLAN configuration, use the show vlan command in privileged EXEC mode to display summary configuration information for all configured VLANs.

Configuring an Extended-Range VLAN Using an Internal VLAN ID

If you enter an extended-range VLAN ID that is already assigned to an internal VLAN, an error message appears, and the extended-range VLAN is rejected. To manually free an internal VLAN ID, you must temporarily shut down the router port that is using the internal VLAN ID. Shutting down the port releases the VLAN ID for use with another VLAN.

After you shut down the port, you can configure the VLAN with the released VLAN ID and then reenable the port.

SUMMARY STEPS

1. enable

2. show vlan internal usage

3. configure terminal

4. interface interface-id

5. shutdown

6. exit

7. vtp mode transparent

8. vlan {vlan-id}

9. exit

10. interface interface-id

11. no shutdown

12. end

13. copy running-config startup config

	Command	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	show vlan internal usage Example: Router# show vlan internal usage	Displays the VLAN IDs being used internally by the switch. If the VLAN ID that you want to use is an internal VLAN, the display shows the router port that is using the VLAN ID. Enter that port number in Step 4.
Step 3	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 4	interface interface-id Example: Router(config)# interface ethernet 0/1	Specifies the interface ID for the routed port that is using the VLAN ID and enters interface configuration mode.
Step 5	shutdown Example: Router(config-interface)# shutdown	Shuts down the port to free the internal VLAN ID.
Step 6	exit Example: Router(config-interface) exit	Returns to global configuration mode.
Step 7	vtp mode transparent Example: Router(config)# vtp mode transparent	Sets the VTP mode to transparent for creating extended-range VLANs.
Step 8	vlan vlan-id Example: Router(config)# vlan 2520	Enters the new extended-range VLAN ID and enters config-vlan mode.
Step 9	exit Example: Router(config-vlan)# exit	Exits from config-vlan mode, and returns to global configuration mode.
Step 10	interface interface-id Example: Router(config)# interface ethernet 0/1	Specifies the interface ID for the router port that you shut down in Step 5, and enters interface configuration mode.
Step 11	no shutdown Example: Router(config-interface)# no shutdown	Reenables the router port, which will be assigned a new internal VLAN ID.
Step 12	end Example: Router(config-interface)# end	Returns to privileged EXEC mode.
Step 13	copy running-config startup config Example: Router# copy running-config startup config	Saves your entries in the switch startup configuration file. To save an extended-range VLAN configuration, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the router startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.

Deleting an Extended VLAN

To delete an extended VLAN, follow the steps below.

Prerequisites

•Extended VLANs can be deleted only in the global configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. no vlan {vlan-id | vlan-range}

4. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	no vlan {vlan-id | vlan-range) Example: Router(config)# no vlan 4025	Deletes an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list. The range for the extended VLAN_ID argument is from 1006 to 4094. Note Do not enter space characters. Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.
Step 4	end Example: Router(config-vlan)# end	Updates the VLAN database and returns to privileged EXEC mode.

Configuration Examples for Extended VLAN ID

The following examples show how to configure and delete a VLAN with an extended VLAN ID:

•Configuring an Extended VLAN ID: Example

•Deleting an Extended VLAN ID: Example

Configuring an Extended VLAN ID: Example

The following example shows how to configure a VLAN with the VLAN ID 4072:

enable

configure terminal

vtp mode transparent

vlan 4072

end

copy running-config startup config

Deleting an Extended VLAN ID: Example

The following example shows how to delete VLAN 4072:

enable

configure terminal

no vlan 4072

end

Additional References

The following sections provide references related to the Extended VLAN ID feature.

Related Documents

Related Topic	Document Title
Configuring VLANs	"Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.
Default VLAN configuration	"VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.
Enabling the spanning-tree extended system-ID feature	"Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E
Cisco IOS LAN Switching commands	Cisco IOS LAN Switching Command Reference, Release 12.2SR

Standards

Standard	Title
IEEE 802.1Q	IEEE 802.1Q—Virtual LANs

MIBs

MIB	MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFC	Title
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.	—

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Command Reference

This section documents commands that are new or modified.

•monitor session

•show mac-address-table

•show spanning-tree

•spanning-tree vlan

•switchport trunk

•vlan (global configuration mode)

monitor session

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

To start a new Switched Port Analyzer (SPAN) session, add or delete interfaces from an existing SPAN session, or delete a SPAN session, use the monitor session command in global configuration mode. To remove one or more source interfaces or destination interfaces from the SPAN session, use the no form of this command.

Source Interface

monitor session session source interface type/slot/port [, | - | rx | tx | both]

no monitor session session source interface type/slot/port [, | - | rx | tx | both]

Destination Interface

monitor session session destination interface type/slot/port [, | -]

no monitor session session destination interface type/slot/port [, | -]

Session

monitor session session

no monitor session session

Cisco 6500/6000 Catalyst Switches and Cisco 7600 Series Routers

To start a new ERSPAN, SPAN, or RSPAN session, add or delete interfaces or VLANs to or from an existing session, filter ERSPAN, SPAN, or RSPAN traffic to specific VLANs, or delete a session, use the monitor session command in global configuration mode. To remove one or more source or destination interfaces from the session, remove a source VLAN from the session, or delete a session, use the no form of this command.

Setting the Source Interface or VLAN

monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id}

no monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id}

Setting the Destination Interface or VLAN

monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id | analysis-module slot-number | {data-port port-number}

no monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id | analysis-module slot-number | data-port port-number}

Setting the Filter VLAN

monitor session session-number filter vlan vlan-range

no monitor session session-number filter vlan vlan-range

Setting the Session Type

monitor session session-number type {erspan-source | erspan-destination}

no monitor session {range session-range | local | remote | all | session}

Enabling a Service Module

monitor session servicemodule mod-list

no monitor session servicemodule mod-list

Syntax Description

session-number	Number of the SPAN session. For Cisco 2600, 3600, and 3700 series routers, valid values are 1 and 2. For Cisco 6500/6000 and 7600 series routers, valid values are 1 to 66.
source	Specifies the SPAN source.
destination	Specifies the SPAN destination interface.
interface type	(Optional) Specifies the interface type. For the Cisco 2600, 3600, and 3700 series routers, valid values are fastethernet and gigabitethernet. For the Cisco 6500/6000 and 7600 series routers, valid values are ethernet, fastethernet, gigabitethernet, or tengigabitethernet. See the "Usage Guidelines" for formatting information.
slot	(Optional) Specifies the interface number; valid entries are 1 and 2.
port	(Optional) Port interface number ranges based on type of Ethernet switch network module used: 0 to 15 for NM-16ESW 0 to 35 for NM-36ESW 0 to 1 for GigabitEthernet
interface type/slot/port	Specifies the interface type and number; valid values are ethernet (1 to 9), fastethernet (1 to 9), gigabitethernet (1 to 9), and port-channel (see the "Usage Guidelines" section).
,	(Optional) Specifies a series of SPAN VLANs.
-	(Optional) Specifies a range of SPAN VLANs.
rx	(Optional) Specifies monitor received traffic only.
tx	(Optional) Specifies monitor transmitted traffic only.
both	(Optional) Specifies monitor received and transmitted traffic.
vlan vlan-id	Specifies the VLAN identification. For the Cisco 2600, 3600, and 3700 series routers, the valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094. For the Cisco 6500/6000 and 7600 series routers, valid values are 1 to 4094.
remote vlan rspan-vlan-id	Specifies the RSPAN VLAN as a destination VLAN.
destination	Specifies the SPAN-destination interface.
analysis-module slot-number	Specifies the network analysis module number; see the "Usage Guidelines" section for additional information.
data-port port-number	Specifies the data port number; see the "Usage Guidelines" section for additional information.
filter vlan vlan-range	Limits SPAN-source traffic to specific VLANs. Note The filter keyword is not supported on the Cisco 2600 series or the Cisco 3600 series routers.
servicemodule	Specifies service modules. See the "Usage Guidelines" for a list of the valid values.
mod-list	List of service module numbers.
type erspan-destination	Enters the ERSPAN destination-session configuration mode. See the monitor session type command for additional information.
type erspan-source	Enters the ERSPAN source-session configuration mode. See the monitor session type command for additional information.
range session-range	Specifies the range of sessions.
local	Specifies the local session.
remote	Specifies the remote session.
all	Specifies all sessions.

Command Default

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

A trunking interface monitors all VLANs and all received and transmitted traffic.

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

The defaults are as follows:

•both—Received and transmitted traffic are monitored.

•servicemodule—All service modules are allowed to use the SPAN service module session.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.0(7)XE	This command was introduced on the Catalyst 6000 family switches.
12.1(1)E	Support for this command on the Catalyst 6000 family switches was extended to Cisco IOS Release 12.1(1)E.
12.1(3a)E3	The number of valid values for the port-channel number was changed; see the "Usage Guidelines" section for valid values.
12.1(5c)EX	These SPAN support restrictions were added: •If your switch has a Switch Fabric Module installed, SPAN is supported among supervisor engines and nonfabric-enabled modules. •If your switch does not have a Switch Fabric Module installed, SPAN is supported on all modules, including fabric-enabled modules. •SPAN on DFC-equipped modules is not supported.
12.2(2)XT	This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(17a)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17b)SXA	This command was changed to support the SSO mode and change the default mode.
12.2(17d)SXB	Support for this command was introduced on the Supervisor Engine 2.
12.2(18)SXE	This command was changed as follows on the Supervisor Engine 720 only: •Added the type erspan-source and the type erspan-source keywords to support ERSPAN; see the monitor session type command for additional information. •Added the mod-list argument to the monitor session servicemodule command to allow you to enable or disable the SPAN service module session for a list of modules. •In the transmit or transmit and receive directions, you can specify up to 128 physical interfaces as the source.
12.4(15)T	This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.

Usage Guidelines

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The port-channel number supports six EtherChannels and eight ports in each channel.

Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you will get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

Ciso 6500/6000 Catalyst Switches

The number of valid values for port-channel number depends on the software release. For Cisco IOS releases prior to software Release 12.1(3a)E3, valid values are from 1 to 256; for Cisco IOS Release 12.1(3a)E3, 12.1(3a)E4, and 12.1(4)E1, valid values are from 1 to 64. Cisco IOS Release 12.1(5c)EX and later support a maximum of 64 values ranging from 1 to 256.

Only one destination per SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

You can configure up to 64 SPAN destination interfaces, but you can have one egress SPAN source interface and up to 64 ingress source interfaces only.

A SPAN session can either monitor VLANs or monitor individual interfaces, but it cannot monitor both specific interfaces and specific VLANs. Configuring a SPAN session with a source interface and then trying to add a source VLAN to the same SPAN session causes an error. Configuring a SPAN session with a source VLAN and then trying to add a source interface to that session also causes an error. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.

Port channel interfaces display in the list of interface options if you have them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.

The following servicemodule mod-list values are valid for the Cisco 6500/6000 Catalyst switches:

•bpdu—Enables Bridge Protocol Data Units (BPDUs) of service modules.

•module—Specifies a list of service modules.

•network-analysis-module—Enables Network Analysis Module (NAM) service module.

Cisco 7600 Series Routers

Use these formatting guidelines when configuring monitor sessions:

•interface and single-interface formats are type slot/port; valid values for type are ethernet, fastethernet, gigabitethernet, or tengigabitethernet.

•An interface-list is a list of interfaces that are separated by commas. Insert a space before and after each comma as shown in this example:

single-interface , single-interface , single-interface

•An interface-range is a range of interfaces that are separated by dashes. Insert a space before and after each dash. To enter multiple ranges, separate each range with a comma as shown in this example:

type slot/first-port , last-port

•A mixed-interface-list is a mixed list of interfaces. Insert a space before and after each dash and comma as shown in this example:

single-interface, - interface-range , ... in any order.

•A single-vlan is an ID number of a single VLAN; valid values are from 1 to 4094.

•A vlan-list is a list of VLAN IDs that are separated by commas. An example is shown as follows:

single-vlan , single-vlan , single-vlan ...

•A vlan-range is a range of VLAN IDs that are separated by dashes. An example is shown as follows:

first-vlan-ID - last-vlan-ID

•A mixed-vlan-list is a mixed list of VLAN IDs. Insert a space before and after each dash. To enter multiple ranges, separate each VLAN ID with a comma as shown in this example:

single-vlan , vlan-range , ... in any order

•The servicemodule keyword has only one valid value:

–module—Specifies a list of service modules.

The analysis-module slot-number and the data-port port-number keywords and arguments are supported only on NAM.

The number of valid values for port-channel number are a maximum of 64 values ranging from 1 to 256.

You cannot share the destination interfaces among SPAN sessions. For example, a single destination interface can belong to one SPAN session only and cannot be configured as a destination interface in another SPAN session.

---

Note Be careful when configuring SPAN-type source ports that are associated to SPAN-type destination ports because you do not configure SPAN on high-traffic interfaces. If you configure SPAN on high-traffic interfaces, you may saturate fabric channels, replication engines, and interfaces. To configure SPAN-type source ports that are associated to SPAN-type destination ports, enter the monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id} command.

---

The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN session limits are as follows:

Total Sessions	Local SPAN, RSPAN Source, or ERSPAN Source Sessions	RSPAN Destination Sessions	ERSPAN Destination Sessions
66	2 (ingress or egress or both)	64	23

The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN source and destination limits are as follows:

	In Each Local SPAN Session	In Each RSPAN Source Session	In Each ERSPAN Source Session	In Each RSPAN Destination Session	In Each ERSPAN Destination Session
Egress or ingress and egress sources				—	—
With releases earlier than Release 12.2(18)SXE	1	1	1
Release 12.2(18)SXE and later releases	128	128	128
Ingress sources				—	—
With releases earlier than Release 12.2(18)SXD	64	64	64
Release 12.2(18)SXD and later releases	128	128	128
RSPAN and ERSPAN destination session sources	—	—	—	1 RSPAN VLAN	1 IP address
Destinations per session	64	1 RSPAN VLAN	1 IP address	64	64

---

Note•Supervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.

•Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.

---

The Supervisor Engine 2 local SPAN and RSPAN session limits are as follows:

Total Sessions	Local SPAN Sessions	RSPAN Source Sessions	RSPAN Destination Sessions
66	2 (ingress or egress or both)	0	64
	1 ingress	1 (ingress or egress or both)	64
	1 or 2 egress	0	64

The Supervisor Engine 2 local SPAN and RSPAN source and destination limits are as follows:

	In Each Local SPAN Session	In Each RSPAN Source Session	In Each RSPAN Destination Session
Egress or egress and ingress sources	1 (0 with a remote SPAN source session configured)	1 (0 with a local SPAN egress source session configured)	—
Ingress sources			—
With releases earlier than Release 12.2(18)SXD	64	64
Release 12.2(18)SXD and later releases	128	128
RSPAN destination session source	—	—	1 RSPAN VLAN
Destinations per session	64	1 RSPAN VLAN	64

---

Note Supervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.

---

---

Note Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.

---

A particular SPAN session can either monitor the VLANs or monitor individual interfaces—you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you get an error. You also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.

The port-channel interfaces display in the list of interface options if you have them configured. The VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.

The show monitor command displays the SPAN service module session only if it is allocated in the system. It also displays a list of allowed modules and a list of active modules that can use the service module session.

Only the no form of the monitor session servicemodule command is displayed when you enter the show running-config command.

If no module is allowed to use the service module session, the service module session is automatically deallocated. If at least one module is allowed to use the service module session and at least one module is online, the service module session is automatically allocated.

If you allow or disallow a list of modules that are not service modules from using the service module session, there will be no effect on the allocation or deallocation of the service module session. Only the list of modules is saved in the configuration.

If you disable the SPAN service module session with the no monitor session sericemodule command, allowing or disallowing a list of modules from using the service module session has no effect on the allocation or deallocation of the service module session. Only the list of modules is saved in the configuration.

The monitor session sericemodule command is accepted even if there are no modules physically inserted in any slot.

Examples

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The following example shows how to add a destination VLAN to an existing SPAN session:

Router(config)# monitor session 1 destination interface fastEthernet 2/0

Cisco 6500/600 Catalyst Switches

The following example shows how to add a destination VLAN to an existing SPAN session:

Router(config)# monitor session 1 destination vlan 100

The following example shows how to delete a destination VLAN from an existing SPAN session:

Router(config)# no monitor session 1 destination vlan 100

The following example shows how to limit SPAN traffic to specific VLANs:

Router(config)# monitor session 1 filter vlan 100 - 304

Cisco 7600 Series Routers

This example shows how to configure multiple sources for a session:

Router(config)# monitor session 2 source interface fastethernet 5/15 , 7/3 rx

Router(config)# monitor session 2 source interface gigabitethernet 1/2 tx 

Router(config)# monitor session 2 source interface port-channel 102 

Router(config)# monitor session 2 source filter vlan 2 - 3

Router(config)# monitor session 2 destination remote vlan 901

This example shows how to configure an RSPAN destination in the final switch (RSPAN destination session):

Router(config)# monitor session 8 source remote vlan 901

Router(config)# monitor session 8 destination interface fastethernet 1/2 , 2/3

This example shows how to clear the configuration for sessions 1 and 2:

Router(config)# no monitor session 1 - 2

Router(config)#

This example shows how to clear the configuration for all sessions:

Router(config)# no monitor session all

Router(config)#

This example shows how to clear the configuration for all remote sessions:

Router(config)# no monitor session remote

Router(config)#

This example shows how to allow a list of modules to use the SPAN service module session:

Router(config)# monitor session servicemodule module 1 - 2

Router(config)#

This example shows how to disallow a list of modules from using the SPAN service module session:

Router(config)# no monitor session servicemodule module 1 - 2

Router(config)#

Related Commands

Command	Description
remote-span	Configures a VLAN as an RSPAN VLAN.
show monitor	Displays SPAN session information.
show monitor session	Displays information about the ERSPAN, SPAN, and RSPAN sessions.

show mac-address-table

To display the MAC address table, use the show mac-address-table command in privileged EXEC mode.

Cisco 2600, 3600, and 3700 Series Routers

show mac-address-table [static | dynamic | secure | self | aging-time | count] [address mac-addr] [interface interface-type] [fa | gi slot/port] [vlan vlan-id]

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

show mac-address-table

show mac-address-table address mac-addr [all | interface interface-type interface-number | module number | vlan vlan-id]

show mac-address-table aging-time [vlan vlan-id]

show mac-address-table count [module number | vlan vlan-id]

show mac-address-table dynamic [address mac-addr | interface interface-type interface-number | module number | vlan vlan-id]

show mac-address-table interface interface-type interface-number

show mac-address-table limit [vlan vlan-id | module number | interface interface-type]

show mac-address-table module number

show mac-address-table multicast [count | {igmp-snooping | mld-snooping [count] | user [count] | vlan vlan-id}]

show mac-address-table multicast [count | igmp-snooping | mld-snooping | user | vlan vlan-id ]

show mac-address-table notification {mac-move | threshold}

show mac-address-table static [address mac-addr | detail | interface interface-type interface-number | vlan vlan-id | module number]

show mac-address-table synchronize statistics

show mac-address-table unicast-flood

show mac-address-table vlan vlan-id [module number]

Syntax Description

static	(Optional) Displays information about the static MAC address table entries only.
dynamic	(Optional) Displays information about the dynamic MAC address table entries only.
secure	(Optional) Displays only the secure addresses.
self	(Optional) Displays only addresses added by the switch itself.
aging-time	(Optional) Displays aging-time for dynamic addresses for all VLANs.
count	(Optional) Displays the number of entries that are currently in the MAC address table. See the "Usage Guidelines" for valid values.
address mac-addr	Displays information about the MAC address table for a specific MAC address. See the "Usage Guidelines" section for formatting information.
interface interface-type	(Optional) Displays addresses for a specific port.
interface interface	(Optional) Displays information about a specific interface type. For the Cisco 6500/6000 series, valid values are atm, fastethernet, gigabitethernet, and port-channel. For the Cisco 7600 series, valid values are ethernet, fastethernet, gigabitethernet, tengigabitethernet, pos, atm, and ge-wan.
fa	(Optional) Specifies Fast Ethernet.
gi	(Optional) Specifies Gigabit Ethernet.
slot/port	(Optional) Adds dynamic addresses to the module in slot 1 or 2.
atm slot/port	(Optional) Adds dynamic addresses to ATM module slot/port. Use 1 or 2 for the slot number. Use 0 as the port number.
vlan vlan-id	(Optional) Displays addresses for a specific VLAN. For the Cisco 2600, 3600, and 3700 series, valid values are from 1 to 1005; do not enter leading zeroes. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094. For the Cisco 6500/6000 and 7600 series, valid values are from 1 to 4094.
all	(Optional) Displays every instance of the specified MAC address in the forwarding table.
interface-number	(Optional) Module and port number; see the "Usage Guidelines" section for valid values.
module number	(Optional) Displays information about the MAC address table for a specific Distributed Forwarding Card (DFC) module.
limit	Displays MAC-usage information.
port number	(Optional) Displays MAC-usage information for the specified port.
multicast	Displays information about the multicast MAC address table entries only.
igmp-snooping	Displays the addresses learned by IGMP snooping.
mld-snooping	Displays the addresses learned by Multicast Listener Discover version 2 (MLDv2) snooping.
user	Displays the manually entered (static) addresses.
notification mac-move	Displays the MAC-move notification status.
notification threshold	Displays the Counter-Addressable Memory (CAM) table utilization notification status.
synchronize statistics	Displays information about the statistics collected on the switch processor/DFC.
unicast-flood	Displays unicast-flood information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
11.2(8)SA	This command was introduced.
11.2(8)SA3	The self, aging-time, count, and vlan vlan-id keywords and arguments were added.
11.2(8)SA5	The atm slot/port keyword and arguments were added.
12.2(2)XT	This command was implemented on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(11)T	This command was integrated into Cisco IOS Release 12.2(11)T.
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17a)SX	For the Cisco 6500/6000 and 7600 series, this command was changed to support the following optional keywords and arguments: •unicast-flood •count module number •limit [vlan vlan | port number | interface interface-type] •notification threshold
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(18)SXE	For the Cisco 6500/6000 and 7600 series, this command was changed to support the mld-snooping keyword on the Supervisor Engine 720 only.
12.2(18)SXF	For the Cisco 6500/6000 and 7600 series, this command was changed to support the synchronize statistics keywords on the Supervisor Engine 720 only.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T	This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.

Usage Guidelines

Cisco 2600, 3600 , and 3700 Series Routers

This command displays the MAC address table for the switch. Specific views can be defined by using the optional keywords and arguments. If more than one optional keyword is used, then all the conditions must be true for that entry to be displayed.

Csico 6500/6000 Catalyst Switches and 7600 Series Routers

If you do not specify a module number, the output of the show mac-address-table command displays information about the supervisor engine. To display information about the MAC address table of the DFCs, you must enter the module number or the all keyword.

The mac-addr is a 48-bit MAC address and the valid format is H.H.H.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.

The optional module number keyword and argument are supported only on DFC modules. The module number keyword and argument designate the module number.

Valid values for mac-group-address are from 1 to 9.

The optional count keyword displays the number of multicast entries.

•append—Appends redirected output to the URL.

•begin—Begins with the matching line.

•exclude—Excludes matching lines.

•include—Includes matching lines.

•redirect—Redirects output to the URL.

•tee—Copies output to the URL.

The optional multicast keyword displays the multicast MAC addresses (groups) in a VLAN or displays all statically installed or IGMP snooping-learned entries in the Layer 2 table.

The information that is displayed in the show mac-address-table unicast-flood command output is as follows:

•Up to 50 flood entries, shared across all the VLANs that are not configured to use the filter mode, can be recorded.

•The output field displays are defined as follows:

–ALERT—Information is updated approximately every 3 seconds.

–SHUTDOWN—Information is updated approximately every 3 seconds.

---

Note The information displayed on the destination MAC addresses is deleted as soon as the floods stop after the port shuts down.

---

–Information is updated each time that you install the filter. The information lasts until you remove the filter.

The dynamic entries that are displayed in the Learn field are always set to Yes.

The show mac-address-table limit command output displays the following information:

•The current number of MAC addresses.

•The maximum number of MAC entries that are allowed.

•The percentage of usage.

The show mac-address-table synchronize statistics command output displays the following information:

•Number of messages processed at each time interval.

•Number of active entries sent for synchronization.

•Number of entries updated, created, ignored, or failed.

Examples

Cisco 2600, 3600, and 3700 Series Routers

The following is sample output from the show mac-address-table command:

Router# show mac-address-table

Dynamic Addresses Count:               9

Secure Addresses (User-defined) Count: 0

Static Addresses (User-defined) Count: 0

System Self Addresses Count:           41

Total MAC addresses:                   50

Non-static Address Table:

Destination Address  Address Type  VLAN  Destination Port

-------------------  ------------  ----  --------------------

0010.0de0.e289       Dynamic          1  FastEthernet0/1

0010.7b00.1540       Dynamic          2  FastEthernet0/5

0010.7b00.1545       Dynamic          2  FastEthernet0/5

0060.5cf4.0076       Dynamic          1  FastEthernet0/1

0060.5cf4.0077       Dynamic          1  FastEthernet0/1

0060.5cf4.1315       Dynamic          1  FastEthernet0/1

0060.70cb.f301       Dynamic          1  FastEthernet0/1

00e0.1e42.9978       Dynamic          1  FastEthernet0/1

00e0.1e9f.3900       Dynamic          1  FastEthernet0/1 

Cisco 6500/6000 Catalyst Switches

The following is sample output from the show mac-address-table command:

Switch# show mac-address-table

Dynamic Addresses Count:               9

Secure Addresses (User-defined) Count: 0

Static Addresses (User-defined) Count: 0

System Self Addresses Count:           41

Total MAC addresses:                   50

Non-static Address Table:

Destination Address  Address Type  VLAN  Destination Port

-------------------  ------------  ----  --------------------

0010.0de0.e289       Dynamic          1  FastEthernet0/1

0010.7b00.1540       Dynamic          2  FastEthernet0/5

0010.7b00.1545       Dynamic          2  FastEthernet0/5

0060.5cf4.0076       Dynamic          1  FastEthernet0/1

0060.5cf4.0077       Dynamic          1  FastEthernet0/1

0060.5cf4.1315       Dynamic          1  FastEthernet0/1

0060.70cb.f301       Dynamic          1  FastEthernet0/1

00e0.1e42.9978       Dynamic          1  FastEthernet0/1

00e0.1e9f.3900       Dynamic          1  FastEthernet0/1 

Cisco 7600 Series Routers

---

Note In a distributed Encoded Address Recongition Logic (EARL) switch, the asterisk (*) indicates a MAC address that is learned on a port that is associated with this EARL.

---

This example shows how to display the information about the MAC address table for a specific MAC address; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table address 001.6441.60ca

Codes: * - primary entry

  vlan   mac address     type    learn qos            ports

------+----------------+--------+-----+---+--------------------------

Supervisor:

*  ---  0001.6441.60ca    static  No    --  Router

Router#

This example shows how to display MAC address table information for a specific MAC address; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table address 0100.5e00.0128

Legend: * - primary entry

        age - seconds since last seen

        n/a - not available

  vlan   mac address     type    learn     age              ports

------+----------------+--------+-----+----------+--------------------------

Supervisor:

*   44  0100.5e00.0128    static  Yes          -   Fa6/44,Router

*    1  0100.5e00.0128    static  Yes          -   Router

Module 9:

*   44  0100.5e00.0128    static  Yes          -   Fa6/44,Router

*    1  0100.5e00.0128    static  Yes          -   Router

Router# 

This example shows how to display the currently configured aging time for all VLANs:

Router# show mac-address-table aging-time 

Vlan    Aging Time

----    ----------

*100     300

200     1000

Router# 

This example shows how to display all the dynamic MAC address entries:

Router# show mac-address-table dynamic

Legend: * - primary entry 

age - seconds since last seen 

n/a - not applicable

vlan     mac address      type   learn    age               ports 

------+----------------+--------+-----+----------+-------------------------- 

* 10   0010.0000.0000   dynamic  Yes   n/a        Gi4/1 

* 3    0010.0000.0000   dynamic  Yes   0          Gi4/2 

* 1    0002.fcbc.ac64   dynamic  Yes   265        Gi8/1 

* 1    0009.12e9.adc0   static   No    -          Router

Router# 

This example shows how to display the information about the MAC address table for a specific interface; the Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table interface fastethernet 6/45

Legend: * - primary entry

        age - seconds since last seen

        n/a - not available

  vlan   mac address     type    learn     age              ports

------+----------------+--------+-----+----------+--------------------------

*   45  00e0.f74c.842d   dynamic  Yes          5   Fa6/45

Router#

---

Note A leading asterisk (*) indicates entries from a MAC address that was learned from a packet coming from an outside device to a specific module.

---

This example shows how to display the MAC-move notification status:

Router# show mac-address-table notification mac-move

MAC Move Notification: Enabled

Router# 

This example shows how to display the CAM-table utilization-notification status:

Router# show mac-address-table notification threshold 

Status limit Interval 

-------------+-----------+------------- 

enabled 1 120 

Router# 

This example shows how to display unicast-flood information:

Router# show mac-address-table unicast-flood 

> > Unicast Flood Protection status: enabled 

> > 

> > Configuration: 

> > vlan Kfps action timeout 

> > ------+----------+-----------------+---------- 

> > 2 2 alert none 

> > 

> > Mac filters: 

> > No. vlan source mac addr. installed 

> > on time left (mm:ss) 

> > 

> >-----+------+-----------------+------------------------------+------------------ 

> > 

> > Flood details: 

> > Vlan source mac addr. destination mac addr. 

> > 

> >------+----------------+------------------------------------------------- 

> > 2 0000.0000.cafe 0000.0000.bad0, 0000.0000.babe, 

> > 0000.0000.bac0 

> > 0000.0000.bac2, 0000.0000.bac4, 

> > 0000.0000.bac6 

> > 0000.0000.bac8 

> > 2 0000.0000.caff 0000.0000.bad1, 0000.0000.babf, 

> > 0000.0000.bac1 

> > 0000.0000.bac3, 0000.0000.bac5, 

> > 0000.0000.bac7 

> > 0000.0000.bac9

Router#

This example shows how to display all the static MAC address entries; this Cisco 7600 series router is configured with a Supervisor Engine 720:

Router# show mac-address-table static

Codes: * - primary entry

  vlan   mac address     type    learn qos            ports

------+----------------+--------+-----+---+--------------------------

*  ---  0001.6441.60ca    static  No    --  Router

Router#

This example shows how to display the information about the MAC-address table for a specific VLAN:

Router# show mac-address-table vlan 100

vlan   mac address     type    protocol  qos             ports

-----+---------------+--------+---------+---+--------------------------------

 100  0050.3e8d.6400  static   assigned  --  Router

 100  0050.7312.0cff  dynamic        ip  --  Fa5/9

 100  0080.1c93.8040  dynamic        ip  --  Fa5/9

 100  0050.3e8d.6400  static        ipx  --  Router

 100  0050.3e8d.6400  static      other  --  Router

 100  0100.0cdd.dddd  static      other  --  Fa5/9,Router,Switch

 100  00d0.5870.a4ff  dynamic        ip  --  Fa5/9

 100  00e0.4fac.b400  dynamic        ip  --  Fa5/9

 100  0100.5e00.0001  static         ip  --  Fa5/9,Switch

 100  0050.3e8d.6400  static         ip  --  Router

Router#  

This example shows how to display the information about the MAC address table for MLDv2 snooping:

Router# show mac-address-table multicast mld-snooping

vlan mac address type learn qos ports 

-----+---------------+--------+-----+---+-------------------------------- 

--- 3333.0000.0001 static Yes - Switch,Stby-Switch 

--- 3333.0000.000d static Yes - Fa2/1,Fa4/1,Router,Switch 

--- 3333.0000.0016 static Yes - Switch,Stby-Switch

Router#

Related Commands

Command	Description
clear mac-address-table	Deletes entries from the MAC address table.
mac-address-table aging-time	Configures the aging time for entries in the Layer 2 table.
mac-address-table limit	Enables MAC limiting.
mac-address-table notification mac-move	Enables MAC-move notification.
mac-address-table static	Adds static entries to the MAC address table or configure a static MAC address with IGMP snooping disabled for that address.
mac-address-table synchronize	Synchronizes the Layer 2 MAC address table entries across the PFC and all the DFCs.

show spanning-tree

To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command in privileged EXEC mode.

Cisco 2600, 3660, and 3845 Series Switches

show spanning-tree [bridge-group] [active | backbonefast | blockedports | bridge | brief | inconsistentports | interface interface-type interface-number| root | summary [totals] | uplinkfast | vlan vlan-id]

Cisco 6500/6000 Catalyst Series Switches and Cisco 7600 Series Routers

show spanning-tree [bridge-group | active | backbonefast | bridge [id] | detail | inconsistentports | interface interface-type interface-number | root | summary [total] | uplinkfast | vlan vlan-id | port-channel number | pathcost method]

Syntax Description

bridge-group	(Optional) Specifies the bridge group number. The range is 1 to 255.
active	(Optional) Displays spanning-tree information on active interfaces only.
backbonefast	(Optional) Displays spanning-tree BackboneFast status.
blockedports	(Optional) Displays blocked port information.
bridge	(Optional) Displays status and configuration of this switch.
brief	(Optional) Specifies a brief summary of interface information.
inconsistentports	(Optional) Displays information about inconsistent ports.
interface interface-type interface-number	(Optional) Specifies the type and number of the interface. Enter each interface designator, using a space to separate it from the one before and the one after. Ranges are not supported. Valid interfaces include physical ports and virtual LANs (VLANs). See the "Usage Guidelines" for valid values.
root	(Optional) Displays root-switch status and configuration.
summary	(Optional) Specifies a summary of port states.
totals	(Optional) Displays the total lines of the spanning-tree state section.
uplinkfast	(Optional) Displays spanning-tree UplinkFast status.
vlan vlan-id	(Optional) Specifies the VLAN ID. The range is 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094. If the vlan-id value is omitted, the command applies to the spanning-tree instance for all VLANs.
id	(Optional) Identifies the spanning tree bridge.
detail	(Optional) Shows status and configuration details.
port-channel number	(Optional) Identifies the Ethernet channel associated with the interfaces.
pathcost method	(Optional) Displays the default path-cost calculation method that is used. See the "Usage Guidelines" section for the valid values.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(1)T	This command was introduced.
12.0(5.2)WC(1)	This command was integrated into Cisco IOS Release 12.0(5.2)WC(1).
12.1(6)EA2	This command was integrated into Cisco IOS Release 12.1(6)EA2. The following keywords and arguments were added: bridge-group, active, backbonefast, blockedports, bridge, inconsistentports, pathcost method, root, totals, and uplinkfast.
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(15)ZJ	The syntax added in Cisco IOS Release 12.1(6)EA2 was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.3(4)T	The platform support and syntax added in Cisco IOS Release 12.2(15)ZJ was integrated into Cisco IOS Release 12.3(4)T.
12.4(15)T	This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.

Usage Guidelines

The keywords and arguments that are available with the show spanning-tree command vary depending on the platform you are using and the network modules that are installed and operational.

Cisco 2600, 3660, and 3845 Series Switches

The valid values for interface interface-type are:

•fastethernet—Specifies a Fast Ethernet IEEE 802.3 interface.

•port-channel—Specifies an Ethernet channel of interfaces.

Cisco 6500/6000 Catalyst Switches and 7600 Series Routers

The port-channel number values from 257 to 282 are supported on the Content Switching Module (CSM) and the Firewal Services Module (FWSM) only.

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.

When checking spanning tree-active states and you have a large number of VLANs, you can enter the show spanning-tree summary total command. You can display the total number of VLANs without having to scroll through the list of VLANs.

The valid values for interface interface-type are:

•fastethernet—Specifies a Fast Ethernet IEEE 802.3 interface.

•port-channel—Specifies an Ethernet channel of interfaces.

•atm—Specifies an Asynchronous Transfer Mode (ATM) interface.

•gigabitethernet—Specifies a Gigabit Ethernet IEEE 802.3z interface.

•multilink—Specifies a multilink-group interface.

•serial—Specifies a serial interface.

•vlan—Specifies a catalyst VLAN interface.

The valid values for keyword pathcoast method are:

•append—Appends the redirected output to a URL (supporting the append operation).

•begin—Begins with the matching line.

•exclude—Excludes matching lines.

•include—Includes matching lines.

•redirect—Redirects output to a URL.

•tee—Copies output to a URL.

Examples

Cisco 2600, 3660, and 3845 Series Switches

The following example shows that bridge group 1 is running the VLAN Bridge Spanning Tree Protocol:

Router# show spanning-tree 1

Bridge group 1 is executing the VLAN Bridge compatible Spanning Tree Protocol

Bridge Identifier has priority 32768, address 0000.0c37.b055

Configured hello time 2, max age 30, forward delay 20

We are the root of the spanning tree

Port Number size is 10 bits

Topology change flag not set, detected flag not set

Times: hold 1, topology change 35, notification 2

      hello 2, max age 30, forward delay 20

Timers: hello 0, topology change 0, notification 0

  bridge aging time 300

Port 8 (Ethernet1) of Bridge group 1 is forwarding

   Port path cost 100, Port priority 128

   Designated root has priority 32768, address 0000.0c37.b055

   Designated bridge has priority 32768, address 0000.0c37.b055

   Designated port is 8, path cost 0

   Timers: message age 0, forward delay 0, hold 0

   BPDU: sent 184, received 0

The following is sample output from the show spanning-tree summary command:

Router# show spanning-tree summary

UplinkFast is disabled

Name                 Blocking Listening Learning Forwarding STP Active

-------------------- -------- --------- -------- ---------- ----------

VLAN1                23       0         0        1          24

-------------------- -------- --------- -------- ---------- ----------

              1 VLAN 23       0         0        1          24

Table 2 describes the significant fields shown in the display.

Table 2 show spanning-tree summary Field Descriptions 

Field	Description
UplinkFast	Indicates whether the spanning-tree UplinkFast feature is enabled or disabled.
Name	Name of VLAN.
Blocking	Number of ports in the VLAN in a blocking state.
Listening	Number of ports in a listening state.
Learning	Number of ports in a learning state.
Forwarding	Number of ports in a forwarding state.
STP Active	Number of ports using the Spanning-Tree Protocol.

The following is sample output from the show spanning-tree brief command:

Router# show spanning-tree brief

VLAN1

  Spanning tree enabled protocol IEEE

  ROOT ID    Priority 32768

             Address 0030.7172.66c4

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec 

VLAN1

  Spanning tree enabled protocol IEEE

  ROOT ID    Priority 32768

             Address 0030.7172.66c4

Port                           Designated

Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID

------- ------- ---- ---- ---  ----  -------------- -------

Fa0/11  128.17  128  100  BLK  38    0404.0400.0001 128.17

Fa0/12  128.18  128  100  BLK  38    0404.0400.0001 128.18

Fa0/13  128.19  128  100  BLK  38    0404.0400.0001 128.19

Fa0/14  128.20  128  100  BLK  38    0404.0400.0001 128.20

Fa0/15  128.21  128  100  BLK  38    0404.0400.0001 128.21

Fa0/16  128.22  128  100  BLK  38    0404.0400.0001 128.22

Fa0/17  128.23  128  100  BLK  38    0404.0400.0001 128.23

Fa0/18  128.24  128  100  BLK  38    0404.0400.0001 128.24

Fa0/19  128.25  128  100  BLK  38    0404.0400.0001 128.25

Fa0/20  128.26  128  100  BLK  38    0404.0400.0001 128.26

Fa0/21  128.27  128  100  BLK  38    0404.0400.0001 128.27

Port                           Designated

Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID

------- ------- ---- ---- ---  ----  -------------- -------

Fa0/22  128.28  128  100  BLK  38    0404.0400.0001 128.28

Fa0/23  128.29  128  100  BLK  38    0404.0400.0001 128.29

Fa0/24  128.30  128  100  BLK  38    0404.0400.0001 128.30 Hello Time   2 sec  Max Age 20 
sec  Forward Delay 15 sec 

Table 3 describes the significant fields shown in the display.

Table 3 show spanning-tree brief Field Descriptions 

Field	Description
VLAN1	VLAN for which spanning-tree information is shown.
Spanning tree enabled protocol	Type of spanning tree (IEEE, IBM, CISCO).
ROOT ID	Indicates the root bridge.
Priority	Priority indicator.
Address	MAC address of the port.
Hello Time	Amount of time, in seconds, that the bridge sends bridge protocol data units (BPDUs).
Max Age	Amount of time, in seconds, that a BPDU packet should be considered valid.
Forward Delay	Amount of time, in seconds, that the port spends in listening or learning mode.
Port Name	Interface type and number of the port.
Port ID	Identifier of the named port.
Prio	Priority associated with the port.
Cost	Cost associated with the port.
Sts	Status of the port.
Designated Cost	Designated cost for the path.
Designated Bridge ID	Bridge identifier of the bridge assumed to be the designated bridge for the LAN associated with the port.

The following is sample output from the show spanning-tree vlan 1 command:

Router# show spanning-tree vlan 1

Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol

  Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0

  Configured hello time 2, max age 20, forward delay 15

  Current root has priority 32768, address 0010.0b3f.ac80

  Root port is 5, cost of root path is 10

  Topology change flag not set, detected flag not set, changes 1

  Times:  hold 1, topology change 35, notification 2

          hello 2, max age 20, forward delay 15

  Timers: hello 0, topology change 0, notification 0

Interface Fa0/1  in Spanning tree 1 is down

   Port path cost 100, Port priority 128

   Designated root has priority 32768, address 0010.0b3f.ac80

Designated bridge has priority 32768, address 00e0.1eb2.ddc0

   Designated port is 1, path cost 10

   Timers: message age 0, forward delay 0, hold 0

   BPDU: sent 0, received 0 

Table 4 describes the significant fields shown in the display.

Table 4 show spanning-tree vlan Field Descriptions 

Field	Description
Spanning tree	Type of spanning tree (IEEE, IBM, CISCO).
Bridge Identifier	Part of the bridge identifier and taken as the most significant part for bridge ID comparisons.
address	Bridge MAC address.
Root port	Identifier of the root port.
Topology change	Flags and timers associated with topology changes.

The following is sample output from the show spanning-tree interface fastethernet0/3 command:

Router# show spanning-tree interface fastethernet0/3

Interface Fa0/3 (port 3) in Spanning tree 1 is down

   Port path cost 100, Port priority 128

   Designated root has priority 6000, address 0090.2bba.7a40

   Designated bridge has priority 32768, address 00e0.1e9f.4abf

   Designated port is 3, path cost 410

   Timers: message age 0, forward delay 0, hold 0

   BPDU: sent 0, received 0

Cisco 6500/6000 Series Catalyst Switches and 7600 Series Routers

This example shows how to display a summary of interface information:

Router# show spanning-tree

VLAN0001

  Spanning tree enabled protocol ieee

  Root ID    Priority    4097

             Address     0004.9b78.0800

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)

             Address     0004.9b78.0800

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time 15 

Interface        Port ID                     Designated                Port ID

Name             Prio.Nbr      Cost Sts      Cost Bridge ID            Prio.Nbr

---------------- -------- --------- --- --------- -------------------- --------

Gi2/1            128.65           4 LIS         0  4097 0004.9b78.0800 128.65  

Gi2/2            128.66           4 LIS         0  4097 0004.9b78.0800 128.66  

Fa4/3            128.195         19 LIS         0  4097 0004.9b78.0800 128.195 

Fa4/4            128.196         19 BLK         0  4097 0004.9b78.0800 128.195 

Router#

Table 5 describes the fields that are shown in the example.

Table 5 show spanning-tree Command Output Fields

Field	Definition
Port ID Prio.Nbr	Port ID and priority number.
Cost	Port cost.
Sts	Status information.

This example shows how to display information about the spanning tree on active interfaces only:

Router# show spanning-tree active

UplinkFast is disabled

BackboneFast is disabled

 VLAN1 is executing the ieee compatible Spanning Tree protocol

  Bridge Identifier has priority 32768, address 0050.3e8d.6401

  Configured hello time 2, max age 20, forward delay 15

  Current root has priority 16384, address 0060.704c.7000

  Root port is 265 (FastEthernet5/9), cost of root path is 38

  Topology change flag not set, detected flag not set

  Number of topology changes 0 last change occurred 18:13:54 ago

  Times:  hold 1, topology change 24, notification 2

          hello 2, max age 14, forward delay 10

  Timers: hello 0, topology change 0, notification 0

Router#

This example shows how to display the status of spanning-tree BackboneFast:

Router# show spanning-tree backbonefast

BackboneFast is enabled

BackboneFast statistics

-----------------------

Number of transition via backboneFast (all VLANs) : 0

Number of inferior BPDUs received (all VLANs)     : 0

Number of RLQ request PDUs received (all VLANs)   : 0

Number of RLQ response PDUs received (all VLANs)  : 0

Number of RLQ request PDUs sent (all VLANs)       : 0

Number of RLQ response PDUs sent (all VLANs)      : 0

Router# 

This example shows how to display information about the spanning tree for this bridge only:

Router# show spanning-tree bridge

VLAN1

  Bridge ID  Priority    32768

             Address     0050.3e8d.6401

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

.

Router#

This example shows how to display detailed information about the interface:

Router# show spanning-tree detail

VLAN1 is executing the ieee compatible Spanning Tree protocol 

Bridge Identifier has priority 4096, address 00d0.00b8.1401 

Configured hello time 2, max age 20, forward delay 15 

We are the root of the spanning tree 

Topology change flag not set, detected flag not set 

Number of topology changes 9 last change occurred 02:41:34 ago 

from FastEthernet4/21 

Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 

Timers: hello 1, topology change 0, notification 0, aging 300 

Port 213 (FastEthernet4/21) of VLAN1 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.213. 

Designated root has priority 4096, address 00d0.00b8.1401 

Designated bridge has priority 4096, address 00d0.00b8.1401 

Designated port id is 128.213, designated path cost 0 

Timers: message age 0, forward delay 0, hold 0 

Number of transitions to forwarding state: 1 

BPDU: sent 4845, received 1 

Router# 

This example shows how to display information about the spanning tree for a specific interface:

Router# show spanning-tree interface fastethernet 5/9

Interface Fa0/10 (port 23) in Spanning tree 1 is ROOT-INCONSISTENT 
Port path cost 100, Port priority 128 
Designated root has priority 8192, address 0090.0c71.a400 
Designated bridge has priority 32768, address 00e0.1e9f.8940 

This example shows how to display information about the spanning tree for a specific bridge group:

Router# show spanning-tree 1

UplinkFast is disabled

 BackboneFast is disabled

  Bridge group 1 is executing the ieee compatible Spanning Tree protocol

   Bridge Identifier has priority 32768, address 00d0.d39c.004d

   Configured hello time 2, max age 20, forward delay 15

   Current root has priority 32768, address 00d0.d39b.fddd

   Root port is 7 (FastEthernet2/2), cost of root path is 19

   Topology change flag set, detected flag not set

   Number of topology changes 3 last change occurred 00:00:01 ago

           from FastEthernet2/2

   Times:  hold 1, topology change 35, notification 2

           hello 2, max age 20, forward delay 15 

   Timers: hello 0, topology change 0, notification 0  bridge aging time 15

Port 2 (Ethernet0/1/0) of Bridge group 1 is down

    Port path cost 100, Port priority 128

    Designated root has priority 32768, address 0050.0bab.1808

    Designated bridge has priority 32768, address 0050.0bab.1808

    Designated port is 2, path cost 0

    Timers: message age 0, forward delay 0, hold 0

    BPDU: sent 0, received 0                                

Router#      

This example shows how to display a summary of port states:

Router# show spanning-tree summary 

Root bridge for: Bridge group 1, VLAN0001, VLAN0004-VLAN1005 

 VLAN1013-VLAN1499, VLAN2001-VLAN4094 

EtherChannel misconfiguration guard is enabled 

Extended system ID is enabled 

Portfast is enabled by default 

PortFast BPDU Guard is disabled by default 

Portfast BPDU Filter is disabled by default 

Loopguard is disabled by default 

UplinkFast is disabled 

BackboneFast is disabled 

Pathcost method used is long

Name                   Blocking Listening Learning Forwarding STP Active 

---------------------- -------- --------- -------- ---------- ---------- 

1 bridge               0        0         0        1          1 

3584 vlans 3584 0 0 7168 10752

Blocking Listening Learning Forwarding STP Active 

---------------------- -------- --------- -------- ---------- ---------- 

Total                  3584     0         0        7169       10753 

Router#      

This example shows how to display the total lines of the spanning-tree state section:

Router#  show spanning-tree summary total 

Root bridge for:Bridge group 10, VLAN1, VLAN6, VLAN1000.

Extended system ID is enabled.

PortFast BPDU Guard is disabled

EtherChannel misconfiguration guard is enabled

UplinkFast is disabled

BackboneFast is disabled

Default pathcost method used is long

Name                 Blocking Listening Learning Forwarding STP Active

-------------------- -------- --------- -------- ---------- ----------

           105 VLANs 3433     0         0        105        3538      

BackboneFast statistics

-----------------------

Number of transition via backboneFast (all VLANs) :0

Number of inferior BPDUs received (all VLANs)     :0

Number of RLQ request PDUs received (all VLANs)   :0

Number of RLQ response PDUs received (all VLANs)  :0

Number of RLQ request PDUs sent (all VLANs)       :0

Number of RLQ response PDUs sent (all VLANs)      :0

Router# 

This example shows how to display information about the spanning tree for a specific VLAN:

Router# show spanning-tree vlan 200

VLAN0200 

 Spanning tree enabled protocol ieee 

 Root ID Priority 32768 

    Address 00d0.00b8.14c8 

    This bridge is the root 

    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 Bridge ID Priority 32768 

    Address 00d0.00b8.14c8 

    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

    Aging Time 300

Interface Role Sts Cost Prio.Nbr Status 

---------------- ---- --- --------- -------- -------------------------------- 

Fa4/4 Desg FWD 200000 128.196 P2p 

Fa4/5 Back BLK 200000 128.197 P2p

Router#

Table 0-6 describes the fields that are shown in the example.

Table 0-6 show spanning-tree vlan Command Output Fields 

Field	Definition
Role	Current 802.1w role; valid values are Boun (boundary), Desg (designated), Root, Altn (alternate), and Back (backup).
Sts	Spanning-tree states; valid values are BKN* (broken)1 , BLK (blocking), DWN (down), LTN (listening), LBK (loopback), LRN (learning), and FWD (forwarding).
Cost	Port cost.
Prio.Nbr	Port ID that consists of the port priority and the port number.
Status	Status information; valid values are as follows: •P2p/Shr—The interface is considered as a point-to-point (resp. shared) interface by the spanning tree. •Edge—PortFast has been configured (either globally using the default command or directly on the interface) and no BPDU has been received. •*ROOT_Inc, *LOOP_Inc, *PVID_Inc and *TYPE_Inc—The port is in a broken state (BKN*) for an inconsistency. The port would be (respectively) Root inconsistent, Loopguard inconsistent, PVID inconsistent, or Type inconsistent. •Bound(type)—When in MST mode, identifies the boundary ports and specifies the type of the neighbor (STP, RSTP, or PVST). •Peer(STP)—When in PVRST rapid-pvst mode, identifies the port connected to a previous version of the 802.1D bridge.

1 For information on the *, see the definition for the Status field.

This example shows how to determine if any ports are in the root-inconsistent state:

Router#  show spanning-tree inconsistentports 

Name                 Interface            Inconsistency

-------------------- -------------------- ------------------

 VLAN1               FastEthernet3/1      Root Inconsistent

Number of inconsistent ports (segments) in the system :1

Router# 

Related Commands

Command	Description
spanning-tree backbonefast	Enables BackboneFast on all Ethernet VLANs.
spanning-tree cost	Sets the path cost of the interface for STP calculations.
spanning-tree guard	Enables or disables the guard mode.
spanning-tree pathcost method	Sets the default path-cost calculation method.
spanning-tree portfast (interface configuration mode)	Enables PortFast mode.
spanning-tree portfast bpdufilter default	Enables BPDU filtering by default on all PortFast ports.
spanning-tree portfast bpduguard default	Enables BPDU guard by default on all PortFast ports.
spanning-tree port-priority	Sets an interface priority when two bridges vie for position as the root bridge.
spanning-tree uplinkfast	Enables UplinkFast.
spanning-tree vlan	Enables the Spanning Tree Protocol (STP) on a VLAN.

spanning-tree vlan

To configure Spanning Tree Protocol (STP) on a per-virtual LAN (VLAN) basis, use the spanning-tree vlan command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds | priority priority | protocol protocol | [root {primary | secondary} [diameter net-diameter [hello-time seconds]]]]

no spanning-tree vlan vlan-id [forward-time | hello-time | max-age | priority | protocol | root]

Syntax Description

vlan-id	VLAN identification number; valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
forward-time seconds	(Optional) Sets the STP forward delay time; valid values are from 4 to 30 seconds.
hello-time seconds	(Optional) Specifies the duration, in seconds, between the generation of configuration messages by the root switch; valid values are from 1 to 10 seconds.
max-age seconds	(Optional) Sets the maximum number of seconds the information in a bridge packet data unit (BPDU) is valid; valid values are from 6 to 40 seconds.
priority priority	(Optional) Sets the STP bridge priority; valid values are from 0 to 65535.
protocol protocol	(Optional) Sets the STP. See the "Usage Guidelines" section for a list of valid values.
root primary	(Optional) Forces this switch to be the root bridge.
root secondary	(Optional) Specifies this switch to act as the root switch should the primary root fail.
diameter net-diameter	(Optional) Specifies the maximum number of bridges between any two points of attachment of end stations; valid values are from 2 through 7.

Command Default

The defaults are:

•forward-time—15 seconds

•hello-time—2 seconds

•max-age—20 seconds

•priority—The default with IEEE STP enabled is 32768; the default with STP enabled is 128.

•protocol—IEEE

•root—No STP root

Command Modes

Global configuration (config)

Command History

Release	Modification
12.0(7)XE	This command was introduced on the Catalyst 6000 series switches.
12.1(1)E	Support for this command on the Catalyst 6000 series switches was extended to Cisco IOS Release 12.1(1)E.
12.2(2)XT	This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T	This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.

Usage Guidelines

---

Caution When disabling spanning tree on a VLAN using the no spanning-tree vlan vlan-id command, ensure that all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches and bridges in a VLAN and leave it enabled on other switches and bridges in the same VLAN because switches and bridges with spanning tree enabled have incomplete information about the physical topology of the network.

---

---

Caution We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree is a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.

---

When you set the max-age seconds parameter, if a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

Valid values for protocol are dec (Digital STP), ibm (IBM STP), ieee (IEEE Ethernet STP), and vlan-bridge (VLAN Bridge STP).

The spanning-tree root primary command alters this switch's bridge priority to 8192. If you enter the spanning-tree root primary command and the switch does not become the root switch, then the bridge priority is changed to 100 less than the bridge priority of the current bridge. If the switch still does not become the root, an error results.

The spanning-tree root secondary command alters this switch's bridge priority to 16384. If the root switch should fail, this switch becomes the next root switch.

Use the spanning-tree root commands on backbone switches only.

Examples

The following example shows how to enable spanning tree on VLAN 200:

Router(config)# spanning-tree vlan 200 

The following example shows how to configure the switch as the root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root primary diameter 4 

The following example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4:

Router(config)# spanning-tree vlan 10 root secondary diameter 4 

Related Commands

Command	Description
show spanning-tree	Displays spanning-tree information for the specified spanning-tree instances.
spanning-tree cost	Sets the path cost of the interface for STP calculations.
spanning-tree port-priority	Sets an interface priority when two bridges tie for position as the root bridge.
spanning-tree portfast (global configuration mode)	Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-tree portfast (interface configuration mode)	Enables PortFast mode, where the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-tree uplinkfast	Enables the UplinkFast feature.

switchport trunk

To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk commands in interface configuration mode. To reset all of the trunking characteristics back to the original defaults, use the no form of this command.

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

switchport trunk {encapsulation dot1q | native vlan | allowed vlan}

no switchport trunk {encapsulation dot1q | native vlan | allowed vlan}

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

switchport trunk encapsulation {isl | dot1q [ethertype value] | negotiate}

switchport trunk native vlan vlan-id

switchport trunk allowed vlan vlan-list

switchport trunk pruning vlan vlan-list

no switchport trunk {encapsulation {isl | dot1q | negotiate} | native vlan | allowed vlan | pruning vlan}

Syntax Description

encapsulation dot1q	Sets the trunk encapsulation format to 802.1Q.
native vlan	Sets the native VLAN for the trunk in 802.1Q trunking mode.
allowed vlan	Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.
encapsulation isl	Sets the trunk encapsulation format to Inter-Switch Link (ISL).
ethertype value	(Optional) Sets the EtherType value; valid values are from 0x0 to 0x5EF-0xFFFF.
encapsulation negotiate	Specifies that if the Dynamic Inter-Switch Link (DISL) protocol and Dynamic Packet Transport (DPT) negotiation do not resolve the encapsulation format, ISL is the selected format.
vlan-id	Identifies the particular native VLAN.
vlan-list	List of VLANs. See the "Usage Guidelines" section directions on formatting a vlan-list.
pruning vlan	Sets the list of VLANs that are enabled for VLAN Trunking Protocol (VTP) pruning when in trunking mode. See the "Usage Guidelines" section for the vlan-list argument formatting guidelines.

Defaults

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

•The default encapsulation type is dot1q.

•The default access VLAN and trunk interface native VLAN is a default VLAN that corresponds to the platform or interface hardware.

•The default for all VLAN lists is to include all VLANs.

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

•The encapsulation type is dependent on the platform or interface hardware.

•The access VLAN and trunk interface native VLAN are default VLANs that correspond to the platform or interface hardware.

•All VLAN lists include all VLANs.

•ethertype value for 802.1Q encapsulation is 0x8100.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
12.0(7)XE	This command was introduced on the Catalyst 6000 family switches.
12.1(1)E	Switchport creation on Catalyst 6000 family switches was added.
12.2(2)XT	This command was introduced to support switchport creation on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T to support switchport creation on Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
12.2(14)SX	This command was integrated into Cisco IOS Release 12.2(14)SX to support the Supervisor Engine 720 on the Cisco 7600 series routers and Catalyst 6500 series switches.
12.2(17a)SX	This command was modified to include the following: •Restriction of ISL trunk-encapsulation •Addition of the dot1q keyword and ethertype value keyword and argument
12.2(17d)SXB	Support for the Supervisor Engine 2 on the Cisco 7600 series routers and Catalyst 6500 series switches was added.
12.2(18)SXD	This command was modified to allow the switchport trunk allowed vlan command to be entered on interfaces where the span destination port is either a trunk or an access port.
12.2(18)SXE	This command added a restriction that Gigabit Ethernet Optimized (GE) Layer 2 WAN ports are not supported on the Supervisor Engine 720.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T	This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.

Usage Guidelines

802.1Q Trunks

•When you connect Cisco switches through an 802.1Q trunk, make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.

•Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can cause spanning-tree loops. Cisco recommends that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree on every VLAN in the network. Make sure that your network is free of physical loops before disabling spanning tree.

•When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree Bridge Protocol Data Units (BPDUs) on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Shared Spanning Tree Protocol (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).

•The 802.1Q switches that are not Cisco switches maintain only a single instance of spanning-tree (Mono Spanning Tree [MST]) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a switch through an 802.1Q trunk without a Cisco switch, the MST of the switch and the native VLAN spanning tree of the Cisco switch combine to form a single spanning-tree topology known as the Common Spanning Tree (CST).

•Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on VLANs other than the native VLAN of the trunk, switches that are not Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Other Cisco switches connected to the 802.1Q cloud receive these flooded BPDUs. This condition allows Cisco switches to maintain a per-VLAN spanning-tree topology across a cloud of 802.1Q switches that are not Cisco switches. The 802.1Q cloud of switches separating the Cisco switches is treated as a single broadcast segment among all switches connected to the 802.1Q cloud of switches that are not Cisco switches through 802.1Q trunks.

•Make certain that the native VLAN is the same on all of the 802.1Q trunks that connect the Cisco switches to the 802.1Q cloud of switches that are not Cisco switches.

•If you are connecting multiple Cisco switches to a 802.1Q cloud of switches that are not Cisco switches, all of the connections must be through 802.1Q trunks. You cannot connect Cisco switches to a 802.1Q cloud of swatches that are not Cisco switches through ISL trunks or through access ports. Doing so will cause the switch to place the ISL trunk port or access port into the spanning-tree "port inconsistent" state and no traffic will pass through the port.

Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers

The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support 802.1Q formats.

The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:

•all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

•none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan form of the command.

•add—Adds the defined list of VLANs to those currently set instead of replacing the list.

•remove—Removes the defined list of VLANs from those currently set instead of replacing the list.

•except—Lists the VLANs that should be calculated by inverting the defined list of VLANs.

•vlan-list—is either a single VLAN number from 1 to 1005 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen that represents the VLAN IDs of the allowed VLANs when this port is in trunking mode. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

Cisco 7600 Series Routers and Catalyst 6500 Series Switches

This command is not supported on GE Layer 2 WAN ports.

The switchport trunk encapsulation command is supported only for platforms and interface hardware that can support both ISL and 802.1Q formats. Only 802.1q encapsulation is supported by shared port adapters (SPAs).

If you enter the switchport trunk encapsulation isl command on a port channel containing an interface that does not support ISL-trunk encapsulation, the command is rejected.

You can enter the switchport trunk allowed vlan command on interfaces where the span destination port is either a trunk or an access port.

---

Note The switchport trunk pruning vlan vlan-list command does not support extended-range VLANs; valid vlan-list values are from 1 to 1005.

---

The dot1q ethertype value keyword and argument are not supported on port-channel interfaces. You can enter the command on the individual port interface only. Also, you can configure the ports in a channel group to have different EtherType configurations.

---

Caution Be careful when configuring the custom EtherType value on a port. If you enter the negotiate keyword and DISL and Dynamic Trunking Protocol (DTP) negotiation do not resolve the encapsulation format, then ISL is the selected format and may pose as a security risk. The no form of this command resets the trunk-encapsulation format to the default.

---

•The no form of the switchport trunk native vlan command resets the native mode VLAN to the appropriate default VLAN for the device.

•The no form of the switchport trunk allowed vlan command resets the list to the default list, which allows all VLANs.

•The no form of the switchport trunk pruning vlan command resets the list to the default list, which enables all VLANs for VTP pruning.

•The no form of the switchport trunk encapsulation dot1q ethertype value command resets the list to the default value.

The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:

•all—Specifies all the appropriate VLANs. This keyword is not supported in the switchport trunk pruning vlan command.

•none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan command.

•add vlan-list[,vlan-list...]—Adds the defined list of VLANs to those currently set instead of replacing the list.

•remove vlan-list[,vlan-list...]—Removes the defined list of VLANs from those currently set instead of replacing the list. You can remove VLAN 1. If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic (for example, Cisco Discovery Protocol, version 3 (CDP3), VTP, Port Aggregation Protocol, version 4 (PAgP4), and DTP) in VLAN 1.

---

Note You can remove any of the default VLANs (1002 to 1005) from a trunk; this action is not allowed in earlier releases.

---

•except vlan-list[,vlan-list...]—Excludes the specified list of VLANs from those currently set instead of replacing the list.

•vlan-list[,vlan-list...]—Specifies a single VLAN number from 1 to 4094 or a continuous range of VLANs that are described by two VLAN numbers from 1 to 4094. You can specify multiple VLAN numbers or ranges of numbers using a comma-separated list.

To specify a range of VLANs, enter the smaller VLAN number first, separated by a hyphen and the larger VLAN number at the end of the range.

Do not enable the reserved VLAN range (1006 to 1024) on trunks when connecting a Cisco 7600 series router running the Cisco IOS software on both the supervisor engine and the Multilayer Switch Feature Card (MSFC) to a Cisco 7600 series router running the Catalyst operating system. These VLANs are reserved in Cisco 7600 series routers running the Catalyst operating system. If enabled, Cisco 7600 series routers running the Catalyst operating system may disable the ports if there is a trunking channel between these systems.

Examples

The following example shows how to cause a port interface configured as a switched interface to encapsulate in 802.1Q trunking format regardless of its default trunking format in trunking mode:

enable switchport trunk encapsulation dot1q

Related Commands

Command	Description
show interfaces switchport	Displays administrative and operational status of a switching (nonrouting) port.

vlan (global configuration mode)

To add a VLAN and enter config-VLAN submode, use the vlan command in global configuration mode. To delete the VLAN, use the no form of this command.

vlan {vlan-id | vlan-range}

no vlan {vlan-id | vlan-range}

Syntax Description

vlan-id	Number of the VLAN; valid values are from 1 to 4094. See the "Usage Guidelines" section for details on configuring VLAN ID numbers.
vlan-range	Range of configured VLANs; see the "Usage Guidelines" section for details on configuring ranges of VLAN ID numbers.

Defaults

This command has no default settings.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was integrated into Cisco IOS Release 12.2(17d)SXB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(15)T	This command was integrated into Cisco IOS Release 12.4(15)T.

Usage Guidelines

VLAN 1 parameters are factory configured and cannot be changed.

VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.

The specified VLAN is added or modified in the VLAN database when you exit config-VLAN submode.

When you enter the vlan vlan-id command, a new VLAN is created with all default parameters in a temporary buffer and causes the CLI to enter config-VLAN submode. If the vlan-id that you entered matches an existing VLAN, any configuration commands you enter in config-VLAN submode will apply to the existing VLAN. You will not create a new VLAN.

If you define a range of configured VLANS, you are not allowed to set the vlan-name argument in config-VLAN submode.

You can enter the vlan-range argument using a comma (,), a dash (-), and the number.

VLAN IDs in the range from 1006 to 4094 are considered "extended VLAN IDs." Beginning in Cisco IOS Release 12.4(15)T, you can configure extended VLAN IDs on the following routers:

•Cisco 800 series routers, including models 851, 857, 871, 876, 877, 878

•Cisco 1700 series routers, including models 1711, 1712, 1751, 1751V, 1760

•Cisco 1800 series routers, including models 1801, 1802, 1803, 1811, 1812, 1841

•Cisco 2600 series routers, including models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691

•Cisco 2800 series routers, including models 2801, 2811, 2821, 2851

•Cisco 3600 series routers, including models 3620, 3640, 3640A, 3660

•Cisco 3700 series routers, including models 3725, 3745

•Cisco 3800 series routers, including models 3825, 3845

The reduced MAC address feature is required to support 4000 VLANs. Cisco IOS Release 12.1(14)E1 and later releases support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, Spanning Tree Protocol (STP) uses the extended system ID (which is the VLAN ID) plus a MAC address to make the bridge ID unique for each VLAN. (Without the reduced MAC address support, 4096 VLANs would require 4096 MAC addresses on the switch.)

If you configure extended VLANs, you must also enable the spanning-tree extended system-ID feature.

The legacy vlan database mode does not support extended VLAN configuration.

See the vlan (config-VLAN submode) command for information on the commands that are available under config-VLAN submode.

Examples

This example shows how to add a new VLAN and enter config-VLAN submode:

Router (config)# vlan 2

Router (config-vlan)# 

This example shows how to add a range of new VLANs and enter config-VLAN submode:

Router (config)# vlan 2,5,10-12,20,25,4000

Router (config-vlan)# 

This example shows how to delete a VLAN:

Router (config)# no vlan 2

Router (config)# 

Related Commands

Command	Description
vlan (config-VLAN submode)	Configures a specific VLAN.

Feature Information for Extended VLAN ID

Table 7 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

---

Note Table 7 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

---

Table 7 Feature Information for Extended VLAN ID 

Feature Name	Releases	Feature Information
Extended VLAN ID	12.4(15)T	You can now configure VLAN IDs in the range from 1006 to 4094 on Cisco routers.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.