Académique Documents
Professionnel Documents
Culture Documents
www.thebryantadvantage.com
Back To Index
Command Reference
Overview
VLANs
VTP
Basic Spanning Tree
Advanced Spanning Tree
Basic Switch Operations
Multicasting
Quality of Service
Multilayer Switching & Router Redundancy
Switch Security & Tunneling
Voice VLANs
VLANs
show interface trunk shows port trunk modes, encapsulation, whether the
interface is actually trunking, and the native vlan for each interface.
SW1#show interface trunk
Port
Fa0/11
Fa0/12
Port
Mode
desirable
desirable
Encapsulation Status
802.1q
trunking
802.1q
trunking
Native vlan
1
1
Fa0/11
Fa0/12
1-999,1001-4094
1-999,1001-4094
Port
Vlans allowed and active in management domain
Fa0/11 1,12
Fa0/12 1,12
Port
Vlans in spanning tree forwarding state and not pruned
Fa0/11 1,12
Fa0/12 12
show vlan is the full command to see information regarding all VLANs on
the switch, including some reserved ones you probably aren't using.
show vlan brief gives you the information you need to troubleshoot any
VLAN-related issue, but limits the information shown on the reserved
VLANs.
switchport nonegotiate turns DTP frames off, but the port must be hardcoded for trunking to do so.
SW2(config)#int fast 0/8
SW2(config-if)#switchport nonegotiate
Command rejected: Conflict between 'nonegotiate' and 'dynamic' status.
SW2(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate
switchport trunk native vlan x is used to change the native VLAN of the
trunk. This should be agreed upon by both endpoints. Be prepared to
see an error message while you're changing this, as shown below.
SW1(config-if)#switchport trunk native vlan 12
1d21h: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer
vlan id 1on FastEthernet0/11 VLAN12.
1d21h: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/11 on
VLAN0001. Inconsistent peer vlan.
1d21h: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/11 on
VLAN0012. Inconsistent local vlan.
VTP
show vtp counters displays the number of different VTP advertisements
send and received by the switch.
show vtp status displays just about anything you need to know about your
VTP domain, including domain name and revision number.
Enable VTP pruning with vtp pruning, and check the VTP version with vtp
version.
show spanning-tree vlan x shows the STP setting for the entire VLAN.
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address
000f.90e1.c240
This bridge is the root
Hello Time 5 sec Max Age 30 sec Forward Delay 20 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address
000f.90e1.c240
Hello Time 5 sec Max Age 30 sec Forward Delay 20 sec
Aging Time 300
Interface
Role Sts Cost
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/11
Desg FWD 19
128.11 P2p
Fa0/12
Desg FWD 19
128.12 P2p
spanning-tree vlan x can be used to make a nonroot the root bridge with
either the root primary or priority options.
SW2(config)#spanning-tree vlan 20 root primary
SW2(config)#spanning-tree vlan 30 root primary
SW2(config)#spanning-tree vlan 30 root ?
primary Configure this switch as primary root for this spanning tree
secondary Configure switch as secondary root
SW2(config)#spanning-tree vlan 10 priority ?
<0-61440> bridge priority in increments of 4096
spanning-tree vlan x is also used to change the STP timers, but this must
be done on the root bridge to be effective.
SW1(config)#spanning-tree vlan 1 hello-time 5
SW1(config)#spanning-tree vlan 1 max-age 30
SW1(config)#spanning-tree vlan 1 forward-time 20
SW2(config)#spanning-tree backbonefast
SW2(config)#udld ?
aggressive Enable UDLD protocol in aggressive mode on fiber ports except
where locally configured
enable
Enable UDLD protocol on fiber ports except where locally
configured
message Set UDLD message parameters
SW2(config)#udld enable
Multicasting
Enable multicasting with ip multicast-routing. Statically configure the RP
location with ip pim rp-address. Enable Sparse Mode on the interfaces
with ip pim sparse. Verify with show ip pim neighbor.
R1(config)#ip multicast-routing
R1(config)#ip pim rp-address 172.12.123.1
R1(config)#int s0
R1(config-if)#ip pim sparse
R2(config)#ip multicast-routing
R2(config)#ip pim rp-address 172.12.123.1
R2(config)#int s0
R2(config-if)#ip pim sparse
R3(config)#ip multicast-routing
R3(config)#ip pim rp-address 172.12.123.1
R3(config)#int s0
R3(config-if)#ip pim sparse
R1#show ip pim neighbor
PIM Neighbor Table
Neighbor Address Interface
172.12.123.3
Serial0
172.12.123.2
Serial0
How to limit the multicast groups a router can serve as the RP for:
Bootstrapping Commands:
To configure R1 as a C-BSR:
R1(config)# ip pim bsr-candidate
IGMP snooping
: Enabled
Immediate leave
: Disabled
Multicast router learning mode
: pim-dvmrp
Source only learning age timer
: 10
CGMP interoperability mode
: IGMP_ONLY
Quality Of Service
To enable QoS:
SW2(config)#mls qos
To create a QoS policy, write an ACL to identify the traffic and use a
class-map to refer to the ACL:
SW1(config)#access-list 105 permit tcp any any eq 80
SW1(config)#class-map WEBTRAFFIC
SW1(config-cmap)#match access-group 105
QoS policies are configured with the policy-map command, and each
clause of the policy will contain an action to be taken to traffic matching
that clause.
SW1(config)#policy-map LIMIT_WEBTRAFFIC_BANDWIDTH
SW1(config-pmap)#class WEBTRAFFIC
SW1(config-pmap-c)#police 5000000 exceed-action drop
SW1(config-pmap-c)#exit
Multilayer Switching
To change HSRP priority and allow a router to take over from an online
Active router:
R2(config-if)#standby 5 priority 150 preempt
To configure GLBP:
MLS(config-if)# glbp 5 ip 172.1.1.10
To change the interface priority, use the glbp priority command. To allow
the local router to preempt the current AVG, use the glbp preempt
command.
MLS(config-if)# glbp 5 priority 150
MLS(config-if)# glbp 5 preempt
MLS(config-slb-vserver)# inservice
Dot1x must be configured globally, but every switch port that's going to
run dot1x authentication must be configured as well.
SW2(config-if)#dot1x port-control ?
auto
PortState will be set to AUTO
force-authorized PortState set to Authorized
force-unauthorized PortState will be set to UnAuthorized
To verify a remote SPAN session, create the VLAN that will carry the
mirrored traffic:
SW2(config)#vlan 30
SW2(config-vlan)#remote-span
Configure the source VLAN and destination port on the destination switch:
SW1(config)#monitor session 1 source remote vlan 30
SW1(config)#monitor session 1 destination interface fast 0/10
Finally, we've got to apply the VACL. We're not applying it to a specific
interface - instead, apply the VACL in global configuration mode.
SW2(config)# vlan filter NO_123 vlan-list 100
By default, CDP, STP, and VTP will not be sent through the dot1q tunnel.
To send those frames to the remote network, create an L2 protocol
tunnel. This command has quite a few options, so I've shown as many as
possible below.
MLS_1(config-if)#l2protocol-tunnel ?
cdp
Cisco Discovery Protocol
drop-threshold
Set drop threshold for protocol packets
point-to-point
point-to-point L2 Protocol
shutdown-threshold Set shutdown threshold for protocol packets
stp
Spanning Tree Protocol
vtp
Vlan Trunking Protocol <cr>
MLS_1(config-if)#l2protocol-tunnel drop-threshold ?
<1-4096>
Packets/sec rate beyond which protocol packets will be dropped
cdp
Cisco Discovery Protocol
point-to-point point-to-point L2 Protocol
stp
Spanning Tree Protocol
vtp
Vlan Trunking Protocol
MLS_1(config-if)#l2protocol-tunnel drop-threshold cdp ?
<1-4096> Packets/sec rate beyond which protocol packets will be dropped
MLS_1(config-if)#l2protocol-tunnel drop-threshold cdp 2000 ?
<cr>
MLS_1(config-if)#l2protocol-tunnel drop-threshold cdp 2000
MLS_1(config-if)#l2protocol-tunnel shutdown-threshold ?
<1-4096>
Packets/sec rate beyond which interface is put to err-disable
cdp
Cisco Discovery Protocol
point-to-point point-to-point L2 Protocol
stp
Spanning Tree Protocol
vtp
Vlan Trunking Protocol
MLS_1(config-if)#l2protocol-tunnel shutdown-threshold vtp ?
<1-4096> Packets/sec rate beyond which interface is put to err-disable
MLS_1(config-if)#l2protocol-tunnel shutdown-threshold vtp 4096
Voice VLANs
To configure the phone to accept the CoS values coming from the PC:
MLS(config)# interface fast 0/5