Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-29440-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWAREOF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
This guide describes configuration information and examples for VLANs on the switch.
Document Conventions, page xi
•
Related Documentation, page xiii
•
Obtaining Documentation and Submitting a Service Request, page xiii
•
Document Conventions
This document uses the following conventions:
DescriptionConvention
^ or Ctrl
Italic font
Courier font
...
|
Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard.
For example, the key combination ^D or Ctrl-D means that you hold
down the Control key while you press the D key. (Keys are indicated in
capital letters but are not case sensitive.)
Commands and keywords and user-entered text appear in bold font.bold font
Document titles, new or emphasized terms, and arguments for which you
supply values are in italic font.
Terminal sessions and information the system displays appear in courier
font.
Bold Courier font indicates text that the user must enter.Bold Courier font
Elements in square brackets are optional.[x]
An ellipsis (three consecutive nonbolded periods without spaces) after
a syntax element indicates that the element can be repeated.
A vertical line, called a pipe, indicates a choice within a set of keywords
or arguments.
Optional alternative keywords are grouped in brackets and separated by
vertical bars.
{x | y}
Required alternative keywords are grouped in braces and separated by
vertical bars.
[x {y | z}]
Nested set of square brackets or braces indicate optional or required
choices within optional or required elements. Braces and a vertical bar
within square brackets indicate a required choice within an optional
element.
string
A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Nonprinting characters such as passwords are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
!, #
An exclamation point (!) or a pound sign (#) at the beginning of a line
of code indicates a comment line.
Reader Alert Conventions
This document uses the following conventions for reader alerts:
Note
Tip
Caution
Timesaver
Warning
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means the following information will help you solve a problem.
Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.
Means the described action saves time. You can save time by performing the action described in the
paragraph.
Means reader be warned. In this situation, you might perform an action that could result in bodily
injury.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Information About Using the Command-Line Interface, page 1
•
How to Use the CLI to Configure Features, page 5
•
Information About Using the Command-Line Interface
This section describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch.
Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you depend
on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands
available for each command mode.
You can start a CLI session through a console connection, through Telnet, a SSH, or by using the browser.
When you start a session, you begin in user mode, often called user EXEC mode. Only a limited subset of
the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time
commands, such as show commands, which show the current configuration status, and clear commands,
which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password
to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter
global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running configuration.
If you save the configuration, these commands are stored and used when the switch reboots. To access the
various configuration modes, you must start at global configuration mode. From global configuration mode,
you can enter interface configuration mode and line configuration mode.
This table describes the main command modes, how to access each one, the prompt you see in that mode, and
how to exit the mode.
While in user EXEC
mode, enter the
enable command.
While in privileged
EXEC mode, enter
the configure
command.
Switch>
Switch#
Switch(config)#
Enter logout or
quit.
Enter disable to
exit.
To exit to privileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
Use this mode to
Change
•
terminal
settings.
Perform basic
•
tests.
Display
•
system
information.
Use this mode to
verify commands
that you have
entered. Use a
password to protect
access to this mode.
Use this mode to
configure
parameters that
apply to the entire
switch.
VLAN
configuration
Interface
configuration
While in global
configuration mode,
enter the vlanvlan-id command.
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Switch(config-vlan)#
Switch(config-if)#
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to
configure VLAN
parameters. When
VTP mode is
transparent, you can
create
extended-range
VLANs (VLAN IDs
greater than 1005)
and save
configurations in the
switch startup
configuration file.
Use this mode to
configure
parameters for the
Ethernet ports.
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command.
SUMMARY STEPS
help
1.
abbreviated-command-entry ?
2.
abbreviated-command-entry <Tab>
3.
?
4.
command ?
5.
command keyword ?
6.
While in global
configuration mode,
specify a line with
the line vty or lineconsole command.
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
configure
parameters for the
terminal line.
DETAILED STEPS
Step 1
Step 2
Step 3
help
Example:
Switch# help
abbreviated-command-entry ?
Example:
Switch# di?
dir disable disconnect
abbreviated-command-entry <Tab>
Example:
Switch# sh conf<tab>
Switch# show configuration
PurposeCommand or Action
Obtains a brief description of the help system in any
command mode.
Obtains a list of commands that begin with a particular
character string.
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:
Lists all commands available for a particular command
mode.
Lists the associated keywords for a command.
Lists the associated arguments for a keyword.
Switch# show conf
No and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature or
function or reverse the action of a command. For example, the no shutdown interface configuration command
reverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled feature
or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the command
setting to its default. Most commands are disabled by default, so the default form is the same as the no form.
However, some commands are enabled by default and have variables set to certain default values. In these
cases, the default command enables the command and sets variables to their default values.
CLI Error Messages
This table lists some error messages that you might encounter while using the CLI to configure your switch.
You did not enter enough
characters for your switch to
recognize the command.
Configuration Logging
How to Get HelpMeaningError Message
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
% Incomplete command.
% Invalid input detected at
‘^’ marker.
Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change Logging
and Notification feature to track changes on a per-session and per-user basis. The logger tracks each
configuration command that is applied, the user who entered the command, the time that the command was
entered, and the parser return code for the command. This feature includes a mechanism for asynchronous
notification to registered applications whenever the configuration changes. You can choose to have the
notifications sent to the syslog.
You did not enter all the keywords
or values required by this
command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
Enter a question mark (?) to display
all the commands that are available
in this command mode.
The possible keywords that you can
enter with the command appear.
Only CLI or HTTP changes are logged.Note
How to Use the CLI to Configure Features
Configuring the Command History
The software provides a history or record of commands that you have entered. The command history feature
is particularly useful for recalling long or complex commands or entries, including access lists. You can
customize this feature to suit your needs.
By default, the switch records ten command lines in its history buffer. You can alter this number for a current
terminal session or for all sessions on a particular line. This procedure is optional.
SUMMARY STEPS
terminal history [size number-of-lines]
1.
DETAILED STEPS
Using the Command-Line Interface
PurposeCommand or Action
Step 1
terminal history [size number-of-lines]
Example:
Switch# terminal history size 200
Recalling Commands
SUMMARY STEPS
DETAILED STEPS
Changes the number of command lines that the switch records during
the current terminal session in the privileged EXEC mode. You can
configure the size from 0 through 256.
To recall commands from the history buffer, perform one of the actions listed in this table. These actions are
optional.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
Ctrl-P or use the up arrow key
1.
Ctrl-N or use the down arrow key
2.
show history
3.
PurposeCommand or Action
Step 1
Ctrl-P or use the up arrow key
Recalls commands in the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.
Step 2
Ctrl-N or use the down arrow key
Returns to more recent commands in the history buffer after recalling commands
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
The command history feature is automatically enabled. You can disable it for the current terminal session or
for the command line. This procedure is optional.
SUMMARY STEPS
terminal no history
1.
DETAILED STEPS
Step 1
terminal no history
Example:
Switch# terminal no history
Lists the last several commands that you just entered in privileged EXEC mode.
The number of commands that appear is controlled by the setting of the terminalhistory global configuration command and the history line configuration
command.
PurposeCommand or Action
Disables the feature during the current terminal session in the
privileged EXEC mode.
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, and reenable it.
Deletes from the cursor to the end of the word.Esc D
Capitalizes at the cursor.Esc C
Changes the word at the cursor to lowercase.Esc L
Esc U
Ctrl-V or Esc Q
Return key
Ctrl-L or Ctrl-R
Editing Command Lines That Wrap
Capitalizes letters from the cursor to the end of the
word.
Designates a particular keystroke as an executable
command, perhaps as a shortcut.
Scrolls down a line or screen on displays that are
longer than the terminal screen can display.
Note
The More prompt is used for any output that
has more lines than can be displayed on the
terminal screen, including show command
output. You can use the Return and Space
bar keystrokes whenever you see the More
prompt.
Scrolls down one screen.Space bar
Redisplays the current command line if the switch
suddenly sends a message to your screen.
SUMMARY STEPS
You can use a wraparound feature for commands that extend beyond a single line on the screen. When the
cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten
characters of the line, but you can scroll back and check the syntax at the beginning of the command. The
keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can
also press Ctrl-A to immediately move to the beginning of the line.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
The following example shows how to wrap a command line that extend beyond a single line on the screen.
Displays the global configuration command entry that extends beyond
one line.
When the cursor first reaches the end of the line, the line is shifted ten
spaces to the left and redisplayed. The dollar sign ($) shows that the
line has been scrolled to the left. Each time the cursor reaches the end
of the line, the line is again shifted ten spaces to the left.
Checks the complete syntax.Ctrl-A
The dollar sign ($) appears at the end of the line to show that the line
has been scrolled to the right.
Execute the commands.Return key
The software assumes that you have a terminal screen that is 80 columns
wide. If you have a different width, use the terminal width privileged
EXEC command to set the width of your terminal.
Use line wrapping with the command history feature to recall and
modify previous complex command entries.
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.
Accessing the CLI through a Console Connection or through Telnet
PurposeCommand or Action
Expressions are case sensitive. For example, if you enter
Example:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet1/0/1 is up, line protocol is down
GigabitEthernet1/0/2 is up, line protocol is up
| exclude output, the lines that contain output are not
displayed, but the lines that contain output appear.
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or a PC to the switch console or connect a PC to
the Ethernet management port and then power on the switch, as described in the hardware installation guide
that shipped with your switch.
If your switch is already configured, you can access the CLI through a local console connection or through a
remote Telnet session, but your switch must first be configured for this type of access.
You can use one of these methods to establish a connection with the switch:
Connect the switch console port to a management station or dial-up modem, or connect the Ethernet
•
management port to a PC. For information about connecting to the console or Ethernet management
port, see the switch hardware installation guide.
Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management station.
•
The switch must have network connectivity with the Telnet or SSH client, and the switch must have an
enable secret password configured.
The switch supports up to 16 simultaneous Telnet sessions. Changes made by one Telnet user are
•
reflected in all other Telnet sessions.
The switch supports up to five simultaneous secure SSH sessions.
•
After you connect through the console port, through the Ethernet management port, through a Telnet
session or through an SSH session, the user EXEC prompt appears on the management station.
Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.
Prerequisites for VTP
The following are prerequisites for VTP:
Before you create VLANs, you must decide whether to use the VLAN Trunking Protocol (VTP) in your
•
network. Using VTP, you can make configuration changes centrally on one or more switches and have
those changes automatically communicated to all the other switches in the network. Without VTP, you
cannot send information about VLANs to other switches. VTP is designed to work in an environment
where updates are made on a single switch and are sent through VTP to other switches in the domain.
It does not work well in a situation where multiple updates to the VLAN database occur simultaneously
on switches in the same domain, which would result in an inconsistency in the VLAN database.
The switch supports 1005 VLANs when running the IP Lite image.
•
However, the number of routed ports, SVIs, and other configured features affects the usage of the switch
•
hardware. If the switch is notified by VTP of a new VLAN and the switch is already using the maximum
available hardware resources, it sends a message that there are not enough hardware resources available
and shuts down the VLAN. The output of the show vlan user EXEC command shows the VLAN in a
suspended state.
Information About VTP
VTP
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the
addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and
configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect
VLAN-type specifications, and security violations.
VTP functionality is supported across the stack, and all switches in the stack maintain the same VLAN and
VTP configuration inherited from the active switch. When a switch learns of a new VLAN through VTP
messages or when a new VLAN is configured by the user, the new VLAN information is communicated to
all switches in the stack.
When a switch joins the stack or when stacks merge, the new switches get VTP information from the active
switch.
VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). VTP version 3
supports the entire VLAN range (VLANs 1 to 4094). Extended range VLANs (VLANs 1006 to 4094) are
supported only in VTP version 3. You cannot convert from VTP version 3 to VTP version 2 if extended
VLANs are configured in the domain.
Configuring VTP
VTP Domain
A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected
switches or switch stacks under the same administrative responsibility sharing the same VTP domain name.
A switch can be in only one VTP domain. You make global VLAN configuration changes for the domain.
By default, the switch is in the VTP no-management-domain state until it receives an advertisement for a
domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain
name. Until the management domain name is specified or learned, you cannot create or modify VLANs on a
VTP server, and VLAN information is not propagated over the network.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and
the VTP configuration revision number. The switch then ignores advertisements with a different domain name
or an earlier configuration revision number.
Before adding a VTP client switch to a VTP domain, always verify that its VTP configuration revision
number is lower than the configuration revision number of the other switches in the VTP domain. Switches
in a VTP domain always use the VLAN configuration of the switch with the highest VTP configuration
revision number. If you add a switch that has a revision number higher than the revision number in the
VTP domain, it can erase all VLAN information from the VTP server and VTP domain.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches
in the VTP domain. VTP advertisements are sent over all IEEE trunk connections, including IEEE 802.1Q.
VTP dynamically maps VLANs with unique names and internal index associates across multiple LAN types.
Mapping eliminates excessive device administration required from network administrators.
If you configure a switch for VTP transparent mode, you can create and modify VLANs, but the changes are
not sent to other switches in the domain, and they affect only the individual switch. However, configuration
changes made when the switch is in this mode are saved in the switch running configuration and can be saved
to the switch startup configuration file.
Related Topics
Adding a VTP Client Switch to a VTP Domain, on page 32
Table 4: VTP Modes
VTP server
VTP client
DescriptionVTP Mode
In VTP server mode, you can create, modify, and delete VLANs, and specify other
configuration parameters (such as the VTP version) for the entire VTP domain. VTP servers
advertise their VLAN configurations to other switches in the same VTP domain and
synchronize their VLAN configurations with other switches based on advertisements received
over trunk links.
VTP server is the default mode.
In VTP server mode, VLAN configurations are saved in NVRAM. If the switch detects a
failure while writing a configuration to NVRAM, VTP mode automatically changes from
server mode to client mode. If this happens, the switch cannot be returned to VTP server
mode until the NVRAM is functioning.
A VTP client functions like a VTP server and transmits and receives VTP updates on its
trunks, but you cannot create, change, or delete VLANs on a VTP client. VLANs are
configured on another switch in the domain that is in server mode.
In VTP versions 1 and 2 in VTP client mode, VLAN configurations are not saved in NVRAM.
In VTP version 3, VLAN configurations are saved in NVRAM in client mode.
VTP transparent switches do not participate in VTP. A VTP transparent switch does not
advertise its VLAN configuration and does not synchronize its VLAN configuration based
on received advertisements. However, in VTP version 2 or version 3, transparent switches
do forward VTP advertisements that they receive from other switches through their trunk
interfaces. You can create, modify, and delete VLANs on a switch in VTP transparent mode.
In VTP versions 1 and 2, the switch must be in VTP transparent mode when you create
extended-range VLANs. VTP version 3 also supports creating extended-range VLANs in
client or server mode.
In VTP versions 1 and 2, the switch must be in VTP transparent mode when you create
private VLANs and when they are configured, you should not change the VTP mode from
transparent to client or server mode. VTP version 3 also supports private VLANs in client
and server modes. When private VLANs are configured, do not change the VTP mode from
transparent to client or server mode.
When the switch is in VTP transparent mode, the VTP and VLAN configurations are saved
in NVRAM, but they are not advertised to other switches. In this mode, VTP mode and
domain name are saved in the switch running configuration, and you can save this information
in the switch startup configuration file by using the copy running-config startup-config
privileged EXEC command.
In a switch stack, the running configuration and the saved configuration are the same for
all switches in a stack.
A switch in VTP off mode functions in the same manner as a VTP transparent switch, except
that it does not forward VTP advertisements on trunks.
Related Topics
Configuring VTP Mode, on page 24
Example: Configuring the Switch as a VTP Server, on page 35
VTP Advertisements
Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to
a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and
VLAN configurations as necessary.
Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is
configured on the switch stack and that this trunk port is connected to the trunk port of another switch.
Otherwise, the switch cannot receive any VTP advertisements.
VTP advertisements distribute this global domain information:
VTP domain name
•
VTP configuration revision number
•
Update identity and update timestamp
•
MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN